diff --git a/.github/workflows/cli-build-pipeline.yml b/.github/workflows/cli-build-pipeline.yml
new file mode 100644
index 00000000..e0f9d8f7
--- /dev/null
+++ b/.github/workflows/cli-build-pipeline.yml
@@ -0,0 +1,158 @@
+name: CLI Build Pipeline
+
+on: workflow_call
+
+jobs:
+  test:
+    name: Run Generator tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: "1.20"
+
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Set up Terraform latest
+        uses: hashicorp/setup-terraform@v2
+
+      - name: Setup Test broker
+        run: |
+          mkdir -p $HOME/solace; chmod 777 $HOME/solace
+          docker run -d -p 8080:8080 -p 55555:55555 --shm-size=1g --env username_admin_globalaccesslevel=admin --env username_admin_password=admin --name=solace \
+            --mount type=bind,source=$HOME/solace,destination=/var/lib/solace,ro=false solace/solace-pubsub-standard
+          while ! curl -s localhost:8080 | grep aurelia ; do sleep 1 ; done
+
+      - name: Use local provider
+        run: |
+          echo "
+          provider_installation {
+            dev_overrides {
+              \"registry.terraform.io/solaceproducts/solacebroker\" = \"${HOME}/go/bin\"
+            }
+            direct {}
+          }" > ~/.terraformrc
+
+      - name: Checkout generator
+        uses: actions/checkout@v3
+        with:
+          repository: SolaceDev/broker-terraform-provider-generator
+          token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
+          path: broker-terraform-provider-generator
+          ref: "v0.1.0"
+
+      - name: Build and install generator
+        run: |
+          pushd broker-terraform-provider-generator
+          go mod tidy
+          go install .
+          ls ~/go/bin
+          popd
+
+      - name: Generate provider code
+        run: |
+          SWAGGER_SPEC_NAME=`ls ci/swagger_spec`
+          echo "Generating code using spec $SWAGGER_SPEC_NAME"
+          BASE=`pwd`
+          pushd internal/broker/generated
+          rm ./*
+          SEMP_V2_SWAGGER_CONFIG_EXTENDED_JSON="$BASE/ci/swagger_spec/$SWAGGER_SPEC_NAME" ~/go/bin/broker-terraform-provider-generator all
+          popd
+
+      - name: Build provider
+        run: |
+          go mod tidy
+          go install .
+          ls ~/go/bin
+          terraform-provider-solacebroker -h
+
+      - name: Failure to  Generate sample Terraform due to Missing Username for  Broker
+        run: |
+          SOLACEBROKER_REGISTRY_OVERRIDE=registry.terraform.io/solaceproducts/solacebroker SOLACEBROKER_PASSWORD=admin terraform-provider-solacebroker generate --url=http://localhost:8080 msgVpn solace_broker gha_test.tf || error_code=$?
+          if [ $error_code -eq 1 ]; then
+            echo "\nExpected failure accurate"
+            exit 0
+          fi
+          exit 1
+
+      - name: Failure to  Generate sample Terraform due to Authentication wrong for  Broker
+        run: |
+          SOLACEBROKER_REGISTRY_OVERRIDE=registry.terraform.io/solaceproducts/solacebroker SOLACEBROKER_USERNAME=admin SOLACEBROKER_PASSWORD=wrongpassword terraform-provider-solacebroker generate --url=http://localhost:8080 solacebroker_msg_vpn.default default/msg_vpn gha_test.tf || error_code=$?
+          if [ $error_code -eq 1 ]; then
+            echo "\nExpected failure accurate"
+            exit 0
+          fi
+          exit 1
+
+      - name: Failure to Generate sample Terraform due to Password and Bearer Token Not Present
+        run: |
+          SOLACEBROKER_REGISTRY_OVERRIDE=registry.terraform.io/solaceproducts/solacebroker SOLACEBROKER_USERNAME=admin terraform-provider-solacebroker generate --url=http://localhost:8080 solacebroker_msg_vpn.default default/msg_vpn gha_test.tf || error_code=$?
+          if [ $error_code -eq 1 ]; then
+            echo "\nExpected failure accurate"
+            exit 0
+          fi
+          exit 1
+
+      - name: Failure to Generate sample Terraform due to invalid provider specific identifiers
+        run: |
+          SOLACEBROKER_REGISTRY_OVERRIDE=registry.terraform.io/solaceproducts/solacebroker SOLACEBROKER_USERNAME=admin terraform-provider-solacebroker generate --url=http://localhost:8080 solacebroker_msg_vpn.default default/msg_vpn gha_test.tf || error_code=$?
+          if [ $error_code -eq 1 ]; then
+            echo "\nExpected failure accurate"
+            exit 0
+          fi
+          exit 1
+
+      - name: Generate sample Terraform for message vpn client
+        run: |
+          SOLACEBROKER_REGISTRY_OVERRIDE=registry.terraform.io/solaceproducts/solacebroker SOLACEBROKER_USERNAME=admin SOLACEBROKER_PASSWORD=admin terraform-provider-solacebroker generate --url=http://localhost:8080 solacebroker_msg_vpn_rest_delivery_point.my-rdp default messageVpn.tf
+          cat messageVpn.tf
+
+      - name: Generate sample Terraform for message vpn
+        run: |
+          SOLACEBROKER_REGISTRY_OVERRIDE=registry.terraform.io/solaceproducts/solacebroker SOLACEBROKER_USERNAME=admin SOLACEBROKER_PASSWORD=admin terraform-provider-solacebroker generate --url=http://localhost:8080 solacebroker_msg_vpn.default default messageVpn.tf
+          cat messageVpn.tf
+
+      - name: Test generated terraform on broker
+        run: |
+          # Create
+          sed -i '/# username       = "admin"/c\username       = "admin"' messageVpn.tf
+          sed -i '/# password       = "admin"/c\password       = "admin"' messageVpn.tf
+          terraform plan
+          terraform apply -auto-approve
+          sleep 1
+
+      - name: Create custom messageVPN with 21 messageVpn queues (Paging Test)
+        run: |
+          pushd ci/broker_vpn_q3
+          # Create
+          terraform plan
+          terraform apply -auto-approve
+          sleep 1
+          popd
+
+      - name: Confirm all 21 queues are present with paging (Paging Test)
+        run: |
+          SOLACEBROKER_REGISTRY_OVERRIDE=registry.terraform.io/solaceproducts/solacebroker SOLACEBROKER_USERNAME=admin SOLACEBROKER_PASSWORD=admin terraform-provider-solacebroker generate --url=http://localhost:8080 solacebroker_msg_vpn.qn another messageVpn.tf
+          cat messageVpn.tf
+          grep -o 'solacebroker_msg_vpn_queue ' messageVpn.tf | wc -l |  grep 21
+
+      - name: Create custom messageVPN with large config
+        run: |
+          pushd ci/broker_vpn_test
+          # Create
+          terraform plan
+          terraform apply -auto-approve
+          sleep 1
+          popd
+
+      - name: Generate complete large config file for custom messageVPN file
+        run: |
+          SOLACEBROKER_REGISTRY_OVERRIDE=registry.terraform.io/solaceproducts/solacebroker SOLACEBROKER_USERNAME=admin SOLACEBROKER_PASSWORD=admin terraform-provider-solacebroker generate --url=http://localhost:8080 solacebroker_msg_vpn.test test messageVpn.tf
+          cat messageVpn.tf
+
+      - name: Generate some resources( only msg_vpn_queue) for custom messageVPN file
+        run: |
+          SOLACEBROKER_REGISTRY_OVERRIDE=registry.terraform.io/solaceproducts/solacebroker SOLACEBROKER_USERNAME=admin SOLACEBROKER_PASSWORD=admin terraform-provider-solacebroker generate --url=http://localhost:8080 solacebroker_msg_vpn_queue.q test/test messageVpn.tf
+          cat messageVpn.tf
diff --git a/.github/workflows/core-pipeline.yml b/.github/workflows/core-pipeline.yml
new file mode 100644
index 00000000..f7193f49
--- /dev/null
+++ b/.github/workflows/core-pipeline.yml
@@ -0,0 +1,108 @@
+name: Build Terraform Provider
+
+on:
+  push:
+
+jobs:
+  build:
+    name: Build & test Terraform provider
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: "1.20"
+
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Set up Terraform latest
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_wrapper: false
+
+      - name: Checkout generator
+        uses: actions/checkout@v3
+        with:
+          repository: SolaceDev/broker-terraform-provider-generator
+          token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
+          path: broker-terraform-provider-generator
+          ref: "v0.1.0"
+
+      - name: Build and install generator
+        run: |
+          pushd broker-terraform-provider-generator
+          go mod tidy
+          go install .
+          ls ~/go/bin
+          popd
+
+      - name: Generate provider code
+        run: |
+          SWAGGER_SPEC_NAME=`ls ci/swagger_spec`
+          echo "Generating code using spec $SWAGGER_SPEC_NAME"
+          BASE=`pwd`
+          pushd internal/broker/generated
+          rm ./*
+          SEMP_V2_SWAGGER_CONFIG_EXTENDED_JSON="$BASE/ci/swagger_spec/$SWAGGER_SPEC_NAME" ~/go/bin/broker-terraform-provider-generator all
+          popd
+
+      - name: Test Provider and generate documentations
+        run: |
+          make test-coverage
+          make generate-docs
+
+      - name: Build provider
+        run: |
+          go mod tidy
+          go install .
+          ~/go/bin/terraform-provider-solacebroker version
+          ~/go/bin/terraform-provider-solacebroker help
+
+          
+      - name: Check changed files
+        uses: tj-actions/verify-changed-files@v14
+        id: check-changed-files
+        with:
+          files: |
+            internal/broker/generated
+            docs
+
+      - name: Run step only when any of the above files change.
+        if: steps.check-changed-files.outputs.files_changed == 'true'
+        run: |
+          echo "Changed files: ${{ steps.check-changed-files.outputs.changed_files }}"
+
+      # - name: Commit back any updated source code
+      #   if: steps.check-changed-files.outputs.files_changed == 'true'
+      #   uses: EndBug/add-and-commit@v9
+      #   with:
+      #     committer_name: GitHub Actions
+      #     committer_email: actions@github.com
+      #     message: 'Updating generated source [skip ci]'
+      #     add: 'internal/broker/generated/*.go'
+      #     new_branch: GeneratedSourceUpdates-${{ github.ref_name }}
+
+      # - name: Create pull request
+      #   if: steps.check-changed-files.outputs.files_changed == 'true'
+      #   run: |
+      #     CURRENT_BRANCH=${GITHUB_REF_NAME}
+      #     gh pr create -B ${CURRENT_BRANCH} -H "GeneratedSourceUpdates-${CURRENT_BRANCH}" --title "Merge generated source updates into ${CURRENT_BRANCH}" --body 'Created by Github action'
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+
+  Plugin-Integration-Test:
+    needs: build
+    uses: ./.github/workflows/provider-build-pipeline.yml
+    secrets: inherit
+
+  Plugin-Acceptance-Test:
+    needs: build
+    uses: ./.github/workflows/provider-acceptance-test.yml
+    secrets: inherit
+
+  CLI-Integration-Test:
+    needs: build
+    uses: ./.github/workflows/cli-build-pipeline.yml
+    secrets: inherit
\ No newline at end of file
diff --git a/.github/workflows/provider-acceptance-test.yml b/.github/workflows/provider-acceptance-test.yml
new file mode 100644
index 00000000..1c77e433
--- /dev/null
+++ b/.github/workflows/provider-acceptance-test.yml
@@ -0,0 +1,21 @@
+name: Provider Acceptance Test
+
+on: workflow_call
+
+
+jobs:
+  test:
+    name: Run formal acceptance test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: "1.20"
+
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Acceptance test
+        run: |
+          make testacc
\ No newline at end of file
diff --git a/.github/workflows/provider-build-pipeline.yml b/.github/workflows/provider-build-pipeline.yml
new file mode 100644
index 00000000..60938c52
--- /dev/null
+++ b/.github/workflows/provider-build-pipeline.yml
@@ -0,0 +1,128 @@
+name: Terraform Provider Pipeline
+
+on: workflow_call
+
+
+jobs:
+  test:
+    name: Run Provider setup and tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: "1.20"
+
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Set up Terraform latest
+        uses: hashicorp/setup-terraform@v2
+
+      - name: Setup test broker
+        run: |
+          mkdir -p $HOME/solace; chmod 777 $HOME/solace
+          docker run -d -p 8080:8080 -p 55555:55555 --shm-size=1g --env username_admin_globalaccesslevel=admin --env username_admin_password=admin --name=solace \
+            --mount type=bind,source=$HOME/solace,destination=/var/lib/solace,ro=false solace/solace-pubsub-standard
+          while ! curl -s localhost:8080 | grep aurelia ; do sleep 1 ; done
+
+      - name: Use local provider
+        run: |
+          echo "
+          provider_installation {
+            dev_overrides {
+              \"registry.terraform.io/solaceproducts/solacebroker\" = \"${HOME}/go/bin\"
+            }
+            direct {}
+          }" > ~/.terraformrc
+
+      - name: Checkout generator
+        uses: actions/checkout@v3
+        with:
+          repository: SolaceDev/broker-terraform-provider-generator
+          token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
+          path: broker-terraform-provider-generator
+          ref: "v0.1.0"
+
+      - name: Build and install generator
+        run: |
+          pushd broker-terraform-provider-generator
+          go mod tidy
+          go install .
+          ls ~/go/bin
+          popd
+
+      - name: Generate provider code
+        run: |
+          SWAGGER_SPEC_NAME=`ls ci/swagger_spec`
+          echo "Generating code using spec $SWAGGER_SPEC_NAME"
+          BASE=`pwd`
+          pushd internal/broker/generated
+          rm ./*
+          SEMP_V2_SWAGGER_CONFIG_EXTENDED_JSON="$BASE/ci/swagger_spec/$SWAGGER_SPEC_NAME" ~/go/bin/broker-terraform-provider-generator all
+          popd
+
+      - name: Build provider
+        run: |
+          go mod tidy
+          go install .
+          ls ~/go/bin
+
+      - name: Check provider available
+        run: |
+          pushd ci/broker_vpn_q
+          terraform plan
+          popd
+          
+
+      - name: Test provider on test broker
+        run: |
+          pushd ci/broker_vpn_q
+          # Create
+          terraform plan
+          terraform apply -auto-approve
+          sleep 1
+          # Modify
+          cat ../broker_vpn_q2/testconfig2.tf >> testconfig.tf
+          terraform plan
+          terraform apply -auto-approve
+          sleep 1
+          # Delete
+          terraform destroy -auto-approve
+          sleep 1
+          # import
+          terraform apply -auto-approve
+          sleep 1
+          rm terraform.tfstate*
+          terraform import solacebroker_msg_vpn.newone new
+          popd
+
+      # - name: Check changed files
+      #   uses: tj-actions/verify-changed-files@v14
+      #   id: check-changed-files
+      #   with:
+      #     files: |
+      #       internal/broker/generated
+
+      # - name: Run step only when any of the above files change.
+      #   if: steps.check-changed-files.outputs.files_changed == 'true'
+      #   run: |
+      #     echo "Changed files: ${{ steps.check-changed-files.outputs.changed_files }}"
+
+      # - name: Commit back any updated source code
+      #   if: steps.check-changed-files.outputs.files_changed == 'true'
+      #   uses: EndBug/add-and-commit@v9
+      #   with:
+      #     committer_name: GitHub Actions
+      #     committer_email: actions@github.com
+      #     message: 'Updating generated source [skip ci]'
+      #     add: 'internal/broker/generated/*.go'
+      #     new_branch: GeneratedSourceUpdates-${{ github.ref_name }}
+
+      # - name: Create pull request
+      #   if: steps.check-changed-files.outputs.files_changed == 'true'
+      #   run: |
+      #     CURRENT_BRANCH=${GITHUB_REF_NAME}
+      #     gh pr create -B ${CURRENT_BRANCH} -H "GeneratedSourceUpdates-${CURRENT_BRANCH}" --title "Merge generated source updates into ${CURRENT_BRANCH}" --body 'Created by Github action'
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/provider-release.yml b/.github/workflows/provider-release.yml
new file mode 100644
index 00000000..4c7a58d1
--- /dev/null
+++ b/.github/workflows/provider-release.yml
@@ -0,0 +1,41 @@
+# Terraform Provider release workflow.
+name: Release
+
+# This GitHub action creates a release when a tag that matches the pattern
+# "v*" (e.g. v0.1.0) is created.
+on:
+  push:
+    tags:
+      - 'v*'
+
+# Releases need permissions to read and write the repository contents.
+# GitHub considers creating releases and uploading assets as writing contents.
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+        with:
+          # Allow goreleaser to access older tag information.
+          fetch-depth: 0
+      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
+        id: import_gpg
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+        with:
+          args: release --clean
+        env:
+          # GitHub sets the GITHUB_TOKEN secret automatically.
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..d19d1d03
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,14 @@
+.idea
+*.iml
+.terraform
+.terraform.lock.hcl
+.terraform.tfstate.lock.info
+build
+terraform.tfstate
+terraform.tfstate.backup
+.vscode
+test
+__debug*
+bin
+dist
+vendor
\ No newline at end of file
diff --git a/.goreleaser.yml b/.goreleaser.yml
new file mode 100644
index 00000000..9bb0aa71
--- /dev/null
+++ b/.goreleaser.yml
@@ -0,0 +1,60 @@
+# Visit https://goreleaser.com for documentation on how to customize this
+# behavior.
+before:
+  hooks:
+    # this is just an example and not a requirement for provider building/publishing
+    - go mod tidy
+builds:
+- env:
+    # goreleaser does not work with CGO, it could also complicate
+    # usage by users in CI/CD systems like Terraform Cloud where
+    # they are unable to install libraries.
+    - CGO_ENABLED=0
+  mod_timestamp: '{{ .CommitTimestamp }}'
+  flags:
+    - -trimpath
+  ldflags:
+    - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}'
+  goos:
+    - freebsd
+    - windows
+    - linux
+    - darwin
+  goarch:
+    - amd64
+    - '386'
+    - arm
+    - arm64
+  ignore:
+    - goos: darwin
+      goarch: '386'
+  binary: '{{ .ProjectName }}_v{{ .Version }}'
+archives:
+- format: zip
+  name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
+checksum:
+  extra_files:
+    - glob: 'terraform-registry-manifest.json'
+      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+  name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
+  algorithm: sha256
+signs:
+  - artifacts: checksum
+    args:
+      # if you are using this in a GitHub action or some other automated pipeline, you 
+      # need to pass the batch flag to indicate its not interactive.
+      - "--batch"
+      - "--local-user"
+      - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
+      - "--output"
+      - "${signature}"
+      - "--detach-sign"
+      - "${artifact}"
+release:
+  extra_files:
+    - glob: 'terraform-registry-manifest.json'
+      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+  # If you want to manually examine the release before its live, uncomment this line:
+  # draft: true
+changelog:
+  skip: true
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 00000000..a159ad8a
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,115 @@
+# How to contribute to a Solace Project
+
+We'd love for you to contribute and welcome your help. Here are some guidelines to follow:
+
+- [Issues and Bugs](#issue)
+- [Submitting a fix](#submitting)
+- [Feature Requests](#features)
+- [Questions](#questions)
+
+## <a name="issue"></a> Did you find a issue?
+
+- **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/SolaceProducts/terraform-provider-solacebroker/issues).
+
+- If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/SolaceProducts/terraform-provider-solacebroker/issues). Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the expected behavior that is not occurring.
+
+## <a name="submitting"></a> Did you write a patch that fixes a bug?
+
+Open a new GitHub pull request with the patch following the steps outlined below. Ensure the PR description clearly describes the problem and solution. Include the relevant issue number if applicable.
+
+Before you submit your pull request consider the following guidelines:
+
+- Search [GitHub](/https://github.com/SolaceProducts/terraform-provider-solacebroker/pulls) for an open or closed Pull Request
+  that relates to your submission. You don't want to duplicate effort.
+
+### Submitting a Pull Request
+
+Please follow these steps for all pull requests. These steps are derived from the [GitHub flow](https://help.github.com/articles/github-flow/).
+
+#### Step 1: Fork
+
+Fork the project and clone your fork
+locally.
+
+```sh
+prompt:~$ git clone https://github.com/SolaceProducts/terraform-provider-solacebroker
+```
+
+#### Step 2: Branch
+
+Make your changes on a new git branch in your fork of the repository.
+
+```sh
+prompt:~$ git checkout -b my-fix-branch master
+```
+
+#### Step 3: Commit
+
+Commit your changes using a descriptive commit message.
+
+```sh
+prompt:~$ git commit -a -m "Your Commit Message"
+```
+
+Note: the optional commit `-a` command line option will automatically "add" and "rm" edited files.
+
+#### Step 4a: Rebase (if you have not yet pushed your branch to origin, else goto step 4b.)
+
+Assuming you have not yet pushed your branch to origin, use `git rebase` (not `git merge`) to synchronize your work with the main
+repository.
+
+If you have not set the upstream, do so as follows:
+
+```sh
+prompt:~$ git remote add upstream https://github.com/SolaceProducts/terraform-provider-solacebroker
+```
+
+then:
+
+```sh
+prompt:~$ git fetch upstream
+prompt:~$ git rebase upstream/master
+```
+
+#### Step 4b: Merge (if you have already pushed our branch to origin)
+
+Assuming you have already pushed your branch to origin, use `git merge` (not `git rebase`) to synchronize your work with the main
+repository.
+
+First ensure there are not any changes to master that you need to pick up, then merge in your changes.
+You may need to resolve any conflicts on either of the merge steps.
+
+```sh
+prompt:~$ git merge master
+prompt:~$ git checkout master
+prompt:~$ git merge my-fix-branch
+```
+
+
+#### Step 5: Push
+
+Push your branch to your fork in GitHub:
+
+```sh
+prompt:~$ git push origin my-fix-branch
+```
+
+#### Step 6: Pull Request
+
+In GitHub, send a pull request to `solace-samples-semp:master`.
+
+When fixing an existing issue, use the [commit message keywords](https://help.github.com/articles/closing-issues-via-commit-messages/) to close the associated GitHub issue.
+
+- If we suggest changes then:
+  - Make the required updates.
+  - Commit these changes to your branch (ex: my-fix-branch)
+
+That's it! Thank you for your contribution!
+
+## <a name="features"></a> **Do you have an ideas for a new feature or a change to an existing one?**
+
+- Open a GitHub [enhancement request issue](https://github.com/SolaceProducts/terraform-provider-solacebroker/issues) and describe the new functionality.
+
+##  <a name="questions"></a> Do you have questions about the source code?
+
+- Ask any question about the code or how to use Solace messaging in the [Solace community](http://dev.solace.com/community/).
diff --git a/Makefile b/Makefile
new file mode 100644
index 00000000..dd0f8cf0
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,46 @@
+#make
+PKG_LIST := $(shell go list ./... | grep -v /vendor/)
+
+
+.PHONY:
+dep: ## Get the dependencies
+	@go mod tidy
+	@go mod vendor
+
+.PHONY:
+vet: ## Run go vet
+	@go vet ${PKG_LIST}
+
+.PHONY:
+test: ## Run unit tests
+	@go test -short ${PKG_LIST}
+
+.PHONY:
+test-coverage: ## Run tests with coverage
+	mkdir -p reports
+	@go test -short -coverprofile reports/cover.out ${PKG_LIST}
+	@go tool cover -html reports/cover.out -o reports/cover.html
+
+.PHONY: testacc
+testacc: ## Run acceptance tests
+	TF_ACC=1 go test ./... -v $(TESTARGS) -timeout 120m
+
+.PHONY:
+generate-docs: dep ## Build the binary file
+	@go run github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs generate --provider-name solacebroker
+
+.PHONY:
+build: dep ## Build the binary file
+	@go build -a -ldflags '-s -w -extldflags "-static"' -o terraform-provider-solacebroker
+
+.PHONY:
+install: dep ## Install the provider for dev use
+	@go install -a
+
+.PHONY:
+clean: ## Remove previous build
+	@rm -f reports/cover.html reports/cover.out terraform-provider-solacebroker
+
+.PHONY:
+help: ## Display this help screen
+	@grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
diff --git a/README.md b/README.md
index 323aa2c5..9049df35 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,76 @@
-# terraform-provider-solacebroker
-Terraform provider for the Solace PubSub+ Event Broker (software)
+# Terraform Provider for Solace PubSub+ Software Event Broker
+
+This provider, maintained by Solace, is a plugin for Terraform that enables you to configure PubSub+ Software Event Brokers.
+
+The provider is available from the [Terraform Providers Registry](https://registry.terraform.io/providers/solaceproducts/solacebroker/latest).
+
+The minimum required PubSub+ Software Event Broker version is 10.4.
+
+## Quick Start
+
+1. Ensure you have admin access to a Solace PubSub+ Software Event Broker. Options include [local deployment of a containerized version](https://docs.solace.com/Software-Broker/SW-Broker-Set-Up/Containers/Set-Up-Container-Image.htm) or use of a free broker from [PubSub+ Cloud](https://docs.solace.com/Cloud/cloud-lp.htm).
+2. Install the [Terraform CLI](https://www.terraform.io/downloads)
+3. Create the [`examples/sampleconfig.tf`](examples/sampleconfig.tf) sample file in a new directory, adjust the `url`, and the management credential parameters `username` and `password` to your broker's setup.
+4. From this directory run `terraform plan`, then `terraform apply`.
+5. Open the `url` link in your browser to access the broker's web management UI. The credentials are the same as used in the Terraform config. Observe the new objects created: a new Message VPN and a messaging queue under that Message VPN.
+6. Run `terraform destroy` from your command line and observe that the Message VPN is deleted.
+   
+Note that the provider also offers the unique ability to generate a config file from an already configured broker. For more information, refer to the full documentation.
+
+## Documentation
+
+Full documentation is available on the [Terraform Providers Registry website](https://registry.terraform.io/providers/solaceproducts/solacebroker/latest/docs).
+
+It is recommended to familiarize yourself with Solace technology and broker management, refer to the [Resources section](#resources).
+
+## Development
+
+### Requirements
+
+* [Terraform](https://www.terraform.io/downloads) (>= 1.0)
+* [Go](https://go.dev/doc/install) (1.20)
+* [Make](https://www.gnu.org/software/make/)
+
+### Building
+
+1. `git clone` this repository and `cd` into its directory.
+2. `make install` will trigger the Golang build of the provider in your [`${GOBIN}`](https://pkg.go.dev/cmd/go#hdr-Compile_and_install_packages_and_dependencies) (defaults to `${GOPATH}/bin` or `${HOME}/go/bin` if `${GOPATH}` is not set). Repeat
+this every time you make changes to the provider locally.
+
+The provided `makefile` defines additional commands that are useful during development.
+
+### Using a Development Build
+
+Create or update your `${HOME}/.terraformrc` (Unix) / `%APPDATA%\terraform.rc` (Windows) configuration with a `provider_installation` section that contains the following `dev_overrides`:
+
+```hcl
+provider_installation {
+  dev_overrides {
+    "hashicorp/random" = "${GOBIN}" //< replace `${GOBIN}` with the actual path on your system
+  }
+
+  direct {}
+}
+```
+
+Note that it is also possible to use a dedicated Terraform configuration file and invoke `terraform` while setting
+the environment variable `TF_CLI_CONFIG_FILE=my_terraform_config_file`.
+
+Once the `dev_overrides` are in place, any local execution of `terraform plan` and `terraform apply` will
+use the version of the provider found in the given `${GOBIN}` directory, instead of the one indicated in your terraform configuration.
+
+## Contributing
+
+Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us.
+
+## License
+
+This project is licensed under the Apache License, Version 2.0. - See the [LICENSE](LICENSE) file for details.
+
+## Resources
+
+For more information about Solace technology in general please visit these resources:
+
+- Understanding [Solace technology](https://docs.solace.com/Get-Started/Solace-PubSub-Platform.htm)
+- The Solace Developer Portal website at: [solace.dev](https://solace.dev/)
+- Ask the [Solace community](https://solace.community/).
diff --git a/ci/broker_vpn_q/testconfig.tf b/ci/broker_vpn_q/testconfig.tf
new file mode 100644
index 00000000..fce62316
--- /dev/null
+++ b/ci/broker_vpn_q/testconfig.tf
@@ -0,0 +1,47 @@
+terraform {
+  required_providers {
+    solacebroker = {
+      source = "registry.terraform.io/solaceproducts/solacebroker"
+    }
+  }
+}
+
+provider "solacebroker" {
+  username = "admin"
+  password = "admin"
+  url      = "http://localhost:8080"
+}
+
+resource "solacebroker_msg_vpn" "newone" {
+  msg_vpn_name = "new"
+  enabled      = true
+}
+
+resource "solacebroker_msg_vpn_queue" "q" {
+  msg_vpn_name    = solacebroker_msg_vpn.newone.msg_vpn_name
+  queue_name      = "red"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue_subscription" "foo" {
+  msg_vpn_name       = solacebroker_msg_vpn_queue.q.msg_vpn_name
+  queue_name         = solacebroker_msg_vpn_queue.q.queue_name
+  subscription_topic = "foo/bar"
+}
+
+resource "solacebroker_msg_vpn_client_profile" "bar" {
+  msg_vpn_name        = solacebroker_msg_vpn.newone.msg_vpn_name
+  client_profile_name = "admin"
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "solacebroker_msg_vpn_client_username" "username" {
+  msg_vpn_name        = solacebroker_msg_vpn.newone.msg_vpn_name
+  client_username     = "alice"
+  client_profile_name = solacebroker_msg_vpn_client_profile.bar.client_profile_name
+  enabled             = false
+}
diff --git a/ci/broker_vpn_q2/testconfig2.tf b/ci/broker_vpn_q2/testconfig2.tf
new file mode 100644
index 00000000..70887ce2
--- /dev/null
+++ b/ci/broker_vpn_q2/testconfig2.tf
@@ -0,0 +1,8 @@
+
+resource "solacebroker_msg_vpn_queue" "q2" {
+  msg_vpn_name    = solacebroker_msg_vpn.newone.msg_vpn_name
+  queue_name      = "green"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 12345
+}
diff --git a/ci/broker_vpn_q3/testconfig3.tf b/ci/broker_vpn_q3/testconfig3.tf
new file mode 100644
index 00000000..34009702
--- /dev/null
+++ b/ci/broker_vpn_q3/testconfig3.tf
@@ -0,0 +1,246 @@
+terraform {
+  required_providers {
+    solacebroker = {
+      source = "registry.terraform.io/solaceproducts/solacebroker"
+    }
+  }
+}
+
+provider "solacebroker" {
+  username = "admin"
+  password = "admin"
+  url      = "http://localhost:8080"
+}
+
+resource "solacebroker_msg_vpn" "another" {
+  msg_vpn_name = "another"
+  enabled      = true
+}
+
+resource "solacebroker_msg_vpn_queue" "qa" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "red"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue" "qbds" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "blue"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue" "qca" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "orange"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue" "qds" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "purple"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue" "qedddss" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "green"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue" "qeaa" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "yellow"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue" "qesdss" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "indigo"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+resource "solacebroker_msg_vpn_queue" "qedsdss" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "violet"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue" "qedsd" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "cyan"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue" "qeaad" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "bruge"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue" "qed" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "pink"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue" "qes" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "pruplepink"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue" "ok" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "one"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue_subscription" "foo" {
+  msg_vpn_name       = solacebroker_msg_vpn_queue.ok.msg_vpn_name
+  queue_name         = solacebroker_msg_vpn_queue.ok.queue_name
+  subscription_topic = "foo/one"
+}
+
+
+resource "solacebroker_msg_vpn_queue" "ok2" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "two"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue_subscription" "ok2" {
+  msg_vpn_name       = solacebroker_msg_vpn_queue.ok2.msg_vpn_name
+  queue_name         = solacebroker_msg_vpn_queue.ok2.queue_name
+  subscription_topic = "foo/ok2"
+}
+
+resource "solacebroker_msg_vpn_queue" "ok3" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "three"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue_subscription" "ok3" {
+  msg_vpn_name       = solacebroker_msg_vpn_queue.ok3.msg_vpn_name
+  queue_name         = solacebroker_msg_vpn_queue.ok3.queue_name
+  subscription_topic = "foo/ok3"
+}
+
+
+resource "solacebroker_msg_vpn_queue" "ok4" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "four"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue_subscription" "ok4" {
+  msg_vpn_name       = solacebroker_msg_vpn_queue.ok4.msg_vpn_name
+  queue_name         = solacebroker_msg_vpn_queue.ok4.queue_name
+  subscription_topic = "foo/ok4"
+}
+
+
+resource "solacebroker_msg_vpn_queue" "ok5" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "five"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue_subscription" "ok5" {
+  msg_vpn_name       = solacebroker_msg_vpn_queue.ok5.msg_vpn_name
+  queue_name         = solacebroker_msg_vpn_queue.ok5.queue_name
+  subscription_topic = "foo/ok5"
+}
+
+
+resource "solacebroker_msg_vpn_queue" "ok6" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "six"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue_subscription" "ok6" {
+  msg_vpn_name       = solacebroker_msg_vpn_queue.ok6.msg_vpn_name
+  queue_name         = solacebroker_msg_vpn_queue.ok6.queue_name
+  subscription_topic = "foo/ok6"
+}
+
+resource "solacebroker_msg_vpn_queue" "ok7" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "seven"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue_subscription" "ok7" {
+  msg_vpn_name       = solacebroker_msg_vpn_queue.ok7.msg_vpn_name
+  queue_name         = solacebroker_msg_vpn_queue.ok7.queue_name
+  subscription_topic = "foo/ok7"
+}
+
+
+
+resource "solacebroker_msg_vpn_queue" "ok8" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "eight"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue_subscription" "ok8" {
+  msg_vpn_name       = solacebroker_msg_vpn_queue.ok8.msg_vpn_name
+  queue_name         = solacebroker_msg_vpn_queue.ok8.queue_name
+  subscription_topic = "foo/ok8"
+}
+
+
+resource "solacebroker_msg_vpn_queue" "ok9" {
+  msg_vpn_name    = solacebroker_msg_vpn.another.msg_vpn_name
+  queue_name      = "nine"
+  ingress_enabled = true
+  egress_enabled  = true
+  max_msg_size    = 54321
+}
+
+resource "solacebroker_msg_vpn_queue_subscription" "ok9" {
+  msg_vpn_name       = solacebroker_msg_vpn_queue.ok9.msg_vpn_name
+  queue_name         = solacebroker_msg_vpn_queue.ok9.queue_name
+  subscription_topic = "foo/ok9"
+}
diff --git a/ci/broker_vpn_test/generatortest.tf b/ci/broker_vpn_test/generatortest.tf
new file mode 100644
index 00000000..117df228
--- /dev/null
+++ b/ci/broker_vpn_test/generatortest.tf
@@ -0,0 +1,964 @@
+terraform {
+ required_providers {
+   solacebroker = {
+     source = "registry.terraform.io/solaceproducts/solacebroker"
+   }
+ }
+}
+
+provider "solacebroker" {
+  username = "admin"
+  password = "admin"
+  url      = "http://localhost:8080"
+}
+
+resource "solacebroker_msg_vpn" "msg_vpn" {
+  msg_vpn_name                                                   = "test"
+  alias                                                          = "test"
+  authentication_basic_enabled                                   = false
+  authentication_basic_profile_name                              = ""
+  authentication_basic_radius_domain                             = "test"
+  authentication_basic_type                                      = "internal"
+  authentication_client_cert_allow_api_provided_username_enabled = true
+  authentication_client_cert_certificate_matching_rules_enabled  = true
+  authentication_client_cert_enabled                             = true
+  authentication_client_cert_max_chain_depth                     = "4"
+  authentication_client_cert_revocation_check_mode               = "allow-all"
+  authentication_client_cert_username_source                     = "uid"
+  authentication_client_cert_validate_date_enabled               = false
+  authentication_kerberos_allow_api_provided_username_enabled    = true
+  authentication_kerberos_enabled                                = true
+  authentication_oauth_default_profile_name                      = "test"
+  authentication_oauth_enabled                                   = true
+  authorization_ldap_group_membership_attribute_name             = "test"
+  authorization_ldap_trim_client_username_domain_enabled         = true
+  authorization_profile_name                                     = "default"
+  authorization_type                                             = "ldap"
+  bridging_tls_server_cert_max_chain_depth                       = "4"
+  bridging_tls_server_cert_validate_date_enabled                 = false
+  bridging_tls_server_cert_validate_name_enabled                 = false
+  dmr_enabled                                                    = true
+  enabled                                                        = true
+  event_connection_count_threshold                               = { "clear_percent" = 40, "set_percent" = 50 }
+  event_egress_flow_count_threshold                              = { "clear_percent" = 40, "set_percent" = 50 }
+  event_egress_msg_rate_threshold                                = { "clear_percent" = 40, "set_percent" = 50 }
+  event_endpoint_count_threshold                                 = { "clear_percent" = 40, "set_percent" = 50 }
+  event_ingress_flow_count_threshold                             = { "clear_percent" = 40, "set_percent" = 50 }
+  event_ingress_msg_rate_threshold                               = { "clear_percent" = 40, "set_percent" = 50 }
+  event_log_tag                                                  = "test"
+  event_msg_spool_usage_threshold                                = { "clear_percent" = 40, "set_percent" = 50 }
+  event_publish_client_enabled                                   = true
+  event_publish_msg_vpn_enabled                                  = true
+  event_publish_subscription_mode                                = "on-with-format-v2"
+  event_publish_topic_format_mqtt_enabled                        = true
+  event_publish_topic_format_smf_enabled                         = false
+  event_service_amqp_connection_count_threshold                  = { "clear_percent" = 40, "set_percent" = 50 }
+  event_service_mqtt_connection_count_threshold                  = { "clear_percent" = 40, "set_percent" = 50 }
+  event_service_rest_incoming_connection_count_threshold         = { "clear_percent" = 40, "set_percent" = 50 }
+  event_service_smf_connection_count_threshold                   = { "clear_percent" = 40, "set_percent" = 50 }
+  event_service_web_connection_count_threshold                   = { "clear_percent" = 40, "set_percent" = 50 }
+  event_subscription_count_threshold                             = { "clear_percent" = 40, "set_percent" = 50 }
+  event_transacted_session_count_threshold                       = { "clear_percent" = 40, "set_percent" = 50 }
+  event_transaction_count_threshold                              = { "clear_percent" = 40, "set_percent" = 50 }
+  export_subscriptions_enabled                                   = true
+  jndi_enabled                                                   = true
+  max_connection_count                                           = 1234
+  max_egress_flow_count                                          = 999
+  max_endpoint_count                                             = 999
+  max_ingress_flow_count                                         = 999
+  max_msg_spool_usage                                            = 1
+  max_subscription_count                                         = 999
+  max_transacted_session_count                                   = 999
+  max_transaction_count                                          = 999
+  mqtt_retain_max_memory                                         = 999
+  replication_ack_propagation_interval_msg_count                 = 21
+  replication_bridge_authentication_basic_client_username        = "test"
+  replication_bridge_authentication_basic_password               = "test"
+  replication_bridge_authentication_client_cert_content          = "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc3jddBxAZ8uIf\nxerFpPmS67xYO0PEyMfP0syQ7AoZ0XJGyHvl/t4sOEZr1a0F5p0TVw5lzmkzBPk1\n+HjGZ7eGgSMtYHe2QhHNHdyLJOGbMd4rzjvyhtnjrlePI+ucn6puhtMOGyF9Cj8i\nmemy5HxF2iDO1ZRsgS4sA3SGfn8AxL5Tk4aB8j7vQhZwEtZWRR2gH0sVBAXEsmuU\ny6Xl+SaM6dhDrEl3KOBikxL+Y5ax/yJSp9m7ReWvzFOLd3PEkRkPqbf0hSIH/Roy\nkoVFN7aJu89bf8VOWV7cCuVQ+4AbpkHaJMsqb2wQ2rVSQ5GOZhjqBCGrobA+Evg8\n9ZdRHATnAgMBAAECggEAJR5bY5D6TcIZ6okSiaDOKLjhcFqVaw7rNawRoRFqKSif\n8fFjkSWiJQBYJWtFpsY5A7UPwGBOIbrmPwHBGmb32uz9AnVB6Sl1YGlyVRgfqjtZ\nQTdpr7qmB7OXF4FL6YiT1ftmoOpCWIdOUPxY4C2yDPM5rEkMpqeXIOJ7xNahdXlL\nLm+E0qxy2yt3khGhhKeObIiYpiln6z3VrRk5GA9U8aq0HP15IXBlxbfT9uzBZfbs\n4KlHCMOYEDE2+5r5R38kRCgMjkOuNAo38oMRIeEVlzbvq85WWFHs1kt/N8855zLt\nyDbnIn8SY6+fxeCGpecDef45Qb4xfAmRDLTLyJOFMQKBgQDuIPrW+YzGacBBLDWM\nzISw3jf9JsR4IWCD3zeSUAYjkHYwnBnyXfqZyGaMaQrE7GE16Wl20wVjEHeTJgdR\n+NZZ8ZpmHAHjfifSUjxn7t7M9Qo6VTp8W5LoaSs2HY4ylsSOK6RUPkXEIKAGvf7I\nf3VvdjJuWo0X04HPoC7u/rwMqwKBgQDtcZ2VfvoBYtIk6CpfAhRmhrPo2hJpyDB1\ny9MPmsYhCiB+/HcYsUt8zXUlCaOP1m/5tz58hSzTytvoB60Z+aXtG9I4XS3Wjhmd\nrEtuV0WiCA92vqKUVXWYnGy8L8pr6UXPgBezFvjHQKZzIoKByPCJckrEqCl8VUxh\nUcAvPVUwtQKBgHJxxTxWORMOtghcf+wISulaE1yGKjx2BhW6zNFzxk+HWVYpX8r8\n4bjQ+IAY58UWue2YHUivSFKBEobU6wW5awNVO1hBs6Kq+eZ6AXAN/GRSjDTWy0ID\nHMq36L2cXL/xd8vAK70VJKCK8X3sCCxCHaWRD9G7kT3XN/caTBQutx/7AoGAMB4j\nIiWOQnOlRGdsFr7UJYbMtLZknt07vNNmXTYvSojD1xgQhod/VbZJNA1FASQiowdY\neWF/mRf2AopzsNzfnDJUIqn3XRCE7mf5DU5QRSq+/4BYcBj1cMzaWDSTH9UxGYDK\nzLcuCSr30ENBEU4IOMJZlorBhXm/tcUcXjZeqjUCgYEAwpOFx8KHazph2ial9954\ndq0IZZrhrLPoaLQVwLnUITpvKw1ORxdzLH8VNvRTcPF6XRt7BcV8aRcENW7R0Ozd\nQa4T12AxqCFp2tdD7juOMJoFVwr5Cq5DyN935QP7PiGhqBRJYkXvBMCezFD7XloC\njjroojuJIsIhfhgvoKj37oE=\n-----END PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\nMIIIAjCCBuqgAwIBAgIJALYF/Umvsgf3MA0GCSqGSIb3DQEBCwUAME8xCzAJBgNV\nBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8wDQYDVQQHDAZPdHRhd2ExDzANBgNV\nBAoMBlNvbGFjZTEMMAoGA1UEAwwDYWZ3MCAXDTIzMDMwNzE3MDExMloYDzIxMjMw\nMjExMTcwMTEyWjB1MQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJpbzEPMA0G\nA1UEBwwGT3R0YXdhMQ8wDQYDVQQKDAZTb2xhY2UxDDAKBgNVBAMMA2FmdzEkMCIG\nCSqGSIb3DQEJARYVdm1yLTEzMi05NkBzb2xhY2UuY29tMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEA3N43XQcQGfLiH8XqxaT5kuu8WDtDxMjHz9LMkOwK\nGdFyRsh75f7eLDhGa9WtBeadE1cOZc5pMwT5Nfh4xme3hoEjLWB3tkIRzR3ciyTh\nmzHeK8478obZ465XjyPrnJ+qbobTDhshfQo/IpnpsuR8RdogztWUbIEuLAN0hn5/\nAMS+U5OGgfI+70IWcBLWVkUdoB9LFQQFxLJrlMul5fkmjOnYQ6xJdyjgYpMS/mOW\nsf8iUqfZu0Xlr8xTi3dzxJEZD6m39IUiB/0aMpKFRTe2ibvPW3/FTlle3ArlUPuA\nG6ZB2iTLKm9sENq1UkORjmYY6gQhq6GwPhL4PPWXURwE5wIDAQABo4IEtzCCBLMw\nCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwggSXBgNVHREEggSOMIIEiocEwKiEYIcQ\n/YAAAAAAASgBkgFoATIAloIEZTk2bYIJZTk2bS5pcHY0ggllOTZtLmlwdjaCgf1l\nOTZtLmNvbS5zb2xhY2UtdGVzdC52bXItbXVsdGktY2xvdWQuQWFhYWFhYWFhYS5C\nYmJiYmJiYmJiLkNjY2NjY2NjY2MuRGRkZGRkZGRkZC5FZWVlZWVlZWVlLkZmZmZm\nZmZmZmYuR2dnZ2dnZ2dnZy5IaGhoaGhoaGhoLklpaWlpaWlpaWkuSmpqampqampq\nai5La2tra2tra2trLkxsbGxsbGxsbGwuTW1tbW1tbW1tbS5Obm5ubm5ubm5uLk9v\nb29vb29vb28uUHBwcHBwcHBwcC5RcXFxcXFxcXFxLlJycnJycnJycnIuU3Nzc3Nz\nc3Nzcy5UdHR0dHR0goH9ZTk2bS5jb20uc29sYWNlLXRlc3Qudm1yLW11bHRpLWNs\nb3VkLkFhYWFhYWFhYWEuQmJiYmJiYmJiYi5DY2NjY2NjY2NjLkRkZGRkZGRkZGQu\nRWVlZWVlZWVlZS5GZmZmZmZmZmZmLkdnZ2dnZ2dnZ2cuSGhoaGhoaGhoaC5JaWlp\naWlpaWlpLkpqampqampqamouS2tra2tra2tray5MbGxsbGxsbGxsLk1tbW1tbW1t\nbW0uTm5ubm5ubm5ubi5Pb29vb29vb29vLlBwcHBwcHBwcHAuUXFxcXFxcXFxcS5S\ncnJycnJycnJyLlNzc3Nzc3Nzc3MuVHR0dHR0dIIMZTk2bS5zb2x0ZXN0ghFlOTZt\nLmlwdjQuc29sdGVzdIIRZTk2bS5pcHY2LnNvbHRlc3SCgf1lOTZtLmNvbS5zb2xh\nY2UtdGVzdC52bXItbXVsdGktY2xvdWQuQWFhYWFhYWFhYS5CYmJiYmJiYmJiLkNj\nY2NjY2NjY2MuRGRkZGRkZGRkZC5FZWVlZWVlZWVlLkZmZmZmZmZmZmYuR2dnZ2dn\nZ2dnZy5IaGhoaGhoaGhoLklpaWlpaWlpaWkuSmpqampqampqai5La2tra2tra2tr\nLkxsbGxsbGxsbGwuTW1tbW1tbW1tbS5Obm5ubm5ubm5uLk9vb29vb29vb28uUHBw\ncHBwcHBwcC5RcXFxcXFxcXFxLlJycnJycnJycnIuU3Nzc3Nzc3Nzcy5zb2x0ZXN0\ngoH9ZTk2bS5jb20uc29sYWNlLXRlc3Qudm1yLW11bHRpLWNsb3VkLkFhYWFhYWFh\nYWEuQmJiYmJiYmJiYi5DY2NjY2NjY2NjLkRkZGRkZGRkZGQuRWVlZWVlZWVlZS5G\nZmZmZmZmZmZmLkdnZ2dnZ2dnZ2cuSGhoaGhoaGhoaC5JaWlpaWlpaWlpLkpqampq\nampqamouS2tra2tra2tray5MbGxsbGxsbGxsLk1tbW1tbW1tbW0uTm5ubm5ubm5u\nbi5Pb29vb29vb29vLlBwcHBwcHBwcHAuUXFxcXFxcXFxcS5ScnJycnJycnJyLlNz\nc3Nzc3Nzc3Muc29sdGVzdIIKdm1yLTEzMi05NoIUdm1yLTEzMi05Ni5zb2wtbG9j\nYWwwDQYJKoZIhvcNAQELBQADggEBALw9t+131ytbltmPk8LKmYNo/tWWsJgwcxGu\npzconod45Ibia2Sep1yNll2Oqx1/Te6vk93WmHnP2F01N/o9mWZSMbsw2mxWi+EJ\nd5TSvr14Elb7/6bsc8b82SF3UIFVlBe2ng3M6a0r/g3UG2Nq7O4EoRwt8msIUfI+\nW2k1YOOplaejxKwbIOxBe4qpagdwtwOWvmjM//IrRCI+GiXZ7UfO5nG0Dzy85lX2\n80mOjL5WX1c9QalW/c4tU/W2gBXt+/GlZ9M0WFSmiBfexSp75G8/tVCfbwV+XUBw\nX8aEQnKCo/w72bD2C52Di/OnxteRT+NFdNMafngPpPTHk9hnRgU=\n-----END CERTIFICATE-----"
+  replication_bridge_authentication_client_cert_password         = "test"
+  replication_bridge_authentication_scheme                       = "client-certificate"
+  replication_bridge_compressed_data_enabled                     = true
+  replication_bridge_egress_flow_window_size                     = 254
+  replication_bridge_retry_delay                                 = 2
+  replication_bridge_tls_enabled                                 = true
+  replication_bridge_unidirectional_client_profile_name          = "default"
+  replication_enabled                                            = false
+  replication_queue_max_msg_spool_usage                          = "5999"
+  replication_queue_reject_msg_to_sender_on_discard_enabled      = false
+  replication_reject_msg_when_sync_ineligible_enabled            = true
+  replication_role                                               = "active"
+  replication_transaction_mode                                   = "sync"
+  rest_tls_server_cert_max_chain_depth                           = "4"
+  rest_tls_server_cert_validate_date_enabled                     = false
+  rest_tls_server_cert_validate_name_enabled                     = false
+  semp_over_msg_bus_admin_client_enabled                         = true
+  semp_over_msg_bus_admin_distributed_cache_enabled              = true
+  semp_over_msg_bus_admin_enabled                                = true
+  semp_over_msg_bus_enabled                                      = false
+  semp_over_msg_bus_show_enabled                                 = true
+  service_amqp_max_connection_count                              = 100
+  service_amqp_plain_text_enabled                                = true
+  service_amqp_plain_text_listen_port                            = 4567
+  service_amqp_tls_enabled                                       = true
+  service_amqp_tls_listen_port                                   = 7654
+  service_mqtt_authentication_client_cert_request                = "always"
+  service_mqtt_max_connection_count                              = "102"
+  service_mqtt_plain_text_enabled                                = true
+  service_mqtt_plain_text_listen_port                            = 9876
+  service_mqtt_tls_enabled                                       = true
+  service_mqtt_tls_listen_port                                   = 1573
+  service_mqtt_tls_web_socket_enabled                            = true
+  service_mqtt_tls_web_socket_listen_port                        = 6294
+  service_mqtt_web_socket_enabled                                = true
+  service_mqtt_web_socket_listen_port                            = 8234
+  service_rest_incoming_authentication_client_cert_request       = "never"
+  service_rest_incoming_authorization_header_handling            = "forward"
+  service_rest_incoming_max_connection_count                     = 101
+  service_rest_incoming_plain_text_enabled                       = true
+  service_rest_incoming_plain_text_listen_port                   = 4571
+  service_rest_incoming_tls_enabled                              = true
+  service_rest_incoming_tls_listen_port                          = 8392
+  service_rest_mode                                              = "gateway"
+  service_rest_outgoing_max_connection_count                     = 202
+  service_smf_max_connection_count                               = 303
+  service_smf_plain_text_enabled                                 = false
+  service_smf_tls_enabled                                        = false
+  service_web_authentication_client_cert_request                 = "always"
+  service_web_max_connection_count                               = 404
+  service_web_plain_text_enabled                                 = false
+  service_web_tls_enabled                                        = false
+  tls_allow_downgrade_to_plain_text_enabled                      = true
+}
+
+resource "solacebroker_msg_vpn_acl_profile" "msg_vpn_acl_profile" {
+  msg_vpn_name                        = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  acl_profile_name                    = "test"
+  client_connect_default_action       = "allow"
+  publish_topic_default_action        = "allow"
+  subscribe_share_name_default_action = "disallow"
+  subscribe_topic_default_action      = "allow"
+}
+
+resource "solacebroker_msg_vpn_acl_profile_client_connect_exception" "msg_vpn_acl_profile_client_connect_exception" {
+  msg_vpn_name                     = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  acl_profile_name                 = solacebroker_msg_vpn_acl_profile.msg_vpn_acl_profile.acl_profile_name
+  client_connect_exception_address = "192.168.1.1/24"
+}
+
+resource "solacebroker_msg_vpn_acl_profile_publish_topic_exception" "msg_vpn_acl_profile_publish_topic_exception" {
+  msg_vpn_name                   = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  acl_profile_name               = solacebroker_msg_vpn_acl_profile.msg_vpn_acl_profile.acl_profile_name
+  publish_topic_exception        = "test1"
+  publish_topic_exception_syntax = "smf"
+}
+
+resource "solacebroker_msg_vpn_acl_profile_subscribe_share_name_exception" "msg_vpn_acl_profile_subscribe_share_name_exception" {
+  msg_vpn_name                          = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  acl_profile_name                      = solacebroker_msg_vpn_acl_profile.msg_vpn_acl_profile.acl_profile_name
+  subscribe_share_name_exception        = "test3"
+  subscribe_share_name_exception_syntax = "mqtt"
+}
+
+resource "solacebroker_msg_vpn_acl_profile_subscribe_topic_exception" "msg_vpn_acl_profile_subscribe_topic_exception" {
+  msg_vpn_name                     = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  acl_profile_name                 = solacebroker_msg_vpn_acl_profile.msg_vpn_acl_profile.acl_profile_name
+  subscribe_topic_exception        = "test4"
+  subscribe_topic_exception_syntax = "smf"
+}
+
+resource "solacebroker_msg_vpn_authentication_oauth_profile" "msg_vpn_authentication_oauth_profile" {
+  msg_vpn_name                               = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  oauth_profile_name                         = "test"
+  authorization_groups_claim_name            = "test"
+  authorization_groups_claim_string_format   = "space-delimited"
+  client_id                                  = "test"
+  client_required_type                       = "test"
+  client_secret                              = "test"
+  client_validate_type_enabled               = false
+  disconnect_on_token_expiration_enabled     = false
+  enabled                                    = true
+  endpoint_discovery                         = "https://dfsaf:3242"
+  endpoint_discovery_refresh_interval        = 86399
+  endpoint_introspection                     = "https://qsdfsd:4231"
+  endpoint_introspection_timeout             = 2
+  endpoint_jwks                              = "https://esafs:4225"
+  endpoint_jwks_refresh_interval             = 86399
+  endpoint_userinfo                          = "https://dsgfh:3261"
+  endpoint_userinfo_timeout                  = 2
+  issuer                                     = "test"
+  mqtt_username_validate_enabled             = true
+  oauth_role                                 = "resource-server"
+  resource_server_parse_access_token_enabled = false
+  resource_server_required_audience          = "test"
+  resource_server_required_issuer            = "test"
+  resource_server_required_scope             = "test"
+  resource_server_required_type              = "test"
+  resource_server_validate_audience_enabled  = false
+  resource_server_validate_issuer_enabled    = false
+  resource_server_validate_scope_enabled     = false
+  resource_server_validate_type_enabled      = false
+  username_claim_name                        = "test"
+}
+
+resource "solacebroker_msg_vpn_authentication_oauth_profile_client_required_claim" "msg_vpn_authentication_oauth_profile_client_required_claim" {
+  msg_vpn_name                = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  oauth_profile_name          = solacebroker_msg_vpn_authentication_oauth_profile.msg_vpn_authentication_oauth_profile.oauth_profile_name
+  client_required_claim_name  = "test"
+  client_required_claim_value = "{\"test\":1}"
+}
+
+resource "solacebroker_msg_vpn_authentication_oauth_profile_resource_server_required_claim" "msg_vpn_authentication_oauth_profile_resource_server_required_claim" {
+  msg_vpn_name                         = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  oauth_profile_name                   = solacebroker_msg_vpn_authentication_oauth_profile.msg_vpn_authentication_oauth_profile.oauth_profile_name
+  resource_server_required_claim_name  = "test"
+  resource_server_required_claim_value = "{\"test\":1}"
+}
+
+resource "solacebroker_msg_vpn_authorization_group" "msg_vpn_authorization_group" {
+  msg_vpn_name                         = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  authorization_group_name             = "test"
+  acl_profile_name                     = "default"
+  client_profile_name                  = "default"
+  enabled                              = true
+  order_after_authorization_group_name = "test"
+}
+
+resource "solacebroker_msg_vpn_bridge" "msg_vpn_bridge" {
+  msg_vpn_name                                = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  bridge_name                                 = "test"
+  bridge_virtual_router                       = "auto"
+  enabled                                     = true
+  max_ttl                                     = 11
+  remote_authentication_basic_client_username = "test"
+  remote_authentication_basic_password        = "test"
+  remote_authentication_client_cert_content   = "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc3jddBxAZ8uIf\nxerFpPmS67xYO0PEyMfP0syQ7AoZ0XJGyHvl/t4sOEZr1a0F5p0TVw5lzmkzBPk1\n+HjGZ7eGgSMtYHe2QhHNHdyLJOGbMd4rzjvyhtnjrlePI+ucn6puhtMOGyF9Cj8i\nmemy5HxF2iDO1ZRsgS4sA3SGfn8AxL5Tk4aB8j7vQhZwEtZWRR2gH0sVBAXEsmuU\ny6Xl+SaM6dhDrEl3KOBikxL+Y5ax/yJSp9m7ReWvzFOLd3PEkRkPqbf0hSIH/Roy\nkoVFN7aJu89bf8VOWV7cCuVQ+4AbpkHaJMsqb2wQ2rVSQ5GOZhjqBCGrobA+Evg8\n9ZdRHATnAgMBAAECggEAJR5bY5D6TcIZ6okSiaDOKLjhcFqVaw7rNawRoRFqKSif\n8fFjkSWiJQBYJWtFpsY5A7UPwGBOIbrmPwHBGmb32uz9AnVB6Sl1YGlyVRgfqjtZ\nQTdpr7qmB7OXF4FL6YiT1ftmoOpCWIdOUPxY4C2yDPM5rEkMpqeXIOJ7xNahdXlL\nLm+E0qxy2yt3khGhhKeObIiYpiln6z3VrRk5GA9U8aq0HP15IXBlxbfT9uzBZfbs\n4KlHCMOYEDE2+5r5R38kRCgMjkOuNAo38oMRIeEVlzbvq85WWFHs1kt/N8855zLt\nyDbnIn8SY6+fxeCGpecDef45Qb4xfAmRDLTLyJOFMQKBgQDuIPrW+YzGacBBLDWM\nzISw3jf9JsR4IWCD3zeSUAYjkHYwnBnyXfqZyGaMaQrE7GE16Wl20wVjEHeTJgdR\n+NZZ8ZpmHAHjfifSUjxn7t7M9Qo6VTp8W5LoaSs2HY4ylsSOK6RUPkXEIKAGvf7I\nf3VvdjJuWo0X04HPoC7u/rwMqwKBgQDtcZ2VfvoBYtIk6CpfAhRmhrPo2hJpyDB1\ny9MPmsYhCiB+/HcYsUt8zXUlCaOP1m/5tz58hSzTytvoB60Z+aXtG9I4XS3Wjhmd\nrEtuV0WiCA92vqKUVXWYnGy8L8pr6UXPgBezFvjHQKZzIoKByPCJckrEqCl8VUxh\nUcAvPVUwtQKBgHJxxTxWORMOtghcf+wISulaE1yGKjx2BhW6zNFzxk+HWVYpX8r8\n4bjQ+IAY58UWue2YHUivSFKBEobU6wW5awNVO1hBs6Kq+eZ6AXAN/GRSjDTWy0ID\nHMq36L2cXL/xd8vAK70VJKCK8X3sCCxCHaWRD9G7kT3XN/caTBQutx/7AoGAMB4j\nIiWOQnOlRGdsFr7UJYbMtLZknt07vNNmXTYvSojD1xgQhod/VbZJNA1FASQiowdY\neWF/mRf2AopzsNzfnDJUIqn3XRCE7mf5DU5QRSq+/4BYcBj1cMzaWDSTH9UxGYDK\nzLcuCSr30ENBEU4IOMJZlorBhXm/tcUcXjZeqjUCgYEAwpOFx8KHazph2ial9954\ndq0IZZrhrLPoaLQVwLnUITpvKw1ORxdzLH8VNvRTcPF6XRt7BcV8aRcENW7R0Ozd\nQa4T12AxqCFp2tdD7juOMJoFVwr5Cq5DyN935QP7PiGhqBRJYkXvBMCezFD7XloC\njjroojuJIsIhfhgvoKj37oE=\n-----END PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\nMIIIAjCCBuqgAwIBAgIJALYF/Umvsgf3MA0GCSqGSIb3DQEBCwUAME8xCzAJBgNV\nBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8wDQYDVQQHDAZPdHRhd2ExDzANBgNV\nBAoMBlNvbGFjZTEMMAoGA1UEAwwDYWZ3MCAXDTIzMDMwNzE3MDExMloYDzIxMjMw\nMjExMTcwMTEyWjB1MQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJpbzEPMA0G\nA1UEBwwGT3R0YXdhMQ8wDQYDVQQKDAZTb2xhY2UxDDAKBgNVBAMMA2FmdzEkMCIG\nCSqGSIb3DQEJARYVdm1yLTEzMi05NkBzb2xhY2UuY29tMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEA3N43XQcQGfLiH8XqxaT5kuu8WDtDxMjHz9LMkOwK\nGdFyRsh75f7eLDhGa9WtBeadE1cOZc5pMwT5Nfh4xme3hoEjLWB3tkIRzR3ciyTh\nmzHeK8478obZ465XjyPrnJ+qbobTDhshfQo/IpnpsuR8RdogztWUbIEuLAN0hn5/\nAMS+U5OGgfI+70IWcBLWVkUdoB9LFQQFxLJrlMul5fkmjOnYQ6xJdyjgYpMS/mOW\nsf8iUqfZu0Xlr8xTi3dzxJEZD6m39IUiB/0aMpKFRTe2ibvPW3/FTlle3ArlUPuA\nG6ZB2iTLKm9sENq1UkORjmYY6gQhq6GwPhL4PPWXURwE5wIDAQABo4IEtzCCBLMw\nCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwggSXBgNVHREEggSOMIIEiocEwKiEYIcQ\n/YAAAAAAASgBkgFoATIAloIEZTk2bYIJZTk2bS5pcHY0ggllOTZtLmlwdjaCgf1l\nOTZtLmNvbS5zb2xhY2UtdGVzdC52bXItbXVsdGktY2xvdWQuQWFhYWFhYWFhYS5C\nYmJiYmJiYmJiLkNjY2NjY2NjY2MuRGRkZGRkZGRkZC5FZWVlZWVlZWVlLkZmZmZm\nZmZmZmYuR2dnZ2dnZ2dnZy5IaGhoaGhoaGhoLklpaWlpaWlpaWkuSmpqampqampq\nai5La2tra2tra2trLkxsbGxsbGxsbGwuTW1tbW1tbW1tbS5Obm5ubm5ubm5uLk9v\nb29vb29vb28uUHBwcHBwcHBwcC5RcXFxcXFxcXFxLlJycnJycnJycnIuU3Nzc3Nz\nc3Nzcy5UdHR0dHR0goH9ZTk2bS5jb20uc29sYWNlLXRlc3Qudm1yLW11bHRpLWNs\nb3VkLkFhYWFhYWFhYWEuQmJiYmJiYmJiYi5DY2NjY2NjY2NjLkRkZGRkZGRkZGQu\nRWVlZWVlZWVlZS5GZmZmZmZmZmZmLkdnZ2dnZ2dnZ2cuSGhoaGhoaGhoaC5JaWlp\naWlpaWlpLkpqampqampqamouS2tra2tra2tray5MbGxsbGxsbGxsLk1tbW1tbW1t\nbW0uTm5ubm5ubm5ubi5Pb29vb29vb29vLlBwcHBwcHBwcHAuUXFxcXFxcXFxcS5S\ncnJycnJycnJyLlNzc3Nzc3Nzc3MuVHR0dHR0dIIMZTk2bS5zb2x0ZXN0ghFlOTZt\nLmlwdjQuc29sdGVzdIIRZTk2bS5pcHY2LnNvbHRlc3SCgf1lOTZtLmNvbS5zb2xh\nY2UtdGVzdC52bXItbXVsdGktY2xvdWQuQWFhYWFhYWFhYS5CYmJiYmJiYmJiLkNj\nY2NjY2NjY2MuRGRkZGRkZGRkZC5FZWVlZWVlZWVlLkZmZmZmZmZmZmYuR2dnZ2dn\nZ2dnZy5IaGhoaGhoaGhoLklpaWlpaWlpaWkuSmpqampqampqai5La2tra2tra2tr\nLkxsbGxsbGxsbGwuTW1tbW1tbW1tbS5Obm5ubm5ubm5uLk9vb29vb29vb28uUHBw\ncHBwcHBwcC5RcXFxcXFxcXFxLlJycnJycnJycnIuU3Nzc3Nzc3Nzcy5zb2x0ZXN0\ngoH9ZTk2bS5jb20uc29sYWNlLXRlc3Qudm1yLW11bHRpLWNsb3VkLkFhYWFhYWFh\nYWEuQmJiYmJiYmJiYi5DY2NjY2NjY2NjLkRkZGRkZGRkZGQuRWVlZWVlZWVlZS5G\nZmZmZmZmZmZmLkdnZ2dnZ2dnZ2cuSGhoaGhoaGhoaC5JaWlpaWlpaWlpLkpqampq\nampqamouS2tra2tra2tray5MbGxsbGxsbGxsLk1tbW1tbW1tbW0uTm5ubm5ubm5u\nbi5Pb29vb29vb29vLlBwcHBwcHBwcHAuUXFxcXFxcXFxcS5ScnJycnJycnJyLlNz\nc3Nzc3Nzc3Muc29sdGVzdIIKdm1yLTEzMi05NoIUdm1yLTEzMi05Ni5zb2wtbG9j\nYWwwDQYJKoZIhvcNAQELBQADggEBALw9t+131ytbltmPk8LKmYNo/tWWsJgwcxGu\npzconod45Ibia2Sep1yNll2Oqx1/Te6vk93WmHnP2F01N/o9mWZSMbsw2mxWi+EJ\nd5TSvr14Elb7/6bsc8b82SF3UIFVlBe2ng3M6a0r/g3UG2Nq7O4EoRwt8msIUfI+\nW2k1YOOplaejxKwbIOxBe4qpagdwtwOWvmjM//IrRCI+GiXZ7UfO5nG0Dzy85lX2\n80mOjL5WX1c9QalW/c4tU/W2gBXt+/GlZ9M0WFSmiBfexSp75G8/tVCfbwV+XUBw\nX8aEQnKCo/w72bD2C52Di/OnxteRT+NFdNMafngPpPTHk9hnRgU=\n-----END CERTIFICATE-----"
+  remote_authentication_client_cert_password  = "test"
+  remote_authentication_scheme                = "client-certificate"
+  remote_connection_retry_count               = 1
+  remote_connection_retry_delay               = 2
+  remote_deliver_to_one_priority              = "p2"
+  tls_cipher_suite_list                       = "default"
+}
+
+resource "solacebroker_msg_vpn_bridge_remote_msg_vpn" "msg_vpn_bridge_remote_msg_vpn" {
+  msg_vpn_name                  = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  bridge_name                   = solacebroker_msg_vpn_bridge.msg_vpn_bridge.bridge_name
+  bridge_virtual_router         = solacebroker_msg_vpn_bridge.msg_vpn_bridge.bridge_virtual_router
+  remote_msg_vpn_interface      = ""
+  remote_msg_vpn_location       = "192.168.1.1:1234"
+  remote_msg_vpn_name           = "default"
+  client_username               = "test"
+  compressed_data_enabled       = true
+  connect_order                 = 3
+  egress_flow_window_size       = 254
+  enabled                       = true
+  password                      = "test"
+  queue_binding                 = "test"
+  tls_enabled                   = true
+  unidirectional_client_profile = "default"
+}
+
+resource "solacebroker_msg_vpn_bridge_remote_subscription" "msg_vpn_bridge_remote_subscription" {
+  msg_vpn_name              = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  bridge_name               = solacebroker_msg_vpn_bridge.msg_vpn_bridge.bridge_name
+  bridge_virtual_router     = solacebroker_msg_vpn_bridge.msg_vpn_bridge.bridge_virtual_router
+  remote_subscription_topic = "test"
+  deliver_always_enabled    = true
+}
+
+# resource "solacebroker_msg_vpn_bridge_tls_trusted_common_name" "msg_vpn_bridge_tls_trusted_common_name" {
+#   msg_vpn_name            = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+#   bridge_name             = solacebroker_msg_vpn_bridge.msg_vpn_bridge.bridge_name
+#   bridge_virtual_router   = solacebroker_msg_vpn_bridge.msg_vpn_bridge.bridge_virtual_router
+#   tls_trusted_common_name = "test"
+# }
+
+resource "solacebroker_msg_vpn_cert_matching_rule" "msg_vpn_cert_matching_rule" {
+  msg_vpn_name = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  rule_name    = "test"
+  enabled      = true
+}
+
+resource "solacebroker_msg_vpn_cert_matching_rule_attribute_filter" "msg_vpn_cert_matching_rule_attribute_filter" {
+  msg_vpn_name    = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  rule_name       = solacebroker_msg_vpn_cert_matching_rule.msg_vpn_cert_matching_rule.rule_name
+  filter_name     = "test"
+  attribute_name  = "test"
+  attribute_value = "test"
+}
+
+resource "solacebroker_msg_vpn_cert_matching_rule_condition" "msg_vpn_cert_matching_rule_condition" {
+  msg_vpn_name = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  rule_name    = solacebroker_msg_vpn_cert_matching_rule.msg_vpn_cert_matching_rule.rule_name
+  source       = "uid"
+  expression   = "test"
+}
+
+resource "solacebroker_msg_vpn_client_profile" "msg_vpn_client_profile" {
+  msg_vpn_name                                                     = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  client_profile_name                                              = "test"
+  allow_bridge_connections_enabled                                 = true
+  allow_guaranteed_endpoint_create_durability                      = "durable"
+  allow_guaranteed_endpoint_create_enabled                         = true
+  allow_guaranteed_msg_receive_enabled                             = true
+  allow_guaranteed_msg_send_enabled                                = true
+  allow_shared_subscriptions_enabled                               = true
+  allow_transacted_sessions_enabled                                = true
+  api_queue_management_copy_from_on_create_template_name           = "test"
+  api_topic_endpoint_management_copy_from_on_create_template_name  = "test"
+  compression_enabled                                              = true
+  eliding_delay                                                    = 1
+  eliding_enabled                                                  = true
+  eliding_max_topic_count                                          = 255
+  event_client_provisioned_endpoint_spool_usage_threshold          = { "clear_percent" = 40, "set_percent" = 50 }
+  event_connection_count_per_client_username_threshold             = { "clear_percent" = 40, "set_percent" = 50 }
+  event_egress_flow_count_threshold                                = { "clear_percent" = 40, "set_percent" = 50 }
+  event_endpoint_count_per_client_username_threshold               = { "clear_percent" = 40, "set_percent" = 50 }
+  event_ingress_flow_count_threshold                               = { "clear_percent" = 40, "set_percent" = 50 }
+  event_service_smf_connection_count_per_client_username_threshold = { "clear_percent" = 40, "set_percent" = 50 }
+  event_service_web_connection_count_per_client_username_threshold = { "clear_percent" = 40, "set_percent" = 50 }
+  event_subscription_count_threshold                               = { "clear_percent" = 40, "set_percent" = 50 }
+  event_transacted_session_count_threshold                         = { "clear_percent" = 40, "set_percent" = 50 }
+  event_transaction_count_threshold                                = { "clear_percent" = 40, "set_percent" = 50 }
+  max_connection_count_per_client_username                         = 999
+  max_egress_flow_count                                            = 999
+  max_endpoint_count_per_client_username                           = 999
+  max_ingress_flow_count                                           = 999
+  max_msgs_per_transaction                                         = 5
+  max_subscription_count                                           = 99
+  max_transacted_session_count                                     = 9
+  max_transaction_count                                            = 9
+  queue_control1_max_depth                                         = 999
+  queue_control1_min_msg_burst                                     = 3
+  queue_direct1_max_depth                                          = 999
+  queue_direct1_min_msg_burst                                      = 3
+  queue_direct2_max_depth                                          = 999
+  queue_direct2_min_msg_burst                                      = 3
+  queue_direct3_max_depth                                          = 999
+  queue_direct3_min_msg_burst                                      = 3
+  queue_guaranteed1_max_depth                                      = 999
+  queue_guaranteed1_min_msg_burst                                  = 254
+  reject_msg_to_sender_on_no_subscription_match_enabled            = true
+  replication_allow_client_connect_when_standby_enabled            = true
+  service_min_keepalive_timeout                                    = 29
+  service_smf_max_connection_count_per_client_username             = 99
+  service_smf_min_keepalive_enabled                                = true
+  service_web_inactive_timeout                                     = 9
+  service_web_max_connection_count_per_client_username             = 99
+  service_web_max_payload                                          = 99999
+  tcp_congestion_window_size                                       = 3
+  tcp_keepalive_count                                              = 2
+  tcp_keepalive_idle_time                                          = 3
+  tcp_keepalive_interval                                           = 2
+  tcp_max_segment_size                                             = 1459
+  tcp_max_window_size                                              = 255
+  tls_allow_downgrade_to_plain_text_enabled                        = false
+}
+
+resource "solacebroker_msg_vpn_client_username" "msg_vpn_client_username" {
+  msg_vpn_name                                    = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  client_username                                 = "test"
+  acl_profile_name                                = solacebroker_msg_vpn_acl_profile.msg_vpn_acl_profile.acl_profile_name
+  client_profile_name                             = solacebroker_msg_vpn_client_profile.msg_vpn_client_profile.client_profile_name
+  enabled                                         = true
+  guaranteed_endpoint_permission_override_enabled = true
+  password                                        = "test"
+  subscription_manager_enabled                    = true
+}
+
+resource "solacebroker_msg_vpn_client_username_attribute" "msg_vpn_client_username_attribute" {
+  msg_vpn_name    = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  client_username = solacebroker_msg_vpn_client_username.msg_vpn_client_username.client_username
+  attribute_name  = "test"
+  attribute_value = "test"
+}
+
+resource "solacebroker_msg_vpn_distributed_cache" "msg_vpn_distributed_cache" {
+  msg_vpn_name                   = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  cache_name                     = "test"
+  cache_virtual_router           = "auto"
+  enabled                        = true
+  heartbeat                      = 11
+  scheduled_delete_msg_day_list  = "Thu,Fri"
+  scheduled_delete_msg_time_list = "3:59,4:59,13:59,23:59"
+}
+
+resource "solacebroker_msg_vpn_distributed_cache_cluster" "msg_vpn_distributed_cache_cluster" {
+  msg_vpn_name                        = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  cache_name                          = solacebroker_msg_vpn_distributed_cache.msg_vpn_distributed_cache.cache_name
+  cluster_name                        = "test1"
+  deliver_to_one_override_enabled     = false
+  enabled                             = true
+  event_data_byte_rate_threshold      = { "clear_percent" = 40, "set_percent" = 50 }
+  event_data_msg_rate_threshold       = { "clear_percent" = 40, "set_percent" = 50 }
+  event_max_memory_threshold          = { "clear_percent" = 40, "set_percent" = 50 }
+  event_max_topics_threshold          = { "clear_percent" = 40, "set_percent" = 50 }
+  event_request_queue_depth_threshold = { "clear_percent" = 40, "set_percent" = 50 }
+  event_request_rate_threshold        = { "clear_percent" = 40, "set_percent" = 50 }
+  event_response_rate_threshold       = { "clear_percent" = 40, "set_percent" = 50 }
+  global_caching_enabled              = true
+  global_caching_heartbeat            = 4
+  global_caching_topic_lifetime       = 3599
+  max_memory                          = 2047
+  max_msgs_per_topic                  = 2
+  max_request_queue_depth             = 99999
+  max_topic_count                     = 99999
+  msg_lifetime                        = 4
+  new_topic_advertisement_enabled     = true
+}
+
+resource "solacebroker_msg_vpn_distributed_cache_cluster_global_caching_home_cluster" "msg_vpn_distributed_cache_cluster_global_caching_home_cluster" {
+  msg_vpn_name      = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  cache_name        = solacebroker_msg_vpn_distributed_cache.msg_vpn_distributed_cache.cache_name
+  cluster_name      = solacebroker_msg_vpn_distributed_cache_cluster.msg_vpn_distributed_cache_cluster.cluster_name
+  home_cluster_name = "test2"
+}
+
+resource "solacebroker_msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix" "msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix" {
+  msg_vpn_name      = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  cache_name        = solacebroker_msg_vpn_distributed_cache.msg_vpn_distributed_cache.cache_name
+  cluster_name      = solacebroker_msg_vpn_distributed_cache_cluster.msg_vpn_distributed_cache_cluster.cluster_name
+  home_cluster_name = solacebroker_msg_vpn_distributed_cache_cluster_global_caching_home_cluster.msg_vpn_distributed_cache_cluster_global_caching_home_cluster.home_cluster_name
+  topic_prefix      = "test3"
+}
+
+resource "solacebroker_msg_vpn_distributed_cache_cluster_instance" "msg_vpn_distributed_cache_cluster_instance" {
+  msg_vpn_name             = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  cache_name               = solacebroker_msg_vpn_distributed_cache.msg_vpn_distributed_cache.cache_name
+  cluster_name             = solacebroker_msg_vpn_distributed_cache_cluster.msg_vpn_distributed_cache_cluster.cluster_name
+  instance_name            = "test4"
+  auto_start_enabled       = true
+  enabled                  = true
+  stop_on_lost_msg_enabled = false
+}
+
+resource "solacebroker_msg_vpn_distributed_cache_cluster_topic" "msg_vpn_distributed_cache_cluster_topic" {
+  msg_vpn_name = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  cache_name   = solacebroker_msg_vpn_distributed_cache.msg_vpn_distributed_cache.cache_name
+  cluster_name = solacebroker_msg_vpn_distributed_cache_cluster.msg_vpn_distributed_cache_cluster.cluster_name
+  topic        = "test"
+}
+
+resource "solacebroker_msg_vpn_dmr_bridge" "msg_vpn_dmr_bridge" {
+  msg_vpn_name        = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  remote_node_name    = "test"
+  remote_msg_vpn_name = "test"
+}
+
+resource "solacebroker_msg_vpn_jndi_connection_factory" "msg_vpn_jndi_connection_factory" {
+  msg_vpn_name                                 = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  connection_factory_name                      = "test"
+  allow_duplicate_client_id_enabled            = true
+  client_description                           = "test"
+  client_id                                    = "test"
+  dto_receive_override_enabled                 = false
+  dto_receive_subscriber_local_priority        = 2
+  dto_receive_subscriber_network_priority      = 2
+  dto_send_enabled                             = true
+  dynamic_endpoint_create_durable_enabled      = true
+  dynamic_endpoint_respect_ttl_enabled         = false
+  guaranteed_receive_ack_timeout               = 999
+  guaranteed_receive_reconnect_retry_count     = 1
+  guaranteed_receive_reconnect_retry_wait      = 2999
+  guaranteed_receive_window_size               = 17
+  guaranteed_receive_window_size_ack_threshold = 59
+  guaranteed_send_ack_timeout                  = 1999
+  guaranteed_send_window_size                  = 254
+  messaging_default_delivery_mode              = "non-persistent"
+  messaging_default_dmq_eligible_enabled       = true
+  messaging_default_eliding_eligible_enabled   = true
+  messaging_jmsx_user_id_enabled               = true
+  messaging_text_in_xml_payload_enabled        = false
+  transport_compression_level                  = 0
+  transport_connect_retry_count                = -1
+  transport_connect_retry_per_host_count       = -1
+  transport_connect_timeout                    = 2999
+  transport_direct_transport_enabled           = false
+  transport_keepalive_count                    = 4232
+  transport_keepalive_enabled                  = false
+  transport_keepalive_interval                 = 2999
+  transport_msg_callback_on_io_thread_enabled  = true
+  transport_optimize_direct_enabled            = true
+  transport_port                               = 4214
+  transport_read_timeout                       = 9999
+  transport_receive_buffer_size                = 9999
+  transport_reconnect_retry_count              = -1
+  transport_reconnect_retry_wait               = 2999
+  transport_send_buffer_size                   = 65533
+  transport_tcp_no_delay_enabled               = false
+  xa_enabled                                   = true
+}
+
+resource "solacebroker_msg_vpn_jndi_queue" "msg_vpn_jndi_queue" {
+  msg_vpn_name  = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  queue_name    = "test1"
+  physical_name = "test1"
+}
+
+resource "solacebroker_msg_vpn_jndi_topic" "msg_vpn_jndi_topic" {
+  msg_vpn_name  = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  topic_name    = "test2"
+  physical_name = "test2"
+}
+
+resource "solacebroker_msg_vpn_kafka_receiver" "msg_vpn_kafka_receiver" {
+  msg_vpn_name                               = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  kafka_receiver_name                        = "test"
+  authentication_basic_password              = "test"
+  authentication_basic_username              = "test"
+  authentication_client_cert_content         = "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc3jddBxAZ8uIf\nxerFpPmS67xYO0PEyMfP0syQ7AoZ0XJGyHvl/t4sOEZr1a0F5p0TVw5lzmkzBPk1\n+HjGZ7eGgSMtYHe2QhHNHdyLJOGbMd4rzjvyhtnjrlePI+ucn6puhtMOGyF9Cj8i\nmemy5HxF2iDO1ZRsgS4sA3SGfn8AxL5Tk4aB8j7vQhZwEtZWRR2gH0sVBAXEsmuU\ny6Xl+SaM6dhDrEl3KOBikxL+Y5ax/yJSp9m7ReWvzFOLd3PEkRkPqbf0hSIH/Roy\nkoVFN7aJu89bf8VOWV7cCuVQ+4AbpkHaJMsqb2wQ2rVSQ5GOZhjqBCGrobA+Evg8\n9ZdRHATnAgMBAAECggEAJR5bY5D6TcIZ6okSiaDOKLjhcFqVaw7rNawRoRFqKSif\n8fFjkSWiJQBYJWtFpsY5A7UPwGBOIbrmPwHBGmb32uz9AnVB6Sl1YGlyVRgfqjtZ\nQTdpr7qmB7OXF4FL6YiT1ftmoOpCWIdOUPxY4C2yDPM5rEkMpqeXIOJ7xNahdXlL\nLm+E0qxy2yt3khGhhKeObIiYpiln6z3VrRk5GA9U8aq0HP15IXBlxbfT9uzBZfbs\n4KlHCMOYEDE2+5r5R38kRCgMjkOuNAo38oMRIeEVlzbvq85WWFHs1kt/N8855zLt\nyDbnIn8SY6+fxeCGpecDef45Qb4xfAmRDLTLyJOFMQKBgQDuIPrW+YzGacBBLDWM\nzISw3jf9JsR4IWCD3zeSUAYjkHYwnBnyXfqZyGaMaQrE7GE16Wl20wVjEHeTJgdR\n+NZZ8ZpmHAHjfifSUjxn7t7M9Qo6VTp8W5LoaSs2HY4ylsSOK6RUPkXEIKAGvf7I\nf3VvdjJuWo0X04HPoC7u/rwMqwKBgQDtcZ2VfvoBYtIk6CpfAhRmhrPo2hJpyDB1\ny9MPmsYhCiB+/HcYsUt8zXUlCaOP1m/5tz58hSzTytvoB60Z+aXtG9I4XS3Wjhmd\nrEtuV0WiCA92vqKUVXWYnGy8L8pr6UXPgBezFvjHQKZzIoKByPCJckrEqCl8VUxh\nUcAvPVUwtQKBgHJxxTxWORMOtghcf+wISulaE1yGKjx2BhW6zNFzxk+HWVYpX8r8\n4bjQ+IAY58UWue2YHUivSFKBEobU6wW5awNVO1hBs6Kq+eZ6AXAN/GRSjDTWy0ID\nHMq36L2cXL/xd8vAK70VJKCK8X3sCCxCHaWRD9G7kT3XN/caTBQutx/7AoGAMB4j\nIiWOQnOlRGdsFr7UJYbMtLZknt07vNNmXTYvSojD1xgQhod/VbZJNA1FASQiowdY\neWF/mRf2AopzsNzfnDJUIqn3XRCE7mf5DU5QRSq+/4BYcBj1cMzaWDSTH9UxGYDK\nzLcuCSr30ENBEU4IOMJZlorBhXm/tcUcXjZeqjUCgYEAwpOFx8KHazph2ial9954\ndq0IZZrhrLPoaLQVwLnUITpvKw1ORxdzLH8VNvRTcPF6XRt7BcV8aRcENW7R0Ozd\nQa4T12AxqCFp2tdD7juOMJoFVwr5Cq5DyN935QP7PiGhqBRJYkXvBMCezFD7XloC\njjroojuJIsIhfhgvoKj37oE=\n-----END PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\nMIIIAjCCBuqgAwIBAgIJALYF/Umvsgf3MA0GCSqGSIb3DQEBCwUAME8xCzAJBgNV\nBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8wDQYDVQQHDAZPdHRhd2ExDzANBgNV\nBAoMBlNvbGFjZTEMMAoGA1UEAwwDYWZ3MCAXDTIzMDMwNzE3MDExMloYDzIxMjMw\nMjExMTcwMTEyWjB1MQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJpbzEPMA0G\nA1UEBwwGT3R0YXdhMQ8wDQYDVQQKDAZTb2xhY2UxDDAKBgNVBAMMA2FmdzEkMCIG\nCSqGSIb3DQEJARYVdm1yLTEzMi05NkBzb2xhY2UuY29tMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEA3N43XQcQGfLiH8XqxaT5kuu8WDtDxMjHz9LMkOwK\nGdFyRsh75f7eLDhGa9WtBeadE1cOZc5pMwT5Nfh4xme3hoEjLWB3tkIRzR3ciyTh\nmzHeK8478obZ465XjyPrnJ+qbobTDhshfQo/IpnpsuR8RdogztWUbIEuLAN0hn5/\nAMS+U5OGgfI+70IWcBLWVkUdoB9LFQQFxLJrlMul5fkmjOnYQ6xJdyjgYpMS/mOW\nsf8iUqfZu0Xlr8xTi3dzxJEZD6m39IUiB/0aMpKFRTe2ibvPW3/FTlle3ArlUPuA\nG6ZB2iTLKm9sENq1UkORjmYY6gQhq6GwPhL4PPWXURwE5wIDAQABo4IEtzCCBLMw\nCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwggSXBgNVHREEggSOMIIEiocEwKiEYIcQ\n/YAAAAAAASgBkgFoATIAloIEZTk2bYIJZTk2bS5pcHY0ggllOTZtLmlwdjaCgf1l\nOTZtLmNvbS5zb2xhY2UtdGVzdC52bXItbXVsdGktY2xvdWQuQWFhYWFhYWFhYS5C\nYmJiYmJiYmJiLkNjY2NjY2NjY2MuRGRkZGRkZGRkZC5FZWVlZWVlZWVlLkZmZmZm\nZmZmZmYuR2dnZ2dnZ2dnZy5IaGhoaGhoaGhoLklpaWlpaWlpaWkuSmpqampqampq\nai5La2tra2tra2trLkxsbGxsbGxsbGwuTW1tbW1tbW1tbS5Obm5ubm5ubm5uLk9v\nb29vb29vb28uUHBwcHBwcHBwcC5RcXFxcXFxcXFxLlJycnJycnJycnIuU3Nzc3Nz\nc3Nzcy5UdHR0dHR0goH9ZTk2bS5jb20uc29sYWNlLXRlc3Qudm1yLW11bHRpLWNs\nb3VkLkFhYWFhYWFhYWEuQmJiYmJiYmJiYi5DY2NjY2NjY2NjLkRkZGRkZGRkZGQu\nRWVlZWVlZWVlZS5GZmZmZmZmZmZmLkdnZ2dnZ2dnZ2cuSGhoaGhoaGhoaC5JaWlp\naWlpaWlpLkpqampqampqamouS2tra2tra2tray5MbGxsbGxsbGxsLk1tbW1tbW1t\nbW0uTm5ubm5ubm5ubi5Pb29vb29vb29vLlBwcHBwcHBwcHAuUXFxcXFxcXFxcS5S\ncnJycnJycnJyLlNzc3Nzc3Nzc3MuVHR0dHR0dIIMZTk2bS5zb2x0ZXN0ghFlOTZt\nLmlwdjQuc29sdGVzdIIRZTk2bS5pcHY2LnNvbHRlc3SCgf1lOTZtLmNvbS5zb2xh\nY2UtdGVzdC52bXItbXVsdGktY2xvdWQuQWFhYWFhYWFhYS5CYmJiYmJiYmJiLkNj\nY2NjY2NjY2MuRGRkZGRkZGRkZC5FZWVlZWVlZWVlLkZmZmZmZmZmZmYuR2dnZ2dn\nZ2dnZy5IaGhoaGhoaGhoLklpaWlpaWlpaWkuSmpqampqampqai5La2tra2tra2tr\nLkxsbGxsbGxsbGwuTW1tbW1tbW1tbS5Obm5ubm5ubm5uLk9vb29vb29vb28uUHBw\ncHBwcHBwcC5RcXFxcXFxcXFxLlJycnJycnJycnIuU3Nzc3Nzc3Nzcy5zb2x0ZXN0\ngoH9ZTk2bS5jb20uc29sYWNlLXRlc3Qudm1yLW11bHRpLWNsb3VkLkFhYWFhYWFh\nYWEuQmJiYmJiYmJiYi5DY2NjY2NjY2NjLkRkZGRkZGRkZGQuRWVlZWVlZWVlZS5G\nZmZmZmZmZmZmLkdnZ2dnZ2dnZ2cuSGhoaGhoaGhoaC5JaWlpaWlpaWlpLkpqampq\nampqamouS2tra2tra2tray5MbGxsbGxsbGxsLk1tbW1tbW1tbW0uTm5ubm5ubm5u\nbi5Pb29vb29vb29vLlBwcHBwcHBwcHAuUXFxcXFxcXFxcS5ScnJycnJycnJyLlNz\nc3Nzc3Nzc3Muc29sdGVzdIIKdm1yLTEzMi05NoIUdm1yLTEzMi05Ni5zb2wtbG9j\nYWwwDQYJKoZIhvcNAQELBQADggEBALw9t+131ytbltmPk8LKmYNo/tWWsJgwcxGu\npzconod45Ibia2Sep1yNll2Oqx1/Te6vk93WmHnP2F01N/o9mWZSMbsw2mxWi+EJ\nd5TSvr14Elb7/6bsc8b82SF3UIFVlBe2ng3M6a0r/g3UG2Nq7O4EoRwt8msIUfI+\nW2k1YOOplaejxKwbIOxBe4qpagdwtwOWvmjM//IrRCI+GiXZ7UfO5nG0Dzy85lX2\n80mOjL5WX1c9QalW/c4tU/W2gBXt+/GlZ9M0WFSmiBfexSp75G8/tVCfbwV+XUBw\nX8aEQnKCo/w72bD2C52Di/OnxteRT+NFdNMafngPpPTHk9hnRgU=\n-----END CERTIFICATE-----"
+  authentication_client_cert_password        = "test"
+  authentication_oauth_client_id             = "test"
+  authentication_oauth_client_scope          = "test"
+  authentication_oauth_client_secret         = "test"
+  authentication_oauth_client_token_endpoint = "https://test1:3224"
+  authentication_scheme                      = "basic"
+  authentication_scram_hash                  = "sha-256"
+  authentication_scram_password              = "test"
+  authentication_scram_username              = "test"
+  batch_delay                                = 501
+  batch_max_size                             = 2
+  bootstrap_address_list                     = "test"
+  enabled                                    = true
+  group_id                                   = "test"
+  group_keepalive_interval                   = 3001
+  group_keepalive_timeout                    = 45499
+  group_membership_type                      = "static"
+  group_partition_scheme_list                = "cooperative-sticky"
+  metadata_topic_exclude_list                = "test"
+  metadata_topic_refresh_interval            = "29999"
+  transport_tls_enabled                      = true
+}
+
+resource "solacebroker_msg_vpn_kafka_receiver_topic_binding" "msg_vpn_kafka_receiver_topic_binding" {
+  msg_vpn_name        = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  kafka_receiver_name = solacebroker_msg_vpn_kafka_receiver.msg_vpn_kafka_receiver.kafka_receiver_name
+  topic_name          = "test"
+  enabled             = true
+  initial_offset      = "beginning"
+  local_key           = "test"
+  local_topic         = "test"
+}
+
+resource "solacebroker_msg_vpn_kafka_sender" "msg_vpn_kafka_sender" {
+  msg_vpn_name                               = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  kafka_sender_name                          = "test"
+  authentication_basic_password              = "test"
+  authentication_basic_username              = "test"
+  authentication_client_cert_content         = "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc3jddBxAZ8uIf\nxerFpPmS67xYO0PEyMfP0syQ7AoZ0XJGyHvl/t4sOEZr1a0F5p0TVw5lzmkzBPk1\n+HjGZ7eGgSMtYHe2QhHNHdyLJOGbMd4rzjvyhtnjrlePI+ucn6puhtMOGyF9Cj8i\nmemy5HxF2iDO1ZRsgS4sA3SGfn8AxL5Tk4aB8j7vQhZwEtZWRR2gH0sVBAXEsmuU\ny6Xl+SaM6dhDrEl3KOBikxL+Y5ax/yJSp9m7ReWvzFOLd3PEkRkPqbf0hSIH/Roy\nkoVFN7aJu89bf8VOWV7cCuVQ+4AbpkHaJMsqb2wQ2rVSQ5GOZhjqBCGrobA+Evg8\n9ZdRHATnAgMBAAECggEAJR5bY5D6TcIZ6okSiaDOKLjhcFqVaw7rNawRoRFqKSif\n8fFjkSWiJQBYJWtFpsY5A7UPwGBOIbrmPwHBGmb32uz9AnVB6Sl1YGlyVRgfqjtZ\nQTdpr7qmB7OXF4FL6YiT1ftmoOpCWIdOUPxY4C2yDPM5rEkMpqeXIOJ7xNahdXlL\nLm+E0qxy2yt3khGhhKeObIiYpiln6z3VrRk5GA9U8aq0HP15IXBlxbfT9uzBZfbs\n4KlHCMOYEDE2+5r5R38kRCgMjkOuNAo38oMRIeEVlzbvq85WWFHs1kt/N8855zLt\nyDbnIn8SY6+fxeCGpecDef45Qb4xfAmRDLTLyJOFMQKBgQDuIPrW+YzGacBBLDWM\nzISw3jf9JsR4IWCD3zeSUAYjkHYwnBnyXfqZyGaMaQrE7GE16Wl20wVjEHeTJgdR\n+NZZ8ZpmHAHjfifSUjxn7t7M9Qo6VTp8W5LoaSs2HY4ylsSOK6RUPkXEIKAGvf7I\nf3VvdjJuWo0X04HPoC7u/rwMqwKBgQDtcZ2VfvoBYtIk6CpfAhRmhrPo2hJpyDB1\ny9MPmsYhCiB+/HcYsUt8zXUlCaOP1m/5tz58hSzTytvoB60Z+aXtG9I4XS3Wjhmd\nrEtuV0WiCA92vqKUVXWYnGy8L8pr6UXPgBezFvjHQKZzIoKByPCJckrEqCl8VUxh\nUcAvPVUwtQKBgHJxxTxWORMOtghcf+wISulaE1yGKjx2BhW6zNFzxk+HWVYpX8r8\n4bjQ+IAY58UWue2YHUivSFKBEobU6wW5awNVO1hBs6Kq+eZ6AXAN/GRSjDTWy0ID\nHMq36L2cXL/xd8vAK70VJKCK8X3sCCxCHaWRD9G7kT3XN/caTBQutx/7AoGAMB4j\nIiWOQnOlRGdsFr7UJYbMtLZknt07vNNmXTYvSojD1xgQhod/VbZJNA1FASQiowdY\neWF/mRf2AopzsNzfnDJUIqn3XRCE7mf5DU5QRSq+/4BYcBj1cMzaWDSTH9UxGYDK\nzLcuCSr30ENBEU4IOMJZlorBhXm/tcUcXjZeqjUCgYEAwpOFx8KHazph2ial9954\ndq0IZZrhrLPoaLQVwLnUITpvKw1ORxdzLH8VNvRTcPF6XRt7BcV8aRcENW7R0Ozd\nQa4T12AxqCFp2tdD7juOMJoFVwr5Cq5DyN935QP7PiGhqBRJYkXvBMCezFD7XloC\njjroojuJIsIhfhgvoKj37oE=\n-----END PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\nMIIIAjCCBuqgAwIBAgIJALYF/Umvsgf3MA0GCSqGSIb3DQEBCwUAME8xCzAJBgNV\nBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8wDQYDVQQHDAZPdHRhd2ExDzANBgNV\nBAoMBlNvbGFjZTEMMAoGA1UEAwwDYWZ3MCAXDTIzMDMwNzE3MDExMloYDzIxMjMw\nMjExMTcwMTEyWjB1MQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJpbzEPMA0G\nA1UEBwwGT3R0YXdhMQ8wDQYDVQQKDAZTb2xhY2UxDDAKBgNVBAMMA2FmdzEkMCIG\nCSqGSIb3DQEJARYVdm1yLTEzMi05NkBzb2xhY2UuY29tMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEA3N43XQcQGfLiH8XqxaT5kuu8WDtDxMjHz9LMkOwK\nGdFyRsh75f7eLDhGa9WtBeadE1cOZc5pMwT5Nfh4xme3hoEjLWB3tkIRzR3ciyTh\nmzHeK8478obZ465XjyPrnJ+qbobTDhshfQo/IpnpsuR8RdogztWUbIEuLAN0hn5/\nAMS+U5OGgfI+70IWcBLWVkUdoB9LFQQFxLJrlMul5fkmjOnYQ6xJdyjgYpMS/mOW\nsf8iUqfZu0Xlr8xTi3dzxJEZD6m39IUiB/0aMpKFRTe2ibvPW3/FTlle3ArlUPuA\nG6ZB2iTLKm9sENq1UkORjmYY6gQhq6GwPhL4PPWXURwE5wIDAQABo4IEtzCCBLMw\nCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwggSXBgNVHREEggSOMIIEiocEwKiEYIcQ\n/YAAAAAAASgBkgFoATIAloIEZTk2bYIJZTk2bS5pcHY0ggllOTZtLmlwdjaCgf1l\nOTZtLmNvbS5zb2xhY2UtdGVzdC52bXItbXVsdGktY2xvdWQuQWFhYWFhYWFhYS5C\nYmJiYmJiYmJiLkNjY2NjY2NjY2MuRGRkZGRkZGRkZC5FZWVlZWVlZWVlLkZmZmZm\nZmZmZmYuR2dnZ2dnZ2dnZy5IaGhoaGhoaGhoLklpaWlpaWlpaWkuSmpqampqampq\nai5La2tra2tra2trLkxsbGxsbGxsbGwuTW1tbW1tbW1tbS5Obm5ubm5ubm5uLk9v\nb29vb29vb28uUHBwcHBwcHBwcC5RcXFxcXFxcXFxLlJycnJycnJycnIuU3Nzc3Nz\nc3Nzcy5UdHR0dHR0goH9ZTk2bS5jb20uc29sYWNlLXRlc3Qudm1yLW11bHRpLWNs\nb3VkLkFhYWFhYWFhYWEuQmJiYmJiYmJiYi5DY2NjY2NjY2NjLkRkZGRkZGRkZGQu\nRWVlZWVlZWVlZS5GZmZmZmZmZmZmLkdnZ2dnZ2dnZ2cuSGhoaGhoaGhoaC5JaWlp\naWlpaWlpLkpqampqampqamouS2tra2tra2tray5MbGxsbGxsbGxsLk1tbW1tbW1t\nbW0uTm5ubm5ubm5ubi5Pb29vb29vb29vLlBwcHBwcHBwcHAuUXFxcXFxcXFxcS5S\ncnJycnJycnJyLlNzc3Nzc3Nzc3MuVHR0dHR0dIIMZTk2bS5zb2x0ZXN0ghFlOTZt\nLmlwdjQuc29sdGVzdIIRZTk2bS5pcHY2LnNvbHRlc3SCgf1lOTZtLmNvbS5zb2xh\nY2UtdGVzdC52bXItbXVsdGktY2xvdWQuQWFhYWFhYWFhYS5CYmJiYmJiYmJiLkNj\nY2NjY2NjY2MuRGRkZGRkZGRkZC5FZWVlZWVlZWVlLkZmZmZmZmZmZmYuR2dnZ2dn\nZ2dnZy5IaGhoaGhoaGhoLklpaWlpaWlpaWkuSmpqampqampqai5La2tra2tra2tr\nLkxsbGxsbGxsbGwuTW1tbW1tbW1tbS5Obm5ubm5ubm5uLk9vb29vb29vb28uUHBw\ncHBwcHBwcC5RcXFxcXFxcXFxLlJycnJycnJycnIuU3Nzc3Nzc3Nzcy5zb2x0ZXN0\ngoH9ZTk2bS5jb20uc29sYWNlLXRlc3Qudm1yLW11bHRpLWNsb3VkLkFhYWFhYWFh\nYWEuQmJiYmJiYmJiYi5DY2NjY2NjY2NjLkRkZGRkZGRkZGQuRWVlZWVlZWVlZS5G\nZmZmZmZmZmZmLkdnZ2dnZ2dnZ2cuSGhoaGhoaGhoaC5JaWlpaWlpaWlpLkpqampq\nampqamouS2tra2tra2tray5MbGxsbGxsbGxsLk1tbW1tbW1tbW0uTm5ubm5ubm5u\nbi5Pb29vb29vb29vLlBwcHBwcHBwcHAuUXFxcXFxcXFxcS5ScnJycnJycnJyLlNz\nc3Nzc3Nzc3Muc29sdGVzdIIKdm1yLTEzMi05NoIUdm1yLTEzMi05Ni5zb2wtbG9j\nYWwwDQYJKoZIhvcNAQELBQADggEBALw9t+131ytbltmPk8LKmYNo/tWWsJgwcxGu\npzconod45Ibia2Sep1yNll2Oqx1/Te6vk93WmHnP2F01N/o9mWZSMbsw2mxWi+EJ\nd5TSvr14Elb7/6bsc8b82SF3UIFVlBe2ng3M6a0r/g3UG2Nq7O4EoRwt8msIUfI+\nW2k1YOOplaejxKwbIOxBe4qpagdwtwOWvmjM//IrRCI+GiXZ7UfO5nG0Dzy85lX2\n80mOjL5WX1c9QalW/c4tU/W2gBXt+/GlZ9M0WFSmiBfexSp75G8/tVCfbwV+XUBw\nX8aEQnKCo/w72bD2C52Di/OnxteRT+NFdNMafngPpPTHk9hnRgU=\n-----END CERTIFICATE-----"
+  authentication_client_cert_password        = "test"
+  authentication_oauth_client_id             = "test"
+  authentication_oauth_client_scope          = "test"
+  authentication_oauth_client_secret         = "test"
+  authentication_oauth_client_token_endpoint = "https://test:3222"
+  authentication_scheme                      = "basic"
+  authentication_scram_hash                  = "sha-256"
+  authentication_scram_password              = "test"
+  authentication_scram_username              = "test"
+  batch_delay                                = 501
+  batch_max_msg_count                        = 9999
+  batch_max_size                             = 2
+  bootstrap_address_list                     = "test"
+  enabled                                    = true
+  idempotence_enabled                        = true
+  transport_compression_enabled              = true
+  transport_compression_level                = 0
+  transport_compression_type                 = "lz4"
+  transport_tls_enabled                      = true
+}
+
+resource "solacebroker_msg_vpn_kafka_sender_queue_binding" "msg_vpn_kafka_sender_queue_binding" {
+  msg_vpn_name                      = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  kafka_sender_name                 = solacebroker_msg_vpn_kafka_sender.msg_vpn_kafka_sender.kafka_sender_name
+  queue_name                        = "test"
+  ack_mode                          = "none"
+  enabled                           = true
+  partition_consistent_hash         = "murmur2"
+  partition_explicit_number         = 1
+  partition_random_fallback_enabled = false
+  partition_scheme                  = "random"
+  remote_key                        = "test"
+  remote_topic                      = "test"
+}
+
+resource "solacebroker_msg_vpn_mqtt_retain_cache" "msg_vpn_mqtt_retain_cache" {
+  msg_vpn_name = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  cache_name   = "test"
+  enabled      = true
+  msg_lifetime = 4
+}
+
+resource "solacebroker_msg_vpn_mqtt_session" "msg_vpn_mqtt_session" {
+  msg_vpn_name                                        = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  mqtt_session_client_id                              = "test"
+  mqtt_session_virtual_router                         = "auto"
+  enabled                                             = true
+  owner                                               = "test"
+  queue_consumer_ack_propagation_enabled              = false
+  queue_dead_msg_queue                                = "test"
+  queue_event_bind_count_threshold                    = { "clear_percent" = 40, "set_percent" = 50 }
+  queue_event_msg_spool_usage_threshold               = { "clear_percent" = 40, "set_percent" = 50 }
+  queue_event_reject_low_priority_msg_limit_threshold = { "clear_percent" = 40, "set_percent" = 50 }
+  queue_max_delivered_unacked_msgs_per_flow           = 9999
+  queue_max_msg_size                                  = 999999
+  queue_max_msg_spool_usage                           = 999
+  queue_max_redelivery_count                          = 1
+  queue_max_ttl                                       = 1
+  queue_reject_low_priority_msg_enabled               = true
+  queue_reject_low_priority_msg_limit                 = 1
+  queue_reject_msg_to_sender_on_discard_behavior      = "always"
+  queue_respect_ttl_enabled                           = true
+}
+
+resource "solacebroker_msg_vpn_mqtt_session_subscription" "msg_vpn_mqtt_session_subscription" {
+  msg_vpn_name                = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  mqtt_session_client_id      = solacebroker_msg_vpn_mqtt_session.msg_vpn_mqtt_session.mqtt_session_client_id
+  mqtt_session_virtual_router = solacebroker_msg_vpn_mqtt_session.msg_vpn_mqtt_session.mqtt_session_virtual_router
+  subscription_topic          = "test"
+  subscription_qos            = 1
+}
+
+resource "solacebroker_msg_vpn_proxy" "msg_vpn_proxy" {
+  msg_vpn_name                  = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  proxy_name                    = "test"
+  authentication_scheme         = "basic"
+  authentication_basic_username = "test"
+  authentication_basic_password = "test"
+  enabled                       = true
+  host                          = "192.168.1.1"
+  port                          = "12345"
+  proxy_type                    = "http"
+}
+
+resource "solacebroker_msg_vpn_queue" "msg_vpn_queue" {
+  msg_vpn_name                                  = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  queue_name                                    = "test"
+  access_type                                   = "non-exclusive"
+  consumer_ack_propagation_enabled              = false
+  dead_msg_queue                                = "test1"
+  delivery_count_enabled                        = true
+  delivery_delay                                = "1"
+  egress_enabled                                = true
+  event_bind_count_threshold                    = { "clear_percent" = 40, "set_percent" = 50 }
+  event_msg_spool_usage_threshold               = { "clear_percent" = 40, "set_percent" = 50 }
+  event_reject_low_priority_msg_limit_threshold = { "clear_percent" = 40, "set_percent" = 50 }
+  ingress_enabled                               = true
+  max_bind_count                                = 999
+  max_delivered_unacked_msgs_per_flow           = 999
+  max_msg_size                                  = 999
+  max_msg_spool_usage                           = 9999
+  max_redelivery_count                          = 9
+  max_ttl                                       = 9
+  owner                                         = "test"
+  partition_count                               = 1
+  partition_rebalance_delay                     = 6
+  partition_rebalance_max_handoff_time          = 4
+  permission                                    = "consume"
+  redelivery_delay_enabled                      = true
+  redelivery_delay_initial_interval             = 999
+  redelivery_delay_max_interval                 = 9999
+  redelivery_delay_multiplier                   = 199
+  redelivery_enabled                            = true
+  reject_low_priority_msg_enabled               = true
+  reject_low_priority_msg_limit                 = 1
+  reject_msg_to_sender_on_discard_behavior      = "always"
+  respect_msg_priority_enabled                  = true
+  respect_ttl_enabled                           = true
+}
+
+resource "solacebroker_msg_vpn_queue_subscription" "msg_vpn_queue_subscription" {
+  msg_vpn_name       = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  queue_name         = solacebroker_msg_vpn_queue.msg_vpn_queue.queue_name
+  subscription_topic = "test"
+}
+
+resource "solacebroker_msg_vpn_queue_template" "msg_vpn_queue_template" {
+  msg_vpn_name                                  = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  queue_template_name                           = "test"
+  access_type                                   = "non-exclusive"
+  consumer_ack_propagation_enabled              = false
+  dead_msg_queue                                = "test1"
+  delivery_delay                                = "1"
+  durability_override                           = "non-durable"
+  event_bind_count_threshold                    = { "clear_percent" = 40, "set_percent" = 50 }
+  event_msg_spool_usage_threshold               = { "clear_percent" = 40, "set_percent" = 50 }
+  event_reject_low_priority_msg_limit_threshold = { "clear_percent" = 40, "set_percent" = 50 }
+  max_bind_count                                = 999
+  max_delivered_unacked_msgs_per_flow           = 999
+  max_msg_size                                  = 999
+  max_msg_spool_usage                           = 9999
+  max_redelivery_count                          = 0
+  max_ttl                                       = 9
+  permission                                    = "consume"
+  queue_name_filter                             = "test"
+  redelivery_delay_enabled                      = true
+  redelivery_delay_initial_interval             = 1
+  redelivery_delay_max_interval                 = 1
+  redelivery_delay_multiplier                   = 100
+  redelivery_enabled                            = true
+  reject_low_priority_msg_enabled               = true
+  reject_low_priority_msg_limit                 = 1
+  reject_msg_to_sender_on_discard_behavior      = "always"
+  respect_msg_priority_enabled                  = true
+  respect_ttl_enabled                           = true
+}
+
+resource "solacebroker_msg_vpn_replay_log" "msg_vpn_replay_log" {
+  msg_vpn_name         = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  replay_log_name      = "test"
+  egress_enabled       = true
+  ingress_enabled      = true
+  max_spool_usage      = 100
+  topic_filter_enabled = true
+}
+
+resource "solacebroker_msg_vpn_replay_log_topic_filter_subscription" "msg_vpn_replay_log_topic_filter_subscription" {
+  msg_vpn_name              = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  replay_log_name           = solacebroker_msg_vpn_replay_log.msg_vpn_replay_log.replay_log_name
+  topic_filter_subscription = "test"
+}
+
+resource "solacebroker_msg_vpn_replicated_topic" "msg_vpn_replicated_topic" {
+  msg_vpn_name     = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  replicated_topic = "test"
+  replication_mode = "sync"
+}
+
+resource "solacebroker_msg_vpn_rest_delivery_point" "msg_vpn_rest_delivery_point" {
+  msg_vpn_name             = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  rest_delivery_point_name = "test"
+  client_profile_name      = "default"
+  enabled                  = true
+  service                  = "test"
+  vendor                   = "test"
+}
+
+resource "solacebroker_msg_vpn_rest_delivery_point_queue_binding" "msg_vpn_rest_delivery_point_queue_binding" {
+  msg_vpn_name                             = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  rest_delivery_point_name                 = solacebroker_msg_vpn_rest_delivery_point.msg_vpn_rest_delivery_point.rest_delivery_point_name
+  queue_binding_name                       = "test"
+  gateway_replace_target_authority_enabled = true
+  post_request_target                      = "test"
+  request_target_evaluation                = "substitution-expressions"
+}
+
+resource "solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_request_header" "msg_vpn_rest_delivery_point_queue_binding_protected_request_header" {
+  msg_vpn_name             = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  rest_delivery_point_name = solacebroker_msg_vpn_rest_delivery_point.msg_vpn_rest_delivery_point.rest_delivery_point_name
+  queue_binding_name       = solacebroker_msg_vpn_rest_delivery_point_queue_binding.msg_vpn_rest_delivery_point_queue_binding.queue_binding_name
+  header_name              = "test6"
+  header_value             = "test"
+}
+
+resource "solacebroker_msg_vpn_rest_delivery_point_queue_binding_request_header" "msg_vpn_rest_delivery_point_queue_binding_request_header" {
+  msg_vpn_name             = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  rest_delivery_point_name = solacebroker_msg_vpn_rest_delivery_point.msg_vpn_rest_delivery_point.rest_delivery_point_name
+  queue_binding_name       = solacebroker_msg_vpn_rest_delivery_point_queue_binding.msg_vpn_rest_delivery_point_queue_binding.queue_binding_name
+  header_name              = "test5"
+  header_value             = "test"
+}
+
+resource "solacebroker_msg_vpn_rest_delivery_point_rest_consumer" "msg_vpn_rest_delivery_point_rest_consumer" {
+  msg_vpn_name                                     = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  rest_delivery_point_name                         = solacebroker_msg_vpn_rest_delivery_point.msg_vpn_rest_delivery_point.rest_delivery_point_name
+  rest_consumer_name                               = "test"
+  authentication_aws_access_key_id                 = "test"
+  authentication_aws_region                        = "test"
+  authentication_aws_secret_access_key             = "test"
+  authentication_aws_service                       = "test"
+  authentication_client_cert_content               = "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc3jddBxAZ8uIf\nxerFpPmS67xYO0PEyMfP0syQ7AoZ0XJGyHvl/t4sOEZr1a0F5p0TVw5lzmkzBPk1\n+HjGZ7eGgSMtYHe2QhHNHdyLJOGbMd4rzjvyhtnjrlePI+ucn6puhtMOGyF9Cj8i\nmemy5HxF2iDO1ZRsgS4sA3SGfn8AxL5Tk4aB8j7vQhZwEtZWRR2gH0sVBAXEsmuU\ny6Xl+SaM6dhDrEl3KOBikxL+Y5ax/yJSp9m7ReWvzFOLd3PEkRkPqbf0hSIH/Roy\nkoVFN7aJu89bf8VOWV7cCuVQ+4AbpkHaJMsqb2wQ2rVSQ5GOZhjqBCGrobA+Evg8\n9ZdRHATnAgMBAAECggEAJR5bY5D6TcIZ6okSiaDOKLjhcFqVaw7rNawRoRFqKSif\n8fFjkSWiJQBYJWtFpsY5A7UPwGBOIbrmPwHBGmb32uz9AnVB6Sl1YGlyVRgfqjtZ\nQTdpr7qmB7OXF4FL6YiT1ftmoOpCWIdOUPxY4C2yDPM5rEkMpqeXIOJ7xNahdXlL\nLm+E0qxy2yt3khGhhKeObIiYpiln6z3VrRk5GA9U8aq0HP15IXBlxbfT9uzBZfbs\n4KlHCMOYEDE2+5r5R38kRCgMjkOuNAo38oMRIeEVlzbvq85WWFHs1kt/N8855zLt\nyDbnIn8SY6+fxeCGpecDef45Qb4xfAmRDLTLyJOFMQKBgQDuIPrW+YzGacBBLDWM\nzISw3jf9JsR4IWCD3zeSUAYjkHYwnBnyXfqZyGaMaQrE7GE16Wl20wVjEHeTJgdR\n+NZZ8ZpmHAHjfifSUjxn7t7M9Qo6VTp8W5LoaSs2HY4ylsSOK6RUPkXEIKAGvf7I\nf3VvdjJuWo0X04HPoC7u/rwMqwKBgQDtcZ2VfvoBYtIk6CpfAhRmhrPo2hJpyDB1\ny9MPmsYhCiB+/HcYsUt8zXUlCaOP1m/5tz58hSzTytvoB60Z+aXtG9I4XS3Wjhmd\nrEtuV0WiCA92vqKUVXWYnGy8L8pr6UXPgBezFvjHQKZzIoKByPCJckrEqCl8VUxh\nUcAvPVUwtQKBgHJxxTxWORMOtghcf+wISulaE1yGKjx2BhW6zNFzxk+HWVYpX8r8\n4bjQ+IAY58UWue2YHUivSFKBEobU6wW5awNVO1hBs6Kq+eZ6AXAN/GRSjDTWy0ID\nHMq36L2cXL/xd8vAK70VJKCK8X3sCCxCHaWRD9G7kT3XN/caTBQutx/7AoGAMB4j\nIiWOQnOlRGdsFr7UJYbMtLZknt07vNNmXTYvSojD1xgQhod/VbZJNA1FASQiowdY\neWF/mRf2AopzsNzfnDJUIqn3XRCE7mf5DU5QRSq+/4BYcBj1cMzaWDSTH9UxGYDK\nzLcuCSr30ENBEU4IOMJZlorBhXm/tcUcXjZeqjUCgYEAwpOFx8KHazph2ial9954\ndq0IZZrhrLPoaLQVwLnUITpvKw1ORxdzLH8VNvRTcPF6XRt7BcV8aRcENW7R0Ozd\nQa4T12AxqCFp2tdD7juOMJoFVwr5Cq5DyN935QP7PiGhqBRJYkXvBMCezFD7XloC\njjroojuJIsIhfhgvoKj37oE=\n-----END PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\nMIIIAjCCBuqgAwIBAgIJALYF/Umvsgf3MA0GCSqGSIb3DQEBCwUAME8xCzAJBgNV\nBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8wDQYDVQQHDAZPdHRhd2ExDzANBgNV\nBAoMBlNvbGFjZTEMMAoGA1UEAwwDYWZ3MCAXDTIzMDMwNzE3MDExMloYDzIxMjMw\nMjExMTcwMTEyWjB1MQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJpbzEPMA0G\nA1UEBwwGT3R0YXdhMQ8wDQYDVQQKDAZTb2xhY2UxDDAKBgNVBAMMA2FmdzEkMCIG\nCSqGSIb3DQEJARYVdm1yLTEzMi05NkBzb2xhY2UuY29tMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEA3N43XQcQGfLiH8XqxaT5kuu8WDtDxMjHz9LMkOwK\nGdFyRsh75f7eLDhGa9WtBeadE1cOZc5pMwT5Nfh4xme3hoEjLWB3tkIRzR3ciyTh\nmzHeK8478obZ465XjyPrnJ+qbobTDhshfQo/IpnpsuR8RdogztWUbIEuLAN0hn5/\nAMS+U5OGgfI+70IWcBLWVkUdoB9LFQQFxLJrlMul5fkmjOnYQ6xJdyjgYpMS/mOW\nsf8iUqfZu0Xlr8xTi3dzxJEZD6m39IUiB/0aMpKFRTe2ibvPW3/FTlle3ArlUPuA\nG6ZB2iTLKm9sENq1UkORjmYY6gQhq6GwPhL4PPWXURwE5wIDAQABo4IEtzCCBLMw\nCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwggSXBgNVHREEggSOMIIEiocEwKiEYIcQ\n/YAAAAAAASgBkgFoATIAloIEZTk2bYIJZTk2bS5pcHY0ggllOTZtLmlwdjaCgf1l\nOTZtLmNvbS5zb2xhY2UtdGVzdC52bXItbXVsdGktY2xvdWQuQWFhYWFhYWFhYS5C\nYmJiYmJiYmJiLkNjY2NjY2NjY2MuRGRkZGRkZGRkZC5FZWVlZWVlZWVlLkZmZmZm\nZmZmZmYuR2dnZ2dnZ2dnZy5IaGhoaGhoaGhoLklpaWlpaWlpaWkuSmpqampqampq\nai5La2tra2tra2trLkxsbGxsbGxsbGwuTW1tbW1tbW1tbS5Obm5ubm5ubm5uLk9v\nb29vb29vb28uUHBwcHBwcHBwcC5RcXFxcXFxcXFxLlJycnJycnJycnIuU3Nzc3Nz\nc3Nzcy5UdHR0dHR0goH9ZTk2bS5jb20uc29sYWNlLXRlc3Qudm1yLW11bHRpLWNs\nb3VkLkFhYWFhYWFhYWEuQmJiYmJiYmJiYi5DY2NjY2NjY2NjLkRkZGRkZGRkZGQu\nRWVlZWVlZWVlZS5GZmZmZmZmZmZmLkdnZ2dnZ2dnZ2cuSGhoaGhoaGhoaC5JaWlp\naWlpaWlpLkpqampqampqamouS2tra2tra2tray5MbGxsbGxsbGxsLk1tbW1tbW1t\nbW0uTm5ubm5ubm5ubi5Pb29vb29vb29vLlBwcHBwcHBwcHAuUXFxcXFxcXFxcS5S\ncnJycnJycnJyLlNzc3Nzc3Nzc3MuVHR0dHR0dIIMZTk2bS5zb2x0ZXN0ghFlOTZt\nLmlwdjQuc29sdGVzdIIRZTk2bS5pcHY2LnNvbHRlc3SCgf1lOTZtLmNvbS5zb2xh\nY2UtdGVzdC52bXItbXVsdGktY2xvdWQuQWFhYWFhYWFhYS5CYmJiYmJiYmJiLkNj\nY2NjY2NjY2MuRGRkZGRkZGRkZC5FZWVlZWVlZWVlLkZmZmZmZmZmZmYuR2dnZ2dn\nZ2dnZy5IaGhoaGhoaGhoLklpaWlpaWlpaWkuSmpqampqampqai5La2tra2tra2tr\nLkxsbGxsbGxsbGwuTW1tbW1tbW1tbS5Obm5ubm5ubm5uLk9vb29vb29vb28uUHBw\ncHBwcHBwcC5RcXFxcXFxcXFxLlJycnJycnJycnIuU3Nzc3Nzc3Nzcy5zb2x0ZXN0\ngoH9ZTk2bS5jb20uc29sYWNlLXRlc3Qudm1yLW11bHRpLWNsb3VkLkFhYWFhYWFh\nYWEuQmJiYmJiYmJiYi5DY2NjY2NjY2NjLkRkZGRkZGRkZGQuRWVlZWVlZWVlZS5G\nZmZmZmZmZmZmLkdnZ2dnZ2dnZ2cuSGhoaGhoaGhoaC5JaWlpaWlpaWlpLkpqampq\nampqamouS2tra2tra2tray5MbGxsbGxsbGxsLk1tbW1tbW1tbW0uTm5ubm5ubm5u\nbi5Pb29vb29vb29vLlBwcHBwcHBwcHAuUXFxcXFxcXFxcS5ScnJycnJycnJyLlNz\nc3Nzc3Nzc3Muc29sdGVzdIIKdm1yLTEzMi05NoIUdm1yLTEzMi05Ni5zb2wtbG9j\nYWwwDQYJKoZIhvcNAQELBQADggEBALw9t+131ytbltmPk8LKmYNo/tWWsJgwcxGu\npzconod45Ibia2Sep1yNll2Oqx1/Te6vk93WmHnP2F01N/o9mWZSMbsw2mxWi+EJ\nd5TSvr14Elb7/6bsc8b82SF3UIFVlBe2ng3M6a0r/g3UG2Nq7O4EoRwt8msIUfI+\nW2k1YOOplaejxKwbIOxBe4qpagdwtwOWvmjM//IrRCI+GiXZ7UfO5nG0Dzy85lX2\n80mOjL5WX1c9QalW/c4tU/W2gBXt+/GlZ9M0WFSmiBfexSp75G8/tVCfbwV+XUBw\nX8aEQnKCo/w72bD2C52Di/OnxteRT+NFdNMafngPpPTHk9hnRgU=\n-----END CERTIFICATE-----"
+  authentication_client_cert_password              = "test"
+  authentication_http_basic_password               = "test"
+  authentication_http_basic_username               = "test"
+  authentication_http_header_name                  = "test"
+  authentication_http_header_value                 = "test"
+  authentication_oauth_client_id                   = "test"
+  authentication_oauth_client_scope                = "test"
+  authentication_oauth_client_secret               = "test"
+  authentication_oauth_client_token_endpoint       = "https://192.168.1.1:8324"
+  authentication_oauth_client_token_expiry_default = 899
+  authentication_oauth_jwt_secret_key              = "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc3jddBxAZ8uIf\nxerFpPmS67xYO0PEyMfP0syQ7AoZ0XJGyHvl/t4sOEZr1a0F5p0TVw5lzmkzBPk1\n+HjGZ7eGgSMtYHe2QhHNHdyLJOGbMd4rzjvyhtnjrlePI+ucn6puhtMOGyF9Cj8i\nmemy5HxF2iDO1ZRsgS4sA3SGfn8AxL5Tk4aB8j7vQhZwEtZWRR2gH0sVBAXEsmuU\ny6Xl+SaM6dhDrEl3KOBikxL+Y5ax/yJSp9m7ReWvzFOLd3PEkRkPqbf0hSIH/Roy\nkoVFN7aJu89bf8VOWV7cCuVQ+4AbpkHaJMsqb2wQ2rVSQ5GOZhjqBCGrobA+Evg8\n9ZdRHATnAgMBAAECggEAJR5bY5D6TcIZ6okSiaDOKLjhcFqVaw7rNawRoRFqKSif\n8fFjkSWiJQBYJWtFpsY5A7UPwGBOIbrmPwHBGmb32uz9AnVB6Sl1YGlyVRgfqjtZ\nQTdpr7qmB7OXF4FL6YiT1ftmoOpCWIdOUPxY4C2yDPM5rEkMpqeXIOJ7xNahdXlL\nLm+E0qxy2yt3khGhhKeObIiYpiln6z3VrRk5GA9U8aq0HP15IXBlxbfT9uzBZfbs\n4KlHCMOYEDE2+5r5R38kRCgMjkOuNAo38oMRIeEVlzbvq85WWFHs1kt/N8855zLt\nyDbnIn8SY6+fxeCGpecDef45Qb4xfAmRDLTLyJOFMQKBgQDuIPrW+YzGacBBLDWM\nzISw3jf9JsR4IWCD3zeSUAYjkHYwnBnyXfqZyGaMaQrE7GE16Wl20wVjEHeTJgdR\n+NZZ8ZpmHAHjfifSUjxn7t7M9Qo6VTp8W5LoaSs2HY4ylsSOK6RUPkXEIKAGvf7I\nf3VvdjJuWo0X04HPoC7u/rwMqwKBgQDtcZ2VfvoBYtIk6CpfAhRmhrPo2hJpyDB1\ny9MPmsYhCiB+/HcYsUt8zXUlCaOP1m/5tz58hSzTytvoB60Z+aXtG9I4XS3Wjhmd\nrEtuV0WiCA92vqKUVXWYnGy8L8pr6UXPgBezFvjHQKZzIoKByPCJckrEqCl8VUxh\nUcAvPVUwtQKBgHJxxTxWORMOtghcf+wISulaE1yGKjx2BhW6zNFzxk+HWVYpX8r8\n4bjQ+IAY58UWue2YHUivSFKBEobU6wW5awNVO1hBs6Kq+eZ6AXAN/GRSjDTWy0ID\nHMq36L2cXL/xd8vAK70VJKCK8X3sCCxCHaWRD9G7kT3XN/caTBQutx/7AoGAMB4j\nIiWOQnOlRGdsFr7UJYbMtLZknt07vNNmXTYvSojD1xgQhod/VbZJNA1FASQiowdY\neWF/mRf2AopzsNzfnDJUIqn3XRCE7mf5DU5QRSq+/4BYcBj1cMzaWDSTH9UxGYDK\nzLcuCSr30ENBEU4IOMJZlorBhXm/tcUcXjZeqjUCgYEAwpOFx8KHazph2ial9954\ndq0IZZrhrLPoaLQVwLnUITpvKw1ORxdzLH8VNvRTcPF6XRt7BcV8aRcENW7R0Ozd\nQa4T12AxqCFp2tdD7juOMJoFVwr5Cq5DyN935QP7PiGhqBRJYkXvBMCezFD7XloC\njjroojuJIsIhfhgvoKj37oE=\n-----END PRIVATE KEY-----\n"
+  authentication_oauth_jwt_token_endpoint          = "https://192.168.1.1:8244"
+  authentication_oauth_jwt_token_expiry_default    = 899
+  authentication_scheme                            = "oauth-jwt"
+  enabled                                          = false
+  http_method                                      = "put"
+  local_interface                                  = "test"
+  max_post_wait_time                               = 29
+  outgoing_connection_count                        = 4
+  proxy_name                                       = "test"
+  remote_host                                      = "192.168.1.2"
+  remote_port                                      = 2423
+  retry_delay                                      = 4
+  tls_cipher_suite_list                            = "default"
+  tls_enabled                                      = true
+}
+
+resource "solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim" "msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim" {
+  msg_vpn_name             = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  rest_delivery_point_name = solacebroker_msg_vpn_rest_delivery_point.msg_vpn_rest_delivery_point.rest_delivery_point_name
+  rest_consumer_name       = solacebroker_msg_vpn_rest_delivery_point_rest_consumer.msg_vpn_rest_delivery_point_rest_consumer.rest_consumer_name
+  oauth_jwt_claim_name     = "test"
+  oauth_jwt_claim_value    = "{\"test\":1}"
+}
+
+resource "solacebroker_msg_vpn_sequenced_topic" "msg_vpn_sequenced_topic" {
+  msg_vpn_name    = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  sequenced_topic = "test"
+}
+
+resource "solacebroker_msg_vpn_topic_endpoint" "msg_vpn_topic_endpoint" {
+  msg_vpn_name                                  = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  topic_endpoint_name                           = "test"
+  access_type                                   = "non-exclusive"
+  consumer_ack_propagation_enabled              = false
+  dead_msg_queue                                = "test"
+  delivery_count_enabled                        = true
+  delivery_delay                                = 1
+  egress_enabled                                = true
+  event_bind_count_threshold                    = { "clear_percent" = 40, "set_percent" = 50 }
+  event_reject_low_priority_msg_limit_threshold = { "clear_percent" = 40, "set_percent" = 50 }
+  event_spool_usage_threshold                   = { "clear_percent" = 40, "set_percent" = 50 }
+  ingress_enabled                               = true
+  max_bind_count                                = 2
+  max_delivered_unacked_msgs_per_flow           = 9999
+  max_msg_size                                  = 99999
+  max_redelivery_count                          = 9
+  max_spool_usage                               = 999
+  max_ttl                                       = 9
+  owner                                         = "test"
+  permission                                    = "delete"
+  redelivery_delay_enabled                      = true
+  redelivery_delay_initial_interval             = 999
+  redelivery_delay_max_interval                 = 9999
+  redelivery_delay_multiplier                   = 199
+  redelivery_enabled                            = true
+  reject_low_priority_msg_enabled               = true
+  reject_low_priority_msg_limit                 = 9
+  reject_msg_to_sender_on_discard_behavior      = "always"
+  respect_msg_priority_enabled                  = true
+  respect_ttl_enabled                           = true
+}
+
+resource "solacebroker_msg_vpn_topic_endpoint_template" "msg_vpn_topic_endpoint_template" {
+  msg_vpn_name                                  = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  topic_endpoint_template_name                  = solacebroker_msg_vpn_topic_endpoint.msg_vpn_topic_endpoint.topic_endpoint_name
+  access_type                                   = "non-exclusive"
+  consumer_ack_propagation_enabled              = false
+  dead_msg_queue                                = "test"
+  delivery_delay                                = 1
+  event_bind_count_threshold                    = { "clear_percent" = 40, "set_percent" = 50 }
+  event_reject_low_priority_msg_limit_threshold = { "clear_percent" = 40, "set_percent" = 50 }
+  event_msg_spool_usage_threshold               = { "clear_percent" = 40, "set_percent" = 50 }
+  max_bind_count                                = 2
+  max_delivered_unacked_msgs_per_flow           = 9999
+  max_msg_size                                  = 99999
+  max_msg_spool_usage                           = 999
+  max_redelivery_count                          = 9
+  max_ttl                                       = 9
+  permission                                    = "delete"
+  redelivery_delay_enabled                      = true
+  redelivery_delay_initial_interval             = 999
+  redelivery_delay_max_interval                 = 9999
+  redelivery_delay_multiplier                   = 199
+  redelivery_enabled                            = true
+  reject_low_priority_msg_enabled               = true
+  reject_low_priority_msg_limit                 = 9
+  reject_msg_to_sender_on_discard_behavior      = "always"
+  respect_msg_priority_enabled                  = true
+  respect_ttl_enabled                           = true
+  topic_endpoint_name_filter                    = "test"
+}
+
+resource "solacebroker_oauth_profile" "oauth_profile" {
+  oauth_profile_name                         = "test"
+  access_level_groups_claim_name             = "test"
+  access_level_groups_claim_string_format    = "space-delimited"
+  client_id                                  = "test"
+  client_redirect_uri                        = "https://test1:2141"
+  client_required_type                       = "test"
+  client_scope                               = "test"
+  client_secret                              = "test"
+  client_validate_type_enabled               = false
+  default_global_access_level                = "read-only"
+  default_msg_vpn_access_level               = "read-only"
+  display_name                               = "test"
+  enabled                                    = true
+  endpoint_authorization                     = "https://test1:3421"
+  endpoint_discovery                         = "https://test1:3221"
+  endpoint_discovery_refresh_interval        = 86399
+  endpoint_introspection                     = "https://test1:6342"
+  endpoint_introspection_timeout             = 2
+  endpoint_jwks                              = "https://test1:8523"
+  endpoint_jwks_refresh_interval             = 86399
+  endpoint_token                             = "https://test1:1244"
+  endpoint_token_timeout                     = 2
+  endpoint_userinfo                          = "https://test1:2463"
+  endpoint_userinfo_timeout                  = 2
+  interactive_enabled                        = false
+  interactive_prompt_for_expired_session     = "test"
+  interactive_prompt_for_new_session         = "test"
+  issuer                                     = "test"
+  oauth_role                                 = "resource-server"
+  resource_server_parse_access_token_enabled = false
+  resource_server_required_audience          = "test"
+  resource_server_required_issuer            = "test"
+  resource_server_required_scope             = "test"
+  resource_server_required_type              = "test"
+  resource_server_validate_audience_enabled  = false
+  resource_server_validate_issuer_enabled    = false
+  resource_server_validate_scope_enabled     = false
+  resource_server_validate_type_enabled      = false
+  semp_enabled                               = false
+  username_claim_name                        = "test"
+}
+
+resource "solacebroker_oauth_profile_access_level_group" "oauth_profile_access_level_group" {
+  oauth_profile_name   = solacebroker_oauth_profile.oauth_profile.oauth_profile_name
+  group_name           = "test"
+  description          = "test"
+  global_access_level  = "admin"
+  msg_vpn_access_level = "read-write"
+}
+
+resource "solacebroker_oauth_profile_access_level_group_msg_vpn_access_level_exception" "oauth_profile_access_level_group_msg_vpn_access_level_exception" {
+  oauth_profile_name = solacebroker_oauth_profile.oauth_profile.oauth_profile_name
+  msg_vpn_name       = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  group_name         = solacebroker_oauth_profile_access_level_group.oauth_profile_access_level_group.group_name
+  access_level       = "read-write"
+}
+
+resource "solacebroker_oauth_profile_client_allowed_host" "oauth_profile_client_allowed_host" {
+  oauth_profile_name = solacebroker_oauth_profile.oauth_profile.oauth_profile_name
+  allowed_host       = "test"
+}
+
+resource "solacebroker_oauth_profile_client_authorization_parameter" "oauth_profile_client_authorization_parameter" {
+  oauth_profile_name            = solacebroker_oauth_profile.oauth_profile.oauth_profile_name
+  authorization_parameter_name  = "test"
+  authorization_parameter_value = "test"
+}
+
+resource "solacebroker_oauth_profile_client_required_claim" "oauth_profile_client_required_claim" {
+  oauth_profile_name          = solacebroker_oauth_profile.oauth_profile.oauth_profile_name
+  client_required_claim_name  = "test"
+  client_required_claim_value = "{\"test\":1}"
+}
+
+resource "solacebroker_oauth_profile_default_msg_vpn_access_level_exception" "oauth_profile_default_msg_vpn_access_level_exception" {
+  oauth_profile_name = solacebroker_oauth_profile.oauth_profile.oauth_profile_name
+  msg_vpn_name       = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+  access_level       = "read-only"
+}
+
+resource "solacebroker_oauth_profile_resource_server_required_claim" "oauth_profile_resource_server_required_claim" {
+  oauth_profile_name                   = solacebroker_oauth_profile.oauth_profile.oauth_profile_name
+  resource_server_required_claim_name  = "test"
+  resource_server_required_claim_value = "{\"test\":1}"
+}
+
+resource "solacebroker_virtual_hostname" "virtual_hostname" {
+  virtual_hostname = "test"
+  enabled          = true
+  msg_vpn_name     = solacebroker_msg_vpn.msg_vpn.msg_vpn_name
+}
diff --git a/ci/swagger_spec/semp-v2-swagger-config-extended.10.4.1.40.json b/ci/swagger_spec/semp-v2-swagger-config-extended.10.4.1.40.json
new file mode 100644
index 00000000..d6d5af5c
--- /dev/null
+++ b/ci/swagger_spec/semp-v2-swagger-config-extended.10.4.1.40.json
@@ -0,0 +1,64934 @@
+{
+  "basePath": "/SEMP/v2/config",
+  "consumes": [
+    "application/json"
+  ],
+  "definitions": {
+    "About": {
+      "properties": {},
+      "type": "object"
+    },
+    "AboutApi": {
+      "properties": {
+        "platform": {
+          "description": "The platform running the SEMP API.",
+          "maxLength": 10,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sempVersion": {
+          "description": "The version of the SEMP API.",
+          "maxLength": 10,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "AboutApiLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this API Description object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AboutApiResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/AboutApi"
+        },
+        "links": {
+          "$ref": "#/definitions/AboutApiLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "AboutLinks": {
+      "properties": {
+        "apiUri": {
+          "description": "The URI of this About's API Description object. Available since 2.2.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this About object.",
+          "type": "string"
+        },
+        "userUri": {
+          "description": "The URI of this About's User object. Available since 2.2.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AboutResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/About"
+        },
+        "links": {
+          "$ref": "#/definitions/AboutLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "AboutUser": {
+      "properties": {
+        "globalAccessLevel": {
+          "description": "The global access level of the User. The allowed values and their meaning are:\n\n<pre>\n\"admin\" - Full administrative access.\n\"none\" - No access.\n\"read-only\" - Read only access.\n\"read-write\" - Read and write access.\n</pre>\n",
+          "enum": [
+            "admin",
+            "none",
+            "read-only",
+            "read-write"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "globalDmrBridgeAccessEnabled": {
+          "description": "Indicates whether global DMR Bridge access is enabled for the User. This is only for Solace internal use. This attribute may not be returned in a GET. Available since (hidden in public API).",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sessionActive": {
+          "description": "Indicates whether a session is active for this request. Available since 2.24.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sessionCreateTime": {
+          "description": "The timestamp of when the session was created. This attribute may not be returned in a GET. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since 2.21.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": -2147483648,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sessionCurrentTime": {
+          "description": "The current server timestamp. This is provided as a reference point for the other timestamps provided. This attribute may not be returned in a GET. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since 2.21.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": -2147483648,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sessionHardExpiryTime": {
+          "description": "The hard expiry time for the session. After this time the session will be invalid, regardless of activity. This attribute may not be returned in a GET. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since 2.21.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": -2147483648,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sessionId": {
+          "description": "An identifier for the session to differentiate this session from other sessions for the same user. This value is not guaranteed to be unique between active sessions for different users. This attribute may not be returned in a GET. Available since 2.21.",
+          "maxLength": 56,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sessionIdleExpiryTime": {
+          "description": "The session idle expiry time. After this time the session will be invalid if there has been no activity. This attribute may not be returned in a GET. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since 2.21.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": -2147483648,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "username": {
+          "description": "The username of the User. Available since 2.21.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "AboutUserLinks": {
+      "properties": {
+        "msgVpnsUri": {
+          "description": "The URI of this User's collection of User Message VPN objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this User object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AboutUserMsgVpn": {
+      "properties": {
+        "accessLevel": {
+          "description": "The Message VPN access level of the User. The allowed values and their meaning are:\n\n<pre>\n\"none\" - No access.\n\"read-only\" - Read only access.\n\"read-write\" - Read and write access.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "AboutUserMsgVpnLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this User Message VPN object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "AboutUserMsgVpnResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/AboutUserMsgVpn"
+        },
+        "links": {
+          "$ref": "#/definitions/AboutUserMsgVpnLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "AboutUserMsgVpnsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/AboutUserMsgVpn"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/AboutUserMsgVpnLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "AboutUserResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/AboutUser"
+        },
+        "links": {
+          "$ref": "#/definitions/AboutUserLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "Broker": {
+      "properties": {
+        "authClientCertRevocationCheckMode": {
+          "description": "The client certificate revocation checking mode used when a client authenticates with a client certificate. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - Do not perform any certificate revocation checking.\n\"ocsp\" - Use the Open Certificate Status Protcol (OCSP) for certificate revocation checking.\n\"crl\" - Use Certificate Revocation Lists (CRL) for certificate revocation checking.\n\"ocsp-crl\" - Use OCSP first, but if OCSP fails to return an unambiguous result, then check via CRL.\n</pre>\n",
+          "enum": [
+            "none",
+            "ocsp",
+            "crl",
+            "ocsp-crl"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "router",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "configSyncAuthenticationClientCertMaxChainDepth": {
+          "description": "The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The default value is `3`. Available since 2.22.",
+          "format": "int64",
+          "maximum": 8,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "configSyncAuthenticationClientCertValidateDateEnabled": {
+          "description": "Enable or disable validation of the \"Not Before\" and \"Not After\" validity dates in the authentication certificate(s). The default value is `true`. Available since 2.22.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "configSyncClientProfileTcpInitialCongestionWindow": {
+          "description": "The TCP initial congestion window size for Config Sync clients, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. The default value is `2`. Available since 2.22.",
+          "format": "int64",
+          "maximum": 7826,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 2,
+          "x-default": 2,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "configSyncClientProfileTcpKeepaliveCount": {
+          "description": "The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. The default value is `5`. Available since 2.22.",
+          "format": "int64",
+          "maximum": 5,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 5,
+          "x-default": 5,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "configSyncClientProfileTcpKeepaliveIdle": {
+          "description": "The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. The default value is `3`. Available since 2.22.",
+          "format": "int64",
+          "maximum": 120,
+          "minimum": 3,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "configSyncClientProfileTcpKeepaliveInterval": {
+          "description": "The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. The default value is `1`. Available since 2.22.",
+          "format": "int64",
+          "maximum": 30,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "configSyncClientProfileTcpMaxWindow": {
+          "description": "The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. The default value is `256`. Available since 2.22.",
+          "format": "int64",
+          "maximum": 65536,
+          "minimum": 16,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 256,
+          "x-default": 256,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "configSyncClientProfileTcpMss": {
+          "description": "The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. The default value is `1460`. Available since 2.22.",
+          "format": "int64",
+          "maximum": 1460,
+          "minimum": 256,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1460,
+          "x-default": 1460,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "configSyncEnabled": {
+          "description": "Enable or disable configuration synchronization for High Availability or Disaster Recovery. The default value is `false`. Available since 2.22.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "configSyncSynchronizeUsernameEnabled": {
+          "description": "Enable or disable the synchronizing of usernames within High Availability groups. The transition from not synchronizing to synchronizing will cause the High Availability mate to fall out of sync. Recommendation: leave this as enabled. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since 2.22.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "configSyncTlsEnabled": {
+          "description": "Enable or disable the use of TLS encryption of the configuration synchronization communications between brokers in High Availability groups and/or Disaster Recovery sites. The default value is `false`. Available since 2.22.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingDefragmentationScheduleDayList": {
+          "description": "The days of the week to schedule defragmentation runs, specified as \"daily\" or as a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri, or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. Please note \"Sun,Mon,Tue,Wed,Thu,Fri,Sat\" is not allowed, use \"daily\" instead. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"daily\"`. Available since 2.25.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "daily",
+          "x-configSyncTableType": "router",
+          "x-default": "daily",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingDefragmentationScheduleEnabled": {
+          "description": "Enable or disable schedule-based defragmentation of Guaranteed Messaging spool files. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.25.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingDefragmentationScheduleTimeList": {
+          "description": "The times of the day to schedule defragmentation runs, specified as \"hourly\" or as a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"0:00\"`. Available since 2.25.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "0:00",
+          "x-configSyncTableType": "router",
+          "x-default": "0:00",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingDefragmentationThresholdEnabled": {
+          "description": "Enable or disable threshold-based defragmentation of Guaranteed Messaging spool files. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.25.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingDefragmentationThresholdFragmentationPercentage": {
+          "description": "Percentage of spool fragmentation needed to trigger defragmentation run. The minimum value allowed is 30%. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `50`. Available since 2.25.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 30,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 50,
+          "x-configSyncTableType": "router",
+          "x-default": 50,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingDefragmentationThresholdMinInterval": {
+          "description": "Minimum interval of time (in minutes) between defragmentation runs triggered by thresholds. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `15`. Available since 2.25.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 15,
+          "x-configSyncTableType": "router",
+          "x-default": 15,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingDefragmentationThresholdUsagePercentage": {
+          "description": "Percentage of spool usage needed to trigger defragmentation run. The minimum value allowed is 30%. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `50`. Available since 2.25.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 30,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 50,
+          "x-configSyncTableType": "router",
+          "x-default": 50,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingEnabled": {
+          "description": "Enable or disable Guaranteed Messaging. The default value is `false`. Available since 2.18.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingEventCacheUsageThreshold": {
+          "$ref": "#/definitions/GuaranteedMsgingEventCacheUsageThreshold"
+        },
+        "guaranteedMsgingEventDeliveredUnackedThreshold": {
+          "$ref": "#/definitions/GuaranteedMsgingEventDeliveredUnackedThreshold"
+        },
+        "guaranteedMsgingEventDiskUsageThreshold": {
+          "$ref": "#/definitions/GuaranteedMsgingEventDiskUsageThreshold"
+        },
+        "guaranteedMsgingEventEgressFlowCountThreshold": {
+          "$ref": "#/definitions/GuaranteedMsgingEventEgressFlowCountThreshold"
+        },
+        "guaranteedMsgingEventEndpointCountThreshold": {
+          "$ref": "#/definitions/GuaranteedMsgingEventEndpointCountThreshold"
+        },
+        "guaranteedMsgingEventIngressFlowCountThreshold": {
+          "$ref": "#/definitions/GuaranteedMsgingEventIngressFlowCountThreshold"
+        },
+        "guaranteedMsgingEventMsgCountThreshold": {
+          "$ref": "#/definitions/GuaranteedMsgingEventMsgCountThreshold"
+        },
+        "guaranteedMsgingEventMsgSpoolFileCountThreshold": {
+          "$ref": "#/definitions/GuaranteedMsgingEventMsgSpoolFileCountThreshold"
+        },
+        "guaranteedMsgingEventMsgSpoolUsageThreshold": {
+          "$ref": "#/definitions/GuaranteedMsgingEventMsgSpoolUsageThreshold"
+        },
+        "guaranteedMsgingEventTransactedSessionCountThreshold": {
+          "$ref": "#/definitions/GuaranteedMsgingEventTransactedSessionCountThreshold"
+        },
+        "guaranteedMsgingEventTransactedSessionResourceCountThreshold": {
+          "$ref": "#/definitions/GuaranteedMsgingEventTransactedSessionResourceCountThreshold"
+        },
+        "guaranteedMsgingEventTransactionCountThreshold": {
+          "$ref": "#/definitions/GuaranteedMsgingEventTransactionCountThreshold"
+        },
+        "guaranteedMsgingMaxCacheUsage": {
+          "description": "Guaranteed messaging cache usage limit. Expressed as a maximum percentage of the NAB's egress queueing. resources that the guaranteed message cache is allowed to use. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `10`. Available since 2.18.",
+          "format": "int32",
+          "maximum": 50,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10,
+          "x-configSyncTableType": "router",
+          "x-default": 10,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingMaxMsgSpoolUsage": {
+          "description": "The maximum total message spool usage allowed across all VPNs on this broker, in megabytes. Recommendation: the maximum value should be less than 90% of the disk space allocated for the guaranteed message spool. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1500`. Available since 2.18.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1500,
+          "x-configSyncTableType": "router",
+          "x-default": 1500,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingMsgSpoolSyncMirroredMsgAckTimeout": {
+          "description": "The maximum time, in milliseconds, that can be tolerated for remote acknowledgment of synchronization messages before which the remote system will be considered out of sync. The default value is `10000`. Available since 2.18.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000,
+          "x-default": 10000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingMsgSpoolSyncMirroredSpoolFileAckTimeout": {
+          "description": "The maximum time, in milliseconds, that can be tolerated for remote disk writes before which the remote system will be considered out of sync. The default value is `10000`. Available since 2.18.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000,
+          "x-default": 10000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedMsgingTransactionReplicationCompatibilityMode": {
+          "description": "The replication compatibility mode for the broker. The default value is `\"legacy\"`. The allowed values and their meaning are:\"legacy\" - All transactions originated by clients are replicated to the standby site without using transactions.\"transacted\" - All transactions originated by clients are replicated to the standby site using transactions. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"legacy\"`. The allowed values and their meaning are:\n\n<pre>\n\"legacy\" - All transactions originated by clients are replicated to the standby site without using transactions.\n\"transacted\" - All transactions originated by clients are replicated to the standby site using transactions.\n</pre>\n Available since 2.18.",
+          "enum": [
+            "legacy",
+            "transacted"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "legacy",
+          "x-configSyncTableType": "router",
+          "x-default": "legacy",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthProfileDefault": {
+          "description": "The default OAuth profile for OAuth authenticated SEMP requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`. Available since 2.24.",
+          "maxLength": 32,
+          "minLength": 0,
+          "pattern": "^[A-Za-z0-9_]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceAmqpEnabled": {
+          "description": "Enable or disable the AMQP service. When disabled new AMQP Clients may not connect through the global or per-VPN AMQP listen-ports, and all currently connected AMQP Clients are immediately disconnected. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceAmqpTlsListenPort": {
+          "description": "TCP port number that AMQP clients can use to connect to the broker using raw TCP over TLS. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceAmqpEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since 2.17.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceAmqpEnabled"
+          ],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "router",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceEventConnectionCountThreshold": {
+          "$ref": "#/definitions/ServiceEventConnectionCountThreshold"
+        },
+        "serviceHealthCheckEnabled": {
+          "description": "Enable or disable the plain-text health-check service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceHealthCheckListenPort": {
+          "description": "The port number for the plain-text health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceHealthCheckEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5550`. Available since 2.17.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceHealthCheckEnabled"
+          ],
+          "x-configSyncDefault": 5550,
+          "x-configSyncTableType": "router",
+          "x-default": 5550,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceHealthCheckTlsEnabled": {
+          "description": "Enable or disable the TLS health-check service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.34.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceHealthCheckTlsListenPort": {
+          "description": "The port number for the TLS health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceHealthCheckTlsEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since 2.34.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceHealthCheckTlsEnabled"
+          ],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "router",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMateLinkEnabled": {
+          "description": "Enable or disable the mate-link service. The default value is `true`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMateLinkListenPort": {
+          "description": "The port number for the mate-link service. The port must be unique across the message backbone. The mate-link service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceMateLinkEnabled will be temporarily set to false to apply the change. The default value is `8741`. Available since 2.17.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceMateLinkEnabled"
+          ],
+          "x-configSyncDefault": 8741,
+          "x-default": 8741,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMqttEnabled": {
+          "description": "Enable or disable the MQTT service. When disabled new MQTT Clients may not connect through the per-VPN MQTT listen-ports, and all currently connected MQTT Clients are immediately disconnected. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMsgBackboneEnabled": {
+          "description": "Enable or disable the msg-backbone service. When disabled new Clients may not connect through global or per-VPN listen-ports, and all currently connected Clients are immediately disconnected. The default value is `true`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRedundancyEnabled": {
+          "description": "Enable or disable the redundancy service. The default value is `true`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRedundancyFirstListenPort": {
+          "description": "The first listen-port used for the redundancy service. Redundancy uses this port and the subsequent 2 ports. These port must be unique across the message backbone. The redundancy service must be disabled to change this port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceRedundancyEnabled will be temporarily set to false to apply the change. The default value is `8300`. Available since 2.17.",
+          "format": "int64",
+          "maximum": 65533,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceRedundancyEnabled"
+          ],
+          "x-configSyncDefault": 8300,
+          "x-default": 8300,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRestEventOutgoingConnectionCountThreshold": {
+          "$ref": "#/definitions/ServiceRestEventOutgoingConnectionCountThreshold"
+        },
+        "serviceRestIncomingEnabled": {
+          "description": "Enable or disable the REST service incoming connections on the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRestOutgoingEnabled": {
+          "description": "Enable or disable the REST service outgoing connections on the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSempCorsAllowAnyHostEnabled": {
+          "description": "Enable or disable cross origin resource requests for the SEMP service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since 2.24.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSempLegacyTimeoutEnabled": {
+          "description": "Enable or disable extended SEMP timeouts for paged responses. When a request times out, it returns the current page of content, even if the page is not full.  When enabled, the timeout is 60 seconds. When disabled, the timeout is 5 seconds.  The recommended setting is disabled (no legacy-timeout).  This parameter is intended as a temporary workaround to be used until SEMP clients can handle short pages.  This setting will be removed in a future release. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.18.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSempPlainTextEnabled": {
+          "description": "Enable or disable plain-text SEMP service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSempPlainTextListenPort": {
+          "description": "The TCP port for plain-text SEMP client connections. This attribute cannot be cannot be changed while serviceSempPlainTextEnabled are set to true. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `80`. Available since 2.17.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [
+            "serviceSempPlainTextEnabled"
+          ],
+          "x-writeOnly": false
+        },
+        "serviceSempSessionIdleTimeout": {
+          "description": "The session idle timeout, in minutes. Sessions will be invalidated if there is no activity in this period of time. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `15`. Available since 2.21.",
+          "format": "int32",
+          "maximum": 5256000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 15,
+          "x-configSyncTableType": "router",
+          "x-default": 15,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSempSessionMaxLifetime": {
+          "description": "The maximum lifetime of a session, in minutes. Sessions will be invalidated after this period of time, regardless of activity. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `43200`. Available since 2.21.",
+          "format": "int32",
+          "maximum": 5256000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 43200,
+          "x-configSyncTableType": "router",
+          "x-default": 43200,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSempTlsEnabled": {
+          "description": "Enable or disable TLS SEMP service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSempTlsListenPort": {
+          "description": "The TCP port for TLS SEMP client connections. This attribute cannot be cannot be changed while serviceSempTlsEnabled are set to true. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1943`. Available since 2.17.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1943,
+          "x-configSyncTableType": "router",
+          "x-default": 1943,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [
+            "serviceSempTlsEnabled"
+          ],
+          "x-writeOnly": false
+        },
+        "serviceSmfCompressionListenPort": {
+          "description": "TCP port number that SMF clients can use to connect to the broker using raw compression TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceSmfEnabled will be temporarily set to false to apply the change. The default value is `55003`. Available since 2.17.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceSmfEnabled"
+          ],
+          "x-configSyncDefault": 55003,
+          "x-default": 55003,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSmfEnabled": {
+          "description": "Enable or disable the SMF service. When disabled new SMF Clients may not connect through the global listen-ports, and all currently connected SMF Clients are immediately disconnected. The default value is `true`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSmfEventConnectionCountThreshold": {
+          "$ref": "#/definitions/ServiceSmfEventConnectionCountThreshold"
+        },
+        "serviceSmfPlainTextListenPort": {
+          "description": "TCP port number that SMF clients can use to connect to the broker using raw TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceSmfEnabled will be temporarily set to false to apply the change. The default value is `55555`. Available since 2.17.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceSmfEnabled"
+          ],
+          "x-configSyncDefault": 55555,
+          "x-default": 55555,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSmfRoutingControlListenPort": {
+          "description": "TCP port number that SMF clients can use to connect to the broker using raw routing control TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceSmfEnabled will be temporarily set to false to apply the change. The default value is `55556`. Available since 2.17.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceSmfEnabled"
+          ],
+          "x-configSyncDefault": 55556,
+          "x-default": 55556,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSmfTlsListenPort": {
+          "description": "TCP port number that SMF clients can use to connect to the broker using raw TCP over TLS. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceSmfEnabled will be temporarily set to false to apply the change. The default value is `55443`. Available since 2.17.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceSmfEnabled"
+          ],
+          "x-configSyncDefault": 55443,
+          "x-default": 55443,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceTlsEventConnectionCountThreshold": {
+          "$ref": "#/definitions/ServiceTlsEventConnectionCountThreshold"
+        },
+        "serviceWebTransportEnabled": {
+          "description": "Enable or disable the web-transport service. When disabled new web-transport Clients may not connect through the global listen-ports, and all currently connected web-transport Clients are immediately disconnected. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceWebTransportPlainTextListenPort": {
+          "description": "The TCP port for plain-text WEB client connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceWebTransportEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `8008`. Available since 2.17.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceWebTransportEnabled"
+          ],
+          "x-configSyncDefault": 8008,
+          "x-configSyncTableType": "router",
+          "x-default": 8008,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceWebTransportTlsListenPort": {
+          "description": "The TCP port for TLS WEB client connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceWebTransportEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1443`. Available since 2.17.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceWebTransportEnabled"
+          ],
+          "x-configSyncDefault": 1443,
+          "x-configSyncTableType": "router",
+          "x-default": 1443,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceWebTransportWebUrlSuffix": {
+          "description": "Used to specify the Web URL suffix that will be used by Web clients when communicating with the broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceWebTransportEnabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since 2.17.",
+          "maxLength": 127,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceWebTransportEnabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsBlockVersion11Enabled": {
+          "description": "Enable or disable the blocking of TLS version 1.1 connections. When blocked, all existing incoming and outgoing TLS 1.1 connections with Clients, SEMP users, and LDAP servers remain connected while new connections are blocked. Note that support for TLS 1.1 will eventually be discontinued, at which time TLS 1.1 connections will be blocked regardless of this setting. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsCipherSuiteManagementList": {
+          "description": "The colon-separated list of cipher suites used for TLS management connections (e.g. SEMP, LDAP). The value \"default\" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"default\"`.",
+          "maxLength": 1559,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "default",
+          "x-configSyncTableType": "router",
+          "x-default": "default",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsCipherSuiteMsgBackboneList": {
+          "description": "The colon-separated list of cipher suites used for TLS data connections (e.g. client pub/sub). The value \"default\" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"default\"`.",
+          "maxLength": 1559,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "default",
+          "x-configSyncTableType": "router",
+          "x-default": "default",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsCipherSuiteSecureShellList": {
+          "description": "The colon-separated list of cipher suites used for TLS secure shell connections (e.g. SSH, SFTP, SCP). The value \"default\" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"default\"`.",
+          "maxLength": 1559,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "default",
+          "x-configSyncTableType": "router",
+          "x-default": "default",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsCrimeExploitProtectionEnabled": {
+          "description": "Enable or disable protection against the CRIME exploit. When enabled, TLS+compressed messaging performance is degraded. This protection should only be disabled if sufficient ACL and authentication features are being employed such that a potential attacker does not have sufficient access to trigger the exploit. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsServerCertContent": {
+          "description": "The PEM formatted content for the server certificate used for TLS connections. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. The default value is `\"\"`.",
+          "maxLength": 32768,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "tlsServerCertPassword": {
+          "description": "The password for the server certificate used for TLS connections. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. The default value is `\"\"`.",
+          "maxLength": 512,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "tlsServerCertContent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "tlsStandardDomainCertificateAuthoritiesEnabled": {
+          "description": "Enable or disable the standard domain certificate authority list. The default value is `true`. Available since 2.19.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsTicketLifetime": {
+          "description": "The TLS ticket lifetime in seconds. When a client connects with TLS, a session with a session ticket is created using the TLS ticket lifetime which determines how long the client has to resume the session. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.",
+          "format": "int32",
+          "maximum": 86400,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 86400,
+          "x-configSyncTableType": "router",
+          "x-default": 86400,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "webManagerAllowUnencryptedWizardsEnabled": {
+          "description": "Enable or disable the use of unencrypted wizards in the Web-based Manager UI. This setting should be left at its default on all production systems or other systems that need to be secure.  Enabling this option will permit the broker to forward plain-text data to other brokers, making important information or credentials available for snooping. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since 2.28.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "webManagerCustomization": {
+          "description": "Reserved for internal use by Solace. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`. Available since 2.25.",
+          "maxLength": 1024,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "webManagerRedirectHttpEnabled": {
+          "description": "Enable or disable redirection of HTTP requests for the broker manager to HTTPS. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since 2.24.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "webManagerRedirectHttpOverrideTlsPort": {
+          "description": "The HTTPS port that HTTP requests will be redirected towards in a HTTP 301 redirect response. Zero is a special value that means use the value specified for the SEMP TLS port value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since 2.24.",
+          "format": "int32",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "router",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "BrokerLinks": {
+      "properties": {
+        "aboutUri": {
+          "description": "The URI of this Broker's About object.",
+          "type": "string"
+        },
+        "certAuthoritiesUri": {
+          "description": "The URI of this Broker's collection of Certificate Authority objects. Deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+          "type": "string"
+        },
+        "clientCertAuthoritiesUri": {
+          "description": "The URI of this Broker's collection of Client Certificate Authority objects. Available since 2.19.",
+          "type": "string"
+        },
+        "dmrClustersUri": {
+          "description": "The URI of this Broker's collection of Cluster objects. Available since 2.11.",
+          "type": "string"
+        },
+        "domainCertAuthoritiesUri": {
+          "description": "The URI of this Broker's collection of Domain Certificate Authority objects. Available since 2.19.",
+          "type": "string"
+        },
+        "msgVpnsUri": {
+          "description": "The URI of this Broker's collection of Message VPN objects. Available since 2.0.",
+          "type": "string"
+        },
+        "oauthProfilesUri": {
+          "description": "The URI of this Broker's collection of OAuth Profile objects. Available since 2.24.",
+          "type": "string"
+        },
+        "systemInformationUri": {
+          "description": "The URI of this Broker's System Information object. Deprecated since 2.2. /systemInformation was replaced by /about/api.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Broker object.",
+          "type": "string"
+        },
+        "virtualHostnamesUri": {
+          "description": "The URI of this Broker's collection of Virtual Hostname objects. Available since 2.17.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "BrokerResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/Broker"
+        },
+        "links": {
+          "$ref": "#/definitions/BrokerLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "CertAuthoritiesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/CertAuthority"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/CertAuthorityLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "CertAuthority": {
+      "properties": {
+        "certAuthorityName": {
+          "description": "The name of the Certificate Authority. Deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_\\-.]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "certContent": {
+          "description": "The PEM formatted content for the trusted root certificate of a Certificate Authority. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`. Deprecated since 2.19. certAuthorities replaced by clientCertAuthorities and domainCertAuthorities.",
+          "maxLength": 32768,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "crlDayList": {
+          "description": "The scheduled CRL refresh day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"daily\"`. Deprecated since 2.19. certAuthorities replaced by clientCertAuthorities and domainCertAuthorities.",
+          "maxLength": 100,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "daily",
+          "x-configSyncTableType": "router",
+          "x-default": "daily",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "crlTimeList"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "crlTimeList": {
+          "description": "The scheduled CRL refresh time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times must be in sorted order from 0:00 to 23:59. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"3:00\"`. Deprecated since 2.19. certAuthorities replaced by clientCertAuthorities and domainCertAuthorities.",
+          "maxLength": 100,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "3:00",
+          "x-configSyncTableType": "router",
+          "x-default": "3:00",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "crlDayList"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "crlUrl": {
+          "description": "The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as revocationCheckEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`. Deprecated since 2.19. certAuthorities replaced by clientCertAuthorities and domainCertAuthorities.",
+          "maxLength": 2048,
+          "minLength": 0,
+          "pattern": "^(.+://.+)?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [
+            "revocationCheckEnabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ocspNonResponderCertEnabled": {
+          "description": "Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Deprecated since 2.19. certAuthorities replaced by clientCertAuthorities and domainCertAuthorities.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ocspOverrideUrl": {
+          "description": "The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`. Deprecated since 2.19. certAuthorities replaced by clientCertAuthorities and domainCertAuthorities.",
+          "maxLength": 2048,
+          "minLength": 0,
+          "pattern": "^((.|..|...|....|[^h]....|.[^t]...|..[^t]..|...[^p].|....[^s]|.......*)://.+)?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ocspTimeout": {
+          "description": "The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5`. Deprecated since 2.19. certAuthorities replaced by clientCertAuthorities and domainCertAuthorities.",
+          "format": "int64",
+          "maximum": 86400,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 5,
+          "x-configSyncTableType": "router",
+          "x-default": 5,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "revocationCheckEnabled": {
+          "description": "Enable or disable Certificate Authority revocation checking. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Deprecated since 2.19. certAuthorities replaced by clientCertAuthorities and domainCertAuthorities.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/admin",
+        "post": "global/admin"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "CertAuthorityLinks": {
+      "properties": {
+        "ocspTlsTrustedCommonNamesUri": {
+          "description": "The URI of this Certificate Authority's collection of OCSP Responder Trusted Common Name objects. Deprecated since 2.19. Replaced by clientCertAuthorities.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Certificate Authority object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "CertAuthorityOcspTlsTrustedCommonName": {
+      "properties": {
+        "certAuthorityName": {
+          "description": "The name of the Certificate Authority. Deprecated since 2.19. Replaced by clientCertAuthorities.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_\\-.]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ocspTlsTrustedCommonName": {
+          "description": "The expected Trusted Common Name of the OCSP responder remote certificate. Deprecated since 2.19. Replaced by clientCertAuthorities.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/admin",
+        "post": "global/admin"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "CertAuthorityOcspTlsTrustedCommonNameLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this OCSP Responder Trusted Common Name object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "CertAuthorityOcspTlsTrustedCommonNameResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonName"
+        },
+        "links": {
+          "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNameLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "CertAuthorityOcspTlsTrustedCommonNamesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonName"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNameLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "CertAuthorityResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/CertAuthority"
+        },
+        "links": {
+          "$ref": "#/definitions/CertAuthorityLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "ClientCertAuthoritiesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/ClientCertAuthority"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/ClientCertAuthorityLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "ClientCertAuthority": {
+      "properties": {
+        "certAuthorityName": {
+          "description": "The name of the Certificate Authority.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_\\-.]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "certContent": {
+          "description": "The PEM formatted content for the trusted root certificate of a client Certificate Authority. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 32768,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "crlDayList": {
+          "description": "The scheduled CRL refresh day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"crlTimeList\" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"daily\"`.",
+          "maxLength": 100,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "daily",
+          "x-configSyncTableType": "router",
+          "x-default": "daily",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "crlTimeList"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "crlTimeList": {
+          "description": "The scheduled CRL refresh time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"crlDayList\" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"3:00\"`.",
+          "maxLength": 100,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "3:00",
+          "x-configSyncTableType": "router",
+          "x-default": "3:00",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "crlDayList"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "crlUrl": {
+          "description": "The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as revocationCheckEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 2048,
+          "minLength": 0,
+          "pattern": "^(.+://.+)?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [
+            "revocationCheckEnabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ocspNonResponderCertEnabled": {
+          "description": "Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ocspOverrideUrl": {
+          "description": "The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 2048,
+          "minLength": 0,
+          "pattern": "^((.|..|...|....|[^h]....|.[^t]...|..[^t]..|...[^p].|....[^s]|.......*)://.+)?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ocspTimeout": {
+          "description": "The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5`.",
+          "format": "int64",
+          "maximum": 86400,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 5,
+          "x-configSyncTableType": "router",
+          "x-default": 5,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "revocationCheckEnabled": {
+          "description": "Enable or disable Certificate Authority revocation checking. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/admin",
+        "post": "global/admin"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "ClientCertAuthorityLinks": {
+      "properties": {
+        "ocspTlsTrustedCommonNamesUri": {
+          "description": "The URI of this Client Certificate Authority's collection of OCSP Responder Trusted Common Name objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Client Certificate Authority object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ClientCertAuthorityOcspTlsTrustedCommonName": {
+      "properties": {
+        "certAuthorityName": {
+          "description": "The name of the Certificate Authority.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_\\-.]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ocspTlsTrustedCommonName": {
+          "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/admin",
+        "post": "global/admin"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "ClientCertAuthorityOcspTlsTrustedCommonNameLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this OCSP Responder Trusted Common Name object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "ClientCertAuthorityOcspTlsTrustedCommonNameResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonName"
+        },
+        "links": {
+          "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNameLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "ClientCertAuthorityOcspTlsTrustedCommonNamesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonName"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNameLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "ClientCertAuthorityResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/ClientCertAuthority"
+        },
+        "links": {
+          "$ref": "#/definitions/ClientCertAuthorityLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrCluster": {
+      "properties": {
+        "authenticationBasicEnabled": {
+          "description": "Enable or disable basic authentication for Cluster Links. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationBasicPassword": {
+          "description": "The password used to authenticate incoming Cluster Links when using basic internal authentication. The same password is also used by outgoing Cluster Links if a per-Link password is not configured. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 128,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationBasicType": {
+          "description": "The type of basic authentication to use for Cluster Links. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"internal\"`. The allowed values and their meaning are:\n\n<pre>\n\"internal\" - Use locally configured password.\n\"none\" - No authentication.\n</pre>\n",
+          "enum": [
+            "internal",
+            "none"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "internal",
+          "x-configSyncTableType": "router",
+          "x-default": "internal",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationClientCertContent": {
+          "description": "The PEM formatted content for the client certificate used to login to the remote node. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
+          "maxLength": 32768,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationClientCertEnabled": {
+          "description": "Enable or disable client certificate authentication for Cluster Links. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationClientCertPassword": {
+          "description": "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
+          "maxLength": 512,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "authenticationClientCertContent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "directOnlyEnabled": {
+          "description": "Enable or disable direct messaging only. Guaranteed messages will not be transmitted through the cluster. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the Cluster. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "nodeName": {
+          "description": "The name of this node in the Cluster. This is the name that this broker (or redundant group of brokers) is know by to other nodes in the Cluster. The name is chosen automatically to be either this broker's Router Name or Mate Router Name, depending on which Active Standby Role (primary or backup) this broker plays in its redundancy group.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&/]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsServerCertEnforceTrustedCommonNameEnabled": {
+          "description": "Enable or disable the enforcing of the common name provided by the remote broker against the list of trusted common names configured for the Link. If enabled, the certificate's common name must match one of the trusted common names for the Link to be accepted. Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is enabled. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsServerCertMaxChainDepth": {
+          "description": "The maximum allowed depth of a certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `3`.",
+          "format": "int64",
+          "maximum": 8,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "router",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsServerCertValidateDateEnabled": {
+          "description": "Enable or disable the validation of the \"Not Before\" and \"Not After\" validity dates in the certificate. When disabled, the certificate is accepted even if the certificate is not valid based on these dates. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsServerCertValidateNameEnabled": {
+          "description": "Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since 2.18.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "DmrClusterCertMatchingRule": {
+      "properties": {
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable a certificate matching rule. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "DmrClusterCertMatchingRuleAttributeFilter": {
+      "properties": {
+        "attributeName": {
+          "description": "Link Attribute to be tested. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 64,
+          "minLength": 0,
+          "pattern": "^([A-Za-z][A-Za-z0-9\\-]*)?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "attributeValue": {
+          "description": "Expected attribute value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 256,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "filterName": {
+          "description": "The name of the filter.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[^#*? ]([^*?]*[^*? ])?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "DmrClusterCertMatchingRuleAttributeFilterLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule Attribute Filter object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleAttributeFilterResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilter"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleAttributeFiltersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilter"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleCondition": {
+      "properties": {
+        "attribute": {
+          "description": "Link Attribute to be compared with certificate content. Either an attribute or an expression must be provided on creation, but not both. The default value is `\"\"`.",
+          "maxLength": 64,
+          "minLength": 0,
+          "pattern": "^([A-Za-z][A-Za-z0-9\\-]*)?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "expression": {
+          "description": "Glob expression to be matched with certificate content. Either an expression or an attribute must be provided on creation, but not both. The default value is `\"\"`.",
+          "maxLength": 256,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "source": {
+          "description": "Certificate field to be compared with the Attribute. The allowed values and their meaning are:\n\n<pre>\n\"certificate-thumbprint\" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.\n\"common-name\" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.\n\"common-name-last\" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.\n\"subject-alternate-name-msupn\" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.\n\"uid\" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.\n\"uid-last\" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.\n\"org-unit\" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.\n\"org-unit-last\" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.\n\"issuer\" - The attribute is extracted from the certificate's Issuer DN.\n\"subject\" - The attribute is extracted from the certificate's Subject DN.\n\"serial-number\" - The attribute is extracted from the certificate's Serial Number.\n\"dns-name\" - The attribute is extracted from the certificate's Subject Alt Name DNS Name.\n\"ip-address\" - The attribute is extracted from the certificate's Subject Alt Name IP Address.\n</pre>\n",
+          "enum": [
+            "certificate-thumbprint",
+            "common-name",
+            "common-name-last",
+            "subject-alternate-name-msupn",
+            "uid",
+            "uid-last",
+            "org-unit",
+            "org-unit-last",
+            "issuer",
+            "subject",
+            "serial-number",
+            "dns-name",
+            "ip-address"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "DmrClusterCertMatchingRuleConditionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule Condition object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleConditionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleCondition"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleConditionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleCondition"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleLinks": {
+      "properties": {
+        "attributeFiltersUri": {
+          "description": "The URI of this Certificate Matching Rule's collection of Certificate Matching Rule Attribute Filter objects.",
+          "type": "string"
+        },
+        "conditionsUri": {
+          "description": "The URI of this Certificate Matching Rule's collection of Certificate Matching Rule Condition objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRuleResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRule"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterCertMatchingRuleLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterCertMatchingRulesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRule"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterCertMatchingRuleLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterLink": {
+      "properties": {
+        "authenticationBasicPassword": {
+          "description": "The password used to authenticate with the remote node when using basic internal authentication. If this per-Link password is not configured, the Cluster's password is used instead. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 128,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationScheme": {
+          "description": "The authentication scheme to be used by the Link which initiates connections to the remote node. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"basic\"`. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
+          "enum": [
+            "basic",
+            "client-certificate"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "basic",
+          "x-configSyncTableType": "router",
+          "x-default": "basic",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileQueueControl1MaxDepth": {
+          "description": "The maximum depth of the \"Control 1\" (C-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 20000,
+          "x-configSyncTableType": "router",
+          "x-default": 20000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileQueueControl1MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Control 1\" (C-1) priority queue, regardless of the `clientProfileQueueControl1MaxDepth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 4,
+          "x-configSyncTableType": "router",
+          "x-default": 4,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileQueueDirect1MaxDepth": {
+          "description": "The maximum depth of the \"Direct 1\" (D-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 20000,
+          "x-configSyncTableType": "router",
+          "x-default": 20000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileQueueDirect1MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Direct 1\" (D-1) priority queue, regardless of the `clientProfileQueueDirect1MaxDepth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 4,
+          "x-configSyncTableType": "router",
+          "x-default": 4,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileQueueDirect2MaxDepth": {
+          "description": "The maximum depth of the \"Direct 2\" (D-2) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 20000,
+          "x-configSyncTableType": "router",
+          "x-default": 20000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileQueueDirect2MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Direct 2\" (D-2) priority queue, regardless of the `clientProfileQueueDirect2MaxDepth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 4,
+          "x-configSyncTableType": "router",
+          "x-default": 4,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileQueueDirect3MaxDepth": {
+          "description": "The maximum depth of the \"Direct 3\" (D-3) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 20000,
+          "x-configSyncTableType": "router",
+          "x-default": 20000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileQueueDirect3MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Direct 3\" (D-3) priority queue, regardless of the `clientProfileQueueDirect3MaxDepth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 4,
+          "x-configSyncTableType": "router",
+          "x-default": 4,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileQueueGuaranteed1MaxDepth": {
+          "description": "The maximum depth of the \"Guaranteed 1\" (G-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 20000,
+          "x-configSyncTableType": "router",
+          "x-default": 20000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileQueueGuaranteed1MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Guaranteed 1\" (G-3) priority queue, regardless of the `clientProfileQueueGuaranteed1MaxDepth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 255,
+          "x-configSyncTableType": "router",
+          "x-default": 255,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileTcpCongestionWindowSize": {
+          "description": "The TCP initial congestion window size, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `2`.",
+          "format": "int64",
+          "maximum": 7826,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 2,
+          "x-configSyncTableType": "router",
+          "x-default": 2,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileTcpKeepaliveCount": {
+          "description": "The number of TCP keepalive retransmissions to be carried out before declaring that the remote end is not available. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5`.",
+          "format": "int64",
+          "maximum": 5,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 5,
+          "x-configSyncTableType": "router",
+          "x-default": 5,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileTcpKeepaliveIdleTime": {
+          "description": "The amount of time a connection must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `3`.",
+          "format": "int64",
+          "maximum": 120,
+          "minimum": 3,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "router",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileTcpKeepaliveInterval": {
+          "description": "The amount of time between TCP keepalive retransmissions when no acknowledgment is received, in seconds. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
+          "format": "int64",
+          "maximum": 30,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "router",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileTcpMaxSegmentSize": {
+          "description": "The TCP maximum segment size, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1460`.",
+          "format": "int64",
+          "maximum": 1460,
+          "minimum": 256,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1460,
+          "x-configSyncTableType": "router",
+          "x-default": 1460,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileTcpMaxWindowSize": {
+          "description": "The TCP maximum window size, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `256`.",
+          "format": "int64",
+          "maximum": 65536,
+          "minimum": 16,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 256,
+          "x-configSyncTableType": "router",
+          "x-default": 256,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "egressFlowWindowSize": {
+          "description": "The number of outstanding guaranteed messages that can be sent over the Link before acknowledgment is received by the sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 255,
+          "x-configSyncTableType": "router",
+          "x-default": 255,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the Link. When disabled, subscription sets of this and the remote node are not kept up-to-date, and messages are not exchanged with the remote node. Published guaranteed messages will be queued up for future delivery based on current subscription sets. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "initiator": {
+          "description": "The initiator of the Link's TCP connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"lexical\"`. The allowed values and their meaning are:\n\n<pre>\n\"lexical\" - The \"higher\" node-name initiates.\n\"local\" - The local node initiates.\n\"remote\" - The remote node initiates.\n</pre>\n",
+          "enum": [
+            "lexical",
+            "local",
+            "remote"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "lexical",
+          "x-configSyncTableType": "router",
+          "x-default": "lexical",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueDeadMsgQueue": {
+          "description": "The name of the Dead Message Queue (DMQ) used by the Queue for discarded messages. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "#DEAD_MSG_QUEUE",
+          "x-configSyncTableType": "router",
+          "x-default": "#DEAD_MSG_QUEUE",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueEventSpoolUsageThreshold": {
+          "$ref": "#/definitions/DmrClusterLinkQueueEventSpoolUsageThreshold"
+        },
+        "queueMaxDeliveredUnackedMsgsPerFlow": {
+          "description": "The maximum number of messages delivered but not acknowledged per flow for the Queue. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1000000`.",
+          "format": "int64",
+          "maximum": 1000000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000000,
+          "x-configSyncTableType": "router",
+          "x-default": 1000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueMaxMsgSpoolUsage": {
+          "description": "The maximum message spool usage by the Queue (quota), in megabytes (MB). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `800000`.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1500,
+          "x-configSyncTableType": "router",
+          "x-default": 800000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueMaxRedeliveryCount": {
+          "description": "The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 255,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "router",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueMaxTtl": {
+          "description": "The maximum time in seconds a message can stay in the Queue when `queueRespectTtlEnabled` is `true`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `queueMaxTtl` configured for the Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "router",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueRejectMsgToSenderOnDiscardBehavior": {
+          "description": "Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"always\"`. The allowed values and their meaning are:\n\n<pre>\n\"never\" - Silently discard messages.\n\"when-queue-enabled\" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.\n\"always\" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.\n</pre>\n",
+          "enum": [
+            "never",
+            "when-queue-enabled",
+            "always"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "always",
+          "x-configSyncTableType": "router",
+          "x-default": "always",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueRespectTtlEnabled": {
+          "description": "Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteNodeName": {
+          "description": "The name of the node at the remote end of the Link.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&/]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "span": {
+          "description": "The span of the Link, either internal or external. Internal Links connect nodes within the same Cluster. External Links connect nodes within different Clusters. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"external\"`. The allowed values and their meaning are:\n\n<pre>\n\"internal\" - Link to same cluster.\n\"external\" - Link to other cluster.\n</pre>\n",
+          "enum": [
+            "internal",
+            "external"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "external",
+          "x-configSyncTableType": "router",
+          "x-default": "external",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportCompressedEnabled": {
+          "description": "Enable or disable compression on the Link. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportTlsEnabled": {
+          "description": "Enable or disable encryption (TLS) on the Link. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "DmrClusterLinkAttribute": {
+      "properties": {
+        "attributeName": {
+          "description": "The name of the Attribute.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[A-Za-z][A-Za-z0-9\\-]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "attributeValue": {
+          "description": "The value of the Attribute.",
+          "maxLength": 256,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteNodeName": {
+          "description": "The name of the node at the remote end of the Link.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&/]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "DmrClusterLinkAttributeLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Link Attribute object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkAttributeResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DmrClusterLinkAttribute"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterLinkAttributeLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterLinkAttributesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkAttribute"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkAttributeLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterLinkLinks": {
+      "properties": {
+        "attributesUri": {
+          "description": "The URI of this Link's collection of Link Attribute objects. Available since 2.28.",
+          "type": "string"
+        },
+        "remoteAddressesUri": {
+          "description": "The URI of this Link's collection of Remote Address objects.",
+          "type": "string"
+        },
+        "tlsTrustedCommonNamesUri": {
+          "description": "The URI of this Link's collection of Trusted Common Name objects. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Link object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkQueueEventSpoolUsageThreshold": {
+      "description": "The thresholds for the message spool usage event of the Queue, relative to `queueMaxMsgSpoolUsage`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 2,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 2,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkRemoteAddress": {
+      "properties": {
+        "dmrClusterName": {
+          "description": "The name of the Cluster.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteAddress": {
+          "description": "The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).",
+          "maxLength": 259,
+          "minLength": 1,
+          "pattern": "^((([0-9a-zA-Z_\\-\\.])+)|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])((:[0-9]{1,5}){0,1})$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteNodeName": {
+          "description": "The name of the node at the remote end of the Link.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&/]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "DmrClusterLinkRemoteAddressLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Remote Address object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkRemoteAddressResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DmrClusterLinkRemoteAddress"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterLinkRemoteAddressLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterLinkRemoteAddressesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkRemoteAddress"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkRemoteAddressLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterLinkResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DmrClusterLink"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterLinkLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterLinkTlsTrustedCommonName": {
+      "properties": {
+        "dmrClusterName": {
+          "description": "The name of the Cluster. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteNodeName": {
+          "description": "The name of the node at the remote end of the Link. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&/]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsTrustedCommonName": {
+          "description": "The expected trusted common name of the remote certificate. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "DmrClusterLinkTlsTrustedCommonNameLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Trusted Common Name object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinkTlsTrustedCommonNameResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonName"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterLinkTlsTrustedCommonNamesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonName"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterLinks": {
+      "properties": {
+        "certMatchingRulesUri": {
+          "description": "The URI of this Cluster's collection of Certificate Matching Rule objects. Available since 2.28.",
+          "type": "string"
+        },
+        "linksUri": {
+          "description": "The URI of this Cluster's collection of Link objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Cluster object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DmrClusterLinksResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLink"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinkLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClusterResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DmrCluster"
+        },
+        "links": {
+          "$ref": "#/definitions/DmrClusterLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DmrClustersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DmrCluster"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DmrClusterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DomainCertAuthoritiesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/DomainCertAuthority"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/DomainCertAuthorityLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "DomainCertAuthority": {
+      "properties": {
+        "certAuthorityName": {
+          "description": "The name of the Certificate Authority.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_\\-.]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "certContent": {
+          "description": "The PEM formatted content for the trusted root certificate of a domain Certificate Authority. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 32768,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/admin",
+        "post": "global/admin"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "DomainCertAuthorityLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Domain Certificate Authority object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "DomainCertAuthorityResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/DomainCertAuthority"
+        },
+        "links": {
+          "$ref": "#/definitions/DomainCertAuthorityLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "GuaranteedMsgingEventCacheUsageThreshold": {
+      "description": "The thresholds for the cache usage event at system level, relative to `guaranteedMsgingMaxCacheUsage`. Available since 2.18.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "GuaranteedMsgingEventDeliveredUnackedThreshold": {
+      "description": "The thresholds for the number of delivered but unacknowledged messages event at system level, relative to the maximum system limit. Available since 2.18.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "GuaranteedMsgingEventDiskUsageThreshold": {
+      "description": "The thresholds for the active disk partition usage event at system level, relative to the maximum system limit. Available since 2.18.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "GuaranteedMsgingEventEgressFlowCountThreshold": {
+      "description": "The thresholds for the transmit flow count event at system level, relative to the maximum system limit. Available since 2.18.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "GuaranteedMsgingEventEndpointCountThreshold": {
+      "description": "The thresholds for the endpoints count event at system level, relative to the maximum system limit. Available since 2.18.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "GuaranteedMsgingEventIngressFlowCountThreshold": {
+      "description": "The thresholds for the receive flow count event at system level, relative to the maximum system limit. Available since 2.18.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "GuaranteedMsgingEventMsgCountThreshold": {
+      "description": "The thresholds for the spool message count event at system level, relative to the maximum system limit. Available since 2.18.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "GuaranteedMsgingEventMsgSpoolFileCountThreshold": {
+      "description": "The thresholds for the spool file count event at system level, relative to the maximum system limit. Available since 2.18.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "GuaranteedMsgingEventMsgSpoolUsageThreshold": {
+      "description": "The thresholds for the spool usage event at system level, relative to `maxSpoolUsage`. Available since 2.18.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "GuaranteedMsgingEventTransactedSessionCountThreshold": {
+      "description": "The thresholds for the transacted sessions event at system level, relative to the maximum system limit. Available since 2.18.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "GuaranteedMsgingEventTransactedSessionResourceCountThreshold": {
+      "description": "The thresholds for the transacted session resources at system level, relative to the maximum system limit. Available since 2.18.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "GuaranteedMsgingEventTransactionCountThreshold": {
+      "description": "The thresholds for the transactions event at system level, relative to the maximum system limit. Available since 2.18.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpn": {
+      "properties": {
+        "alias": {
+          "description": "The name of another Message VPN which this Message VPN is an alias for. When this Message VPN is enabled, the alias has no effect. When this Message VPN is disabled, Clients (but not Bridges and routing Links) logging into this Message VPN are automatically logged in to the other Message VPN, and authentication and authorization take place in the context of the other Message VPN.\n\nAliases may form a non-circular chain, cascading one to the next. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.14.",
+          "maxLength": 32,
+          "minLength": 0,
+          "pattern": "^[^*?]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationBasicEnabled": {
+          "description": "Enable or disable basic authentication for clients connecting to the Message VPN. Basic authentication is authentication that involves the use of a username and password to prove identity. If a user provides credentials for a different authentication scheme, this setting is not applicable. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationBasicProfileName": {
+          "description": "The name of the RADIUS or LDAP Profile to use for basic authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "maxLength": 32,
+          "minLength": 0,
+          "pattern": "^[A-Za-z0-9_]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "default",
+          "x-configSyncTableType": "vpn",
+          "x-default": "default",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "authenticationBasicType"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationBasicRadiusDomain": {
+          "description": "The RADIUS domain to use for basic authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 64,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationBasicType": {
+          "description": "The type of basic authentication to use for clients connecting to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"radius\"`. The allowed values and their meaning are:\n\n<pre>\n\"internal\" - Internal database. Authentication is against Client Usernames.\n\"ldap\" - LDAP authentication. An LDAP profile name must be provided.\n\"radius\" - RADIUS authentication. A RADIUS profile name must be provided.\n\"none\" - No authentication. Anonymous login allowed.\n</pre>\n",
+          "enum": [
+            "internal",
+            "ldap",
+            "radius",
+            "none"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "radius",
+          "x-configSyncTableType": "vpn",
+          "x-default": "radius",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationClientCertAllowApiProvidedUsernameEnabled": {
+          "description": "Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the certificate CN (Common Name) is always used. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationClientCertCertificateMatchingRulesEnabled": {
+          "description": "Enable or disable certificate matching rules. When disabled, any valid certificate is accepted. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.27.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationClientCertEnabled": {
+          "description": "Enable or disable client certificate authentication in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationClientCertMaxChainDepth": {
+          "description": "The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "format": "int64",
+          "maximum": 8,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationClientCertRevocationCheckMode": {
+          "description": "The desired behavior for client certificate revocation checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"allow-valid\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow-all\" - Allow the client to authenticate, the result of client certificate revocation check is ignored.\n\"allow-unknown\" - Allow the client to authenticate even if the revocation status of his certificate cannot be determined.\n\"allow-valid\" - Allow the client to authenticate only when the revocation check returned an explicit positive response.\n</pre>\n Available since 2.6.",
+          "enum": [
+            "allow-all",
+            "allow-unknown",
+            "allow-valid"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "allow-valid",
+          "x-configSyncTableType": "vpn",
+          "x-default": "allow-valid",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationClientCertUsernameSource": {
+          "description": "The field from the client certificate to use as the client username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"common-name\"`. The allowed values and their meaning are:\n\n<pre>\n\"certificate-thumbprint\" - The username is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.\n\"common-name\" - The username is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.\n\"common-name-last\" - The username is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.\n\"subject-alternate-name-msupn\" - The username is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.\n\"uid\" - The username is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.\n\"uid-last\" - The username is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.\n</pre>\n Available since 2.6.",
+          "enum": [
+            "certificate-thumbprint",
+            "common-name",
+            "common-name-last",
+            "subject-alternate-name-msupn",
+            "uid",
+            "uid-last"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "common-name",
+          "x-configSyncTableType": "vpn",
+          "x-default": "common-name",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationClientCertValidateDateEnabled": {
+          "description": "Enable or disable validation of the \"Not Before\" and \"Not After\" validity dates in the client certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationKerberosAllowApiProvidedUsernameEnabled": {
+          "description": "Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the Kerberos Principal name is always used. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationKerberosEnabled": {
+          "description": "Enable or disable Kerberos authentication in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationOauthDefaultProfileName": {
+          "description": "The name of the profile to use when the client does not supply a profile name. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.25.",
+          "maxLength": 32,
+          "minLength": 0,
+          "pattern": "^[A-Za-z0-9_]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationOauthDefaultProviderName": {
+          "description": "The name of the provider to use when the client does not supply a provider name. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Deprecated since 2.25. authenticationOauthDefaultProviderName and authenticationOauthProviders replaced by authenticationOauthDefaultProfileName and authenticationOauthProfiles.",
+          "maxLength": 31,
+          "minLength": 0,
+          "pattern": "^[^~]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationOauthEnabled": {
+          "description": "Enable or disable OAuth authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.13.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authorizationLdapGroupMembershipAttributeName": {
+          "description": "The name of the attribute that is retrieved from the LDAP server as part of the LDAP search when authorizing a client connecting to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"memberOf\"`.",
+          "maxLength": 64,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "memberOf",
+          "x-configSyncTableType": "vpn",
+          "x-default": "memberOf",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authorizationLdapTrimClientUsernameDomainEnabled": {
+          "description": "Enable or disable client-username domain trimming for LDAP lookups of client connections. When enabled, the value of $CLIENT_USERNAME (when used for searching) will be truncated at the first occurrence of the @ character. For example, if the client-username is in the form of an email address, then the domain portion will be removed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.13.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authorizationProfileName": {
+          "description": "The name of the LDAP Profile to use for client authorization. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 32,
+          "minLength": 0,
+          "pattern": "^[A-Za-z0-9_]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "authorizationType"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authorizationType": {
+          "description": "The type of authorization to use for clients connecting to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"internal\"`. The allowed values and their meaning are:\n\n<pre>\n\"ldap\" - LDAP authorization.\n\"internal\" - Internal authorization.\n</pre>\n",
+          "enum": [
+            "ldap",
+            "internal"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "internal",
+          "x-configSyncTableType": "vpn",
+          "x-default": "internal",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "bridgingTlsServerCertEnforceTrustedCommonNameEnabled": {
+          "description": "Enable or disable validation of the Common Name (CN) in the server certificate from the remote broker. If enabled, the Common Name is checked against the list of Trusted Common Names configured for the Bridge. Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "bridgingTlsServerCertMaxChainDepth": {
+          "description": "The maximum depth for a server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "format": "int64",
+          "maximum": 8,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "bridgingTlsServerCertValidateDateEnabled": {
+          "description": "Enable or disable validation of the \"Not Before\" and \"Not After\" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid based on these dates. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "bridgingTlsServerCertValidateNameEnabled": {
+          "description": "Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.18.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "distributedCacheManagementEnabled": {
+          "description": "Enable or disable managing of cache instances over the message bus. The default value is `true`. Deprecated since 2.28. Distributed cache management is now redundancy aware and thus no longer requires administrative intervention for operational state.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-default": true,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "dmrEnabled": {
+          "description": "Enable or disable Dynamic Message Routing (DMR) for the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.11.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventConnectionCountThreshold": {
+          "$ref": "#/definitions/MsgVpnEventConnectionCountThreshold"
+        },
+        "eventEgressFlowCountThreshold": {
+          "$ref": "#/definitions/MsgVpnEventEgressFlowCountThreshold"
+        },
+        "eventEgressMsgRateThreshold": {
+          "$ref": "#/definitions/MsgVpnEventEgressMsgRateThreshold"
+        },
+        "eventEndpointCountThreshold": {
+          "$ref": "#/definitions/MsgVpnEventEndpointCountThreshold"
+        },
+        "eventIngressFlowCountThreshold": {
+          "$ref": "#/definitions/MsgVpnEventIngressFlowCountThreshold"
+        },
+        "eventIngressMsgRateThreshold": {
+          "$ref": "#/definitions/MsgVpnEventIngressMsgRateThreshold"
+        },
+        "eventLargeMsgThreshold": {
+          "description": "The threshold, in kilobytes, after which a message is considered to be large for the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1024`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1024,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1024,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventLogTag": {
+          "description": "A prefix applied to all published Events in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 32,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventMsgSpoolUsageThreshold": {
+          "$ref": "#/definitions/MsgVpnEventMsgSpoolUsageThreshold"
+        },
+        "eventPublishClientEnabled": {
+          "description": "Enable or disable Client level Event message publishing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventPublishMsgVpnEnabled": {
+          "description": "Enable or disable Message VPN level Event message publishing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventPublishSubscriptionMode": {
+          "description": "Subscription level Event message publishing mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"off\"`. The allowed values and their meaning are:\n\n<pre>\n\"off\" - Disable client level event message publishing.\n\"on-with-format-v1\" - Enable client level event message publishing with format v1.\n\"on-with-no-unsubscribe-events-on-disconnect-format-v1\" - As \"on-with-format-v1\", but unsubscribe events are not generated when a client disconnects. Unsubscribe events are still raised when a client explicitly unsubscribes from its subscriptions.\n\"on-with-format-v2\" - Enable client level event message publishing with format v2.\n\"on-with-no-unsubscribe-events-on-disconnect-format-v2\" - As \"on-with-format-v2\", but unsubscribe events are not generated when a client disconnects. Unsubscribe events are still raised when a client explicitly unsubscribes from its subscriptions.\n</pre>\n",
+          "enum": [
+            "off",
+            "on-with-format-v1",
+            "on-with-no-unsubscribe-events-on-disconnect-format-v1",
+            "on-with-format-v2",
+            "on-with-no-unsubscribe-events-on-disconnect-format-v2"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "off",
+          "x-configSyncTableType": "vpn",
+          "x-default": "off",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventPublishTopicFormatMqttEnabled": {
+          "description": "Enable or disable Event publish topics in MQTT format. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "eventPublishTopicFormatSmfEnabled"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventPublishTopicFormatSmfEnabled": {
+          "description": "Enable or disable Event publish topics in SMF format. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "eventPublishTopicFormatMqttEnabled"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventServiceAmqpConnectionCountThreshold": {
+          "$ref": "#/definitions/MsgVpnEventServiceAmqpConnectionCountThreshold"
+        },
+        "eventServiceMqttConnectionCountThreshold": {
+          "$ref": "#/definitions/MsgVpnEventServiceMqttConnectionCountThreshold"
+        },
+        "eventServiceRestIncomingConnectionCountThreshold": {
+          "$ref": "#/definitions/MsgVpnEventServiceRestIncomingConnectionCountThreshold"
+        },
+        "eventServiceSmfConnectionCountThreshold": {
+          "$ref": "#/definitions/MsgVpnEventServiceSmfConnectionCountThreshold"
+        },
+        "eventServiceWebConnectionCountThreshold": {
+          "$ref": "#/definitions/MsgVpnEventServiceWebConnectionCountThreshold"
+        },
+        "eventSubscriptionCountThreshold": {
+          "$ref": "#/definitions/MsgVpnEventSubscriptionCountThreshold"
+        },
+        "eventTransactedSessionCountThreshold": {
+          "$ref": "#/definitions/MsgVpnEventTransactedSessionCountThreshold"
+        },
+        "eventTransactionCountThreshold": {
+          "$ref": "#/definitions/MsgVpnEventTransactionCountThreshold"
+        },
+        "exportSubscriptionsEnabled": {
+          "description": "Enable or disable the export of subscriptions in the Message VPN to other routers in the network over Neighbor links. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "jndiEnabled": {
+          "description": "Enable or disable JNDI access for clients in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.2.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxConnectionCount": {
+          "description": "The maximum number of client connections to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxEgressFlowCount": {
+          "description": "The maximum number of transmit flows that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxEndpointCount": {
+          "description": "The maximum number of Queues and Topic Endpoints that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxIngressFlowCount": {
+          "description": "The maximum number of receive flows that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+          "format": "int64",
+          "maximum": 1000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxMsgSpoolUsage": {
+          "description": "The maximum message spool usage by the Message VPN, in megabytes. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxSubscriptionCount": {
+          "description": "The maximum number of local client subscriptions that can be added to the Message VPN. This limit is not enforced when a subscription is added using a management interface, such as CLI or SEMP. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxTransactedSessionCount": {
+          "description": "The maximum number of transacted sessions that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+          "format": "int64",
+          "maximum": 30000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxTransactionCount": {
+          "description": "The maximum number of transactions that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+          "format": "int64",
+          "maximum": 50000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "mqttRetainMaxMemory": {
+          "description": "The maximum total memory usage of the MQTT Retain feature for this Message VPN, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded. A value of -1 indicates that the memory is bounded only by the global max memory limit. A value of 0 prevents MQTT Retain from becoming operational. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`. Available since 2.11.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": -1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": -1,
+          "x-configSyncTableType": "vpn",
+          "x-default": -1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationAckPropagationIntervalMsgCount": {
+          "description": "The acknowledgment (ACK) propagation interval for the replication Bridge, in number of replicated messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20`.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 20,
+          "x-configSyncTableType": "vpn",
+          "x-default": 20,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationBridgeAuthenticationBasicClientUsername": {
+          "description": "The Client Username the replication Bridge uses to login to the remote Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 189,
+          "minLength": 0,
+          "pattern": "^[^?*]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "replicationBridgeAuthenticationBasicPassword"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationBridgeAuthenticationBasicPassword": {
+          "description": "The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 128,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "replicationBridgeAuthenticationBasicClientUsername"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "replicationBridgeAuthenticationClientCertContent": {
+          "description": "The PEM formatted content for the client certificate used by this bridge to login to the Remote Message VPN. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. The default value is `\"\"`. Available since 2.9.",
+          "maxLength": 32768,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "replicationBridgeAuthenticationClientCertPassword": {
+          "description": "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. The default value is `\"\"`. Available since 2.9.",
+          "maxLength": 512,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "replicationBridgeAuthenticationClientCertContent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "replicationBridgeAuthenticationScheme": {
+          "description": "The authentication scheme for the replication Bridge in the Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"basic\"`. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
+          "enum": [
+            "basic",
+            "client-certificate"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "basic",
+          "x-configSyncTableType": "router",
+          "x-default": "basic",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationBridgeCompressedDataEnabled": {
+          "description": "Enable or disable use of compression for the replication Bridge. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationBridgeEgressFlowWindowSize": {
+          "description": "The size of the window used for guaranteed messages published to the replication Bridge, in messages. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 255,
+          "x-configSyncTableType": "router",
+          "x-default": 255,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationBridgeRetryDelay": {
+          "description": "The number of seconds that must pass before retrying the replication Bridge connection. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `3`.",
+          "format": "int64",
+          "maximum": 255,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "router",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationBridgeTlsEnabled": {
+          "description": "Enable or disable use of encryption (TLS) for the replication Bridge connection. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationBridgeUnidirectionalClientProfileName": {
+          "description": "The Client Profile for the unidirectional replication Bridge in the Message VPN. It is used only for the TCP parameters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#client-profile\"`.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^#?[A-Za-z0-9\\-_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "#client-profile",
+          "x-configSyncTableType": "vpn",
+          "x-default": "#client-profile",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationEnabled": {
+          "description": "Enable or disable replication for the Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationEnabledQueueBehavior": {
+          "description": "The behavior to take when enabling replication for the Message VPN, depending on the existence of the replication Queue. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"fail-on-existing-queue\"`. The allowed values and their meaning are:\n\n<pre>\n\"fail-on-existing-queue\" - The data replication queue must not already exist.\n\"force-use-existing-queue\" - The data replication queue must already exist. Any data messages on the Queue will be forwarded to interested applications. IMPORTANT: Before using this mode be certain that the messages are not stale or otherwise unsuitable to be forwarded. This mode can only be specified when the existing queue is configured the same as is currently specified under replication configuration otherwise the enabling of replication will fail.\n\"force-recreate-queue\" - The data replication queue must already exist. Any data messages on the Queue will be discarded. IMPORTANT: Before using this mode be certain that the messages on the existing data replication queue are not needed by interested applications.\n</pre>\n",
+          "enum": [
+            "fail-on-existing-queue",
+            "force-use-existing-queue",
+            "force-recreate-queue"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "fail-on-existing-queue",
+          "x-configSyncTableType": "router",
+          "x-default": "fail-on-existing-queue",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "replicationEnabled"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "replicationQueueMaxMsgSpoolUsage": {
+          "description": "The maximum message spool usage by the replication Bridge local Queue (quota), in megabytes. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `60000`.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 60000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationQueueRejectMsgToSenderOnDiscardEnabled": {
+          "description": "Enable or disable whether messages discarded on the replication Bridge local Queue are rejected back to the sender. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationRejectMsgWhenSyncIneligibleEnabled": {
+          "description": "Enable or disable whether guaranteed messages published to synchronously replicated Topics are rejected back to the sender when synchronous replication becomes ineligible. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationRole": {
+          "description": "The replication role for the Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"standby\"`. The allowed values and their meaning are:\n\n<pre>\n\"active\" - Assume the Active role in replication for the Message VPN.\n\"standby\" - Assume the Standby role in replication for the Message VPN.\n</pre>\n",
+          "enum": [
+            "active",
+            "standby"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "standby",
+          "x-configSyncTableType": "router",
+          "x-default": "standby",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationTransactionMode": {
+          "description": "The transaction replication mode for all transactions within the Message VPN. Changing this value during operation will not affect existing transactions; it is only used upon starting a transaction. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"async\"`. The allowed values and their meaning are:\n\n<pre>\n\"sync\" - Messages are acknowledged when replicated (spooled remotely).\n\"async\" - Messages are acknowledged when pending replication (spooled locally).\n</pre>\n",
+          "enum": [
+            "sync",
+            "async"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "async",
+          "x-configSyncTableType": "vpn",
+          "x-default": "async",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restTlsServerCertEnforceTrustedCommonNameEnabled": {
+          "description": "Enable or disable validation of the Common Name (CN) in the server certificate from the remote REST Consumer. If enabled, the Common Name is checked against the list of Trusted Common Names configured for the REST Consumer. Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restTlsServerCertMaxChainDepth": {
+          "description": "The maximum depth for a REST Consumer server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "format": "int64",
+          "maximum": 8,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restTlsServerCertValidateDateEnabled": {
+          "description": "Enable or disable validation of the \"Not Before\" and \"Not After\" validity dates in the REST Consumer server certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restTlsServerCertValidateNameEnabled": {
+          "description": "Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the remote REST Consumer. If enabled, the name used to connect to the remote REST Consumer is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.17.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sempOverMsgBusAdminClientEnabled": {
+          "description": "Enable or disable \"admin client\" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sempOverMsgBusAdminDistributedCacheEnabled": {
+          "description": "Enable or disable \"admin distributed-cache\" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sempOverMsgBusAdminEnabled": {
+          "description": "Enable or disable \"admin\" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sempOverMsgBusEnabled": {
+          "description": "Enable or disable SEMP over the message bus for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sempOverMsgBusShowEnabled": {
+          "description": "Enable or disable \"show\" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceAmqpMaxConnectionCount": {
+          "description": "The maximum number of AMQP client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform. Available since 2.7.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceAmqpPlainTextEnabled": {
+          "description": "Enable or disable the plain-text AMQP service in the Message VPN. Disabling causes clients connected to the corresponding listen-port to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.7.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceAmqpPlainTextListenPort": {
+          "description": "The port number for plain-text AMQP clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceAmqpPlainTextEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.7.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceAmqpPlainTextEnabled"
+          ],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceAmqpTlsEnabled": {
+          "description": "Enable or disable the use of encryption (TLS) for the AMQP service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.7.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceAmqpTlsListenPort": {
+          "description": "The port number for AMQP clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceAmqpTlsEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.7.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceAmqpTlsEnabled"
+          ],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMqttAuthenticationClientCertRequest": {
+          "description": "Determines when to request a client certificate from an incoming MQTT client connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-enabled-in-message-vpn\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always ask for a client certificate regardless of the \"message-vpn > authentication > client-certificate > shutdown\" configuration.\n\"never\" - Never ask for a client certificate regardless of the \"message-vpn > authentication > client-certificate > shutdown\" configuration.\n\"when-enabled-in-message-vpn\" - Only ask for a client-certificate if client certificate authentication is enabled under \"message-vpn >  authentication > client-certificate > shutdown\".\n</pre>\n Available since 2.21.",
+          "enum": [
+            "always",
+            "never",
+            "when-enabled-in-message-vpn"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "when-enabled-in-message-vpn",
+          "x-configSyncTableType": "vpn",
+          "x-default": "when-enabled-in-message-vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMqttMaxConnectionCount": {
+          "description": "The maximum number of MQTT client connections that can be simultaneously connected to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform. Available since 2.1.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMqttPlainTextEnabled": {
+          "description": "Enable or disable the plain-text MQTT service in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.1.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMqttPlainTextListenPort": {
+          "description": "The port number for plain-text MQTT clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceMqttPlainTextEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.1.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceMqttPlainTextEnabled"
+          ],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMqttTlsEnabled": {
+          "description": "Enable or disable the use of encryption (TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.1.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMqttTlsListenPort": {
+          "description": "The port number for MQTT clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceMqttTlsEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.1.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceMqttTlsEnabled"
+          ],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMqttTlsWebSocketEnabled": {
+          "description": "Enable or disable the use of encrypted WebSocket (WebSocket over TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected by encrypted WebSocket to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.1.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMqttTlsWebSocketListenPort": {
+          "description": "The port number for MQTT clients that connect to the Message VPN using WebSocket over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceMqttTlsWebSocketEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.1.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceMqttTlsWebSocketEnabled"
+          ],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMqttWebSocketEnabled": {
+          "description": "Enable or disable the use of WebSocket for the MQTT service in the Message VPN. Disabling causes clients currently connected by WebSocket to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.1.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMqttWebSocketListenPort": {
+          "description": "The port number for plain-text MQTT clients that connect to the Message VPN using WebSocket. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceMqttWebSocketEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.1.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceMqttWebSocketEnabled"
+          ],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRestIncomingAuthenticationClientCertRequest": {
+          "description": "Determines when to request a client certificate from an incoming REST Producer connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-enabled-in-message-vpn\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always ask for a client certificate regardless of the \"message-vpn > authentication > client-certificate > shutdown\" configuration.\n\"never\" - Never ask for a client certificate regardless of the \"message-vpn > authentication > client-certificate > shutdown\" configuration.\n\"when-enabled-in-message-vpn\" - Only ask for a client-certificate if client certificate authentication is enabled under \"message-vpn >  authentication > client-certificate > shutdown\".\n</pre>\n Available since 2.21.",
+          "enum": [
+            "always",
+            "never",
+            "when-enabled-in-message-vpn"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "when-enabled-in-message-vpn",
+          "x-configSyncTableType": "vpn",
+          "x-default": "when-enabled-in-message-vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRestIncomingAuthorizationHeaderHandling": {
+          "description": "The handling of Authorization headers for incoming REST connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"drop\"`. The allowed values and their meaning are:\n\n<pre>\n\"drop\" - Do not attach the Authorization header to the message as a user property. This configuration is most secure.\n\"forward\" - Forward the Authorization header, attaching it to the message as a user property in the same way as other headers. For best security, use the drop setting.\n\"legacy\" - If the Authorization header was used for authentication to the broker, do not attach it to the message. If the Authorization header was not used for authentication to the broker, attach it to the message as a user property in the same way as other headers. For best security, use the drop setting.\n</pre>\n Available since 2.19.",
+          "enum": [
+            "drop",
+            "forward",
+            "legacy"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "legacy",
+          "x-configSyncTableType": "vpn",
+          "x-default": "drop",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRestIncomingMaxConnectionCount": {
+          "description": "The maximum number of REST incoming client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRestIncomingPlainTextEnabled": {
+          "description": "Enable or disable the plain-text REST service for incoming clients in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRestIncomingPlainTextListenPort": {
+          "description": "The port number for incoming plain-text REST clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceRestIncomingPlainTextEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceRestIncomingPlainTextEnabled"
+          ],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRestIncomingTlsEnabled": {
+          "description": "Enable or disable the use of encryption (TLS) for the REST service for incoming clients in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRestIncomingTlsListenPort": {
+          "description": "The port number for incoming REST clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as serviceRestIncomingTlsEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [
+            "serviceRestIncomingTlsEnabled"
+          ],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRestMode": {
+          "description": "The REST service mode for incoming REST clients that connect to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"messaging\"`. The allowed values and their meaning are:\n\n<pre>\n\"gateway\" - Act as a message gateway through which REST messages are propagated.\n\"messaging\" - Act as a message broker on which REST messages are queued.\n</pre>\n Available since 2.6.",
+          "enum": [
+            "gateway",
+            "messaging"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "messaging",
+          "x-configSyncTableType": "vpn",
+          "x-default": "messaging",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceRestOutgoingMaxConnectionCount": {
+          "description": "The maximum number of REST Consumer (outgoing) client connections that can be simultaneously connected to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+          "format": "int64",
+          "maximum": 6000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSmfMaxConnectionCount": {
+          "description": "The maximum number of SMF client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSmfPlainTextEnabled": {
+          "description": "Enable or disable the plain-text SMF service in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSmfTlsEnabled": {
+          "description": "Enable or disable the use of encryption (TLS) for the SMF service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceWebAuthenticationClientCertRequest": {
+          "description": "Determines when to request a client certificate from a Web Transport client connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-enabled-in-message-vpn\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always ask for a client certificate regardless of the \"message-vpn > authentication > client-certificate > shutdown\" configuration.\n\"never\" - Never ask for a client certificate regardless of the \"message-vpn > authentication > client-certificate > shutdown\" configuration.\n\"when-enabled-in-message-vpn\" - Only ask for a client-certificate if client certificate authentication is enabled under \"message-vpn >  authentication > client-certificate > shutdown\".\n</pre>\n Available since 2.21.",
+          "enum": [
+            "always",
+            "never",
+            "when-enabled-in-message-vpn"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "when-enabled-in-message-vpn",
+          "x-configSyncTableType": "vpn",
+          "x-default": "when-enabled-in-message-vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceWebMaxConnectionCount": {
+          "description": "The maximum number of Web Transport client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceWebPlainTextEnabled": {
+          "description": "Enable or disable the plain-text Web Transport service in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceWebTlsEnabled": {
+          "description": "Enable or disable the use of TLS for the Web Transport service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsAllowDowngradeToPlainTextEnabled": {
+          "description": "Enable or disable the allowing of TLS SMF clients to downgrade their connections to plain-text connections. Changing this will not affect existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "MsgVpnAclProfile": {
+      "properties": {
+        "aclProfileName": {
+          "description": "The name of the ACL Profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientConnectDefaultAction": {
+          "description": "The default action to take when a client using the ACL Profile connects to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"disallow\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow\" - Allow client connection unless an exception is found for it.\n\"disallow\" - Disallow client connection unless an exception is found for it.\n</pre>\n",
+          "enum": [
+            "allow",
+            "disallow"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "disallow",
+          "x-configSyncTableType": "vpn",
+          "x-default": "disallow",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "publishTopicDefaultAction": {
+          "description": "The default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"disallow\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow\" - Allow topic unless an exception is found for it.\n\"disallow\" - Disallow topic unless an exception is found for it.\n</pre>\n",
+          "enum": [
+            "allow",
+            "disallow"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "disallow",
+          "x-configSyncTableType": "vpn",
+          "x-default": "disallow",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "subscribeShareNameDefaultAction": {
+          "description": "The default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"allow\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow\" - Allow topic unless an exception is found for it.\n\"disallow\" - Disallow topic unless an exception is found for it.\n</pre>\n Available since 2.14.",
+          "enum": [
+            "allow",
+            "disallow"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "allow",
+          "x-configSyncTableType": "vpn",
+          "x-default": "allow",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "subscribeTopicDefaultAction": {
+          "description": "The default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"disallow\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow\" - Allow topic unless an exception is found for it.\n\"disallow\" - Disallow topic unless an exception is found for it.\n</pre>\n",
+          "enum": [
+            "allow",
+            "disallow"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "disallow",
+          "x-configSyncTableType": "vpn",
+          "x-default": "disallow",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnAclProfileClientConnectException": {
+      "properties": {
+        "aclProfileName": {
+          "description": "The name of the ACL Profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientConnectExceptionAddress": {
+          "description": "The IP address/netmask of the client connect exception in canonical CIDR form.",
+          "maxLength": 43,
+          "minLength": 0,
+          "pattern": "^\\s*((((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\\.){3}(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[1-2][0-9]|3[0-2]))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])))\\s*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnAclProfileClientConnectExceptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Client Connect Exception object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnAclProfileClientConnectExceptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnAclProfileClientConnectException"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfileClientConnectExceptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfileClientConnectException"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfileLinks": {
+      "properties": {
+        "clientConnectExceptionsUri": {
+          "description": "The URI of this ACL Profile's collection of Client Connect Exception objects.",
+          "type": "string"
+        },
+        "publishExceptionsUri": {
+          "description": "The URI of this ACL Profile's collection of Publish Topic Exception objects. Deprecated since 2.14. Replaced by publishTopicExceptions.",
+          "type": "string"
+        },
+        "publishTopicExceptionsUri": {
+          "description": "The URI of this ACL Profile's collection of Publish Topic Exception objects. Available since 2.14.",
+          "type": "string"
+        },
+        "subscribeExceptionsUri": {
+          "description": "The URI of this ACL Profile's collection of Subscribe Topic Exception objects. Deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+          "type": "string"
+        },
+        "subscribeShareNameExceptionsUri": {
+          "description": "The URI of this ACL Profile's collection of Subscribe Share Name Exception objects. Available since 2.14.",
+          "type": "string"
+        },
+        "subscribeTopicExceptionsUri": {
+          "description": "The URI of this ACL Profile's collection of Subscribe Topic Exception objects. Available since 2.14.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this ACL Profile object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnAclProfilePublishException": {
+      "properties": {
+        "aclProfileName": {
+          "description": "The name of the ACL Profile. Deprecated since 2.14. Replaced by publishTopicExceptions.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN. Deprecated since 2.14. Replaced by publishTopicExceptions.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "publishExceptionTopic": {
+          "description": "The topic for the exception to the default action taken. May include wildcard characters. Deprecated since 2.14. Replaced by publishTopicExceptions.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "topicSyntax": {
+          "description": "The syntax of the topic for the exception to the default action taken. The allowed values and their meaning are:\n\n<pre>\n\"smf\" - Topic uses SMF syntax.\n\"mqtt\" - Topic uses MQTT syntax.\n</pre>\n Deprecated since 2.14. Replaced by publishTopicExceptions.",
+          "enum": [
+            "smf",
+            "mqtt"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnAclProfilePublishExceptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Publish Topic Exception object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnAclProfilePublishExceptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnAclProfilePublishException"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfilePublishExceptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfilePublishException"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfilePublishTopicException": {
+      "properties": {
+        "aclProfileName": {
+          "description": "The name of the ACL Profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "publishTopicException": {
+          "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "publishTopicExceptionSyntax": {
+          "description": "The syntax of the topic for the exception to the default action taken. The allowed values and their meaning are:\n\n<pre>\n\"smf\" - Topic uses SMF syntax.\n\"mqtt\" - Topic uses MQTT syntax.\n</pre>\n",
+          "enum": [
+            "smf",
+            "mqtt"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnAclProfilePublishTopicExceptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Publish Topic Exception object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnAclProfilePublishTopicExceptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnAclProfilePublishTopicException"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfilePublishTopicExceptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfilePublishTopicException"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfileResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnAclProfile"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnAclProfileLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfileSubscribeException": {
+      "properties": {
+        "aclProfileName": {
+          "description": "The name of the ACL Profile. Deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN. Deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "subscribeExceptionTopic": {
+          "description": "The topic for the exception to the default action taken. May include wildcard characters. Deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "topicSyntax": {
+          "description": "The syntax of the topic for the exception to the default action taken. The allowed values and their meaning are:\n\n<pre>\n\"smf\" - Topic uses SMF syntax.\n\"mqtt\" - Topic uses MQTT syntax.\n</pre>\n Deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+          "enum": [
+            "smf",
+            "mqtt"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnAclProfileSubscribeExceptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Subscribe Topic Exception object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnAclProfileSubscribeExceptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnAclProfileSubscribeException"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfileSubscribeExceptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfileSubscribeException"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfileSubscribeShareNameException": {
+      "properties": {
+        "aclProfileName": {
+          "description": "The name of the ACL Profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "subscribeShareNameException": {
+          "description": "The subscribe share name exception to the default action taken. May include wildcard characters.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "subscribeShareNameExceptionSyntax": {
+          "description": "The syntax of the subscribe share name for the exception to the default action taken. The allowed values and their meaning are:\n\n<pre>\n\"smf\" - Topic uses SMF syntax.\n\"mqtt\" - Topic uses MQTT syntax.\n</pre>\n",
+          "enum": [
+            "smf",
+            "mqtt"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnAclProfileSubscribeShareNameExceptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Subscribe Share Name Exception object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnAclProfileSubscribeShareNameExceptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameException"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfileSubscribeShareNameExceptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameException"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfileSubscribeTopicException": {
+      "properties": {
+        "aclProfileName": {
+          "description": "The name of the ACL Profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "subscribeTopicException": {
+          "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "subscribeTopicExceptionSyntax": {
+          "description": "The syntax of the topic for the exception to the default action taken. The allowed values and their meaning are:\n\n<pre>\n\"smf\" - Topic uses SMF syntax.\n\"mqtt\" - Topic uses MQTT syntax.\n</pre>\n",
+          "enum": [
+            "smf",
+            "mqtt"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnAclProfileSubscribeTopicExceptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Subscribe Topic Exception object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnAclProfileSubscribeTopicExceptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicException"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfileSubscribeTopicExceptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicException"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAclProfilesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfile"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAclProfileLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAuthenticationOauthProfile": {
+      "properties": {
+        "authorizationGroupsClaimName": {
+          "description": "The name of the groups claim. If non-empty, the specified claim will be used to determine groups for authorization. If empty, the authorizationType attribute of the Message VPN will be used to determine authorization. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"groups\"`.",
+          "maxLength": 100,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "groups",
+          "x-configSyncTableType": "vpn",
+          "x-default": "groups",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authorizationGroupsClaimStringFormat": {
+          "description": "The format of the authorization groups claim value when it is a string. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"single\"`. The allowed values and their meaning are:\n\n<pre>\n\"single\" - When the claim is a string, it is interpreted as as single group.\n\"space-delimited\" - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the \"scope\" claim.\n</pre>\n Available since 2.32.",
+          "enum": [
+            "single",
+            "space-delimited"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "single",
+          "x-configSyncTableType": "vpn",
+          "x-default": "single",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientId": {
+          "description": "The OAuth client id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientRequiredType": {
+          "description": "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"JWT\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "JWT",
+          "x-configSyncTableType": "vpn",
+          "x-default": "JWT",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientSecret": {
+          "description": "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 512,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "clientValidateTypeEnabled": {
+          "description": "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "disconnectOnTokenExpirationEnabled": {
+          "description": "Enable or disable the disconnection of clients when their tokens expire. Changing this value does not affect existing clients, only new client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointDiscovery": {
+          "description": "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointDiscoveryRefreshInterval": {
+          "description": "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `86400`.",
+          "format": "int32",
+          "maximum": 31536000,
+          "minimum": 60,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 86400,
+          "x-configSyncTableType": "vpn",
+          "x-default": 86400,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointIntrospection": {
+          "description": "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointIntrospectionTimeout": {
+          "description": "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+          "format": "int32",
+          "maximum": 60,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointJwks": {
+          "description": "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointJwksRefreshInterval": {
+          "description": "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `86400`.",
+          "format": "int32",
+          "maximum": 31536000,
+          "minimum": 60,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 86400,
+          "x-configSyncTableType": "vpn",
+          "x-default": 86400,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointUserinfo": {
+          "description": "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointUserinfoTimeout": {
+          "description": "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+          "format": "int32",
+          "maximum": 60,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "issuer": {
+          "description": "The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "mqttUsernameValidateEnabled": {
+          "description": "Enable or disable whether the API provided MQTT client username will be validated against the username calculated from the token(s). When enabled, connection attempts by MQTT clients are rejected if they differ. Note that this value only applies to MQTT clients; SMF client usernames will not be validated. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthRole": {
+          "description": "The OAuth role of the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"client\"`. The allowed values and their meaning are:\n\n<pre>\n\"client\" - The broker is in the OAuth client role.\n\"resource-server\" - The broker is in the OAuth resource server role.\n</pre>\n",
+          "enum": [
+            "client",
+            "resource-server"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "client",
+          "x-configSyncTableType": "vpn",
+          "x-default": "client",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerParseAccessTokenEnabled": {
+          "description": "Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerRequiredAudience": {
+          "description": "The required audience value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerRequiredIssuer": {
+          "description": "The required issuer value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerRequiredScope": {
+          "description": "A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerRequiredType": {
+          "description": "The required TYP value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"at+jwt\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "at+jwt",
+          "x-configSyncTableType": "vpn",
+          "x-default": "at+jwt",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerValidateAudienceEnabled": {
+          "description": "Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerValidateIssuerEnabled": {
+          "description": "Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerValidateScopeEnabled": {
+          "description": "Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerValidateTypeEnabled": {
+          "description": "Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "usernameClaimName": {
+          "description": "The name of the username claim. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"sub\"`.",
+          "maxLength": 100,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "sub",
+          "x-configSyncTableType": "vpn",
+          "x-default": "sub",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnAuthenticationOauthProfileClientRequiredClaim": {
+      "properties": {
+        "clientRequiredClaimName": {
+          "description": "The name of the ID token claim to verify.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientRequiredClaimValue": {
+          "description": "The required claim value.",
+          "maxLength": 200,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnAuthenticationOauthProfileClientRequiredClaimLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Required Claim object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnAuthenticationOauthProfileClientRequiredClaimResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaim"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAuthenticationOauthProfileClientRequiredClaimsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaim"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAuthenticationOauthProfileLinks": {
+      "properties": {
+        "clientRequiredClaimsUri": {
+          "description": "The URI of this OAuth Profile's collection of Required Claim objects.",
+          "type": "string"
+        },
+        "resourceServerRequiredClaimsUri": {
+          "description": "The URI of this OAuth Profile's collection of Required Claim objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this OAuth Profile object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnAuthenticationOauthProfileResourceServerRequiredClaim": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerRequiredClaimName": {
+          "description": "The name of the access token claim to verify.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerRequiredClaimValue": {
+          "description": "The required claim value.",
+          "maxLength": 200,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Required Claim object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaim"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaim"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAuthenticationOauthProfileResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnAuthenticationOauthProfile"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAuthenticationOauthProfilesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAuthenticationOauthProfile"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAuthenticationOauthProvider": {
+      "properties": {
+        "audienceClaimName": {
+          "description": "The audience claim name, indicating which part of the object to use for determining the audience. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"aud\"`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "maxLength": 32,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "aud",
+          "x-configSyncTableType": "vpn",
+          "x-default": "aud",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "audienceClaimSource": {
+          "description": "The audience claim source, indicating where to search for the audience value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"id-token\"`. The allowed values and their meaning are:\n\n<pre>\n\"access-token\" - The OAuth v2 access_token.\n\"id-token\" - The OpenID Connect id_token.\n\"introspection\" - The result of introspecting the OAuth v2 access_token.\n</pre>\n Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "enum": [
+            "access-token",
+            "id-token",
+            "introspection"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "id-token",
+          "x-configSyncTableType": "vpn",
+          "x-default": "id-token",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "audienceClaimValue": {
+          "description": "The required audience value for a token to be considered valid. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "maxLength": 64,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "audienceValidationEnabled": {
+          "description": "Enable or disable audience validation. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authorizationGroupClaimName": {
+          "description": "The authorization group claim name, indicating which part of the object to use for determining the authorization group. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"scope\"`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "maxLength": 32,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "scope",
+          "x-configSyncTableType": "vpn",
+          "x-default": "scope",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authorizationGroupClaimSource": {
+          "description": "The authorization group claim source, indicating where to search for the authorization group name. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"id-token\"`. The allowed values and their meaning are:\n\n<pre>\n\"access-token\" - The OAuth v2 access_token.\n\"id-token\" - The OpenID Connect id_token.\n\"introspection\" - The result of introspecting the OAuth v2 access_token.\n</pre>\n Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "enum": [
+            "access-token",
+            "id-token",
+            "introspection"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "id-token",
+          "x-configSyncTableType": "vpn",
+          "x-default": "id-token",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authorizationGroupEnabled": {
+          "description": "Enable or disable OAuth based authorization. When enabled, the configured authorization type for OAuth clients is overridden. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "disconnectOnTokenExpirationEnabled": {
+          "description": "Enable or disable the disconnection of clients when their tokens expire. Changing this value does not affect existing clients, only new client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable OAuth Provider client authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "jwksRefreshInterval": {
+          "description": "The number of seconds between forced JWKS public key refreshing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `86400`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "format": "int32",
+          "maximum": 31536000,
+          "minimum": 60,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 86400,
+          "x-configSyncTableType": "vpn",
+          "x-default": 86400,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "jwksUri": {
+          "description": "The URI where the OAuth provider publishes its JWKS public keys. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "maxLength": 2048,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN. Deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthProviderName": {
+          "description": "The name of the OAuth Provider. Deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+          "maxLength": 31,
+          "minLength": 1,
+          "pattern": "^[^~]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tokenIgnoreTimeLimitsEnabled": {
+          "description": "Enable or disable whether to ignore time limits and accept tokens that are not yet valid or are no longer valid. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tokenIntrospectionParameterName": {
+          "description": "The parameter name used to identify the token during access token introspection. A standards compliant OAuth introspection server expects \"token\". Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"token\"`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "maxLength": 32,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "token",
+          "x-configSyncTableType": "vpn",
+          "x-default": "token",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tokenIntrospectionPassword": {
+          "description": "The password to use when logging into the token introspection URI. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "maxLength": 64,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "tokenIntrospectionTimeout": {
+          "description": "The maximum time in seconds a token introspection is allowed to take. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "format": "int32",
+          "maximum": 60,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tokenIntrospectionUri": {
+          "description": "The token introspection URI of the OAuth authentication server. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "maxLength": 2048,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tokenIntrospectionUsername": {
+          "description": "The username to use when logging into the token introspection URI. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "maxLength": 32,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "usernameClaimName": {
+          "description": "The username claim name, indicating which part of the object to use for determining the username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"sub\"`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "maxLength": 64,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "sub",
+          "x-configSyncTableType": "vpn",
+          "x-default": "sub",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "usernameClaimSource": {
+          "description": "The username claim source, indicating where to search for the username value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"id-token\"`. The allowed values and their meaning are:\n\n<pre>\n\"access-token\" - The OAuth v2 access_token.\n\"id-token\" - The OpenID Connect id_token.\n\"introspection\" - The result of introspecting the OAuth v2 access_token.\n</pre>\n Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "enum": [
+            "access-token",
+            "id-token",
+            "introspection"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "id-token",
+          "x-configSyncTableType": "vpn",
+          "x-default": "id-token",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "usernameValidateEnabled": {
+          "description": "Enable or disable whether the API provided username will be validated against the username calculated from the token(s); the connection attempt is rejected if they differ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnAuthenticationOauthProviderLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this OAuth Provider object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnAuthenticationOauthProviderResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnAuthenticationOauthProvider"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAuthenticationOauthProvidersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAuthenticationOauthProvider"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAuthorizationGroup": {
+      "properties": {
+        "aclProfileName": {
+          "description": "The ACL Profile of the Authorization Group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "default",
+          "x-configSyncTableType": "vpn",
+          "x-default": "default",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authorizationGroupName": {
+          "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
+          "maxLength": 256,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileName": {
+          "description": "The Client Profile of the Authorization Group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^#?[A-Za-z0-9\\-_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "default",
+          "x-configSyncTableType": "vpn",
+          "x-default": "default",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the Authorization Group in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "orderAfterAuthorizationGroupName": {
+          "description": "Lower the priority to be less than this group. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is not applicable.",
+          "maxLength": 256,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "orderBeforeAuthorizationGroupName"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "orderBeforeAuthorizationGroupName": {
+          "description": "Raise the priority to be greater than this group. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is not applicable.",
+          "maxLength": 256,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "orderAfterAuthorizationGroupName"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnAuthorizationGroupLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Authorization Group object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnAuthorizationGroupResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnAuthorizationGroup"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnAuthorizationGroupLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnAuthorizationGroupsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAuthorizationGroup"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnAuthorizationGroupLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnBridge": {
+      "properties": {
+        "bridgeName": {
+          "description": "The name of the Bridge.",
+          "maxLength": 150,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9\"~`!\\\\@$%|\\^()_+={}:,.#\\-;\\[\\]]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "bridgeVirtualRouter": {
+          "description": "The virtual router of the Bridge. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The Bridge is used for the primary virtual router.\n\"backup\" - The Bridge is used for the backup virtual router.\n\"auto\" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n",
+          "enum": [
+            "primary",
+            "backup",
+            "auto"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the Bridge. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxTtl": {
+          "description": "The maximum time-to-live (TTL) in hops. Messages are discarded if their TTL exceeds this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `8`.",
+          "format": "int64",
+          "maximum": 255,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 8,
+          "x-configSyncTableType": "vpn",
+          "x-default": 8,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteAuthenticationBasicClientUsername": {
+          "description": "The Client Username the Bridge uses to login to the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 189,
+          "minLength": 0,
+          "pattern": "^[^?*]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "remoteAuthenticationBasicPassword"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteAuthenticationBasicPassword": {
+          "description": "The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 128,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "remoteAuthenticationBasicClientUsername"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "remoteAuthenticationClientCertContent": {
+          "description": "The PEM formatted content for the client certificate used by the Bridge to login to the remote Message VPN. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since 2.9.",
+          "maxLength": 32768,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "remoteAuthenticationClientCertPassword": {
+          "description": "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since 2.9.",
+          "maxLength": 512,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "remoteAuthenticationClientCertContent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "remoteAuthenticationScheme": {
+          "description": "The authentication scheme for the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"basic\"`. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
+          "enum": [
+            "basic",
+            "client-certificate"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "basic",
+          "x-configSyncTableType": "vpn",
+          "x-default": "basic",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteConnectionRetryCount": {
+          "description": "The maximum number of retry attempts to establish a connection to the remote Message VPN. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 255,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteConnectionRetryDelay": {
+          "description": "The number of seconds the broker waits for the bridge connection to be established before attempting a new connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "format": "int64",
+          "maximum": 255,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteDeliverToOnePriority": {
+          "description": "The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"p1\"`. The allowed values and their meaning are:\n\n<pre>\n\"p1\" - The 1st or highest priority.\n\"p2\" - The 2nd highest priority.\n\"p3\" - The 3rd highest priority.\n\"p4\" - The 4th highest priority.\n\"da\" - Ignore priority and deliver always.\n</pre>\n",
+          "enum": [
+            "p1",
+            "p2",
+            "p3",
+            "p4",
+            "da"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "p1",
+          "x-configSyncTableType": "vpn",
+          "x-default": "p1",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsCipherSuiteList": {
+          "description": "The colon-separated list of cipher suites supported for TLS connections to the remote Message VPN. The value \"default\" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "maxLength": 1559,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "default",
+          "x-configSyncTableType": "vpn",
+          "x-default": "default",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnBridgeLinks": {
+      "properties": {
+        "remoteMsgVpnsUri": {
+          "description": "The URI of this Bridge's collection of Remote Message VPN objects.",
+          "type": "string"
+        },
+        "remoteSubscriptionsUri": {
+          "description": "The URI of this Bridge's collection of Remote Subscription objects.",
+          "type": "string"
+        },
+        "tlsTrustedCommonNamesUri": {
+          "description": "The URI of this Bridge's collection of Trusted Common Name objects. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Bridge object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnBridgeRemoteMsgVpn": {
+      "properties": {
+        "bridgeName": {
+          "description": "The name of the Bridge.",
+          "maxLength": 150,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9\"~`!\\\\@$%|\\^()_+={}:,.#\\-;\\[\\]]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "bridgeVirtualRouter": {
+          "description": "The virtual router of the Bridge. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The Bridge is used for the primary virtual router.\n\"backup\" - The Bridge is used for the backup virtual router.\n\"auto\" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n",
+          "enum": [
+            "primary",
+            "backup",
+            "auto"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientUsername": {
+          "description": "The Client Username the Bridge uses to login to the remote Message VPN. This per remote Message VPN value overrides the value provided for the Bridge overall. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 189,
+          "minLength": 0,
+          "pattern": "^[^?*]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "password"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "compressedDataEnabled": {
+          "description": "Enable or disable data compression for the remote Message VPN connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "connectOrder": {
+          "description": "The preference given to incoming connections from remote Message VPN hosts, from 1 (highest priority) to 4 (lowest priority). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.",
+          "format": "int32",
+          "maximum": 4,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 4,
+          "x-configSyncTableType": "vpn",
+          "x-default": 4,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "egressFlowWindowSize": {
+          "description": "The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgment is received. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 255,
+          "x-configSyncTableType": "vpn",
+          "x-default": 255,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the remote Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "password": {
+          "description": "The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 128,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clientUsername"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "queueBinding": {
+          "description": "The queue binding of the Bridge in the remote Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "pattern": "^[^*?'<>&;]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteMsgVpnInterface": {
+          "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
+          "maxLength": 15,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteMsgVpnLocation": {
+          "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+          "maxLength": 259,
+          "minLength": 1,
+          "pattern": "^((((([0-9a-zA-Z_\\-\\.])+)|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])((:[0-9]{1,5}){0,1}))|(v:.+))$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteMsgVpnName": {
+          "description": "The name of the remote Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsEnabled": {
+          "description": "Enable or disable encryption (TLS) for the remote Message VPN connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "unidirectionalClientProfile": {
+          "description": "The Client Profile for the unidirectional Bridge of the remote Message VPN. The Client Profile must exist in the local Message VPN, and it is used only for the TCP parameters. Note that the default client profile has a TCP maximum window size of 2 MB. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#client-profile\"`.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^#?[A-Za-z0-9\\-_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "#client-profile",
+          "x-configSyncTableType": "vpn",
+          "x-default": "#client-profile",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnBridgeRemoteMsgVpnLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Remote Message VPN object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnBridgeRemoteMsgVpnResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpn"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnBridgeRemoteMsgVpnsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpn"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnBridgeRemoteSubscription": {
+      "properties": {
+        "bridgeName": {
+          "description": "The name of the Bridge.",
+          "maxLength": 150,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9\"~`!\\\\@$%|\\^()_+={}:,.#\\-;\\[\\]]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "bridgeVirtualRouter": {
+          "description": "The virtual router of the Bridge. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The Bridge is used for the primary virtual router.\n\"backup\" - The Bridge is used for the backup virtual router.\n\"auto\" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n",
+          "enum": [
+            "primary",
+            "backup",
+            "auto"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "deliverAlwaysEnabled": {
+          "description": "Enable or disable deliver-always for the Bridge remote subscription topic instead of a deliver-to-one remote priority. A given topic for the Bridge may be deliver-to-one or deliver-always but not both.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteSubscriptionTopic": {
+          "description": "The topic of the Bridge remote subscription.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnBridgeRemoteSubscriptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Remote Subscription object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnBridgeRemoteSubscriptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnBridgeRemoteSubscription"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnBridgeRemoteSubscriptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnBridgeRemoteSubscription"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnBridgeResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnBridge"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnBridgeLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnBridgeTlsTrustedCommonName": {
+      "properties": {
+        "bridgeName": {
+          "description": "The name of the Bridge. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "maxLength": 150,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9\"~`!\\\\@$%|\\^()_+={}:,.#\\-;\\[\\]]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "bridgeVirtualRouter": {
+          "description": "The virtual router of the Bridge. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The Bridge is used for the primary virtual router.\n\"backup\" - The Bridge is used for the backup virtual router.\n\"auto\" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "enum": [
+            "primary",
+            "backup",
+            "auto"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsTrustedCommonName": {
+          "description": "The expected trusted common name of the remote certificate. Deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnBridgeTlsTrustedCommonNameLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Trusted Common Name object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnBridgeTlsTrustedCommonNameResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonName"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNameLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnBridgeTlsTrustedCommonNamesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonName"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNameLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnBridgesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnBridge"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnBridgeLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRule": {
+      "properties": {
+        "enabled": {
+          "description": "Enable or disable a certificate matching rule. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnCertMatchingRuleAttributeFilter": {
+      "properties": {
+        "attributeName": {
+          "description": "Client Username Attribute to be tested. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 64,
+          "minLength": 0,
+          "pattern": "^([A-Za-z][A-Za-z0-9\\-]*)?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "attributeValue": {
+          "description": "Expected attribute value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 256,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "filterName": {
+          "description": "The name of the filter.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[^#*? ]([^*?]*[^*? ])?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnCertMatchingRuleAttributeFilterLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule Attribute Filter object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleAttributeFilterResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilter"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleAttributeFiltersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilter"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleCondition": {
+      "properties": {
+        "attribute": {
+          "description": "Client Username Attribute to be compared with certificate content. Either an attribute or an expression must be provided on creation, but not both. The default value is `\"\"`.",
+          "maxLength": 64,
+          "minLength": 0,
+          "pattern": "^([A-Za-z][A-Za-z0-9\\-]*)?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "expression": {
+          "description": "Glob expression to be matched with certificate content. Either an expression or an attribute must be provided on creation, but not both. The default value is `\"\"`.",
+          "maxLength": 256,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ruleName": {
+          "description": "The name of the rule.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "source": {
+          "description": "Certificate field to be compared with the Attribute. The allowed values and their meaning are:\n\n<pre>\n\"certificate-thumbprint\" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.\n\"common-name\" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.\n\"common-name-last\" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.\n\"subject-alternate-name-msupn\" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.\n\"uid\" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.\n\"uid-last\" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.\n\"org-unit\" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.\n\"org-unit-last\" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.\n\"issuer\" - The attribute is extracted from the certificate's Issuer DN.\n\"subject\" - The attribute is extracted from the certificate's Subject DN.\n\"serial-number\" - The attribute is extracted from the certificate's Serial Number.\n\"dns-name\" - The attribute is extracted from the certificate's Subject Alt Name DNS Name.\n\"ip-address\" - The attribute is extracted from the certificate's Subject Alt Name IP Address.\n</pre>\n",
+          "enum": [
+            "certificate-thumbprint",
+            "common-name",
+            "common-name-last",
+            "subject-alternate-name-msupn",
+            "uid",
+            "uid-last",
+            "org-unit",
+            "org-unit-last",
+            "issuer",
+            "subject",
+            "serial-number",
+            "dns-name",
+            "ip-address"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnCertMatchingRuleConditionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule Condition object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleConditionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleCondition"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleConditionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleCondition"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleLinks": {
+      "properties": {
+        "attributeFiltersUri": {
+          "description": "The URI of this Certificate Matching Rule's collection of Certificate Matching Rule Attribute Filter objects. Available since 2.28.",
+          "type": "string"
+        },
+        "conditionsUri": {
+          "description": "The URI of this Certificate Matching Rule's collection of Certificate Matching Rule Condition objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Certificate Matching Rule object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRuleResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRule"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnCertMatchingRuleLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnCertMatchingRulesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRule"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnCertMatchingRuleLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnClientProfile": {
+      "properties": {
+        "allowBridgeConnectionsEnabled": {
+          "description": "Enable or disable allowing Bridge clients using the Client Profile to connect. Changing this setting does not affect existing Bridge client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "allowCutThroughForwardingEnabled": {
+          "description": "Enable or disable allowing clients using the Client Profile to bind to endpoints with the cut-through forwarding delivery mode. Changing this value does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Deprecated since 2.22. This attribute has been deprecated. Please visit the Solace Product Lifecycle Policy web page for details on deprecated features.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "allowGuaranteedEndpointCreateDurability": {
+          "description": "The types of Queues and Topic Endpoints that clients using the client-profile can create. Changing this value does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"all\"`. The allowed values and their meaning are:\n\n<pre>\n\"all\" - Client can create any type of endpoint.\n\"durable\" - Client can create only durable endpoints.\n\"non-durable\" - Client can create only non-durable endpoints.\n</pre>\n Available since 2.14.",
+          "enum": [
+            "all",
+            "durable",
+            "non-durable"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "all",
+          "x-configSyncTableType": "vpn",
+          "x-default": "all",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "allowGuaranteedEndpointCreateEnabled": {
+          "description": "Enable or disable allowing clients using the Client Profile to create topic endpoints or queues. Changing this value does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "allowGuaranteedMsgReceiveEnabled": {
+          "description": "Enable or disable allowing clients using the Client Profile to receive guaranteed messages. Changing this setting does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "allowGuaranteedMsgSendEnabled": {
+          "description": "Enable or disable allowing clients using the Client Profile to send guaranteed messages. Changing this setting does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "allowSharedSubscriptionsEnabled": {
+          "description": "Enable or disable allowing shared subscriptions. Changing this setting does not affect existing subscriptions. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.11.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "allowTransactedSessionsEnabled": {
+          "description": "Enable or disable allowing clients using the Client Profile to establish transacted sessions. Changing this setting does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "apiQueueManagementCopyFromOnCreateName": {
+          "description": "The name of a queue to copy settings from when a new queue is created by a client using the Client Profile. The referenced queue must exist in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Deprecated since 2.14. This attribute has been replaced with `apiQueueManagementCopyFromOnCreateTemplateName`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "pattern": "^[^*?'<>&;]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "apiQueueManagementCopyFromOnCreateTemplateName": {
+          "description": "The name of a queue template to copy settings from when a new queue is created by a client using the Client Profile. If the referenced queue template does not exist, queue creation will fail when it tries to resolve this template. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.14.",
+          "maxLength": 255,
+          "minLength": 0,
+          "pattern": "^[^#?*]?[^?*]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "apiTopicEndpointManagementCopyFromOnCreateName": {
+          "description": "The name of a topic endpoint to copy settings from when a new topic endpoint is created by a client using the Client Profile. The referenced topic endpoint must exist in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Deprecated since 2.14. This attribute has been replaced with `apiTopicEndpointManagementCopyFromOnCreateTemplateName`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "apiTopicEndpointManagementCopyFromOnCreateTemplateName": {
+          "description": "The name of a topic endpoint template to copy settings from when a new topic endpoint is created by a client using the Client Profile. If the referenced topic endpoint template does not exist, topic endpoint creation will fail when it tries to resolve this template. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.14.",
+          "maxLength": 255,
+          "minLength": 0,
+          "pattern": "^[^#?*]?[^?*]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileName": {
+          "description": "The name of the Client Profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^#?[A-Za-z0-9\\-_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "compressionEnabled": {
+          "description": "Enable or disable allowing clients using the Client Profile to use compression. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.10.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "elidingDelay": {
+          "description": "The amount of time to delay the delivery of messages to clients using the Client Profile after the initial message has been delivered (the eliding delay interval), in milliseconds. A value of 0 means there is no delay in delivering messages to clients. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 60000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "elidingEnabled": {
+          "description": "Enable or disable message eliding for clients using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "elidingMaxTopicCount": {
+          "description": "The maximum number of topics tracked for message eliding per client connection using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.",
+          "format": "int64",
+          "maximum": 32000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 256,
+          "x-configSyncTableType": "vpn",
+          "x-default": 256,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventClientProvisionedEndpointSpoolUsageThreshold": {
+          "$ref": "#/definitions/MsgVpnClientProfileEventClientProvisionedEndpointSpoolUsageThreshold"
+        },
+        "eventConnectionCountPerClientUsernameThreshold": {
+          "$ref": "#/definitions/MsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold"
+        },
+        "eventEgressFlowCountThreshold": {
+          "$ref": "#/definitions/MsgVpnClientProfileEventEgressFlowCountThreshold"
+        },
+        "eventEndpointCountPerClientUsernameThreshold": {
+          "$ref": "#/definitions/MsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold"
+        },
+        "eventIngressFlowCountThreshold": {
+          "$ref": "#/definitions/MsgVpnClientProfileEventIngressFlowCountThreshold"
+        },
+        "eventServiceSmfConnectionCountPerClientUsernameThreshold": {
+          "$ref": "#/definitions/MsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold"
+        },
+        "eventServiceWebConnectionCountPerClientUsernameThreshold": {
+          "$ref": "#/definitions/MsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold"
+        },
+        "eventSubscriptionCountThreshold": {
+          "$ref": "#/definitions/MsgVpnClientProfileEventSubscriptionCountThreshold"
+        },
+        "eventTransactedSessionCountThreshold": {
+          "$ref": "#/definitions/MsgVpnClientProfileEventTransactedSessionCountThreshold"
+        },
+        "eventTransactionCountThreshold": {
+          "$ref": "#/definitions/MsgVpnClientProfileEventTransactionCountThreshold"
+        },
+        "maxConnectionCountPerClientUsername": {
+          "description": "The maximum number of client connections per Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxEgressFlowCount": {
+          "description": "The maximum number of transmit flows that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxEndpointCountPerClientUsername": {
+          "description": "The maximum number of queues and topic endpoints that can be created by clients with the same Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxIngressFlowCount": {
+          "description": "The maximum number of receive flows that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+          "format": "int64",
+          "maximum": 1000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxMsgsPerTransaction": {
+          "description": "The maximum number of publisher and consumer messages combined that is allowed within a transaction for each client associated with this client-profile. Exceeding this limit will result in a transaction prepare or commit failure. Changing this value during operation will not affect existing sessions. It is only validated at transaction creation time. Large transactions consume more resources and are more likely to require retrieving messages from the ADB or from disk to process the transaction prepare or commit requests. The transaction processing rate may diminish if a large number of messages must be retrieved from the ADB or from disk. Care should be taken to not use excessively large transactions needlessly to avoid exceeding resource limits and to avoid reducing the overall broker performance. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`. Available since 2.20.",
+          "format": "int32",
+          "maximum": 20000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 256,
+          "x-configSyncTableType": "vpn",
+          "x-default": 256,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxSubscriptionCount": {
+          "description": "The maximum number of subscriptions per client using the Client Profile. This limit is not enforced when a client adds a subscription to an endpoint, except for MQTT QoS 1 subscriptions. In addition, this limit is not enforced when a subscription is added using a management interface, such as CLI or SEMP. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxTransactedSessionCount": {
+          "description": "The maximum number of transacted sessions that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10`.",
+          "format": "int64",
+          "maximum": 30000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxTransactionCount": {
+          "description": "The maximum number of transactions that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+          "format": "int64",
+          "maximum": 50000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueControl1MaxDepth": {
+          "description": "The maximum depth of the \"Control 1\" (C-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 20000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 20000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueControl1MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Control 1\" (C-1) priority queue, regardless of the `queueControl1MaxDepth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 4,
+          "x-configSyncTableType": "vpn",
+          "x-default": 4,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueDirect1MaxDepth": {
+          "description": "The maximum depth of the \"Direct 1\" (D-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 20000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 20000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueDirect1MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Direct 1\" (D-1) priority queue, regardless of the `queueDirect1MaxDepth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 4,
+          "x-configSyncTableType": "vpn",
+          "x-default": 4,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueDirect2MaxDepth": {
+          "description": "The maximum depth of the \"Direct 2\" (D-2) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 20000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 20000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueDirect2MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Direct 2\" (D-2) priority queue, regardless of the `queueDirect2MaxDepth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 4,
+          "x-configSyncTableType": "vpn",
+          "x-default": 4,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueDirect3MaxDepth": {
+          "description": "The maximum depth of the \"Direct 3\" (D-3) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 20000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 20000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueDirect3MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Direct 3\" (D-3) priority queue, regardless of the `queueDirect3MaxDepth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 4,
+          "x-configSyncTableType": "vpn",
+          "x-default": 4,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueGuaranteed1MaxDepth": {
+          "description": "The maximum depth of the \"Guaranteed 1\" (G-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 20000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 20000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueGuaranteed1MinMsgBurst": {
+          "description": "The number of messages that are always allowed entry into the \"Guaranteed 1\" (G-3) priority queue, regardless of the `queueGuaranteed1MaxDepth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.",
+          "format": "int32",
+          "maximum": 262144,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 255,
+          "x-configSyncTableType": "vpn",
+          "x-default": 255,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectMsgToSenderOnNoSubscriptionMatchEnabled": {
+          "description": "Enable or disable the sending of a negative acknowledgment (NACK) to a client using the Client Profile when discarding a guaranteed message due to no matching subscription found. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.2.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationAllowClientConnectWhenStandbyEnabled": {
+          "description": "Enable or disable allowing clients using the Client Profile to connect to the Message VPN when its replication state is standby. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceMinKeepaliveTimeout": {
+          "description": "The minimum client keepalive timeout which will be enforced for client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30`. Available since 2.19.",
+          "format": "int32",
+          "maximum": 3600,
+          "minimum": 3,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 30,
+          "x-configSyncTableType": "vpn",
+          "x-default": 30,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSmfMaxConnectionCountPerClientUsername": {
+          "description": "The maximum number of SMF client connections per Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceSmfMinKeepaliveEnabled": {
+          "description": "Enable or disable the enforcement of a minimum keepalive timeout for SMF clients. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.19.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceWebInactiveTimeout": {
+          "description": "The timeout for inactive Web Transport client sessions using the Client Profile, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 30,
+          "x-configSyncTableType": "vpn",
+          "x-default": 30,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceWebMaxConnectionCountPerClientUsername": {
+          "description": "The maximum number of Web Transport client connections per Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "serviceWebMaxPayload": {
+          "description": "The maximum Web Transport payload size before fragmentation occurs for clients using the Client Profile, in bytes. The size of the header is not included. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000000`.",
+          "format": "int64",
+          "maximum": 10000000,
+          "minimum": 300,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tcpCongestionWindowSize": {
+          "description": "The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2`.",
+          "format": "int64",
+          "maximum": 7826,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 2,
+          "x-configSyncTableType": "vpn",
+          "x-default": 2,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tcpKeepaliveCount": {
+          "description": "The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.",
+          "format": "int64",
+          "maximum": 5,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 5,
+          "x-configSyncTableType": "vpn",
+          "x-default": 5,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tcpKeepaliveIdleTime": {
+          "description": "The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "format": "int64",
+          "maximum": 120,
+          "minimum": 3,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tcpKeepaliveInterval": {
+          "description": "The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+          "format": "int64",
+          "maximum": 30,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tcpMaxSegmentSize": {
+          "description": "The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1460`.",
+          "format": "int64",
+          "maximum": 1460,
+          "minimum": 256,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1460,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1460,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tcpMaxWindowSize": {
+          "description": "The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.",
+          "format": "int64",
+          "maximum": 65536,
+          "minimum": 16,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 256,
+          "x-configSyncTableType": "vpn",
+          "x-default": 256,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsAllowDowngradeToPlainTextEnabled": {
+          "description": "Enable or disable allowing a client using the Client Profile to downgrade an encrypted connection to plain text. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.8.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnClientProfileEventClientProvisionedEndpointSpoolUsageThreshold": {
+      "description": "The thresholds for the message spool usage event of Queues and Topic Endpoints provisioned by clients, relative to `maxMsgSpoolUsage` for these Queues and Topic Endpoints. Changing these values during operation does not affect existing sessions. For provisioned durable Queues and Topic Endpoints, this value applies when initially provisioned, but can then be changed afterwards by configuring the Queue or Topic Endpoint.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-default": 18,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-default": 25,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold": {
+      "description": "The thresholds for the Client Username connection count event of the Client Profile, relative to `maxConnectionCountPerClientUsername`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientProfileEventEgressFlowCountThreshold": {
+      "description": "The thresholds for the transmit flow count event of the Client Profile, relative to `maxEgressFlowCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold": {
+      "description": "The thresholds for the Client Username endpoint count event of the Client Profile, relative to `maxEndpointCountPerClientUsername`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientProfileEventIngressFlowCountThreshold": {
+      "description": "The thresholds for the receive flow count event of the Client Profile, relative to `maxIngressFlowCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold": {
+      "description": "The thresholds for the client username SMF connection count event of the Client Profile, relative to `serviceSmfMaxConnectionCountPerClientUsername`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold": {
+      "description": "The thresholds for the Client Username Web Transport connection count event of the Client Profile, relative to `serviceWebMaxConnectionCountPerClientUsername`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientProfileEventSubscriptionCountThreshold": {
+      "description": "The thresholds for the subscription count event of the Client Profile, relative to `maxSubscriptionCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientProfileEventTransactedSessionCountThreshold": {
+      "description": "The thresholds for the transacted session count event of the Client Profile, relative to `maxTransactedSessionCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientProfileEventTransactionCountThreshold": {
+      "description": "The thresholds for the transaction count event of the Client Profile, relative to `maxTransactionCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientProfileLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Client Profile object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientProfileResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnClientProfile"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnClientProfileLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnClientProfilesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnClientProfile"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnClientProfileLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnClientUsername": {
+      "properties": {
+        "aclProfileName": {
+          "description": "The ACL Profile of the Client Username. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "default",
+          "x-configSyncTableType": "vpn",
+          "x-default": "default",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientProfileName": {
+          "description": "The Client Profile of the Client Username. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^#?[A-Za-z0-9\\-_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "default",
+          "x-configSyncTableType": "vpn",
+          "x-default": "default",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientUsername": {
+          "description": "The name of the Client Username.",
+          "maxLength": 189,
+          "minLength": 1,
+          "pattern": "^[^?*]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the Client Username. When disabled, all clients currently connected as the Client Username are disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedEndpointPermissionOverrideEnabled": {
+          "description": "Enable or disable guaranteed endpoint permission override for the Client Username. When enabled all guaranteed endpoints may be accessed, modified or deleted with the same permission as the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "password": {
+          "description": "The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 128,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "subscriptionManagerEnabled": {
+          "description": "Enable or disable the subscription management capability of the Client Username. This is the ability to manage subscriptions on behalf of other Client Usernames. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnClientUsernameAttribute": {
+      "properties": {
+        "attributeName": {
+          "description": "The name of the Attribute.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[A-Za-z][A-Za-z0-9\\-]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "attributeValue": {
+          "description": "The value of the Attribute.",
+          "maxLength": 256,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientUsername": {
+          "description": "The name of the Client Username.",
+          "maxLength": 189,
+          "minLength": 1,
+          "pattern": "^[^?*]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnClientUsernameAttributeLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Client Username Attribute object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientUsernameAttributeResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnClientUsernameAttribute"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnClientUsernameAttributeLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnClientUsernameAttributesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnClientUsernameAttribute"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnClientUsernameAttributeLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnClientUsernameLinks": {
+      "properties": {
+        "attributesUri": {
+          "description": "The URI of this Client Username's collection of Client Username Attribute objects. Available since 2.27.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Client Username object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnClientUsernameResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnClientUsername"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnClientUsernameLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnClientUsernamesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnClientUsername"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnClientUsernameLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDistributedCache": {
+      "properties": {
+        "cacheName": {
+          "description": "The name of the Distributed Cache.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "cacheVirtualRouter": {
+          "description": "The virtual router of the Distributed Cache. The default value is `\"auto\"`. The allowed values and their meaning are:\n\n<pre>\n\"auto\" - The Distributed Cache is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n Available since 2.28.",
+          "enum": [
+            "auto"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "auto",
+          "x-default": "auto",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the Distributed Cache. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "heartbeat": {
+          "description": "The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the message broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10`.",
+          "format": "int64",
+          "maximum": 60,
+          "minimum": 3,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "scheduledDeleteMsgDayList": {
+          "description": "The scheduled delete message day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"scheduledDeleteMsgTimeList\" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 100,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "scheduledDeleteMsgTimeList"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "scheduledDeleteMsgTimeList": {
+          "description": "The scheduled delete message time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"scheduledDeleteMsgDayList\" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 100,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "scheduledDeleteMsgDayList"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnDistributedCacheCluster": {
+      "properties": {
+        "cacheName": {
+          "description": "The name of the Distributed Cache.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clusterName": {
+          "description": "The name of the Cache Cluster.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "deliverToOneOverrideEnabled": {
+          "description": "Enable or disable deliver-to-one override for the Cache Cluster. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventDataByteRateThreshold": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterEventDataByteRateThreshold"
+        },
+        "eventDataMsgRateThreshold": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterEventDataMsgRateThreshold"
+        },
+        "eventMaxMemoryThreshold": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterEventMaxMemoryThreshold"
+        },
+        "eventMaxTopicsThreshold": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterEventMaxTopicsThreshold"
+        },
+        "eventRequestQueueDepthThreshold": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterEventRequestQueueDepthThreshold"
+        },
+        "eventRequestRateThreshold": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterEventRequestRateThreshold"
+        },
+        "eventResponseRateThreshold": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterEventResponseRateThreshold"
+        },
+        "globalCachingEnabled": {
+          "description": "Enable or disable global caching for the Cache Cluster. When enabled, the Cache Instances will fetch topics from remote Home Cache Clusters when requested, and subscribe to those topics to cache them locally. When disabled, the Cache Instances will remove all subscriptions and cached messages for topics from remote Home Cache Clusters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "globalCachingHeartbeat": {
+          "description": "The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the remote Home Cache Clusters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "format": "int64",
+          "maximum": 255,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "globalCachingTopicLifetime": {
+          "description": "The topic lifetime, in seconds. If no client requests are received for a given global topic over the duration of the topic lifetime, then the Cache Instance will remove the subscription and cached messages for that topic. A value of 0 disables aging. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3600`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3600,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3600,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxMemory": {
+          "description": "The maximum memory usage, in megabytes (MB), for each Cache Instance in the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2048`.",
+          "format": "int64",
+          "maximum": 2147483647,
+          "minimum": 128,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 2048,
+          "x-configSyncTableType": "vpn",
+          "x-default": 2048,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxMsgsPerTopic": {
+          "description": "The maximum number of messages per topic for each Cache Instance in the Cache Cluster. When at the maximum, old messages are removed as new messages arrive. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+          "format": "int64",
+          "maximum": 2147483647,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxRequestQueueDepth": {
+          "description": "The maximum queue depth for cache requests received by the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `100000`.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 100000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 100000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxTopicCount": {
+          "description": "The maximum number of topics for each Cache Instance in the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2000000`.",
+          "format": "int64",
+          "maximum": 4294967294,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 2000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 2000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgLifetime": {
+          "description": "The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the Cache Instance will remove the message. A lifetime of 0 results in the message being retained indefinitely. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 4294967294,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "newTopicAdvertisementEnabled": {
+          "description": "Enable or disable the advertising, onto the message bus, of new topics learned by each Cache Instance in the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnDistributedCacheClusterEventDataByteRateThreshold": {
+      "description": "The thresholds for the cached data incoming byte rate event, in bytes per second.",
+      "properties": {
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 187500000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 187500000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 250000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 250000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterEventDataMsgRateThreshold": {
+      "description": "The thresholds for the cached data incoming message rate event, in messages per second.",
+      "properties": {
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 36000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 36000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 48000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 48000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterEventMaxMemoryThreshold": {
+      "description": "The thresholds for the memory usage per instance event, relative to `maxMemory`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterEventMaxTopicsThreshold": {
+      "description": "The thresholds for the topics per instance event, relative to `maxTopicCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterEventRequestQueueDepthThreshold": {
+      "description": "The thresholds for the request queue depth event, relative to `maxRequestQueueDepth`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterEventRequestRateThreshold": {
+      "description": "The thresholds for the cache request message rate event, in messages per second.",
+      "properties": {
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 25000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 25000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterEventResponseRateThreshold": {
+      "description": "The thresholds for the cache response message rate event, in messages per second.",
+      "properties": {
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 80000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterGlobalCachingHomeCluster": {
+      "properties": {
+        "cacheName": {
+          "description": "The name of the Distributed Cache.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clusterName": {
+          "description": "The name of the Cache Cluster.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "homeClusterName": {
+          "description": "The name of the remote Home Cache Cluster.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnDistributedCacheClusterGlobalCachingHomeClusterLinks": {
+      "properties": {
+        "topicPrefixesUri": {
+          "description": "The URI of this Home Cache Cluster's collection of Topic Prefix objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Home Cache Cluster object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterGlobalCachingHomeClusterResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeCluster"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix": {
+      "properties": {
+        "cacheName": {
+          "description": "The name of the Distributed Cache.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clusterName": {
+          "description": "The name of the Cache Cluster.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "homeClusterName": {
+          "description": "The name of the remote Home Cache Cluster.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "topicPrefix": {
+          "description": "A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Topic Prefix object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterGlobalCachingHomeClustersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeCluster"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterInstance": {
+      "properties": {
+        "autoStartEnabled": {
+          "description": "Enable or disable auto-start for the Cache Instance. When enabled, the Cache Instance will automatically attempt to transition from the Stopped operational state to Up whenever it restarts or reconnects to the message broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "cacheName": {
+          "description": "The name of the Distributed Cache.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clusterName": {
+          "description": "The name of the Cache Cluster.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the Cache Instance. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "instanceName": {
+          "description": "The name of the Cache Instance.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "stopOnLostMsgEnabled": {
+          "description": "Enable or disable stop-on-lost-message for the Cache Instance. When enabled, the Cache Instance will transition to the stopped operational state upon losing a message. When stopped, it cannot accept or respond to cache requests, but continues to cache messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnDistributedCacheClusterInstanceLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Cache Instance object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterInstanceResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstance"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterInstancesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstance"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterLinks": {
+      "properties": {
+        "globalCachingHomeClustersUri": {
+          "description": "The URI of this Cache Cluster's collection of Home Cache Cluster objects.",
+          "type": "string"
+        },
+        "instancesUri": {
+          "description": "The URI of this Cache Cluster's collection of Cache Instance objects.",
+          "type": "string"
+        },
+        "topicsUri": {
+          "description": "The URI of this Cache Cluster's collection of Topic objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Cache Cluster object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheCluster"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterTopic": {
+      "properties": {
+        "cacheName": {
+          "description": "The name of the Distributed Cache.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clusterName": {
+          "description": "The name of the Cache Cluster.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^?* /]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "topic": {
+          "description": "The value of the Topic in the form a/b/c.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnDistributedCacheClusterTopicLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Topic object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterTopicResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopic"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClusterTopicsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopic"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheClustersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDistributedCacheCluster"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDistributedCacheClusterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheLinks": {
+      "properties": {
+        "clustersUri": {
+          "description": "The URI of this Distributed Cache's collection of Cache Cluster objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Distributed Cache object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDistributedCacheResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnDistributedCache"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnDistributedCacheLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDistributedCachesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDistributedCache"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDistributedCacheLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDmrBridge": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteMsgVpnName": {
+          "description": "The remote Message VPN of the DMR Bridge. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 32,
+          "minLength": 0,
+          "pattern": "^[^*?]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteNodeName": {
+          "description": "The name of the node at the remote end of the DMR Bridge.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&/]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnDmrBridgeLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this DMR Bridge object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnDmrBridgeResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnDmrBridge"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnDmrBridgeLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnDmrBridgesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDmrBridge"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnDmrBridgeLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnEventConnectionCountThreshold": {
+      "description": "The thresholds for the client connection count event of the Message VPN, relative to `maxConnectionCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventEgressFlowCountThreshold": {
+      "description": "The thresholds for the egress flow count event of the Message VPN, relative to `maxEgressFlowCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventEgressMsgRateThreshold": {
+      "description": "The thresholds for the egress message rate event of the Message VPN.",
+      "properties": {
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 4000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 4000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventEndpointCountThreshold": {
+      "description": "The thresholds for the Queues and Topic Endpoints count event of the Message VPN, relative to `maxEndpointCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventIngressFlowCountThreshold": {
+      "description": "The thresholds for the receive flow count event of the Message VPN, relative to `maxIngressFlowCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventIngressMsgRateThreshold": {
+      "description": "The thresholds for the receive message rate event of the Message VPN.",
+      "properties": {
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 4000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 4000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventMsgSpoolUsageThreshold": {
+      "description": "The thresholds for the message spool usage event of the Message VPN, relative to `maxMsgSpoolUsage`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventServiceAmqpConnectionCountThreshold": {
+      "description": "The thresholds for the AMQP client connection count event of the Message VPN, relative to `serviceAmqpMaxConnectionCount`. Available since 2.7.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventServiceMqttConnectionCountThreshold": {
+      "description": "The thresholds for the MQTT client connection count event of the Message VPN, relative to `serviceMqttMaxConnectionCount`. Available since 2.1.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventServiceRestIncomingConnectionCountThreshold": {
+      "description": "The thresholds for the incoming REST client connection count event of the Message VPN, relative to `serviceRestIncomingMaxConnectionCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventServiceSmfConnectionCountThreshold": {
+      "description": "The thresholds for the SMF client connection count event of the Message VPN, relative to `serviceSmfMaxConnectionCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventServiceWebConnectionCountThreshold": {
+      "description": "The thresholds for the Web Transport client connection count event of the Message VPN, relative to `serviceWebMaxConnectionCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventSubscriptionCountThreshold": {
+      "description": "The thresholds for the subscription count event of the Message VPN, relative to `maxSubscriptionCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventTransactedSessionCountThreshold": {
+      "description": "The thresholds for the transacted session count event of the Message VPN, relative to `maxTransactedSessionCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnEventTransactionCountThreshold": {
+      "description": "The thresholds for the transaction count event of the Message VPN, relative to `maxTransactionCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnJndiConnectionFactoriesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnJndiConnectionFactory"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnJndiConnectionFactoryLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnJndiConnectionFactory": {
+      "properties": {
+        "allowDuplicateClientIdEnabled": {
+          "description": "Enable or disable whether new JMS connections can use the same Client identifier (ID) as an existing connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.3.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientDescription": {
+          "description": "The description of the Client. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientId": {
+          "description": "The Client identifier (ID). If not specified, a unique value for it will be generated. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 250,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "connectionFactoryName": {
+          "description": "The name of the JMS Connection Factory.",
+          "maxLength": 256,
+          "minLength": 1,
+          "pattern": "^[^?* ]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "dtoReceiveOverrideEnabled": {
+          "description": "Enable or disable overriding by the Subscriber (Consumer) of the deliver-to-one (DTO) property on messages. When enabled, the Subscriber can receive all DTO tagged messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "dtoReceiveSubscriberLocalPriority": {
+          "description": "The priority for receiving deliver-to-one (DTO) messages by the Subscriber (Consumer) if the messages are published on the local broker that the Subscriber is directly connected to. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+          "format": "int32",
+          "maximum": 4,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "dtoReceiveSubscriberNetworkPriority": {
+          "description": "The priority for receiving deliver-to-one (DTO) messages by the Subscriber (Consumer) if the messages are published on a remote broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+          "format": "int32",
+          "maximum": 4,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "dtoSendEnabled": {
+          "description": "Enable or disable the deliver-to-one (DTO) property on messages sent by the Publisher (Producer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "dynamicEndpointCreateDurableEnabled": {
+          "description": "Enable or disable whether a durable endpoint will be dynamically created on the broker when the client calls \"Session.createDurableSubscriber()\" or \"Session.createQueue()\". The created endpoint respects the message time-to-live (TTL) according to the \"dynamicEndpointRespectTtlEnabled\" property. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "dynamicEndpointRespectTtlEnabled": {
+          "description": "Enable or disable whether dynamically created durable and non-durable endpoints respect the message time-to-live (TTL) property. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedReceiveAckTimeout": {
+          "description": "The timeout for sending the acknowledgment (ACK) for guaranteed messages received by the Subscriber (Consumer), in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+          "format": "int32",
+          "maximum": 1500,
+          "minimum": 20,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedReceiveReconnectRetryCount": {
+          "description": "The maximum number of attempts to reconnect to the host or list of hosts after the guaranteed  messaging connection has been lost. The value \"-1\" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`. Available since 2.14.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": -1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": -1,
+          "x-configSyncTableType": "vpn",
+          "x-default": -1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedReceiveReconnectRetryWait": {
+          "description": "The amount of time to wait before making another attempt to connect or reconnect to the host after the guaranteed messaging connection has been lost, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`. Available since 2.14.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": 50,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedReceiveWindowSize": {
+          "description": "The size of the window for guaranteed messages received by the Subscriber (Consumer), in messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `18`.",
+          "format": "int32",
+          "maximum": 255,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 18,
+          "x-configSyncTableType": "vpn",
+          "x-default": 18,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedReceiveWindowSizeAckThreshold": {
+          "description": "The threshold for sending the acknowledgment (ACK) for guaranteed messages received by the Subscriber (Consumer) as a percentage of `guaranteedReceiveWindowSize`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `60`.",
+          "format": "int32",
+          "maximum": 75,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedSendAckTimeout": {
+          "description": "The timeout for receiving the acknowledgment (ACK) for guaranteed messages sent by the Publisher (Producer), in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2000`.",
+          "format": "int32",
+          "maximum": 60000,
+          "minimum": 20,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 2000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 2000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "guaranteedSendWindowSize": {
+          "description": "The size of the window for non-persistent guaranteed messages sent by the Publisher (Producer), in messages. For persistent messages the window size is fixed at 1. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.",
+          "format": "int32",
+          "maximum": 255,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 255,
+          "x-configSyncTableType": "vpn",
+          "x-default": 255,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "messagingDefaultDeliveryMode": {
+          "description": "The default delivery mode for messages sent by the Publisher (Producer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"persistent\"`. The allowed values and their meaning are:\n\n<pre>\n\"persistent\" - The broker spools messages (persists in the Message Spool) as part of the send operation.\n\"non-persistent\" - The broker does not spool messages (does not persist in the Message Spool) as part of the send operation.\n</pre>\n",
+          "enum": [
+            "persistent",
+            "non-persistent"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "persistent",
+          "x-configSyncTableType": "vpn",
+          "x-default": "persistent",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "messagingDefaultDmqEligibleEnabled": {
+          "description": "Enable or disable whether messages sent by the Publisher (Producer) are Dead Message Queue (DMQ) eligible by default. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "messagingDefaultElidingEligibleEnabled": {
+          "description": "Enable or disable whether messages sent by the Publisher (Producer) are Eliding eligible by default. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "messagingJmsxUserIdEnabled": {
+          "description": "Enable or disable inclusion (adding or replacing) of the JMSXUserID property in messages sent by the Publisher (Producer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "messagingTextInXmlPayloadEnabled": {
+          "description": "Enable or disable encoding of JMS text messages in Publisher (Producer) messages as XML payload. When disabled, JMS text messages are encoded as a binary attachment. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportCompressionLevel": {
+          "description": "The ZLIB compression level for the connection to the broker. The value \"0\" means no compression, and the value \"-1\" means the compression level is specified in the JNDI Properties file. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`.",
+          "format": "int32",
+          "maximum": 9,
+          "minimum": -1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": -1,
+          "x-configSyncTableType": "vpn",
+          "x-default": -1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportConnectRetryCount": {
+          "description": "The maximum number of retry attempts to establish an initial connection to the host or list of hosts. The value \"0\" means a single attempt (no retries), and the value \"-1\" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": -1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportConnectRetryPerHostCount": {
+          "description": "The maximum number of retry attempts to establish an initial connection to each host on the list of hosts. The value \"0\" means a single attempt (no retries), and the value \"-1\" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": -1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportConnectTimeout": {
+          "description": "The timeout for establishing an initial connection to the broker, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30000`.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 30000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 30000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportDirectTransportEnabled": {
+          "description": "Enable or disable usage of Direct Transport mode. When enabled, NON-PERSISTENT messages are sent as direct messages and non-durable topic consumers and temporary queue consumers consume using direct subscriptions rather than from guaranteed endpoints. If disabled all messaging uses guaranteed transport. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportKeepaliveCount": {
+          "description": "The maximum number of consecutive application-level keepalive messages sent without the broker response before the connection to the broker is closed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": 3,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportKeepaliveEnabled": {
+          "description": "Enable or disable usage of application-level keepalive messages to maintain a connection with the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportKeepaliveInterval": {
+          "description": "The interval between application-level keepalive messages, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": 50,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportMsgCallbackOnIoThreadEnabled": {
+          "description": "Enable or disable delivery of asynchronous messages directly from the I/O thread. Contact support before enabling this property. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportOptimizeDirectEnabled": {
+          "description": "Enable or disable optimization for the Direct Transport delivery mode. If enabled, the client application is limited to one Publisher (Producer) and one non-durable Subscriber (Consumer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportPort": {
+          "description": "The connection port number on the broker for SMF clients. The value \"-1\" means the port is specified in the JNDI Properties file. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`.",
+          "format": "int32",
+          "maximum": 65535,
+          "minimum": -1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": -1,
+          "x-configSyncTableType": "vpn",
+          "x-default": -1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportReadTimeout": {
+          "description": "The timeout for reading a reply from the broker, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportReceiveBufferSize": {
+          "description": "The size of the receive socket buffer, in bytes. It corresponds to the SO_RCVBUF socket option. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `65536`.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 65536,
+          "x-configSyncTableType": "vpn",
+          "x-default": 65536,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportReconnectRetryCount": {
+          "description": "The maximum number of attempts to reconnect to the host or list of hosts after the connection has been lost. The value \"-1\" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": -1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportReconnectRetryWait": {
+          "description": "The amount of time before making another attempt to connect or reconnect to the host after the connection has been lost, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`.",
+          "format": "int32",
+          "maximum": 60000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportSendBufferSize": {
+          "description": "The size of the send socket buffer, in bytes. It corresponds to the SO_SNDBUF socket option. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `65536`.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 65536,
+          "x-configSyncTableType": "vpn",
+          "x-default": 65536,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportTcpNoDelayEnabled": {
+          "description": "Enable or disable the TCP_NODELAY option. When enabled, Nagle's algorithm for TCP/IP congestion control (RFC 896) is disabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "xaEnabled": {
+          "description": "Enable or disable this as an XA Connection Factory. When enabled, the Connection Factory can be cast to \"XAConnectionFactory\", \"XAQueueConnectionFactory\" or \"XATopicConnectionFactory\". Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnJndiConnectionFactoryLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this JNDI Connection Factory object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnJndiConnectionFactoryResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnJndiConnectionFactory"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnJndiConnectionFactoryLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnJndiQueue": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "physicalName": {
+          "description": "The physical name of the JMS Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueName": {
+          "description": "The JNDI name of the JMS Queue.",
+          "maxLength": 256,
+          "minLength": 1,
+          "pattern": "^[^?* ]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnJndiQueueLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this JNDI Queue object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnJndiQueueResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnJndiQueue"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnJndiQueueLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnJndiQueuesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnJndiQueue"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnJndiQueueLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnJndiTopic": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "physicalName": {
+          "description": "The physical name of the JMS Topic. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 250,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "topicName": {
+          "description": "The JNDI name of the JMS Topic.",
+          "maxLength": 256,
+          "minLength": 1,
+          "pattern": "^[^?* ]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnJndiTopicLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this JNDI Topic object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnJndiTopicResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnJndiTopic"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnJndiTopicLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnJndiTopicsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnJndiTopic"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnJndiTopicLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnKafkaReceiver": {
+      "properties": {
+        "authenticationBasicPassword": {
+          "description": "The password for the Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "authenticationBasicUsername"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationBasicUsername": {
+          "description": "The username the Kafka Receiver uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationClientCertContent": {
+          "description": "The PEM formatted content for the client certificate used by the Kafka Receiver to login to the remote Kafka broker. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
+          "maxLength": 32768,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationClientCertPassword": {
+          "description": "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
+          "maxLength": 512,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "authenticationClientCertContent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationOauthClientId": {
+          "description": "The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationOauthClientScope": {
+          "description": "The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationOauthClientSecret": {
+          "description": "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 512,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationOauthClientTokenEndpoint": {
+          "description": "The OAuth token endpoint URL that the Kafka Receiver will use to request a token for login to the Kafka broker. Must begin with \"https\". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 2048,
+          "minLength": 0,
+          "pattern": "^([hH][tT][tT][pP][sS]://.+)?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationScheme": {
+          "description": "The authentication scheme for the Kafka Receiver. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - Anonymous Authentication.\n\"basic\" - Basic Authentication.\n\"scram\" - Salted Challenge Response Authentication.\n\"client-certificate\" - Client Certificate Authentication.\n\"oauth-client\" - Oauth Authentication.\n</pre>\n",
+          "enum": [
+            "none",
+            "basic",
+            "scram",
+            "client-certificate",
+            "oauth-client"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "vpn",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationScramHash": {
+          "description": "The hash used for SCRAM authentication. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"sha-512\"`. The allowed values and their meaning are:\n\n<pre>\n\"sha-256\" - SHA-2 256 bits.\n\"sha-512\" - SHA-2 512 bits.\n</pre>\n",
+          "enum": [
+            "sha-256",
+            "sha-512"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "sha-512",
+          "x-configSyncTableType": "vpn",
+          "x-default": "sha-512",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationScramPassword": {
+          "description": "The password for the Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "authenticationScramUsername"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationScramUsername": {
+          "description": "The username the Kafka Receiver uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "batchDelay": {
+          "description": "Delay (in ms) to wait to accumulate a batch of messages to receive. Batching is done on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `500`.",
+          "format": "int32",
+          "maximum": 300000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 500,
+          "x-configSyncTableType": "vpn",
+          "x-default": 500,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "batchMaxSize": {
+          "description": "Maximum size of a message batch, in bytes (B). Batching is done on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+          "format": "int32",
+          "maximum": 100000000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "bootstrapAddressList": {
+          "description": "Comma separated list of addresses (and optional ports) of brokers in the Kafka Cluster from which the state of the entire Kafka Cluster can be learned. If a port is not provided with an address it will default to 9092. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 1044,
+          "minLength": 0,
+          "pattern": "^(((((([0-9a-zA-Z\\-\\.])+)|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])((:[0-9]{1,5}){0,1})),)*(((([0-9a-zA-Z\\-\\.])+)|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])((:[0-9]{1,5}){0,1})))?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the Kafka Receiver. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "groupId": {
+          "description": "The id of the Kafka consumer group for the Receiver. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 100,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "groupKeepaliveInterval": {
+          "description": "The time between sending keepalives to the group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`.",
+          "format": "int32",
+          "maximum": 3600000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 3000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "groupKeepaliveTimeout": {
+          "description": "The time until unresponsive group members are removed, triggering a partition rebalance across other members of the group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `45000`.",
+          "format": "int32",
+          "maximum": 3600000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 45000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 45000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "groupMembershipType": {
+          "description": "The membership type of the Kafka consumer group for the Receiver. Static members can leave and rejoin the group (within groupKeepaliveTimeout) without prompting a group rebalance. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"dynamic\"`. The allowed values and their meaning are:\n\n<pre>\n\"dynamic\" - Dynamic Membership.\n\"static\" - Static Membership.\n</pre>\n",
+          "enum": [
+            "dynamic",
+            "static"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "dynamic",
+          "x-configSyncTableType": "vpn",
+          "x-default": "dynamic",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "groupPartitionSchemeList": {
+          "description": "The ordered, comma-separated list of schemes used for partition assignment of the consumer group for this Receiver. Both Eager (\"range\", \"roundrobin\") and Cooperative (\"cooperative-sticky\") schemes are supported. The elected group leader will choose the first common strategy provided by all members of the group. Eager and Cooperative schemes must not be mixed. For more information on these schemes, see Kafka documentation. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"range,roundrobin\"`.",
+          "maxLength": 64,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "range,roundrobin",
+          "x-configSyncTableType": "vpn",
+          "x-default": "range,roundrobin",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "kafkaReceiverName": {
+          "description": "The name of the Kafka Receiver.",
+          "maxLength": 100,
+          "minLength": 1,
+          "pattern": "^[^#*? ]([^*?]*[^*? ])?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "metadataTopicExcludeList": {
+          "description": "A comma-separated list of regular expressions. Any matching topic names will be ignored in broker metadata. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 1023,
+          "minLength": 0,
+          "pattern": "^(((\\^.*|[a-zA-Z0-9\\._\\-]+),)*(\\^.*|[a-zA-Z0-9\\._\\-]+))?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "metadataTopicRefreshInterval": {
+          "description": "The time between refreshes of topic metadata from the Kafka Cluster. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30000`.",
+          "format": "int32",
+          "maximum": 3600000,
+          "minimum": 1000,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 30000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 30000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportTlsEnabled": {
+          "description": "Enable or disable encryption (TLS) for the Kafka Receiver. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnKafkaReceiverLinks": {
+      "properties": {
+        "topicBindingsUri": {
+          "description": "The URI of this Kafka Receiver's collection of Topic Binding objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Kafka Receiver object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnKafkaReceiverResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnKafkaReceiver"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnKafkaReceiverLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnKafkaReceiverTopicBinding": {
+      "properties": {
+        "enabled": {
+          "description": "Enable or disable this topic binding of the Kafka Receiver. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "initialOffset": {
+          "description": "The initial offset to consume from the Kafka Topic if no member of the group has consumed and committed any offset already, or if the last committed offset has been deleted. Offsets are unique per partition. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"end\"`. The allowed values and their meaning are:\n\n<pre>\n\"beginning\" - Start with the earliest offset available.\n\"end\" - Start with new offsets only.\n</pre>\n",
+          "enum": [
+            "beginning",
+            "end"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "end",
+          "x-configSyncTableType": "vpn",
+          "x-default": "end",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "kafkaReceiverName": {
+          "description": "The name of the Kafka Receiver.",
+          "maxLength": 100,
+          "minLength": 1,
+          "pattern": "^[^#*? ]([^*?]*[^*? ])?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "localKey": {
+          "description": "The Substitution Expression used to generate the key for each message received from Kafka. This expression can include fields extracted from the metadata of each individual Kafka message as it is received from the Kafka Topic.\n\nIf empty, no key is included for each message as it is published into Solace. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 1024,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "localTopic": {
+          "description": "The Substitution Expression used to generate the Solace Topic for each message received from Kafka. This expression can include data extracted from the metadata of each individual Kafka message as it is received from the Kafka Topic.\n\nIf empty, the Topic Binding will not be operational. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 1024,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "topicName": {
+          "description": "The name of the Topic.",
+          "maxLength": 255,
+          "minLength": 1,
+          "pattern": "^\\^.*|[a-zA-Z0-9\\._\\-]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnKafkaReceiverTopicBindingLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Topic Binding object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnKafkaReceiverTopicBindingResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnKafkaReceiverTopicBinding"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnKafkaReceiverTopicBindingLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnKafkaReceiverTopicBindingsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnKafkaReceiverTopicBinding"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnKafkaReceiverTopicBindingLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnKafkaReceiversResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnKafkaReceiver"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnKafkaReceiverLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnKafkaSender": {
+      "properties": {
+        "authenticationBasicPassword": {
+          "description": "The password for the Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "authenticationBasicUsername"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationBasicUsername": {
+          "description": "The username the Kafka Sender uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationClientCertContent": {
+          "description": "The PEM formatted content for the client certificate used by the Kafka Sender to login to the remote Kafka broker. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
+          "maxLength": 32768,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationClientCertPassword": {
+          "description": "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
+          "maxLength": 512,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "authenticationClientCertContent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationOauthClientId": {
+          "description": "The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationOauthClientScope": {
+          "description": "The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationOauthClientSecret": {
+          "description": "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 512,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationOauthClientTokenEndpoint": {
+          "description": "The OAuth token endpoint URL that the Kafka Sender will use to request a token for login to the Kafka broker. Must begin with \"https\". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 2048,
+          "minLength": 0,
+          "pattern": "^([hH][tT][tT][pP][sS]://.+)?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationScheme": {
+          "description": "The authentication scheme for the Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - Anonymous Authentication.\n\"basic\" - Basic Authentication.\n\"scram\" - Salted Challenge Response Authentication.\n\"client-certificate\" - Client Certificate Authentication.\n\"oauth-client\" - Oauth Authentication.\n</pre>\n",
+          "enum": [
+            "none",
+            "basic",
+            "scram",
+            "client-certificate",
+            "oauth-client"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "vpn",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationScramHash": {
+          "description": "The hash used for SCRAM authentication. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"sha-512\"`. The allowed values and their meaning are:\n\n<pre>\n\"sha-256\" - SHA-2 256 bits.\n\"sha-512\" - SHA-2 512 bits.\n</pre>\n",
+          "enum": [
+            "sha-256",
+            "sha-512"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "sha-512",
+          "x-configSyncTableType": "vpn",
+          "x-default": "sha-512",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationScramPassword": {
+          "description": "The password for the Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "authenticationScramUsername"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationScramUsername": {
+          "description": "The username the Kafka Sender uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "batchDelay": {
+          "description": "Delay (in ms) to wait to accumulate a batch of messages to send. Batching is done for all Senders on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.",
+          "format": "int32",
+          "maximum": 900000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 5,
+          "x-configSyncTableType": "vpn",
+          "x-default": 5,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "batchMaxMsgCount": {
+          "description": "Maximum number of messages sent in a single batch. Batching is done for all Senders on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+          "format": "int32",
+          "maximum": 1000000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 10000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "batchMaxSize": {
+          "description": "Maximum size of a message batch, in bytes (B). Batching is done for all Senders on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000000`.",
+          "format": "int32",
+          "maximum": 2147483647,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 1000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "bootstrapAddressList": {
+          "description": "Comma separated list of addresses (and optional ports) of brokers in the Kafka Cluster from which the state of the entire Kafka Cluster can be learned. If a port is not provided with an address it will default to 9092. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 1044,
+          "minLength": 0,
+          "pattern": "^(((((([0-9a-zA-Z\\-\\.])+)|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])((:[0-9]{1,5}){0,1})),)*(((([0-9a-zA-Z\\-\\.])+)|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])((:[0-9]{1,5}){0,1})))?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the Kafka Sender. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "idempotenceEnabled": {
+          "description": "Enable or disable idempotence for the Kafka Sender. Idempotence guarantees in order at-least-once message delivery to the remote Kafka Topic, at the expense of performance. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "kafkaSenderName": {
+          "description": "The name of the Kafka Sender.",
+          "maxLength": 100,
+          "minLength": 1,
+          "pattern": "^[^#*? ]([^*?]*[^*? ])?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportCompressionEnabled": {
+          "description": "Enable or disable compression for the Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportCompressionLevel": {
+          "description": "Compression level. The valid range is dependent on the compression type. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`.",
+          "format": "int32",
+          "maximum": 22,
+          "minimum": -1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": -1,
+          "x-configSyncTableType": "vpn",
+          "x-default": -1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportCompressionType": {
+          "description": "Compression type. Only relevant if compression is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"gzip\"`. The allowed values and their meaning are:\n\n<pre>\n\"gzip\" - GZIP Compression.\n\"snappy\" - Snappy Compression.\n\"lz4\" - LZ4 Compression.\n\"zstd\" - Zstandard Compression.\n</pre>\n",
+          "enum": [
+            "gzip",
+            "snappy",
+            "lz4",
+            "zstd"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "gzip",
+          "x-configSyncTableType": "vpn",
+          "x-default": "gzip",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "transportTlsEnabled": {
+          "description": "Enable or disable encryption (TLS) for the Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnKafkaSenderLinks": {
+      "properties": {
+        "queueBindingsUri": {
+          "description": "The URI of this Kafka Sender's collection of Queue Binding objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Kafka Sender object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnKafkaSenderQueueBinding": {
+      "properties": {
+        "ackMode": {
+          "description": "The number of acks required from the remote Kafka Broker. When \"none\" messages are delivered at-most-once. When \"one\" or \"all\" messages are delivered at-least-once but may be reordered. This is overridden to \"all\" for an idempotent Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"all\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - No Acks.\n\"one\" - Leader Ack Only.\n\"all\" - All Replica Acks.\n</pre>\n",
+          "enum": [
+            "none",
+            "one",
+            "all"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "all",
+          "x-configSyncTableType": "vpn",
+          "x-default": "all",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable this queue binding of the Kafka Sender. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "kafkaSenderName": {
+          "description": "The name of the Kafka Sender.",
+          "maxLength": 100,
+          "minLength": 1,
+          "pattern": "^[^#*? ]([^*?]*[^*? ])?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "partitionConsistentHash": {
+          "description": "The hash algorithm to use for consistent partition selection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"crc\"`. The allowed values and their meaning are:\n\n<pre>\n\"crc\" - CRC Hash.\n\"murmur2\" - Murmer2 Hash.\n\"fnv1a\" - Fowler-Noll-Vo 1a Hash.\n</pre>\n",
+          "enum": [
+            "crc",
+            "murmur2",
+            "fnv1a"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "crc",
+          "x-configSyncTableType": "vpn",
+          "x-default": "crc",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "partitionExplicitNumber": {
+          "description": "The partition number to use for explicit partition selection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "partitionRandomFallbackEnabled": {
+          "description": "Enable or disable fallback to the random partition selection scheme when the consistent partition scheme is being used but no partition key is available for the message. When enabled a random partition will be selected for each unkeyed messages, otherwise some partition will be selected for groups of unkeyed messages. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "partitionScheme": {
+          "description": "The partitioning scheme used to select a partition of the topic on the Kafka cluster to send messages to. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"consistent\"`. The allowed values and their meaning are:\n\n<pre>\n\"consistent\" - Select a consistent partition for each key value. A hash of the key will be used to select the partition number.\n\"explicit\" - Select an explicit partition independent of key value.\n\"random\" - Select a random partition independent of key value.\n</pre>\n",
+          "enum": [
+            "consistent",
+            "explicit",
+            "random"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "consistent",
+          "x-configSyncTableType": "vpn",
+          "x-default": "consistent",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueName": {
+          "description": "The name of the Queue.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteKey": {
+          "description": "The Substitution Expression used to generate the key for each message sent to Kafka. This expression can include fields extracted from the metadata of each individual Solace message as it is taken from the Solace Queue.\n\nIf empty, no key is included for each message as it is published into Kafka. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 1024,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteTopic": {
+          "description": "The Kafka Topic on the Kafka Cluster to send each message taken from the Solace Queue to.\n\nIf empty, the Queue Binding will not be operational. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 249,
+          "minLength": 0,
+          "pattern": "^[a-zA-Z0-9\\._\\-]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnKafkaSenderQueueBindingLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Queue Binding object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnKafkaSenderQueueBindingResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnKafkaSenderQueueBinding"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnKafkaSenderQueueBindingLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnKafkaSenderQueueBindingsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnKafkaSenderQueueBinding"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnKafkaSenderQueueBindingLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnKafkaSenderResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnKafkaSender"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnKafkaSenderLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnKafkaSendersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnKafkaSender"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnKafkaSenderLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnLinks": {
+      "properties": {
+        "aclProfilesUri": {
+          "description": "The URI of this Message VPN's collection of ACL Profile objects.",
+          "type": "string"
+        },
+        "authenticationOauthProfilesUri": {
+          "description": "The URI of this Message VPN's collection of OAuth Profile objects. Available since 2.25.",
+          "type": "string"
+        },
+        "authenticationOauthProvidersUri": {
+          "description": "The URI of this Message VPN's collection of OAuth Provider objects. Deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+          "type": "string"
+        },
+        "authorizationGroupsUri": {
+          "description": "The URI of this Message VPN's collection of Authorization Group objects.",
+          "type": "string"
+        },
+        "bridgesUri": {
+          "description": "The URI of this Message VPN's collection of Bridge objects.",
+          "type": "string"
+        },
+        "certMatchingRulesUri": {
+          "description": "The URI of this Message VPN's collection of Certificate Matching Rule objects. Available since 2.27.",
+          "type": "string"
+        },
+        "clientProfilesUri": {
+          "description": "The URI of this Message VPN's collection of Client Profile objects.",
+          "type": "string"
+        },
+        "clientUsernamesUri": {
+          "description": "The URI of this Message VPN's collection of Client Username objects.",
+          "type": "string"
+        },
+        "distributedCachesUri": {
+          "description": "The URI of this Message VPN's collection of Distributed Cache objects. Available since 2.11.",
+          "type": "string"
+        },
+        "dmrBridgesUri": {
+          "description": "The URI of this Message VPN's collection of DMR Bridge objects. Available since 2.11.",
+          "type": "string"
+        },
+        "jndiConnectionFactoriesUri": {
+          "description": "The URI of this Message VPN's collection of JNDI Connection Factory objects. Available since 2.2.",
+          "type": "string"
+        },
+        "jndiQueuesUri": {
+          "description": "The URI of this Message VPN's collection of JNDI Queue objects. Available since 2.2.",
+          "type": "string"
+        },
+        "jndiTopicsUri": {
+          "description": "The URI of this Message VPN's collection of JNDI Topic objects. Available since 2.2.",
+          "type": "string"
+        },
+        "kafkaReceiversUri": {
+          "description": "The URI of this Message VPN's collection of Kafka Receiver objects. Available since 2.36.",
+          "type": "string"
+        },
+        "kafkaSendersUri": {
+          "description": "The URI of this Message VPN's collection of Kafka Sender objects. Available since 2.36.",
+          "type": "string"
+        },
+        "mqttRetainCachesUri": {
+          "description": "The URI of this Message VPN's collection of MQTT Retain Cache objects. Available since 2.11.",
+          "type": "string"
+        },
+        "mqttSessionsUri": {
+          "description": "The URI of this Message VPN's collection of MQTT Session objects. Available since 2.1.",
+          "type": "string"
+        },
+        "proxiesUri": {
+          "description": "The URI of this Message VPN's collection of Proxy objects. Available since 2.36.",
+          "type": "string"
+        },
+        "queueTemplatesUri": {
+          "description": "The URI of this Message VPN's collection of Queue Template objects. Available since 2.14.",
+          "type": "string"
+        },
+        "queuesUri": {
+          "description": "The URI of this Message VPN's collection of Queue objects.",
+          "type": "string"
+        },
+        "replayLogsUri": {
+          "description": "The URI of this Message VPN's collection of Replay Log objects. Available since 2.10.",
+          "type": "string"
+        },
+        "replicatedTopicsUri": {
+          "description": "The URI of this Message VPN's collection of Replicated Topic objects. Available since 2.1.",
+          "type": "string"
+        },
+        "restDeliveryPointsUri": {
+          "description": "The URI of this Message VPN's collection of REST Delivery Point objects.",
+          "type": "string"
+        },
+        "sequencedTopicsUri": {
+          "description": "The URI of this Message VPN's collection of Sequenced Topic objects.",
+          "type": "string"
+        },
+        "telemetryProfilesUri": {
+          "description": "The URI of this Message VPN's collection of Telemetry Profile objects. Available since 2.31.",
+          "type": "string"
+        },
+        "topicEndpointTemplatesUri": {
+          "description": "The URI of this Message VPN's collection of Topic Endpoint Template objects. Available since 2.14.",
+          "type": "string"
+        },
+        "topicEndpointsUri": {
+          "description": "The URI of this Message VPN's collection of Topic Endpoint objects. Available since 2.1.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Message VPN object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnMqttRetainCache": {
+      "properties": {
+        "cacheName": {
+          "description": "The name of the MQTT Retain Cache.",
+          "maxLength": 64,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable this MQTT Retain Cache. When the cache is disabled, neither retain messages nor retain requests will be delivered by the cache. However, live retain messages will continue to be delivered to currently connected MQTT clients. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgLifetime": {
+          "description": "The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the cache will remove the message. A lifetime of 0 results in the message being retained indefinitely, otherwise it must be 3 seconds or more. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 4294967294,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnMqttRetainCacheLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this MQTT Retain Cache object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnMqttRetainCacheResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnMqttRetainCache"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnMqttRetainCacheLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnMqttRetainCachesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnMqttRetainCache"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnMqttRetainCacheLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnMqttSession": {
+      "properties": {
+        "enabled": {
+          "description": "Enable or disable the MQTT Session. When disabled, the client is disconnected, new messages matching QoS 0 subscriptions are discarded, and new messages matching QoS 1 subscriptions are stored for future delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "mqttSessionClientId": {
+          "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+          "maxLength": 128,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "mqttSessionVirtualRouter": {
+          "description": "The virtual router of the MQTT Session. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The MQTT Session belongs to the primary virtual router.\n\"backup\" - The MQTT Session belongs to the backup virtual router.\n\"auto\" - The MQTT Session is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n",
+          "enum": [
+            "primary",
+            "backup",
+            "auto"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "owner": {
+          "description": "The owner of the MQTT Session. For externally-created sessions this defaults to the Client Username of the connecting client. For management-created sessions this defaults to empty. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 189,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueConsumerAckPropagationEnabled": {
+          "description": "Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.14.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueDeadMsgQueue": {
+          "description": "The name of the Dead Message Queue (DMQ) used by the MQTT Session Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`. Available since 2.14.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "#DEAD_MSG_QUEUE",
+          "x-configSyncTableType": "vpn",
+          "x-default": "#DEAD_MSG_QUEUE",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueEventBindCountThreshold": {
+          "$ref": "#/definitions/MsgVpnMqttSessionQueueEventBindCountThreshold"
+        },
+        "queueEventMsgSpoolUsageThreshold": {
+          "$ref": "#/definitions/MsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold"
+        },
+        "queueEventRejectLowPriorityMsgLimitThreshold": {
+          "$ref": "#/definitions/MsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold"
+        },
+        "queueMaxBindCount": {
+          "description": "The maximum number of consumer flows that can bind to the MQTT Session Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since 2.14.",
+          "format": "int64",
+          "maximum": 10000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueMaxDeliveredUnackedMsgsPerFlow": {
+          "description": "The maximum number of messages delivered but not acknowledged per flow for the MQTT Session Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`. Available since 2.14.",
+          "format": "int64",
+          "maximum": 1000000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueMaxMsgSize": {
+          "description": "The maximum message size allowed in the MQTT Session Queue, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`. Available since 2.14.",
+          "format": "int32",
+          "maximum": 30000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueMaxMsgSpoolUsage": {
+          "description": "The maximum message spool usage allowed by the MQTT Session Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`. Available since 2.14.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1500,
+          "x-configSyncTableType": "vpn",
+          "x-default": 5000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueMaxRedeliveryCount": {
+          "description": "The maximum number of times the MQTT Session Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.14.",
+          "format": "int64",
+          "maximum": 255,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueMaxTtl": {
+          "description": "The maximum time in seconds a message can stay in the MQTT Session Queue when `queueRespectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `queueMaxTtl` configured for the MQTT Session Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.14.",
+          "format": "int64",
+          "maximum": 9223372036854775807,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueRejectLowPriorityMsgEnabled": {
+          "description": "Enable or disable the checking of low priority messages against the `queueRejectLowPriorityMsgLimit`. This may only be enabled if `queueRejectMsgToSenderOnDiscardBehavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.14.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueRejectLowPriorityMsgLimit": {
+          "description": "The number of messages of any priority in the MQTT Session Queue above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.14.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueRejectMsgToSenderOnDiscardBehavior": {
+          "description": "Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as queueRejectLowPriorityMsgEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-queue-enabled\"`. The allowed values and their meaning are:\n\n<pre>\n\"never\" - Silently discard messages.\n\"when-queue-enabled\" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.\n\"always\" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.\n</pre>\n Available since 2.14.",
+          "enum": [
+            "never",
+            "when-queue-enabled",
+            "always"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "queueRejectLowPriorityMsgEnabled"
+          ],
+          "x-configSyncDefault": "when-queue-enabled",
+          "x-configSyncTableType": "vpn",
+          "x-default": "when-queue-enabled",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueRespectTtlEnabled": {
+          "description": "Enable or disable the respecting of the time-to-live (TTL) for messages in the MQTT Session Queue. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.14.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnMqttSessionLinks": {
+      "properties": {
+        "subscriptionsUri": {
+          "description": "The URI of this MQTT Session's collection of Subscription objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this MQTT Session object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnMqttSessionQueueEventBindCountThreshold": {
+      "description": "Thresholds for the high number of the MQTT Session Queue Consumers Event, relative to `queueMaxBindCount`. Available since 2.14.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold": {
+      "description": "The threshold for the Message Spool usage event of the MQTT Session Queue, relative to `queueMaxMsgSpoolUsage`. Available since 2.14.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 18,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 25,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold": {
+      "description": "The threshold for the maximum allowed number of any priority messages queued in the MQTT Session Queue, relative to `queueRejectLowPriorityMsgLimit`. Available since 2.14.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnMqttSessionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnMqttSession"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnMqttSessionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnMqttSessionSubscription": {
+      "properties": {
+        "mqttSessionClientId": {
+          "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+          "maxLength": 128,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "mqttSessionVirtualRouter": {
+          "description": "The virtual router of the MQTT Session. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The MQTT Session belongs to the primary virtual router.\n\"backup\" - The MQTT Session belongs to the backup virtual router.\n\"auto\" - The MQTT Session is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n",
+          "enum": [
+            "primary",
+            "backup",
+            "auto"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "subscriptionQos": {
+          "description": "The quality of service (QoS) for the subscription as either 0 (deliver at most once) or 1 (deliver at least once). QoS 2 is not supported, but QoS 2 messages attracted by QoS 0 or QoS 1 subscriptions are accepted and delivered accordingly. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 1,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "subscriptionTopic": {
+          "description": "The MQTT subscription topic.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnMqttSessionSubscriptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Subscription object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnMqttSessionSubscriptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnMqttSessionSubscription"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnMqttSessionSubscriptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnMqttSessionSubscription"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnMqttSessionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnMqttSession"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnMqttSessionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnProxiesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnProxy"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnProxyLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnProxy": {
+      "properties": {
+        "authenticationBasicPassword": {
+          "description": "The password to use with basic authentication. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 64,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationBasicUsername": {
+          "description": "The username to use with basic authentication. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 32,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationScheme": {
+          "description": "The authentication scheme used to connect to the proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - No authentication.\n\"basic\" - Username/password authentication.\n</pre>\n",
+          "enum": [
+            "none",
+            "basic"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "router",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the proxy. When disabled, no connections are initiated to this particular Proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "host": {
+          "description": "The IP address or host name of the proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 253,
+          "minLength": 0,
+          "pattern": "^([0-9a-zA-Z\\-\\.]*|([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|([0-9a-fA-F]{1,4}:){1,7}:|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|:((:[0-9a-fA-F]{1,4}){1,7}|:)|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "port": {
+          "description": "The port to connect to on the proxy host. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`.",
+          "format": "int32",
+          "maximum": 65535,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "router",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "proxyName": {
+          "description": "The name of the proxy.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^#*? ]([^*?]*[^*? ])?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "proxyType": {
+          "description": "The type of proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"direct\"`. The allowed values and their meaning are:\n\n<pre>\n\"direct\" - Direct connection (no proxy).\n\"http\" - HTTP proxy.\n</pre>\n",
+          "enum": [
+            "direct",
+            "http"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "direct",
+          "x-configSyncTableType": "router",
+          "x-default": "direct",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "MsgVpnProxyLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Proxy object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnProxyResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnProxy"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnProxyLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnQueue": {
+      "properties": {
+        "accessType": {
+          "description": "The access type for delivering messages to consumer flows bound to the Queue. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.\n</pre>\n",
+          "enum": [
+            "exclusive",
+            "non-exclusive"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": "exclusive",
+          "x-configSyncTableType": "vpn",
+          "x-default": "exclusive",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "consumerAckPropagationEnabled": {
+          "description": "Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "deadMsgQueue": {
+          "description": "The name of the Dead Message Queue (DMQ) used by the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`. Available since 2.2.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "#DEAD_MSG_QUEUE",
+          "x-configSyncTableType": "vpn",
+          "x-default": "#DEAD_MSG_QUEUE",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "deliveryCountEnabled": {
+          "description": "Enable or disable the ability for client applications to query the message delivery count of messages received from the Queue. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.19.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "deliveryDelay": {
+          "description": "The delay, in seconds, to apply to messages arriving on the Queue before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.22.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "egressEnabled": {
+          "description": "Enable or disable the transmission of messages from the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventBindCountThreshold": {
+          "$ref": "#/definitions/MsgVpnQueueEventBindCountThreshold"
+        },
+        "eventMsgSpoolUsageThreshold": {
+          "$ref": "#/definitions/MsgVpnQueueEventMsgSpoolUsageThreshold"
+        },
+        "eventRejectLowPriorityMsgLimitThreshold": {
+          "$ref": "#/definitions/MsgVpnQueueEventRejectLowPriorityMsgLimitThreshold"
+        },
+        "ingressEnabled": {
+          "description": "Enable or disable the reception of messages to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxBindCount": {
+          "description": "The maximum number of consumer flows that can bind to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+          "format": "int64",
+          "maximum": 10000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxDeliveredUnackedMsgsPerFlow": {
+          "description": "The maximum number of messages delivered but not acknowledged per flow for the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+          "format": "int64",
+          "maximum": 1000000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxMsgSize": {
+          "description": "The maximum message size allowed in the Queue, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.",
+          "format": "int32",
+          "maximum": 30000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxMsgSpoolUsage": {
+          "description": "The maximum message spool usage allowed by the Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1500,
+          "x-configSyncTableType": "vpn",
+          "x-default": 5000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxRedeliveryCount": {
+          "description": "The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 255,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxTtl": {
+          "description": "The maximum time in seconds a message can stay in the Queue when `respectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `maxTtl` configured for the Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "owner": {
+          "description": "The Client Username that owns the Queue and has permission equivalent to `\"delete\"`. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 189,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "partitionCount": {
+          "description": "The count of partitions of the queue. Only relevant for queues with an access type of non-exclusive. When zero, bound clients receive messages round-robin. Otherwise, bound clients receive messages from individually assigned partitions. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.35.",
+          "format": "int32",
+          "maximum": 1000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "partitionRebalanceDelay": {
+          "description": "The delay (in seconds) before a partition rebalance is started once needed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`. Available since 2.35.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 5,
+          "x-configSyncTableType": "vpn",
+          "x-default": 5,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "partitionRebalanceMaxHandoffTime": {
+          "description": "The maximum time (in seconds) to wait before handing off a partition while rebalancing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`. Available since 2.35.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "permission": {
+          "description": "The permission level for all consumers of the Queue, excluding the owner. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
+          "enum": [
+            "no-access",
+            "read-only",
+            "consume",
+            "modify-topic",
+            "delete"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": "no-access",
+          "x-configSyncTableType": "vpn",
+          "x-default": "no-access",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueName": {
+          "description": "The name of the Queue.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayEnabled": {
+          "description": "Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.33.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayInitialInterval": {
+          "description": "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since 2.33.",
+          "format": "int32",
+          "maximum": 3600000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayMaxInterval": {
+          "description": "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since 2.33.",
+          "format": "int32",
+          "maximum": 10800000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": 64000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 64000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayMultiplier": {
+          "description": "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since 2.33.",
+          "format": "int32",
+          "maximum": 500,
+          "minimum": 100,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": 200,
+          "x-configSyncTableType": "vpn",
+          "x-default": 200,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryEnabled": {
+          "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the queue more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.18.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectLowPriorityMsgEnabled": {
+          "description": "Enable or disable the checking of low priority messages against the `rejectLowPriorityMsgLimit`. This may only be enabled if `rejectMsgToSenderOnDiscardBehavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectLowPriorityMsgLimit": {
+          "description": "The number of messages of any priority in the Queue above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectMsgToSenderOnDiscardBehavior": {
+          "description": "Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as rejectLowPriorityMsgEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-queue-enabled\"`. The allowed values and their meaning are:\n\n<pre>\n\"never\" - Silently discard messages.\n\"when-queue-enabled\" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.\n\"always\" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.\n</pre>\n Available since 2.1.",
+          "enum": [
+            "never",
+            "when-queue-enabled",
+            "always"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "rejectLowPriorityMsgEnabled"
+          ],
+          "x-configSyncDefault": "when-queue-enabled",
+          "x-configSyncTableType": "vpn",
+          "x-default": "when-queue-enabled",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "respectMsgPriorityEnabled": {
+          "description": "Enable or disable the respecting of message priority. When enabled, messages contained in the Queue are delivered in priority order, from 9 (highest) to 0 (lowest). Regardless of this setting, message priority is not respected when browsing the queue, when the queue is used by a bridge, or if the queue is partitioned. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled and ingressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.8.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled",
+            "ingressEnabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "respectTtlEnabled": {
+          "description": "Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnQueueEventBindCountThreshold": {
+      "description": "The thresholds for the Queue consumer flows event, relative to `maxBindCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnQueueEventMsgSpoolUsageThreshold": {
+      "description": "The thresholds for the message spool usage event of the Queue, relative to `maxMsgSpoolUsage`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 18,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 25,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnQueueEventRejectLowPriorityMsgLimitThreshold": {
+      "description": "The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to `rejectLowPriorityMsgLimit`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnQueueLinks": {
+      "properties": {
+        "subscriptionsUri": {
+          "description": "The URI of this Queue's collection of Queue Subscription objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Queue object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnQueueResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnQueue"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnQueueLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnQueueSubscription": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueName": {
+          "description": "The name of the Queue.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "subscriptionTopic": {
+          "description": "The topic of the Subscription.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnQueueSubscriptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Queue Subscription object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnQueueSubscriptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnQueueSubscription"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnQueueSubscriptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnQueueSubscriptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnQueueSubscription"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnQueueSubscriptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnQueueTemplate": {
+      "properties": {
+        "accessType": {
+          "description": "The access type for delivering messages to consumer flows. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.\n</pre>\n",
+          "enum": [
+            "exclusive",
+            "non-exclusive"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "exclusive",
+          "x-configSyncTableType": "vpn",
+          "x-default": "exclusive",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "consumerAckPropagationEnabled": {
+          "description": "Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "deadMsgQueue": {
+          "description": "The name of the Dead Message Queue (DMQ). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "#DEAD_MSG_QUEUE",
+          "x-configSyncTableType": "vpn",
+          "x-default": "#DEAD_MSG_QUEUE",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "deliveryDelay": {
+          "description": "The delay, in seconds, to apply to messages arriving on the Queue before the messages are eligible for delivery. This attribute does not apply to MQTT queues created from this template, but it may apply in future releases. Therefore, to maintain forward compatibility, do not set this value on templates that might be used for MQTT queues. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.22.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "durabilityOverride": {
+          "description": "Controls the durability of queues created from this template. If non-durable, the created queue will be non-durable, regardless of the specified durability. If none, the created queue will have the requested durability. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - The durability of the endpoint will be as requested on create.\n\"non-durable\" - The durability of the created queue will be non-durable, regardless of what was requested.\n</pre>\n",
+          "enum": [
+            "none",
+            "non-durable"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "vpn",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventBindCountThreshold": {
+          "$ref": "#/definitions/MsgVpnQueueTemplateEventBindCountThreshold"
+        },
+        "eventMsgSpoolUsageThreshold": {
+          "$ref": "#/definitions/MsgVpnQueueTemplateEventMsgSpoolUsageThreshold"
+        },
+        "eventRejectLowPriorityMsgLimitThreshold": {
+          "$ref": "#/definitions/MsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold"
+        },
+        "maxBindCount": {
+          "description": "The maximum number of consumer flows that can bind. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+          "format": "int64",
+          "maximum": 10000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxDeliveredUnackedMsgsPerFlow": {
+          "description": "The maximum number of messages delivered but not acknowledged per flow. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+          "format": "int64",
+          "maximum": 1000000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxMsgSize": {
+          "description": "The maximum message size allowed, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.",
+          "format": "int32",
+          "maximum": 30000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxMsgSpoolUsage": {
+          "description": "The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1500,
+          "x-configSyncTableType": "vpn",
+          "x-default": 5000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxRedeliveryCount": {
+          "description": "The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 255,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxTtl": {
+          "description": "The maximum time in seconds a message can stay in a Queue when `respectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `maxTtl` configured for the Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "permission": {
+          "description": "The permission level for all consumers, excluding the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
+          "enum": [
+            "no-access",
+            "read-only",
+            "consume",
+            "modify-topic",
+            "delete"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "no-access",
+          "x-configSyncTableType": "vpn",
+          "x-default": "no-access",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueNameFilter": {
+          "description": "A pattern used to determine which Queues use settings from this Template. Two different wildcards can be used in the pattern: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when used at the end, after a /. A * is only allowed at the end, after a slash (/). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueTemplateName": {
+          "description": "The name of the Queue Template.",
+          "maxLength": 255,
+          "minLength": 1,
+          "pattern": "^[^#?*][^?*]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayEnabled": {
+          "description": "Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.33.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayInitialInterval": {
+          "description": "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since 2.33.",
+          "format": "int32",
+          "maximum": 3600000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayMaxInterval": {
+          "description": "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since 2.33.",
+          "format": "int32",
+          "maximum": 10800000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 64000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 64000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayMultiplier": {
+          "description": "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since 2.33.",
+          "format": "int32",
+          "maximum": 500,
+          "minimum": 100,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 200,
+          "x-configSyncTableType": "vpn",
+          "x-default": 200,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryEnabled": {
+          "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the queue more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.18.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectLowPriorityMsgEnabled": {
+          "description": "Enable or disable the checking of low priority messages against the `rejectLowPriorityMsgLimit`. This may only be enabled if `rejectMsgToSenderOnDiscardBehavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectLowPriorityMsgLimit": {
+          "description": "The number of messages of any priority above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectMsgToSenderOnDiscardBehavior": {
+          "description": "Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs prevent the message from being delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-queue-enabled\"`. The allowed values and their meaning are:\n\n<pre>\n\"never\" - Silently discard messages.\n\"when-queue-enabled\" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.\n\"always\" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.\n</pre>\n",
+          "enum": [
+            "never",
+            "when-queue-enabled",
+            "always"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "when-queue-enabled",
+          "x-configSyncTableType": "vpn",
+          "x-default": "when-queue-enabled",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "respectMsgPriorityEnabled": {
+          "description": "Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "respectTtlEnabled": {
+          "description": "Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnQueueTemplateEventBindCountThreshold": {
+      "description": "The thresholds for the Queue consumer flows event, relative to `maxBindCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 10000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 10000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnQueueTemplateEventMsgSpoolUsageThreshold": {
+      "description": "The thresholds for the message spool usage event of the Queue, relative to `maxMsgSpoolUsage`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 18,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 25,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold": {
+      "description": "The thresholds for the maximum allowed number of any priority messages queued in the Queue event, relative to `rejectLowPriorityMsgLimit`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnQueueTemplateLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Queue Template object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnQueueTemplateResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnQueueTemplate"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnQueueTemplateLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnQueueTemplatesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnQueueTemplate"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnQueueTemplateLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnQueuesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnQueue"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnQueueLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnReplayLog": {
+      "properties": {
+        "egressEnabled": {
+          "description": "Enable or disable the transmission of messages from the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "ingressEnabled": {
+          "description": "Enable or disable the reception of messages to the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxSpoolUsage": {
+          "description": "The maximum spool usage allowed by the Replay Log, in megabytes (MB). If this limit is exceeded, old messages will be trimmed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replayLogName": {
+          "description": "The name of the Replay Log.",
+          "maxLength": 185,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "topicFilterEnabled": {
+          "description": "Enable or disable topic filtering for the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.27.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnReplayLogLinks": {
+      "properties": {
+        "topicFilterSubscriptionsUri": {
+          "description": "The URI of this Replay Log's collection of Topic Filter Subscription objects. Available since 2.27.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Replay Log object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnReplayLogResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnReplayLog"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnReplayLogLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnReplayLogTopicFilterSubscription": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replayLogName": {
+          "description": "The name of the Replay Log.",
+          "maxLength": 185,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "topicFilterSubscription": {
+          "description": "The topic of the Subscription.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnReplayLogTopicFilterSubscriptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Topic Filter Subscription object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnReplayLogTopicFilterSubscriptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscription"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnReplayLogTopicFilterSubscriptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscription"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnReplayLogsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnReplayLog"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnReplayLogLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnReplicatedTopic": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicatedTopic": {
+          "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "replicationMode": {
+          "description": "The replication mode for the Replicated Topic. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"async\"`. The allowed values and their meaning are:\n\n<pre>\n\"sync\" - Messages are acknowledged when replicated (spooled remotely).\n\"async\" - Messages are acknowledged when pending replication (spooled locally).\n</pre>\n",
+          "enum": [
+            "sync",
+            "async"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "async",
+          "x-configSyncTableType": "vpn",
+          "x-default": "async",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnReplicatedTopicLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Replicated Topic object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnReplicatedTopicResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnReplicatedTopic"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnReplicatedTopicLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnReplicatedTopicsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnReplicatedTopic"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnReplicatedTopicLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpn"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPoint": {
+      "properties": {
+        "clientProfileName": {
+          "description": "The Client Profile of the REST Delivery Point. It must exist in the local Message VPN. Its TCP parameters are used for all REST Consumers in this RDP. Its queue properties are used by the RDP client. The Client Profile is used inside the auto-generated Client Username for this RDP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^#?[A-Za-z0-9\\-_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "default",
+          "x-configSyncTableType": "vpn",
+          "x-default": "default",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the REST Delivery Point. When disabled, no connections are initiated or messages delivered to any of the contained REST Consumers. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restDeliveryPointName": {
+          "description": "The name of the REST Delivery Point.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "service": {
+          "description": "The name of the service that this REST Delivery Point connects to. Internally the broker does not use this value; it is informational only. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
+          "maxLength": 50,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "vendor": {
+          "description": "The name of the vendor that this REST Delivery Point connects to. Internally the broker does not use this value; it is informational only. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
+          "maxLength": 50,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnRestDeliveryPointLinks": {
+      "properties": {
+        "queueBindingsUri": {
+          "description": "The URI of this REST Delivery Point's collection of Queue Binding objects.",
+          "type": "string"
+        },
+        "restConsumersUri": {
+          "description": "The URI of this REST Delivery Point's collection of REST Consumer objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this REST Delivery Point object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBinding": {
+      "properties": {
+        "gatewayReplaceTargetAuthorityEnabled": {
+          "description": "Enable or disable whether the authority for the request-target is replaced with that configured for the REST Consumer remote. When enabled, the broker sends HTTP requests in absolute-form, with the request-target's authority taken from the REST Consumer's remote host and port configuration. When disabled, the broker sends HTTP requests whose request-target matches that of the original request message, including whether to use absolute-form or origin-form. This configuration is applicable only when the Message VPN is in REST gateway mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.6.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "postRequestTarget": {
+          "description": "The request-target string to use when sending requests. It identifies the target resource on the far-end REST Consumer upon which to apply the request. There are generally two common forms for the request-target. The origin-form is most often used in practice and contains the path and query components of the target URI. If the path component is empty then the client must generally send a \"/\" as the path. When making a request to a proxy, most often the absolute-form is required. This configuration is only applicable when the Message VPN is in REST messaging mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 2000,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueBindingName": {
+          "description": "The name of a queue in the Message VPN.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "requestTargetEvaluation": {
+          "description": "The type of evaluation to perform on the request target. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - Do not evaluate substitution expressions on the request target.\n\"substitution-expressions\" - Evaluate substitution expressions on the request target.\n</pre>\n Available since 2.23.",
+          "enum": [
+            "none",
+            "substitution-expressions"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "vpn",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restDeliveryPointName": {
+          "description": "The name of the REST Delivery Point.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingLinks": {
+      "properties": {
+        "protectedRequestHeadersUri": {
+          "description": "The URI of this Queue Binding's collection of Protected Request Header objects. Available since 2.30.",
+          "type": "string"
+        },
+        "requestHeadersUri": {
+          "description": "The URI of this Queue Binding's collection of Request Header objects. Available since 2.23.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Queue Binding object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader": {
+      "properties": {
+        "headerName": {
+          "description": "The name of the protected HTTP request header.",
+          "maxLength": 50,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9!#$%&'*+\\-.\\^_`|~]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "headerValue": {
+          "description": "The value of the protected HTTP request header. Unlike a non-protected request header, this value cannot be displayed after it is set, and does not support substitution expressions. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 2000,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueBindingName": {
+          "description": "The name of a queue in the Message VPN.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restDeliveryPointName": {
+          "description": "The name of the REST Delivery Point.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Protected Request Header object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeadersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingRequestHeader": {
+      "properties": {
+        "headerName": {
+          "description": "The name of the HTTP request header.",
+          "maxLength": 50,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9!#$%&'*+\\-.\\^_`|~]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "headerValue": {
+          "description": "A substitution expression for the value of the HTTP request header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 2000,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueBindingName": {
+          "description": "The name of a queue in the Message VPN.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restDeliveryPointName": {
+          "description": "The name of the REST Delivery Point.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingRequestHeaderLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Request Header object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingRequestHeadersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBinding"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointQueueBindingsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBinding"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPoint"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointRestConsumer": {
+      "properties": {
+        "authenticationAwsAccessKeyId": {
+          "description": "The AWS access key id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.26.",
+          "maxLength": 32,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationAwsRegion": {
+          "description": "The AWS region id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.26.",
+          "maxLength": 20,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationAwsSecretAccessKey": {
+          "description": "The AWS secret access key. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.26.",
+          "maxLength": 64,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationAwsService": {
+          "description": "The AWS service id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.26.",
+          "maxLength": 50,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationClientCertContent": {
+          "description": "The PEM formatted content for the client certificate that the REST Consumer will present to the REST host. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since 2.9.",
+          "maxLength": 32768,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationClientCertPassword": {
+          "description": "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since 2.9.",
+          "maxLength": 512,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "authenticationClientCertContent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationHttpBasicPassword": {
+          "description": "The password for the username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 128,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "authenticationHttpBasicUsername"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationHttpBasicUsername": {
+          "description": "The username that the REST Consumer will use to login to the REST host. Normally a username is only configured when basic authentication is selected for the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 189,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "authenticationHttpBasicPassword"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationHttpHeaderName": {
+          "description": "The authentication header name. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.15.",
+          "maxLength": 50,
+          "minLength": 0,
+          "pattern": "^[A-Za-z0-9!#$%&'*+\\-.\\^_`|~]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationHttpHeaderValue": {
+          "description": "The authentication header value. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.15.",
+          "maxLength": 2100,
+          "minLength": 0,
+          "pattern": "^[ -~\\t]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationOauthClientId": {
+          "description": "The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationOauthClientScope": {
+          "description": "The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationOauthClientSecret": {
+          "description": "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
+          "maxLength": 512,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationOauthClientTokenEndpoint": {
+          "description": "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Must begin with \"https\". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.19.",
+          "maxLength": 2048,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationOauthClientTokenExpiryDefault": {
+          "description": "The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `900`. Available since 2.30.",
+          "format": "int32",
+          "maximum": 86400,
+          "minimum": 60,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 900,
+          "x-configSyncTableType": "vpn",
+          "x-default": 900,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationOauthJwtSecretKey": {
+          "description": "The OAuth secret key used to sign the token request JWT. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.21.",
+          "maxLength": 4096,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "authenticationOauthJwtTokenEndpoint": {
+          "description": "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.21.",
+          "maxLength": 2048,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationOauthJwtTokenExpiryDefault": {
+          "description": "The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `900`. Available since 2.30.",
+          "format": "int32",
+          "maximum": 86400,
+          "minimum": 60,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 900,
+          "x-configSyncTableType": "vpn",
+          "x-default": 900,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authenticationScheme": {
+          "description": "The authentication scheme used by the REST Consumer to login to the REST host. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - Login with no authentication. This may be useful for anonymous connections or when a REST Consumer does not require authentication.\n\"http-basic\" - Login with a username and optional password according to HTTP Basic authentication as per RFC 2616.\n\"client-certificate\" - Login with a client TLS certificate as per RFC 5246. Client certificate authentication is only available on TLS connections.\n\"http-header\" - Login with a specified HTTP header.\n\"oauth-client\" - Login with OAuth 2.0 client credentials.\n\"oauth-jwt\" - Login with OAuth (RFC 7523 JWT Profile).\n\"transparent\" - Login using the Authorization header from the message properties, if present. Transparent authentication passes along existing Authorization header metadata instead of discarding it. Note that if the message is coming from a REST producer, the REST service must be configured to forward the Authorization header.\n\"aws\" - Login using AWS Signature Version 4 authentication (AWS4-HMAC-SHA256).\n</pre>\n",
+          "enum": [
+            "none",
+            "http-basic",
+            "client-certificate",
+            "http-header",
+            "oauth-client",
+            "oauth-jwt",
+            "transparent",
+            "aws"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "vpn",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the REST Consumer. When disabled, no connections are initiated or messages delivered to this particular REST Consumer. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "httpMethod": {
+          "description": "The HTTP method to use (POST or PUT). This is used only when operating in the REST service \"messaging\" mode and is ignored in \"gateway\" mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"post\"`. The allowed values and their meaning are:\n\n<pre>\n\"post\" - Use the POST HTTP method.\n\"put\" - Use the PUT HTTP method.\n</pre>\n Available since 2.17.",
+          "enum": [
+            "post",
+            "put"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "post",
+          "x-configSyncTableType": "vpn",
+          "x-default": "post",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "localInterface": {
+          "description": "The interface that will be used for all outgoing connections associated with the REST Consumer. When unspecified, an interface is automatically chosen. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 15,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxPostWaitTime": {
+          "description": "The maximum amount of time (in seconds) to wait for an HTTP POST response from the REST Consumer. Once this time is exceeded, the TCP connection is reset. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30`.",
+          "format": "int32",
+          "maximum": 300,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 30,
+          "x-configSyncTableType": "vpn",
+          "x-default": 30,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "outgoingConnectionCount": {
+          "description": "The number of concurrent TCP connections open to the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "format": "int32",
+          "maximum": 50,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "proxyName": {
+          "description": "The name of the proxy to use. Leave empty for no proxy. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since 2.36.",
+          "maxLength": 32,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remoteHost": {
+          "description": "The IP address or DNS name to which the broker is to connect to deliver messages for the REST Consumer. A host value must be configured for the REST Consumer to be operationally up. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 253,
+          "minLength": 0,
+          "pattern": "^([0-9a-zA-Z_\\-\\.]*|([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|([0-9a-fA-F]{1,4}:){1,7}:|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|:((:[0-9a-fA-F]{1,4}){1,7}|:)|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "remotePort": {
+          "description": "The port associated with the host of the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `8080`.",
+          "format": "int64",
+          "maximum": 65535,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": 8080,
+          "x-configSyncTableType": "vpn",
+          "x-default": 8080,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "tlsEnabled"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restConsumerName": {
+          "description": "The name of the REST Consumer.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restDeliveryPointName": {
+          "description": "The name of the REST Delivery Point.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "retryDelay": {
+          "description": "The number of seconds that must pass before retrying the remote REST Consumer connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "format": "int32",
+          "maximum": 300,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsCipherSuiteList": {
+          "description": "The colon-separated list of cipher suites the REST Consumer uses in its encrypted connection. The value `\"default\"` implies all supported suites ordered from most secure to least secure. The list of default cipher suites is available in the `tlsCipherSuiteMsgBackboneDefaultList` attribute of the Broker object in the Monitoring API. The REST Consumer should choose the first suite from this list that it supports. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+          "maxLength": 1559,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": "default",
+          "x-configSyncTableType": "vpn",
+          "x-default": "default",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsEnabled": {
+          "description": "Enable or disable encryption (TLS) for the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "enabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requires": [
+            "remotePort"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnRestDeliveryPointRestConsumerLinks": {
+      "properties": {
+        "oauthJwtClaimsUri": {
+          "description": "The URI of this REST Consumer's collection of Claim objects. Available since 2.21.",
+          "type": "string"
+        },
+        "tlsTrustedCommonNamesUri": {
+          "description": "The URI of this REST Consumer's collection of Trusted Common Name objects. Deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this REST Consumer object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointRestConsumerOauthJwtClaim": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthJwtClaimName": {
+          "description": "The name of the additional claim. Cannot be \"exp\", \"iat\", or \"jti\".",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthJwtClaimValue": {
+          "description": "The value of the additional claim, which must be a string containing a valid JSON value.",
+          "maxLength": 200,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restConsumerName": {
+          "description": "The name of the REST Consumer.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restDeliveryPointName": {
+          "description": "The name of the REST Delivery Point.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Claim object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaim"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaim"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointRestConsumerResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumer"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN. Deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restConsumerName": {
+          "description": "The name of the REST Consumer. Deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "restDeliveryPointName": {
+          "description": "The name of the REST Delivery Point. Deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "tlsTrustedCommonName": {
+          "description": "The expected trusted common name of the remote certificate. Deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNameLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Trusted Common Name object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNameResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNameLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNamesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNameLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointRestConsumersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumer"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnRestDeliveryPointsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPoint"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnRestDeliveryPointLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnSequencedTopic": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sequencedTopic": {
+          "description": "Topic for applying sequence numbers.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnSequencedTopicLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Sequenced Topic object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnSequencedTopicResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnSequencedTopic"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnSequencedTopicLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnSequencedTopicsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnSequencedTopic"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnSequencedTopicLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfile": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueEventBindCountThreshold": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileQueueEventBindCountThreshold"
+        },
+        "queueEventMsgSpoolUsageThreshold": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold"
+        },
+        "queueMaxBindCount": {
+          "description": "The maximum number of consumer flows that can bind to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+          "format": "int64",
+          "maximum": 10000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "queueMaxMsgSpoolUsage": {
+          "description": "The maximum message spool usage allowed by the Queue, in megabytes (MB). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `800000`.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 800000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 800000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "receiverAclConnectDefaultAction": {
+          "description": "The default action to take when a receiver client connects to the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"disallow\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow\" - Allow client connection unless an exception is found for it.\n\"disallow\" - Disallow client connection unless an exception is found for it.\n</pre>\n",
+          "enum": [
+            "allow",
+            "disallow"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "disallow",
+          "x-configSyncTableType": "vpn",
+          "x-default": "disallow",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "receiverEnabled": {
+          "description": "Enable or disable the ability for receiver clients to consume from the #telemetry queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "receiverEventConnectionCountPerClientUsernameThreshold": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold"
+        },
+        "receiverMaxConnectionCountPerClientUsername": {
+          "description": "The maximum number of receiver connections per Client Username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "receiverTcpCongestionWindowSize": {
+          "description": "The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2`.",
+          "format": "int64",
+          "maximum": 7826,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 2,
+          "x-configSyncTableType": "vpn",
+          "x-default": 2,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "receiverTcpKeepaliveCount": {
+          "description": "The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.",
+          "format": "int64",
+          "maximum": 5,
+          "minimum": 2,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 5,
+          "x-configSyncTableType": "vpn",
+          "x-default": 5,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "receiverTcpKeepaliveIdleTime": {
+          "description": "The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+          "format": "int64",
+          "maximum": 120,
+          "minimum": 3,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 3,
+          "x-configSyncTableType": "vpn",
+          "x-default": 3,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "receiverTcpKeepaliveInterval": {
+          "description": "The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+          "format": "int64",
+          "maximum": 30,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "receiverTcpMaxSegmentSize": {
+          "description": "The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1460`.",
+          "format": "int64",
+          "maximum": 1460,
+          "minimum": 256,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1460,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1460,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "receiverTcpMaxWindowSize": {
+          "description": "The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.",
+          "format": "int64",
+          "maximum": 65536,
+          "minimum": 16,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 256,
+          "x-configSyncTableType": "vpn",
+          "x-default": 256,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "telemetryProfileName": {
+          "description": "The name of the Telemetry Profile.",
+          "maxLength": 21,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9\\-_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "traceEnabled": {
+          "description": "Enable or disable generation of all trace span data messages. When enabled, the state of configured trace filters control which messages get traced. When disabled, trace span data messages are never generated, regardless of the state of trace filters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "traceSendSpanGenerationEnabled": {
+          "description": "Enable or disable generation of send spans. For the most complete view of broker message processing, this should be enabled. If the information provided by send spans are not needed, send spans can be disabled to reduce the performance impact of tracing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.36.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnTelemetryProfileLinks": {
+      "properties": {
+        "receiverAclConnectExceptionsUri": {
+          "description": "The URI of this Telemetry Profile's collection of Receiver ACL Connect Exception objects.",
+          "type": "string"
+        },
+        "traceFiltersUri": {
+          "description": "The URI of this Telemetry Profile's collection of Trace Filter objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Telemetry Profile object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileQueueEventBindCountThreshold": {
+      "description": "The thresholds for the Queue consumer flows event, relative to `queueMaxBindCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold": {
+      "description": "The thresholds for the message spool usage event of the Queue, relative to `queueMaxMsgSpoolUsage`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 2,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileReceiverAclConnectException": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "receiverAclConnectExceptionAddress": {
+          "description": "The IP address/netmask of the receiver connect exception in CIDR form.",
+          "maxLength": 43,
+          "minLength": 0,
+          "pattern": "^\\s*((((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\\.){3}(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[1-2][0-9]|3[0-2]))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])))\\s*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "telemetryProfileName": {
+          "description": "The name of the Telemetry Profile.",
+          "maxLength": 21,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9\\-_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnTelemetryProfileReceiverAclConnectExceptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Receiver ACL Connect Exception object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileReceiverAclConnectExceptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectException"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileReceiverAclConnectExceptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectException"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold": {
+      "description": "The thresholds for the receiver connection count event, relative to `receiverMaxConnectionCountPerClientUsername`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfile"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilter": {
+      "properties": {
+        "enabled": {
+          "description": "Enable or disable the trace filter. When the filter is disabled, the filter's subscriptions will not trigger a message to be traced. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "telemetryProfileName": {
+          "description": "The name of the Telemetry Profile.",
+          "maxLength": 21,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9\\-_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "traceFilterName": {
+          "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+          "maxLength": 127,
+          "minLength": 1,
+          "pattern": "^[^#*? ]([^*?]*[^*? ])?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnTelemetryProfileTraceFilterLinks": {
+      "properties": {
+        "subscriptionsUri": {
+          "description": "The URI of this Trace Filter's collection of Telemetry Trace Filter Subscription objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Trace Filter object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilter"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterSubscription": {
+      "properties": {
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "subscription": {
+          "description": "Messages matching this subscription will follow this filter's configuration.",
+          "maxLength": 250,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "subscriptionSyntax": {
+          "description": "The syntax of the trace filter subscription. The allowed values and their meaning are:\n\n<pre>\n\"smf\" - Subscription uses SMF syntax.\n\"mqtt\" - Subscription uses MQTT syntax.\n</pre>\n",
+          "enum": [
+            "smf",
+            "mqtt"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "telemetryProfileName": {
+          "description": "The name of the Telemetry Profile.",
+          "maxLength": 21,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9\\-_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "traceFilterName": {
+          "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+          "maxLength": 127,
+          "minLength": 1,
+          "pattern": "^[^#*? ]([^*?]*[^*? ])?$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnTelemetryProfileTraceFilterSubscriptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Telemetry Trace Filter Subscription object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterSubscriptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscription"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFilterSubscriptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscription"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfileTraceFiltersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilter"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTelemetryProfilesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfile"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTelemetryProfileLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTopicEndpoint": {
+      "properties": {
+        "accessType": {
+          "description": "The access type for delivering messages to consumer flows bound to the Topic Endpoint. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.\n</pre>\n Available since 2.4.",
+          "enum": [
+            "exclusive",
+            "non-exclusive"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": "exclusive",
+          "x-configSyncTableType": "vpn",
+          "x-default": "exclusive",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "consumerAckPropagationEnabled": {
+          "description": "Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "deadMsgQueue": {
+          "description": "The name of the Dead Message Queue (DMQ) used by the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`. Available since 2.2.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "#DEAD_MSG_QUEUE",
+          "x-configSyncTableType": "vpn",
+          "x-default": "#DEAD_MSG_QUEUE",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "deliveryCountEnabled": {
+          "description": "Enable or disable the ability for client applications to query the message delivery count of messages received from the Topic Endpoint. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.19.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "deliveryDelay": {
+          "description": "The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.22.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "egressEnabled": {
+          "description": "Enable or disable the transmission of messages from the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventBindCountThreshold": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointEventBindCountThreshold"
+        },
+        "eventRejectLowPriorityMsgLimitThreshold": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold"
+        },
+        "eventSpoolUsageThreshold": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointEventSpoolUsageThreshold"
+        },
+        "ingressEnabled": {
+          "description": "Enable or disable the reception of messages to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxBindCount": {
+          "description": "The maximum number of consumer flows that can bind to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`. Available since 2.4.",
+          "format": "int64",
+          "maximum": 10000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxDeliveredUnackedMsgsPerFlow": {
+          "description": "The maximum number of messages delivered but not acknowledged per flow for the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+          "format": "int64",
+          "maximum": 1000000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxMsgSize": {
+          "description": "The maximum message size allowed in the Topic Endpoint, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.",
+          "format": "int32",
+          "maximum": 30000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxRedeliveryCount": {
+          "description": "The maximum number of times the Topic Endpoint will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 255,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxSpoolUsage": {
+          "description": "The maximum message spool usage allowed by the Topic Endpoint, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1500,
+          "x-configSyncTableType": "vpn",
+          "x-default": 5000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxTtl": {
+          "description": "The maximum time in seconds a message can stay in the Topic Endpoint when `respectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `maxTtl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "owner": {
+          "description": "The Client Username that owns the Topic Endpoint and has permission equivalent to `\"delete\"`. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 189,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "permission": {
+          "description": "The permission level for all consumers of the Topic Endpoint, excluding the owner. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
+          "enum": [
+            "no-access",
+            "read-only",
+            "consume",
+            "modify-topic",
+            "delete"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": "no-access",
+          "x-configSyncTableType": "vpn",
+          "x-default": "no-access",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayEnabled": {
+          "description": "Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.33.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayInitialInterval": {
+          "description": "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since 2.33.",
+          "format": "int32",
+          "maximum": 3600000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayMaxInterval": {
+          "description": "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since 2.33.",
+          "format": "int32",
+          "maximum": 10800000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": 64000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 64000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayMultiplier": {
+          "description": "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since 2.33.",
+          "format": "int32",
+          "maximum": 500,
+          "minimum": 100,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled"
+          ],
+          "x-configSyncDefault": 200,
+          "x-configSyncTableType": "vpn",
+          "x-default": 200,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryEnabled": {
+          "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the topic-endpoint more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.18.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectLowPriorityMsgEnabled": {
+          "description": "Enable or disable the checking of low priority messages against the `rejectLowPriorityMsgLimit`. This may only be enabled if `rejectMsgToSenderOnDiscardBehavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectLowPriorityMsgLimit": {
+          "description": "The number of messages of any priority in the Topic Endpoint above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectMsgToSenderOnDiscardBehavior": {
+          "description": "Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as rejectLowPriorityMsgEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"never\"`. The allowed values and their meaning are:\n\n<pre>\n\"never\" - Silently discard messages.\n\"when-topic-endpoint-enabled\" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.\n\"always\" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.\n</pre>\n",
+          "enum": [
+            "never",
+            "when-topic-endpoint-enabled",
+            "always"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "rejectLowPriorityMsgEnabled"
+          ],
+          "x-configSyncDefault": "never",
+          "x-configSyncTableType": "vpn",
+          "x-default": "never",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "respectMsgPriorityEnabled": {
+          "description": "Enable or disable the respecting of message priority. When enabled, messages contained in the Topic Endpoint are delivered in priority order, from 9 (highest) to 0 (lowest). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egressEnabled and ingressEnabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.8.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [
+            "egressEnabled",
+            "ingressEnabled"
+          ],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "respectTtlEnabled": {
+          "description": "Enable or disable the respecting of the time-to-live (TTL) for messages in the Topic Endpoint. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "topicEndpointName": {
+          "description": "The name of the Topic Endpoint.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnTopicEndpointEventBindCountThreshold": {
+      "description": "The thresholds for the Topic Endpoint consumer flows event, relative to `maxBindCount`. Available since 2.4.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold": {
+      "description": "The thresholds for the maximum allowed number of any priority messages queued in the Topic Endpoint event, relative to `rejectLowPriorityMsgLimit`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointEventSpoolUsageThreshold": {
+      "description": "The thresholds for the message spool usage event of the Topic Endpoint, relative to `maxSpoolUsage`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 18,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 25,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Topic Endpoint object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnTopicEndpoint"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointTemplate": {
+      "properties": {
+        "accessType": {
+          "description": "The access type for delivering messages to consumer flows. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.\n</pre>\n",
+          "enum": [
+            "exclusive",
+            "non-exclusive"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "exclusive",
+          "x-configSyncTableType": "vpn",
+          "x-default": "exclusive",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "consumerAckPropagationEnabled": {
+          "description": "Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "deadMsgQueue": {
+          "description": "The name of the Dead Message Queue (DMQ). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`.",
+          "maxLength": 200,
+          "minLength": 1,
+          "pattern": "^[^*?'<>&;]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "#DEAD_MSG_QUEUE",
+          "x-configSyncTableType": "vpn",
+          "x-default": "#DEAD_MSG_QUEUE",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "deliveryDelay": {
+          "description": "The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since 2.22.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "eventBindCountThreshold": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointTemplateEventBindCountThreshold"
+        },
+        "eventMsgSpoolUsageThreshold": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold"
+        },
+        "eventRejectLowPriorityMsgLimitThreshold": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold"
+        },
+        "maxBindCount": {
+          "description": "The maximum number of consumer flows that can bind. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+          "format": "int64",
+          "maximum": 10000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxDeliveredUnackedMsgsPerFlow": {
+          "description": "The maximum number of messages delivered but not acknowledged per flow. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+          "format": "int64",
+          "maximum": 1000000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxMsgSize": {
+          "description": "The maximum message size allowed, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.",
+          "format": "int32",
+          "maximum": 30000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 10000000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 10000000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxMsgSpoolUsage": {
+          "description": "The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1500,
+          "x-configSyncTableType": "vpn",
+          "x-default": 5000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxRedeliveryCount": {
+          "description": "The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 255,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "maxTtl": {
+          "description": "The maximum time in seconds a message can stay in the Topic Endpoint when `respectTtlEnabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `maxTtl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the Message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "permission": {
+          "description": "The permission level for all consumers, excluding the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
+          "enum": [
+            "no-access",
+            "read-only",
+            "consume",
+            "modify-topic",
+            "delete"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "no-access",
+          "x-configSyncTableType": "vpn",
+          "x-default": "no-access",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayEnabled": {
+          "description": "Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since 2.33.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayInitialInterval": {
+          "description": "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since 2.33.",
+          "format": "int32",
+          "maximum": 3600000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 1000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayMaxInterval": {
+          "description": "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since 2.33.",
+          "format": "int32",
+          "maximum": 10800000,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 64000,
+          "x-configSyncTableType": "vpn",
+          "x-default": 64000,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryDelayMultiplier": {
+          "description": "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since 2.33.",
+          "format": "int32",
+          "maximum": 500,
+          "minimum": 100,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 200,
+          "x-configSyncTableType": "vpn",
+          "x-default": 200,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "redeliveryEnabled": {
+          "description": "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by maxRedeliveryCount. When disabled, the message will never be delivered from the topic-endpoint more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since 2.18.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "vpn",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectLowPriorityMsgEnabled": {
+          "description": "Enable or disable the checking of low priority messages against the `rejectLowPriorityMsgLimit`. This may only be enabled if `rejectMsgToSenderOnDiscardBehavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectLowPriorityMsgLimit": {
+          "description": "The number of messages that are permitted before low priority messages are rejected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 0,
+          "x-configSyncTableType": "vpn",
+          "x-default": 0,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "rejectMsgToSenderOnDiscardBehavior": {
+          "description": "Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"never\"`. The allowed values and their meaning are:\n\n<pre>\n\"never\" - Silently discard messages.\n\"when-topic-endpoint-enabled\" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.\n\"always\" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.\n</pre>\n",
+          "enum": [
+            "never",
+            "when-topic-endpoint-enabled",
+            "always"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "never",
+          "x-configSyncTableType": "vpn",
+          "x-default": "never",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "respectMsgPriorityEnabled": {
+          "description": "Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "respectTtlEnabled": {
+          "description": "Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "vpn",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "topicEndpointNameFilter": {
+          "description": "A pattern used to determine which Topic Endpoints use settings from this Template. Two different wildcards can be used in the pattern: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when  used at the end, after a /. A * is only allowed at the end, after a slash (/). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "vpn",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "topicEndpointTemplateName": {
+          "description": "The name of the Topic Endpoint Template.",
+          "maxLength": 255,
+          "minLength": 1,
+          "pattern": "^[^#?*][^?*]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "vpn/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "vpn/read-write",
+        "post": "vpn/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "vpn"
+    },
+    "MsgVpnTopicEndpointTemplateEventBindCountThreshold": {
+      "description": "The thresholds for the Topic Endpoint consumer flows event, relative to `maxBindCount`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 10000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 10000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold": {
+      "description": "The thresholds for the message spool usage event of the Topic Endpoint, relative to `maxSpoolUsage`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 18,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 25,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 6000000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold": {
+      "description": "The thresholds for the maximum allowed number of any priority messages queued in the Topic Endpoint event, relative to `rejectLowPriorityMsgLimit`.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 4294967295,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "vpn/read-only",
+            "patch": "vpn/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "vpn",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointTemplateLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Topic Endpoint Template object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointTemplateResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
+        },
+        "links": {
+          "$ref": "#/definitions/MsgVpnTopicEndpointTemplateLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointTemplatesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpointTemplateLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnTopicEndpointsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpoint"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnTopicEndpointLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "MsgVpnsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/MsgVpn"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/MsgVpnLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfile": {
+      "properties": {
+        "accessLevelGroupsClaimName": {
+          "description": "The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"groups\"`.",
+          "maxLength": 100,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "groups",
+          "x-configSyncTableType": "router",
+          "x-default": "groups",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "accessLevelGroupsClaimStringFormat": {
+          "description": "The format of the access level groups claim value when it is a string. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"single\"`. The allowed values and their meaning are:\n\n<pre>\n\"single\" - When the claim is a string, it is interpreted as as single group.\n\"space-delimited\" - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the \"scope\" claim.\n</pre>\n Available since 2.32.",
+          "enum": [
+            "single",
+            "space-delimited"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "single",
+          "x-configSyncTableType": "router",
+          "x-default": "single",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientId": {
+          "description": "The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientRedirectUri": {
+          "description": "The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 300,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientRequiredType": {
+          "description": "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"JWT\"`.",
+          "maxLength": 200,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "JWT",
+          "x-configSyncTableType": "router",
+          "x-default": "JWT",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientScope": {
+          "description": "The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"openid email\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "openid email",
+          "x-configSyncTableType": "router",
+          "x-default": "openid email",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientSecret": {
+          "description": "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 512,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": true,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": true
+        },
+        "clientValidateTypeEnabled": {
+          "description": "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "defaultGlobalAccessLevel": {
+          "description": "The default global access level for this OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to global data.\n\"read-only\" - User has read-only access to global data.\n\"read-write\" - User has read-write access to most global data.\n\"admin\" - User has read-write access to all global data.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write",
+            "admin"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "router",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "defaultMsgVpnAccessLevel": {
+          "description": "The default message VPN access level for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "router",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "displayName": {
+          "description": "The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 64,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "enabled": {
+          "description": "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointAuthorization": {
+          "description": "The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointDiscovery": {
+          "description": "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointDiscoveryRefreshInterval": {
+          "description": "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.",
+          "format": "int32",
+          "maximum": 31536000,
+          "minimum": 60,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 86400,
+          "x-configSyncTableType": "router",
+          "x-default": 86400,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointIntrospection": {
+          "description": "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointIntrospectionTimeout": {
+          "description": "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
+          "format": "int32",
+          "maximum": 60,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "router",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointJwks": {
+          "description": "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointJwksRefreshInterval": {
+          "description": "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.",
+          "format": "int32",
+          "maximum": 31536000,
+          "minimum": 60,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 86400,
+          "x-configSyncTableType": "router",
+          "x-default": 86400,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointToken": {
+          "description": "The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointTokenTimeout": {
+          "description": "The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
+          "format": "int32",
+          "maximum": 60,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "router",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointUserinfo": {
+          "description": "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "endpointUserinfoTimeout": {
+          "description": "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
+          "format": "int32",
+          "maximum": 60,
+          "minimum": 1,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 1,
+          "x-configSyncTableType": "router",
+          "x-default": 1,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "interactiveEnabled": {
+          "description": "Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "interactivePromptForExpiredSession": {
+          "description": "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 32,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "interactivePromptForNewSession": {
+          "description": "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"select_account\"`.",
+          "maxLength": 32,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "select_account",
+          "x-configSyncTableType": "router",
+          "x-default": "select_account",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "issuer": {
+          "description": "The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthRole": {
+          "description": "The OAuth role of the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"client\"`. The allowed values and their meaning are:\n\n<pre>\n\"client\" - The broker is in the OAuth client role.\n\"resource-server\" - The broker is in the OAuth resource server role.\n</pre>\n",
+          "enum": [
+            "client",
+            "resource-server"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "client",
+          "x-configSyncTableType": "router",
+          "x-default": "client",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerParseAccessTokenEnabled": {
+          "description": "Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerRequiredAudience": {
+          "description": "The required audience value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerRequiredIssuer": {
+          "description": "The required issuer value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerRequiredScope": {
+          "description": "A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 200,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerRequiredType": {
+          "description": "The required TYP value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"at+jwt\"`.",
+          "maxLength": 200,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "at+jwt",
+          "x-configSyncTableType": "router",
+          "x-default": "at+jwt",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerValidateAudienceEnabled": {
+          "description": "Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerValidateIssuerEnabled": {
+          "description": "Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerValidateScopeEnabled": {
+          "description": "Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerValidateTypeEnabled": {
+          "description": "Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sempEnabled": {
+          "description": "Enable or disable authentication of SEMP requests with OAuth tokens. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": true,
+          "x-configSyncTableType": "router",
+          "x-default": true,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "usernameClaimName": {
+          "description": "The name of the username claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"sub\"`.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "sub",
+          "x-configSyncTableType": "router",
+          "x-default": "sub",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/admin",
+        "post": "global/admin"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "OauthProfileAccessLevelGroup": {
+      "properties": {
+        "description": {
+          "description": "A description for the group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 64,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "globalAccessLevel": {
+          "description": "The global access level for this group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to global data.\n\"read-only\" - User has read-only access to global data.\n\"read-write\" - User has read-write access to most global data.\n\"admin\" - User has read-write access to all global data.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write",
+            "admin"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "router",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "groupName": {
+          "description": "The name of the group.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnAccessLevel": {
+          "description": "The default message VPN access level for this group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "router",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "OauthProfileAccessLevelGroupLinks": {
+      "properties": {
+        "msgVpnAccessLevelExceptionsUri": {
+          "description": "The URI of this Group Access Level's collection of Message VPN Access-Level Exception objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this Group Access Level object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelException": {
+      "properties": {
+        "accessLevel": {
+          "description": "The message VPN access level. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "router",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "groupName": {
+          "description": "The name of the group.",
+          "maxLength": 64,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Message VPN Access-Level Exception object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileAccessLevelGroupResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/OauthProfileAccessLevelGroup"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileAccessLevelGroupLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileAccessLevelGroupsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileAccessLevelGroup"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileAccessLevelGroupLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileClientAllowedHost": {
+      "properties": {
+        "allowedHost": {
+          "description": "An allowed value for the Host header.",
+          "maxLength": 255,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/admin",
+        "post": "global/admin"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "OauthProfileClientAllowedHostLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Allowed Host Value object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileClientAllowedHostResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/OauthProfileClientAllowedHost"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileClientAllowedHostLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileClientAllowedHostsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientAllowedHost"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientAllowedHostLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileClientAuthorizationParameter": {
+      "properties": {
+        "authorizationParameterName": {
+          "description": "The name of the authorization parameter.",
+          "maxLength": 32,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "authorizationParameterValue": {
+          "description": "The authorization parameter value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 255,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/admin"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/admin",
+        "post": "global/admin"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "OauthProfileClientAuthorizationParameterLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Authorization Parameter object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileClientAuthorizationParameterResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileClientAuthorizationParameterLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileClientAuthorizationParametersResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientAuthorizationParameterLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileClientRequiredClaim": {
+      "properties": {
+        "clientRequiredClaimName": {
+          "description": "The name of the ID token claim to verify.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clientRequiredClaimValue": {
+          "description": "The required claim value, which must be a string containing a valid JSON value.",
+          "maxLength": 200,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/admin",
+        "post": "global/admin"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "OauthProfileClientRequiredClaimLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Required Claim object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileClientRequiredClaimResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/OauthProfileClientRequiredClaim"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileClientRequiredClaimLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileClientRequiredClaimsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientRequiredClaim"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileClientRequiredClaimLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileDefaultMsgVpnAccessLevelException": {
+      "properties": {
+        "accessLevel": {
+          "description": "The message VPN access level. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+          "enum": [
+            "none",
+            "read-only",
+            "read-write"
+          ],
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "none",
+          "x-configSyncTableType": "router",
+          "x-default": "none",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The name of the message VPN.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[^*?]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "OauthProfileDefaultMsgVpnAccessLevelExceptionLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Message VPN Access-Level Exception object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileDefaultMsgVpnAccessLevelExceptionResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelException"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelExceptionLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileDefaultMsgVpnAccessLevelExceptionsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelException"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelExceptionLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileLinks": {
+      "properties": {
+        "accessLevelGroupsUri": {
+          "description": "The URI of this OAuth Profile's collection of Group Access Level objects.",
+          "type": "string"
+        },
+        "clientAllowedHostsUri": {
+          "description": "The URI of this OAuth Profile's collection of Allowed Host Value objects.",
+          "type": "string"
+        },
+        "clientAuthorizationParametersUri": {
+          "description": "The URI of this OAuth Profile's collection of Authorization Parameter objects.",
+          "type": "string"
+        },
+        "clientRequiredClaimsUri": {
+          "description": "The URI of this OAuth Profile's collection of Required Claim objects.",
+          "type": "string"
+        },
+        "defaultMsgVpnAccessLevelExceptionsUri": {
+          "description": "The URI of this OAuth Profile's collection of Message VPN Access-Level Exception objects.",
+          "type": "string"
+        },
+        "resourceServerRequiredClaimsUri": {
+          "description": "The URI of this OAuth Profile's collection of Required Claim objects.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of this OAuth Profile object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileResourceServerRequiredClaim": {
+      "properties": {
+        "oauthProfileName": {
+          "description": "The name of the OAuth profile.",
+          "maxLength": 32,
+          "minLength": 1,
+          "pattern": "^[A-Za-z0-9_]+$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerRequiredClaimName": {
+          "description": "The name of the access token claim to verify.",
+          "maxLength": 100,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "resourceServerRequiredClaimValue": {
+          "description": "The required claim value, which must be a string containing a valid JSON value.",
+          "maxLength": 200,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/admin",
+        "post": "global/admin"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "OauthProfileResourceServerRequiredClaimLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Required Claim object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OauthProfileResourceServerRequiredClaimResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/OauthProfileResourceServerRequiredClaim"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileResourceServerRequiredClaimLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileResourceServerRequiredClaimsResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileResourceServerRequiredClaim"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileResourceServerRequiredClaimLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfileResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/OauthProfile"
+        },
+        "links": {
+          "$ref": "#/definitions/OauthProfileLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "OauthProfilesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/OauthProfile"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/OauthProfileLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "SempError": {
+      "properties": {
+        "code": {
+          "description": "The error code which uniquely identifies the error that has occurred.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "description": {
+          "description": "The verbose description of the problem.",
+          "type": "string"
+        },
+        "status": {
+          "description": "The terse status string associated with `code`.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "code",
+        "status",
+        "description"
+      ],
+      "type": "object"
+    },
+    "SempMeta": {
+      "properties": {
+        "count": {
+          "description": "The total number of objects requested, irrespective of page size. This may be a count of all objects in a collection or a filtered subset. It represents a snapshot in time and may change when paging through results.",
+          "format": "int64",
+          "type": "integer"
+        },
+        "error": {
+          "$ref": "#/definitions/SempError"
+        },
+        "paging": {
+          "$ref": "#/definitions/SempPaging"
+        },
+        "request": {
+          "$ref": "#/definitions/SempRequest"
+        },
+        "responseCode": {
+          "description": "The HTTP response code, one of 200 (success), 4xx (client error), or 5xx (server error).",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "required": [
+        "request",
+        "responseCode"
+      ],
+      "type": "object"
+    },
+    "SempMetaOnlyResponse": {
+      "properties": {
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "SempPaging": {
+      "properties": {
+        "cursorQuery": {
+          "description": "The cursor, or position, for the next page of objects. Use this as the `cursor` query parameter of the next request.",
+          "type": "string"
+        },
+        "nextPageUri": {
+          "description": "The URI of the next page of objects. `cursorQuery` is already embedded within this URI.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "cursorQuery",
+        "nextPageUri"
+      ],
+      "type": "object"
+    },
+    "SempRequest": {
+      "properties": {
+        "method": {
+          "description": "The HTTP method of the request which resulted in this response.",
+          "type": "string"
+        },
+        "uri": {
+          "description": "The URI of the request which resulted in this response. The URI may be normalized.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "method"
+      ],
+      "type": "object"
+    },
+    "ServiceEventConnectionCountThreshold": {
+      "description": "The thresholds for the connection count event. Available since 2.17.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "ServiceRestEventOutgoingConnectionCountThreshold": {
+      "description": "The thresholds for the REST outgoing connection count event. Available since 2.17.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 6000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 6000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "ServiceSmfEventConnectionCountThreshold": {
+      "description": "The thresholds for the SMF connection count event. Available since 2.17.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "ServiceTlsEventConnectionCountThreshold": {
+      "description": "The thresholds for the incoming and outgoing TLS connection count event of the broker. Available since 2.17.",
+      "properties": {
+        "clearPercent": {
+          "description": "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 60,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 60,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "clearValue": {
+          "description": "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "setValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setPercent": {
+          "description": "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 100,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": 80,
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearValue",
+            "setValue"
+          ],
+          "x-default": 80,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearPercent"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "setValue": {
+          "description": "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+          "format": "int64",
+          "maximum": 200000,
+          "minimum": 0,
+          "type": "integer",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncTableType": "router",
+          "x-conflicts": [
+            "clearPercent",
+            "setPercent"
+          ],
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": true,
+          "x-requiredPost": false,
+          "x-requires": [
+            "clearValue"
+          ],
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "SystemInformation": {
+      "properties": {
+        "platform": {
+          "description": "The platform running the SEMP API. Deprecated since 2.2. /systemInformation was replaced by /about/api.",
+          "maxLength": 10,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "sempVersion": {
+          "description": "The version of the SEMP API. Deprecated since 2.2. /systemInformation was replaced by /about/api.",
+          "maxLength": 10,
+          "minLength": 0,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/none"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": true,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": true,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object"
+    },
+    "SystemInformationLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this System Information object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "SystemInformationResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/SystemInformation"
+        },
+        "links": {
+          "$ref": "#/definitions/SystemInformationLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "VirtualHostname": {
+      "properties": {
+        "enabled": {
+          "description": "Enable or disable Virtual Hostname to Message VPN mapping. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+          "type": "boolean",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": false,
+          "x-configSyncTableType": "router",
+          "x-default": false,
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "msgVpnName": {
+          "description": "The message VPN to which this virtual hostname is mapped. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+          "maxLength": 32,
+          "minLength": 0,
+          "pattern": "^[^*?]*$",
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only",
+            "patch": "global/read-write"
+          },
+          "x-autoDisable": [],
+          "x-configSyncDefault": "",
+          "x-configSyncTableType": "router",
+          "x-default": "",
+          "x-deprecated": false,
+          "x-identifying": false,
+          "x-identifyingDirect": false,
+          "x-opaque": false,
+          "x-readOnlyOther": false,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": false,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        },
+        "virtualHostname": {
+          "description": "The virtual hostname.",
+          "maxLength": 253,
+          "minLength": 1,
+          "type": "string",
+          "x-accessLevels": {
+            "get": "global/read-only"
+          },
+          "x-autoDisable": [],
+          "x-deprecated": false,
+          "x-identifying": true,
+          "x-identifyingDirect": true,
+          "x-opaque": false,
+          "x-readOnlyOther": true,
+          "x-readOnlyPost": false,
+          "x-readOptional": false,
+          "x-requiredPost": true,
+          "x-requiresDisable": [],
+          "x-writeOnly": false
+        }
+      },
+      "type": "object",
+      "x-accessLevels": {
+        "delete": "global/read-write",
+        "post": "global/read-write"
+      },
+      "x-configSyncTableTypeCreateDelete": "router"
+    },
+    "VirtualHostnameLinks": {
+      "properties": {
+        "uri": {
+          "description": "The URI of this Virtual Hostname object.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "VirtualHostnameResponse": {
+      "properties": {
+        "data": {
+          "$ref": "#/definitions/VirtualHostname"
+        },
+        "links": {
+          "$ref": "#/definitions/VirtualHostnameLinks"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    },
+    "VirtualHostnamesResponse": {
+      "properties": {
+        "data": {
+          "items": {
+            "$ref": "#/definitions/VirtualHostname"
+          },
+          "type": "array"
+        },
+        "links": {
+          "items": {
+            "$ref": "#/definitions/VirtualHostnameLinks"
+          },
+          "type": "array"
+        },
+        "meta": {
+          "$ref": "#/definitions/SempMeta"
+        }
+      },
+      "required": [
+        "meta"
+      ],
+      "type": "object"
+    }
+  },
+  "host": "www.solace.com",
+  "info": {
+    "contact": {
+      "email": "support@solace.com",
+      "name": "Solace",
+      "url": "http://www.solace.com"
+    },
+    "description": "SEMP (starting in `v2`, see note 1) is a RESTful API for configuring, monitoring, and administering a Solace PubSub+ broker.\n\nSEMP uses URIs to address manageable **resources** of the Solace PubSub+ broker. Resources are individual **objects**, **collections** of objects, or (exclusively in the action API) **actions**. This document applies to the following API:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nConfiguration|/SEMP/v2/config|Reading and writing config state|See note 2\n\n\n\nThe following APIs are also available:\n\n\nAPI|Base Path|Purpose|Comments\n:---|:---|:---|:---\nAction|/SEMP/v2/action|Performing actions|See note 2\nMonitoring|/SEMP/v2/monitor|Querying operational parameters|See note 2\n\n\n\nResources are always nouns, with individual objects being singular and collections being plural.\n\nObjects within a collection are identified by an `obj-id`, which follows the collection name with the form `collection-name/obj-id`. An `obj-id` consists of one or more identifying attributes, separated by commas. Commas that appear in the identifying attribute itself must be percent encoded.\n\n\nActions within an object are identified by an `action-id`, which follows the object name with the form `obj-id/action-id`.\n\nSome examples:\n\n```\n/SEMP/v2/config/msgVpns                        ; MsgVpn collection\n/SEMP/v2/config/msgVpns/a                      ; MsgVpn object named \"a\"\n/SEMP/v2/config/msgVpns/a/bridges              ; Bridge collection in MsgVpn \"a\"\n/SEMP/v2/config/msgVpns/a/bridges/b,auto       ; Bridge object named \"b\" with virtual router \"auto\" in MsgVpn \"a\"\n/SEMP/v2/config/msgVpns/a/queues               ; Queue collection in MsgVpn \"a\"\n/SEMP/v2/config/msgVpns/a/queues/c             ; Queue object named \"c\" in MsgVpn \"a\"\n/SEMP/v2/action/msgVpns/a/queues/c/startReplay ; Action that starts a replay on Queue \"c\" in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients             ; Client collection in MsgVpn \"a\"\n/SEMP/v2/monitor/msgVpns/a/clients/d           ; Client object named \"d\" in MsgVpn \"a\"\n```\n\n## Collection Resources\n\nCollections are unordered lists of objects (unless described as otherwise), and are described by JSON arrays. Each item in the array represents an object in the same manner as the individual object would normally be represented. In the configuration API, the creation of a new object is done through its collection resource.\n\n## Object and Action Resources\n\nObjects are composed of attributes, actions, collections, and other objects. They are described by JSON objects as name/value pairs. The collections and actions of an object are not contained directly in the object's JSON content; rather the content includes an attribute containing a URI which points to the collections and actions. These contained resources must be managed through this URI. At a minimum, every object has one or more identifying attributes, and its own `uri` attribute which contains the URI pointing to itself.\n\nActions are also composed of attributes, and are described by JSON objects as name/value pairs. Unlike objects, however, they are not members of a collection and cannot be retrieved, only performed. Actions only exist in the action API.\n\nAttributes in an object or action may have any combination of the following properties:\n\n\nProperty|Meaning|Comments\n:---|:---|:---\nIdentifying|Attribute is involved in unique identification of the object, and appears in its URI|\nConst|Attribute value can only be chosen during object creation|\nRequired|Attribute must be provided in the request|\nRead-Only|Attribute value cannot be changed|See note 3\nWrite-Only|Attribute can only be written, not read, unless the attribute is also opaque|See the documentation for the opaque property\nRequires-Disable|Attribute cannot be changed while the object (or the relevant part of the object) is administratively enabled|\nAuto-Disable|Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as one or more attributes will be temporarily disabled to apply the change|\nDeprecated|Attribute is deprecated, and will disappear in the next SEMP version|\nOpaque|Attribute can be set or retrieved in opaque form when the `opaquePassword` query parameter is present|See the `opaquePassword` query parameter documentation\n\n\n\nIn some requests, certain attributes may only be provided in certain combinations with other attributes:\n\n\nRelationship|Meaning|Comments\n:---|:---|:---\nRequires|Attribute may only be provided in a request if a particular attribute or combination of attributes is also provided in the request|The \"requires\" property will not be enforced for an attribute when all of the following conditions are met: (a) the attribute is not write-only; (b) the value provided for the attribute is the same as its current (or, on object creation, its default) value; and (c) the attribute requires a write-only attribute. In addition, the \"requires\" property may not be enforced even if only conditions (a) and (b) are met.\nConflicts|Attribute may only be provided in a request if a particular attribute or combination of attributes is not also provided in the request|\n\n\n\nIn the monitoring API, any non-identifying attribute may not be returned in a GET.\n\n## HTTP Methods\n\nThe following HTTP methods manipulate resources in accordance with these general principles. Note that some methods are only used in certain APIs:\n\n\nMethod|Resource|Meaning|Request Body|Response Body|Notes\n:---|:---|:---|:---|:---|:---\nPOST|Collection|Create object|Initial attribute values|Object attributes and metadata|Absent attributes are set to default. If object already exists, a 400 error is returned\nPUT|Object|Update object|New attribute values|Object attributes and metadata|If does not exist, the object is first created. Absent attributes are set to default, with certain exceptions (see note 4)\nPUT|Action|Performs action|Action arguments|Action metadata|\nPATCH|Object|Update object|New attribute values|Object attributes and metadata|Absent attributes are left unchanged. If the object does not exist, a 404 error is returned\nDELETE|Object|Delete object|Empty|Object metadata|If the object does not exist, a 404 is returned\nGET|Object|Get object|Empty|Object attributes and metadata|If the object does not exist, a 404 is returned\nGET|Collection|Get collection|Empty|Object attributes and collection metadata|If the collection is empty, then an empty collection is returned with a 200 code\n\n\n\n## Common Query Parameters\n\nThe following are some common query parameters that are supported by many method/URI combinations. Individual URIs may document additional parameters. Note that multiple query parameters can be used together in a single URI, separated by the ampersand character. For example:\n\n```\n; Request for the MsgVpns collection using two hypothetical query parameters\n; \"q1\" and \"q2\" with values \"val1\" and \"val2\" respectively\n/SEMP/v2/config/msgVpns?q1=val1&q2=val2\n```\n\n### select\n\nInclude in the response only selected attributes of the object, or exclude from the response selected attributes of the object. Use this query parameter to limit the size of the returned data for each returned object, return only those fields that are desired, or exclude fields that are not desired.\n\nThe value of `select` is a comma-separated list of attribute names. If the list contains attribute names that are not prefaced by `-`, only those attributes are included in the response. If the list contains attribute names that are prefaced by `-`, those attributes are excluded from the response. If the list contains both types, then the difference of the first set of attributes and the second set of attributes is returned. If the list is empty (i.e. `select=`), it is treated the same as if no `select` was provided: all attribute are returned.\n\nAll attributes that are prefaced by `-` must follow all attributes that are not prefaced by `-`. In addition, each attribute name in the list must match at least one attribute in the object.\n\nNames may include the `*` wildcard (zero or more characters). Nested attribute names are supported using periods (e.g. `parentName.childName`).\n\nSome examples:\n\n```\n; List of all MsgVpn names\n/SEMP/v2/config/msgVpns?select=msgVpnName\n; List of all MsgVpn and their attributes except for their names\n/SEMP/v2/config/msgVpns?select=-msgVpnName\n; Authentication attributes of MsgVpn \"finance\"\n/SEMP/v2/config/msgVpns/finance?select=authentication%2A\n; All attributes of MsgVpn \"finance\" except for authentication attributes\n/SEMP/v2/config/msgVpns/finance?select=-authentication%2A\n; Access related attributes of Queue \"orderQ\" of MsgVpn \"finance\"\n/SEMP/v2/config/msgVpns/finance/queues/orderQ?select=owner,permission\n```\n\n### where\n\nInclude in the response only objects where certain conditions are true. Use this query parameter to limit which objects are returned to those whose attribute values meet the given conditions.\n\nThe value of `where` is a comma-separated list of expressions. All expressions must be true for the object to be included in the response. Each expression takes the form:\n\n```\nexpression  = attribute-name OP value\nOP          = '==' | '!=' | '<' | '>' | '<=' | '>='\n```\n\nWrite-only attributes cannot be used in a `where` expression.\n\n`value` may be a number, string, `true`, or `false`, as appropriate for the type of `attribute-name`.\n\nA `*` in a string `value` is interpreted as a wildcard (zero or more characters), but can be escaped using `\\`. The `\\` character can itself be escaped using `\\`. The `*` wildcard can only be used with the `==` and `!=` operators. If `*` is used as a literal with other operators, it must be escaped.\n\nThe `<`, `>`, `<=`, and `>=` operators perform a simple byte-for-byte comparison when used with a string `value`.\n\nSome examples:\n\n```\n; Only enabled MsgVpns\n/SEMP/v2/config/msgVpns?where=enabled%3D%3Dtrue\n; Only MsgVpns using basic non-LDAP authentication\n/SEMP/v2/config/msgVpns?where=authenticationBasicEnabled%3D%3Dtrue,authenticationBasicType%21%3Dldap\n; Only MsgVpns that allow more than 100 client connections\n/SEMP/v2/config/msgVpns?where=maxConnectionCount%3E100\n; Only MsgVpns with msgVpnName starting with \"B\":\n/SEMP/v2/config/msgVpns?where=msgVpnName%3D%3DB%2A\n```\n\n### count\n\nLimit the count of objects in the response. This can be useful to limit the size of the response for large collections. The minimum value for `count` is `1` and the default is `10`. There is also a per-collection maximum value to limit request handling time.\n\n`count` does not guarantee that a minimum number of objects will be returned. A page may contain fewer than `count` objects or even be empty. Additional objects may nonetheless be available for retrieval on subsequent pages. See the `cursor` query parameter documentation for more information on paging.\n\nFor example:\n```\n; Up to 25 MsgVpns\n/SEMP/v2/config/msgVpns?count=25\n```\n\n### cursor\n\nThe cursor, or position, for the next page of objects. Cursors are opaque data that should not be created or interpreted by SEMP clients, and should only be used as described below.\n\nWhen a request is made for a collection and there may be additional objects available for retrieval that are not included in the initial response, the response will include a `cursorQuery` field containing a cursor. The value of this field can be specified in the `cursor` query parameter of a subsequent request to retrieve the next page of objects.\n\nApplications must continue to use the `cursorQuery` if one is provided in order to retrieve the full set of objects associated with the request, even if a page contains fewer than the requested number of objects (see the `count` query parameter documentation) or is empty.\n\n### opaquePassword\n\nAttributes with the opaque property are also write-only and so cannot normally be retrieved in a GET. However, when a password is provided in the `opaquePassword` query parameter, attributes with the opaque property are retrieved in a GET in opaque form, encrypted with this password. The query parameter can also be used on a POST, PATCH, or PUT to set opaque attributes using opaque attribute values retrieved in a GET, so long as:\n\n1. the same password that was used to retrieve the opaque attribute values is provided; and\n\n2. the broker to which the request is being sent has the same major and minor SEMP version as the broker that produced the opaque attribute values.\n\nThe password provided in the query parameter must be a minimum of 8 characters and a maximum of 128 characters.\n\nThe query parameter can only be used in the configuration API, and only over HTTPS.\n\n## Authentication\n\nWhen a client makes its first SEMPv2 request, it must supply a username and password using HTTP Basic authentication, or an OAuth token or tokens using HTTP Bearer authentication.\n\nWhen HTTP Basic authentication is used, the broker returns a cookie containing a session key. The client can omit the username and password from subsequent requests, because the broker can use the session cookie for authentication instead. When the session expires or is deleted, the client must provide the username and password again, and the broker creates a new session.\n\nThere are a limited number of session slots available on the broker. The broker returns 529 No SEMP Session Available if it is not able to allocate a session.\n\nIf certain attributes\u2014such as a user's password\u2014are changed, the broker automatically deletes the affected sessions. These attributes are documented below. However, changes in external user configuration data stored on a RADIUS or LDAP server do not trigger the broker to delete the associated session(s), therefore you must do this manually, if required.\n\nA client can retrieve its current session information using the /about/user endpoint and delete its own session using the /about/user/logout endpoint. A client with appropriate permissions can also manage all sessions using the /sessions endpoint.\n\nSessions are not created when authenticating with an OAuth token or tokens using HTTP Bearer authentication. If a session cookie is provided, it is ignored.\n\n## Help\n\nVisit [our website](https://solace.com) to learn more about Solace.\n\nYou can also download the SEMP API specifications by clicking [here](https://solace.com/downloads/).\n\nIf you need additional support, please contact us at [support@solace.com](mailto:support@solace.com).\n\n## Notes\n\nNote|Description\n:---:|:---\n1|This specification defines SEMP starting in \"v2\", and not the original SEMP \"v1\" interface. Request and response formats between \"v1\" and \"v2\" are entirely incompatible, although both protocols share a common port configuration on the Solace PubSub+ broker. They are differentiated by the initial portion of the URI path, one of either \"/SEMP/\" or \"/SEMP/v2/\"\n2|This API is partially implemented. Only a subset of all objects are available.\n3|Read-only attributes may appear in POST and PUT/PATCH requests but are ignored, except when the read-only attribute is identifying.\n4|On a PUT, if the SEMP user is not authorized to modify the attribute, its value is left unchanged rather than set to default. In addition, the values of write-only attributes are not set to their defaults on a PUT, except in the following two cases: there is a mutual requires relationship with another non-write-only attribute, both attributes are absent from the request, and the non-write-only attribute is not currently set to its default value; or the attribute is also opaque and the `opaquePassword` query parameter is provided in the request.\n\n",
+    "title": "SEMP (Solace Element Management Protocol)",
+    "version": "0.2.36"
+  },
+  "parameters": {
+    "countQuery": {
+      "default": 10,
+      "description": "Limit the count of objects in the response. See the documentation for the `count` parameter.",
+      "in": "query",
+      "minimum": 1,
+      "name": "count",
+      "required": false,
+      "type": "integer"
+    },
+    "cursorQuery": {
+      "description": "The cursor, or position, for the next page of objects. See the documentation for the `cursor` parameter.",
+      "in": "query",
+      "name": "cursor",
+      "required": false,
+      "type": "string"
+    },
+    "forceFullPageQuery": {
+      "default": false,
+      "description": "Make as many SEMP requests as are necessary to return a full page. This query parameter is only for Solace internal use.",
+      "in": "query",
+      "name": "forceFullPage",
+      "required": false,
+      "type": "boolean"
+    },
+    "opaquePasswordQuery": {
+      "description": "Accept opaque attributes in the request or return opaque attributes in the response, encrypted with the specified password. See the documentation for the `opaquePassword` parameter.",
+      "in": "query",
+      "name": "opaquePassword",
+      "required": false,
+      "type": "string"
+    },
+    "selectQuery": {
+      "collectionFormat": "csv",
+      "description": "Include in the response only selected attributes of the object, or exclude from the response selected attributes of the object. See the documentation for the `select` parameter.",
+      "in": "query",
+      "items": {
+        "type": "string"
+      },
+      "name": "select",
+      "required": false,
+      "type": "array"
+    },
+    "solSessionHeader": {
+      "description": "Modify the SEMPv2 session behavior. This header parameter is only for Solace internal use.",
+      "in": "header",
+      "name": "Sol-Session",
+      "required": false,
+      "type": "string"
+    },
+    "whereQuery": {
+      "collectionFormat": "csv",
+      "description": "Include in the response only objects where certain conditions are true. See the the documentation for the `where` parameter.",
+      "in": "query",
+      "items": {
+        "type": "string"
+      },
+      "name": "where",
+      "required": false,
+      "type": "array"
+    }
+  },
+  "paths": {
+    "/": {
+      "get": {
+        "description": "Get a Broker object.\n\nThis object contains global configuration for the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ntlsServerCertContent||x||x\ntlsServerCertPassword||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nauthClientCertRevocationCheckMode|global/read-only\nconfigSyncAuthenticationClientCertMaxChainDepth|global/read-only\nconfigSyncAuthenticationClientCertValidateDateEnabled|global/read-only\nconfigSyncClientProfileTcpInitialCongestionWindow|global/read-only\nconfigSyncClientProfileTcpKeepaliveCount|global/read-only\nconfigSyncClientProfileTcpKeepaliveIdle|global/read-only\nconfigSyncClientProfileTcpKeepaliveInterval|global/read-only\nconfigSyncClientProfileTcpMaxWindow|global/read-only\nconfigSyncClientProfileTcpMss|global/read-only\nconfigSyncEnabled|global/read-only\nconfigSyncSynchronizeUsernameEnabled|global/read-only\nconfigSyncTlsEnabled|global/read-only\nguaranteedMsgingDefragmentationScheduleDayList|global/read-only\nguaranteedMsgingDefragmentationScheduleEnabled|global/read-only\nguaranteedMsgingDefragmentationScheduleTimeList|global/read-only\nguaranteedMsgingDefragmentationThresholdEnabled|global/read-only\nguaranteedMsgingDefragmentationThresholdFragmentationPercentage|global/read-only\nguaranteedMsgingDefragmentationThresholdMinInterval|global/read-only\nguaranteedMsgingDefragmentationThresholdUsagePercentage|global/read-only\nguaranteedMsgingEnabled|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.clearValue|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventCacheUsageThreshold.setValue|global/read-only\nguaranteedMsgingEventDeliveredUnackedThreshold.clearPercent|global/read-only\nguaranteedMsgingEventDeliveredUnackedThreshold.setPercent|global/read-only\nguaranteedMsgingEventDiskUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventDiskUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventEgressFlowCountThreshold.setValue|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventEndpointCountThreshold.setValue|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventIngressFlowCountThreshold.setValue|global/read-only\nguaranteedMsgingEventMsgCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolFileCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgSpoolFileCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearValue|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.setPercent|global/read-only\nguaranteedMsgingEventMsgSpoolUsageThreshold.setValue|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactedSessionCountThreshold.setValue|global/read-only\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.clearPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.clearValue|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.setPercent|global/read-only\nguaranteedMsgingEventTransactionCountThreshold.setValue|global/read-only\nguaranteedMsgingMaxCacheUsage|global/read-only\nguaranteedMsgingMaxMsgSpoolUsage|global/read-only\nguaranteedMsgingMsgSpoolSyncMirroredMsgAckTimeout|global/read-only\nguaranteedMsgingMsgSpoolSyncMirroredSpoolFileAckTimeout|global/read-only\nguaranteedMsgingTransactionReplicationCompatibilityMode|global/read-only\noauthProfileDefault|global/read-only\nserviceAmqpEnabled|global/read-only\nserviceAmqpTlsListenPort|global/read-only\nserviceEventConnectionCountThreshold.clearPercent|global/read-only\nserviceEventConnectionCountThreshold.clearValue|global/read-only\nserviceEventConnectionCountThreshold.setPercent|global/read-only\nserviceEventConnectionCountThreshold.setValue|global/read-only\nserviceHealthCheckEnabled|global/read-only\nserviceHealthCheckListenPort|global/read-only\nserviceHealthCheckTlsEnabled|global/read-only\nserviceHealthCheckTlsListenPort|global/read-only\nserviceMateLinkEnabled|global/read-only\nserviceMateLinkListenPort|global/read-only\nserviceMqttEnabled|global/read-only\nserviceMsgBackboneEnabled|global/read-only\nserviceRedundancyEnabled|global/read-only\nserviceRedundancyFirstListenPort|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.clearPercent|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.clearValue|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.setPercent|global/read-only\nserviceRestEventOutgoingConnectionCountThreshold.setValue|global/read-only\nserviceRestIncomingEnabled|global/read-only\nserviceRestOutgoingEnabled|global/read-only\nserviceSempCorsAllowAnyHostEnabled|global/read-only\nserviceSempLegacyTimeoutEnabled|global/read-only\nserviceSempPlainTextEnabled|global/read-only\nserviceSempPlainTextListenPort|global/read-only\nserviceSempSessionIdleTimeout|global/read-only\nserviceSempSessionMaxLifetime|global/read-only\nserviceSempTlsEnabled|global/read-only\nserviceSempTlsListenPort|global/read-only\nserviceSmfCompressionListenPort|global/read-only\nserviceSmfEnabled|global/read-only\nserviceSmfEventConnectionCountThreshold.clearPercent|global/read-only\nserviceSmfEventConnectionCountThreshold.clearValue|global/read-only\nserviceSmfEventConnectionCountThreshold.setPercent|global/read-only\nserviceSmfEventConnectionCountThreshold.setValue|global/read-only\nserviceSmfPlainTextListenPort|global/read-only\nserviceSmfRoutingControlListenPort|global/read-only\nserviceSmfTlsListenPort|global/read-only\nserviceTlsEventConnectionCountThreshold.clearPercent|global/read-only\nserviceTlsEventConnectionCountThreshold.clearValue|global/read-only\nserviceTlsEventConnectionCountThreshold.setPercent|global/read-only\nserviceTlsEventConnectionCountThreshold.setValue|global/read-only\nserviceWebTransportEnabled|global/read-only\nserviceWebTransportPlainTextListenPort|global/read-only\nserviceWebTransportTlsListenPort|global/read-only\nserviceWebTransportWebUrlSuffix|global/read-only\ntlsBlockVersion11Enabled|global/read-only\ntlsCipherSuiteManagementList|global/read-only\ntlsCipherSuiteMsgBackboneList|global/read-only\ntlsCipherSuiteSecureShellList|global/read-only\ntlsCrimeExploitProtectionEnabled|global/read-only\ntlsServerCertContent|global/read-only\ntlsStandardDomainCertificateAuthoritiesEnabled|vpn/read-only\ntlsTicketLifetime|global/read-only\nwebManagerAllowUnencryptedWizardsEnabled|vpn/read-only\nwebManagerCustomization|vpn/read-only\nwebManagerRedirectHttpEnabled|vpn/read-only\nwebManagerRedirectHttpOverrideTlsPort|vpn/read-only\n\n\n\nThis has been available since 2.13.",
+        "operationId": "getBroker",
+        "parameters": [
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Broker object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/BrokerResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Broker object.",
+        "tags": [
+          "all"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Broker object. Any attribute missing from the request will be left unchanged.\n\nThis object contains global configuration for the message broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nserviceAmqpTlsListenPort||||||x||\nserviceHealthCheckListenPort||||||x||\nserviceHealthCheckTlsListenPort||||||x||\nserviceMateLinkListenPort||||||x||\nserviceRedundancyFirstListenPort||||||x||\nserviceSempPlainTextListenPort|||||x|||\nserviceSempTlsListenPort|||||x|||\nserviceSmfCompressionListenPort||||||x||\nserviceSmfPlainTextListenPort||||||x||\nserviceSmfRoutingControlListenPort||||||x||\nserviceSmfTlsListenPort||||||x||\nserviceWebTransportPlainTextListenPort||||||x||\nserviceWebTransportTlsListenPort||||||x||\nserviceWebTransportWebUrlSuffix||||||x||\ntlsServerCertContent||||x||||x\ntlsServerCertPassword||||x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nBroker|tlsServerCertPassword|tlsServerCertContent|\nGuaranteedMsgingEventCacheUsageThreshold|clearPercent|setPercent|clearValue, setValue\nGuaranteedMsgingEventCacheUsageThreshold|clearValue|setValue|clearPercent, setPercent\nGuaranteedMsgingEventCacheUsageThreshold|setPercent|clearPercent|clearValue, setValue\nGuaranteedMsgingEventCacheUsageThreshold|setValue|clearValue|clearPercent, setPercent\nGuaranteedMsgingEventDeliveredUnackedThreshold|clearPercent|setPercent|\nGuaranteedMsgingEventDeliveredUnackedThreshold|setPercent|clearPercent|\nGuaranteedMsgingEventDiskUsageThreshold|clearPercent|setPercent|\nGuaranteedMsgingEventDiskUsageThreshold|setPercent|clearPercent|\nGuaranteedMsgingEventEgressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nGuaranteedMsgingEventEgressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nGuaranteedMsgingEventEgressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nGuaranteedMsgingEventEgressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nGuaranteedMsgingEventEndpointCountThreshold|clearPercent|setPercent|clearValue, setValue\nGuaranteedMsgingEventEndpointCountThreshold|clearValue|setValue|clearPercent, setPercent\nGuaranteedMsgingEventEndpointCountThreshold|setPercent|clearPercent|clearValue, setValue\nGuaranteedMsgingEventEndpointCountThreshold|setValue|clearValue|clearPercent, setPercent\nGuaranteedMsgingEventIngressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nGuaranteedMsgingEventIngressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nGuaranteedMsgingEventIngressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nGuaranteedMsgingEventIngressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nGuaranteedMsgingEventMsgCountThreshold|clearPercent|setPercent|\nGuaranteedMsgingEventMsgCountThreshold|setPercent|clearPercent|\nGuaranteedMsgingEventMsgSpoolFileCountThreshold|clearPercent|setPercent|\nGuaranteedMsgingEventMsgSpoolFileCountThreshold|setPercent|clearPercent|\nGuaranteedMsgingEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nGuaranteedMsgingEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nGuaranteedMsgingEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nGuaranteedMsgingEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nGuaranteedMsgingEventTransactedSessionCountThreshold|clearPercent|setPercent|clearValue, setValue\nGuaranteedMsgingEventTransactedSessionCountThreshold|clearValue|setValue|clearPercent, setPercent\nGuaranteedMsgingEventTransactedSessionCountThreshold|setPercent|clearPercent|clearValue, setValue\nGuaranteedMsgingEventTransactedSessionCountThreshold|setValue|clearValue|clearPercent, setPercent\nGuaranteedMsgingEventTransactedSessionResourceCountThreshold|clearPercent|setPercent|\nGuaranteedMsgingEventTransactedSessionResourceCountThreshold|setPercent|clearPercent|\nGuaranteedMsgingEventTransactionCountThreshold|clearPercent|setPercent|clearValue, setValue\nGuaranteedMsgingEventTransactionCountThreshold|clearValue|setValue|clearPercent, setPercent\nGuaranteedMsgingEventTransactionCountThreshold|setPercent|clearPercent|clearValue, setValue\nGuaranteedMsgingEventTransactionCountThreshold|setValue|clearValue|clearPercent, setPercent\nServiceEventConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nServiceEventConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nServiceEventConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nServiceEventConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nServiceRestEventOutgoingConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nServiceRestEventOutgoingConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nServiceRestEventOutgoingConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nServiceRestEventOutgoingConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nServiceSmfEventConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nServiceSmfEventConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nServiceSmfEventConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nServiceSmfEventConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nServiceTlsEventConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nServiceTlsEventConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nServiceTlsEventConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nServiceTlsEventConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nauthClientCertRevocationCheckMode|global/admin\nconfigSyncAuthenticationClientCertMaxChainDepth|global/read-write\nconfigSyncAuthenticationClientCertValidateDateEnabled|global/read-write\nconfigSyncClientProfileTcpInitialCongestionWindow|global/read-write\nconfigSyncClientProfileTcpKeepaliveCount|global/read-write\nconfigSyncClientProfileTcpKeepaliveIdle|global/read-write\nconfigSyncClientProfileTcpKeepaliveInterval|global/read-write\nconfigSyncClientProfileTcpMaxWindow|global/read-write\nconfigSyncClientProfileTcpMss|global/read-write\nconfigSyncEnabled|global/read-write\nconfigSyncSynchronizeUsernameEnabled|global/read-write\nconfigSyncTlsEnabled|global/read-write\nguaranteedMsgingDefragmentationScheduleDayList|global/read-write\nguaranteedMsgingDefragmentationScheduleEnabled|global/read-write\nguaranteedMsgingDefragmentationScheduleTimeList|global/read-write\nguaranteedMsgingDefragmentationThresholdEnabled|global/read-write\nguaranteedMsgingDefragmentationThresholdFragmentationPercentage|global/read-write\nguaranteedMsgingDefragmentationThresholdMinInterval|global/read-write\nguaranteedMsgingDefragmentationThresholdUsagePercentage|global/read-write\nguaranteedMsgingEnabled|global/read-write\nguaranteedMsgingEventCacheUsageThreshold.clearPercent|global/read-write\nguaranteedMsgingEventCacheUsageThreshold.clearValue|global/read-write\nguaranteedMsgingEventCacheUsageThreshold.setPercent|global/read-write\nguaranteedMsgingEventCacheUsageThreshold.setValue|global/read-write\nguaranteedMsgingEventDeliveredUnackedThreshold.clearPercent|global/read-write\nguaranteedMsgingEventDeliveredUnackedThreshold.setPercent|global/read-write\nguaranteedMsgingEventDiskUsageThreshold.clearPercent|global/read-write\nguaranteedMsgingEventDiskUsageThreshold.setPercent|global/read-write\nguaranteedMsgingEventEgressFlowCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventEgressFlowCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventEgressFlowCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventEgressFlowCountThreshold.setValue|global/read-write\nguaranteedMsgingEventEndpointCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventEndpointCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventEndpointCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventEndpointCountThreshold.setValue|global/read-write\nguaranteedMsgingEventIngressFlowCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventIngressFlowCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventIngressFlowCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventIngressFlowCountThreshold.setValue|global/read-write\nguaranteedMsgingEventMsgCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventMsgCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventMsgSpoolFileCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventMsgSpoolFileCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearPercent|global/read-write\nguaranteedMsgingEventMsgSpoolUsageThreshold.clearValue|global/read-write\nguaranteedMsgingEventMsgSpoolUsageThreshold.setPercent|global/read-write\nguaranteedMsgingEventMsgSpoolUsageThreshold.setValue|global/read-write\nguaranteedMsgingEventTransactedSessionCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventTransactedSessionCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventTransactedSessionCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventTransactedSessionCountThreshold.setValue|global/read-write\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventTransactedSessionResourceCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventTransactionCountThreshold.clearPercent|global/read-write\nguaranteedMsgingEventTransactionCountThreshold.clearValue|global/read-write\nguaranteedMsgingEventTransactionCountThreshold.setPercent|global/read-write\nguaranteedMsgingEventTransactionCountThreshold.setValue|global/read-write\nguaranteedMsgingMaxCacheUsage|global/read-write\nguaranteedMsgingMaxMsgSpoolUsage|global/read-write\nguaranteedMsgingMsgSpoolSyncMirroredMsgAckTimeout|global/read-write\nguaranteedMsgingMsgSpoolSyncMirroredSpoolFileAckTimeout|global/read-write\nguaranteedMsgingTransactionReplicationCompatibilityMode|global/read-write\noauthProfileDefault|global/admin\nserviceAmqpEnabled|global/read-write\nserviceAmqpTlsListenPort|global/read-write\nserviceEventConnectionCountThreshold.clearPercent|global/read-write\nserviceEventConnectionCountThreshold.clearValue|global/read-write\nserviceEventConnectionCountThreshold.setPercent|global/read-write\nserviceEventConnectionCountThreshold.setValue|global/read-write\nserviceHealthCheckEnabled|global/read-write\nserviceHealthCheckListenPort|global/read-write\nserviceHealthCheckTlsEnabled|global/read-write\nserviceHealthCheckTlsListenPort|global/read-write\nserviceMateLinkEnabled|global/read-write\nserviceMateLinkListenPort|global/read-write\nserviceMqttEnabled|global/read-write\nserviceMsgBackboneEnabled|global/read-write\nserviceRedundancyEnabled|global/read-write\nserviceRedundancyFirstListenPort|global/read-write\nserviceRestEventOutgoingConnectionCountThreshold.clearPercent|global/read-write\nserviceRestEventOutgoingConnectionCountThreshold.clearValue|global/read-write\nserviceRestEventOutgoingConnectionCountThreshold.setPercent|global/read-write\nserviceRestEventOutgoingConnectionCountThreshold.setValue|global/read-write\nserviceRestIncomingEnabled|global/read-write\nserviceRestOutgoingEnabled|global/read-write\nserviceSempCorsAllowAnyHostEnabled|global/read-write\nserviceSempLegacyTimeoutEnabled|global/read-write\nserviceSempPlainTextEnabled|global/read-write\nserviceSempPlainTextListenPort|global/read-write\nserviceSempSessionIdleTimeout|global/read-write\nserviceSempSessionMaxLifetime|global/read-write\nserviceSempTlsEnabled|global/read-write\nserviceSempTlsListenPort|global/read-write\nserviceSmfCompressionListenPort|global/read-write\nserviceSmfEnabled|global/read-write\nserviceSmfEventConnectionCountThreshold.clearPercent|global/read-write\nserviceSmfEventConnectionCountThreshold.clearValue|global/read-write\nserviceSmfEventConnectionCountThreshold.setPercent|global/read-write\nserviceSmfEventConnectionCountThreshold.setValue|global/read-write\nserviceSmfPlainTextListenPort|global/read-write\nserviceSmfRoutingControlListenPort|global/read-write\nserviceSmfTlsListenPort|global/read-write\nserviceTlsEventConnectionCountThreshold.clearPercent|global/read-write\nserviceTlsEventConnectionCountThreshold.clearValue|global/read-write\nserviceTlsEventConnectionCountThreshold.setPercent|global/read-write\nserviceTlsEventConnectionCountThreshold.setValue|global/read-write\nserviceWebTransportEnabled|global/read-write\nserviceWebTransportPlainTextListenPort|global/read-write\nserviceWebTransportTlsListenPort|global/read-write\nserviceWebTransportWebUrlSuffix|global/read-write\ntlsBlockVersion11Enabled|global/read-write\ntlsCipherSuiteManagementList|global/read-write\ntlsCipherSuiteMsgBackboneList|global/read-write\ntlsCipherSuiteSecureShellList|global/read-write\ntlsCrimeExploitProtectionEnabled|global/read-write\ntlsServerCertContent|global/read-write\ntlsServerCertPassword|global/read-write\ntlsStandardDomainCertificateAuthoritiesEnabled|global/read-write\ntlsTicketLifetime|global/read-write\nwebManagerAllowUnencryptedWizardsEnabled|global/read-write\nwebManagerCustomization|vpn/read-write\nwebManagerRedirectHttpEnabled|global/read-write\nwebManagerRedirectHttpOverrideTlsPort|global/read-write\n\n\n\nThis has been available since 2.13.",
+        "operationId": "updateBroker",
+        "parameters": [
+          {
+            "description": "The Broker object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/Broker"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Broker object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/BrokerResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Broker object.",
+        "tags": [
+          "all"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/about": {
+      "get": {
+        "description": "Get an About object.\n\nThis provides metadata about the SEMP API, such as the version of the API supported by the broker.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.13.",
+        "operationId": "getAbout",
+        "parameters": [
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The About object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an About object.",
+        "tags": [
+          "all",
+          "about"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/about/api": {
+      "get": {
+        "description": "Get an API Description object.\n\nThe API Description object provides metadata about the SEMP API.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getAboutApi",
+        "parameters": [
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The API Description object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutApiResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an API Description object.",
+        "tags": [
+          "all",
+          "about"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/about/user": {
+      "get": {
+        "description": "Get a User object.\n\nSession and access level information about the user accessing the SEMP API.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getAboutUser",
+        "parameters": [
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The User object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutUserResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a User object.",
+        "tags": [
+          "all",
+          "about"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/about/user/msgVpns": {
+      "get": {
+        "description": "Get a list of User Message VPN objects.\n\nThis provides information about the Message VPN access level for the username used to access the SEMP API.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.2.",
+        "operationId": "getAboutUserMsgVpns",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of User Message VPN objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutUserMsgVpnsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of User Message VPN objects.",
+        "tags": [
+          "all",
+          "about"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/about/user/msgVpns/{msgVpnName}": {
+      "get": {
+        "description": "Get a User Message VPN object.\n\nThis provides information about the Message VPN access level for the username used to access the SEMP API.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getAboutUserMsgVpn",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The User Message VPN object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/AboutUserMsgVpnResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a User Message VPN object.",
+        "tags": [
+          "all",
+          "about"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/certAuthorities": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of Certificate Authority objects.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|\ncertContent|||x|\ncrlDayList|||x|\ncrlTimeList|||x|\ncrlUrl|||x|\nocspNonResponderCertEnabled|||x|\nocspOverrideUrl|||x|\nocspTimeout|||x|\nrevocationCheckEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "getCertAuthorities",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Authority objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthoritiesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Authority objects.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "deprecated": true,
+        "description": "Create a Certificate Authority object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x|x|||x|\ncertContent||||||x|\ncrlDayList||||||x|\ncrlTimeList||||||x|\ncrlUrl||||||x|\nocspNonResponderCertEnabled||||||x|\nocspOverrideUrl||||||x|\nocspTimeout||||||x|\nrevocationCheckEnabled||||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nCertAuthority|crlDayList|crlTimeList|\nCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "createCertAuthority",
+        "parameters": [
+          {
+            "description": "The Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/CertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Authority object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Certificate Authority object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/certAuthorities/{certAuthorityName}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete a Certificate Authority object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "deleteCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Certificate Authority object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "deprecated": true,
+        "description": "Get a Certificate Authority object.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|\ncertContent|||x|\ncrlDayList|||x|\ncrlTimeList|||x|\ncrlUrl|||x|\nocspNonResponderCertEnabled|||x|\nocspOverrideUrl|||x|\nocspTimeout|||x|\nrevocationCheckEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "getCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Authority object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Authority object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "deprecated": true,
+        "description": "Update a Certificate Authority object. Any attribute missing from the request will be left unchanged.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x|||||x|\ncertContent|||||||x|\ncrlDayList|||||||x|\ncrlTimeList|||||||x|\ncrlUrl||||||x|x|\nocspNonResponderCertEnabled|||||||x|\nocspOverrideUrl|||||||x|\nocspTimeout|||||||x|\nrevocationCheckEnabled|||||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nCertAuthority|crlDayList|crlTimeList|\nCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "updateCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/CertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Authority object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Certificate Authority object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "deprecated": true,
+        "description": "Replace a Certificate Authority object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x|||||x|\ncertContent|||||||x|\ncrlDayList|||||||x|\ncrlTimeList|||||||x|\ncrlUrl||||||x|x|\nocspNonResponderCertEnabled|||||||x|\nocspOverrideUrl|||||||x|\nocspTimeout|||||||x|\nrevocationCheckEnabled|||||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nCertAuthority|crlDayList|crlTimeList|\nCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities and domainCertAuthorities.",
+        "operationId": "replaceCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/CertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Authority object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Certificate Authority object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/certAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of OCSP Responder Trusted Common Name objects.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|\nocspTlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
+        "operationId": "getCertAuthorityOcspTlsTrustedCommonNames",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of OCSP Responder Trusted Common Name objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNamesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of OCSP Responder Trusted Common Name objects.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "deprecated": true,
+        "description": "Create an OCSP Responder Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||x||x|\nocspTlsTrustedCommonName|x|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
+        "operationId": "createCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OCSP Responder Trusted Common Name object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonName"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OCSP Responder Trusted Common Name object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/certAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames/{ocspTlsTrustedCommonName}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete an OCSP Responder Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
+        "operationId": "deleteCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "in": "path",
+            "name": "ocspTlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "deprecated": true,
+        "description": "Get an OCSP Responder Trusted Common Name object.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x||x|\nocspTlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.19. Replaced by clientCertAuthorities.",
+        "operationId": "getCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "in": "path",
+            "name": "ocspTlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OCSP Responder Trusted Common Name object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/CertAuthorityOcspTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "certAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/clientCertAuthorities": {
+      "get": {
+        "description": "Get a list of Client Certificate Authority objects.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.19.",
+        "operationId": "getClientCertAuthorities",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Client Certificate Authority objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthoritiesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Client Certificate Authority objects.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Client Certificate Authority object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nClientCertAuthority|crlDayList|crlTimeList|\nClientCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "createClientCertAuthority",
+        "parameters": [
+          {
+            "description": "The Client Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Certificate Authority object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Client Certificate Authority object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/clientCertAuthorities/{certAuthorityName}": {
+      "delete": {
+        "description": "Delete a Client Certificate Authority object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "deleteClientCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Client Certificate Authority object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Client Certificate Authority object.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getClientCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Certificate Authority object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Client Certificate Authority object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Client Certificate Authority object. Any attribute missing from the request will be left unchanged.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x||||||\ncrlUrl||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nClientCertAuthority|crlDayList|crlTimeList|\nClientCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "updateClientCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Certificate Authority object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Client Certificate Authority object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Client Certificate Authority object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nClients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x||||||\ncrlUrl||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nClientCertAuthority|crlDayList|crlTimeList|\nClientCertAuthority|crlTimeList|crlDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "replaceClientCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Certificate Authority object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Client Certificate Authority object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/clientCertAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames": {
+      "get": {
+        "description": "Get a list of OCSP Responder Trusted Common Name objects.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\nocspTlsTrustedCommonName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.19.",
+        "operationId": "getClientCertAuthorityOcspTlsTrustedCommonNames",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of OCSP Responder Trusted Common Name objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNamesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of OCSP Responder Trusted Common Name objects.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create an OCSP Responder Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||x|||\nocspTlsTrustedCommonName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "createClientCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OCSP Responder Trusted Common Name object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonName"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OCSP Responder Trusted Common Name object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/clientCertAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames/{ocspTlsTrustedCommonName}": {
+      "delete": {
+        "description": "Delete an OCSP Responder Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "deleteClientCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "in": "path",
+            "name": "ocspTlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get an OCSP Responder Trusted Common Name object.\n\nWhen an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\nocspTlsTrustedCommonName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getClientCertAuthorityOcspTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected Trusted Common Name of the OCSP responder remote certificate.",
+            "in": "path",
+            "name": "ocspTlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OCSP Responder Trusted Common Name object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/ClientCertAuthorityOcspTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an OCSP Responder Trusted Common Name object.",
+        "tags": [
+          "all",
+          "clientCertAuthority"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/dmrClusters": {
+      "get": {
+        "description": "Get a list of Cluster objects.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\ndmrClusterName|x|||\ntlsServerCertEnforceTrustedCommonNameEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusters",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Cluster objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClustersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Cluster objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Cluster object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword|||||x||x\nauthenticationClientCertContent|||||x||x\nauthenticationClientCertPassword|||||x||\ndirectOnlyEnabled||x|||||\ndmrClusterName|x|x|x||||\nnodeName||||x|||\ntlsServerCertEnforceTrustedCommonNameEnabled||||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nDmrCluster|authenticationClientCertPassword|authenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createDmrCluster",
+        "parameters": [
+          {
+            "description": "The Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrCluster"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cluster object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Cluster object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/dmrClusters/{dmrClusterName}": {
+      "delete": {
+        "description": "Delete a Cluster object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteDmrCluster",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Cluster object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Cluster object.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\ndmrClusterName|x|||\ntlsServerCertEnforceTrustedCommonNameEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrCluster",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cluster object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Cluster object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Cluster object. Any attribute missing from the request will be left unchanged.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||x||x\nauthenticationClientCertContent||||x||x||x\nauthenticationClientCertPassword||||x||x||\ndirectOnlyEnabled||x||||||\ndmrClusterName|x|x||||||\nnodeName|||x|||||\ntlsServerCertEnforceTrustedCommonNameEnabled|||||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nDmrCluster|authenticationClientCertPassword|authenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateDmrCluster",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrCluster"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cluster object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Cluster object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Cluster object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||x||x\nauthenticationClientCertContent||||x||x||x\nauthenticationClientCertPassword||||x||x||\ndirectOnlyEnabled||x||||||\ndmrClusterName|x|x||||||\nnodeName|||x|||||\ntlsServerCertEnforceTrustedCommonNameEnabled|||||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nDmrCluster|authenticationClientCertPassword|authenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceDmrCluster",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrCluster"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cluster object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Cluster object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules": {
+      "get": {
+        "description": "Get a list of Certificate Matching Rule objects.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRules",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRulesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Certificate Matching Rule object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x|||x|||\nruleName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "createDmrClusterCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRule"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}": {
+      "delete": {
+        "description": "Delete a Certificate Matching Rule object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "deleteDmrClusterCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Certificate Matching Rule object.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "patch": {
+        "description": "Update a Certificate Matching Rule object. Any attribute missing from the request will be left unchanged.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|||||\nruleName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "updateDmrClusterCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRule"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "put": {
+        "description": "Replace a Certificate Matching Rule object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|||||\nruleName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "replaceDmrClusterCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRule"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/attributeFilters": {
+      "get": {
+        "description": "Get a list of Certificate Matching Rule Attribute Filter objects.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nfilterName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRuleAttributeFilters",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule Attribute Filter objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFiltersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule Attribute Filter objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Certificate Matching Rule Attribute Filter object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x|||x|||\nfilterName|x|x|x||||\nruleName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "createDmrClusterCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/attributeFilters/{filterName}": {
+      "delete": {
+        "description": "Delete a Certificate Matching Rule Attribute Filter object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "deleteDmrClusterCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Certificate Matching Rule Attribute Filter object.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nfilterName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "patch": {
+        "description": "Update a Certificate Matching Rule Attribute Filter object. Any attribute missing from the request will be left unchanged.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|||||\nfilterName|x|x||||||\nruleName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "updateDmrClusterCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "put": {
+        "description": "Replace a Certificate Matching Rule Attribute Filter object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|||||\nfilterName|x|x||||||\nruleName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "replaceDmrClusterCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/conditions": {
+      "get": {
+        "description": "Get a list of Certificate Matching Rule Condition objects.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nruleName|x|||\nsource|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRuleConditions",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule Condition objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule Condition objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Certificate Matching Rule Condition object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nattribute||x|||||\ndmrClusterName|x|||x|||\nexpression||x|||||\nruleName|x|||x|||\nsource|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "createDmrClusterCertMatchingRuleCondition",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Condition object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleCondition"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Condition object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Certificate Matching Rule Condition object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/conditions/{source}": {
+      "delete": {
+        "description": "Delete a Certificate Matching Rule Condition object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "deleteDmrClusterCertMatchingRuleCondition",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Certificate field to be compared with the Attribute.",
+            "in": "path",
+            "name": "source",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Certificate Matching Rule Condition object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Certificate Matching Rule Condition object.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nruleName|x|||\nsource|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterCertMatchingRuleCondition",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Certificate field to be compared with the Attribute.",
+            "in": "path",
+            "name": "source",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Condition object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterCertMatchingRuleConditionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Matching Rule Condition object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links": {
+      "get": {
+        "description": "Get a list of Link objects.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\ndmrClusterName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLinks",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Link objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinksResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Link objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Link object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword|||||x||x\ndmrClusterName|x|||x|||\nremoteNodeName|x|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nDmrClusterLinkQueueEventSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nDmrClusterLinkQueueEventSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nDmrClusterLinkQueueEventSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nDmrClusterLinkQueueEventSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createDmrClusterLink",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Link object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLink"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Link object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}": {
+      "delete": {
+        "description": "Delete a Link object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteDmrClusterLink",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Link object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Link object.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\ndmrClusterName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLink",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Link object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Link object. Any attribute missing from the request will be left unchanged.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||x||x\nauthenticationScheme||||||x||\ndmrClusterName|x||x|||||\negressFlowWindowSize||||||x||\ninitiator||||||x||\nremoteNodeName|x|x||||||\nspan||||||x||\ntransportCompressedEnabled||||||x||\ntransportTlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nDmrClusterLinkQueueEventSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nDmrClusterLinkQueueEventSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nDmrClusterLinkQueueEventSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nDmrClusterLinkQueueEventSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateDmrClusterLink",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Link object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLink"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Link object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Link object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||x||x\nauthenticationScheme||||||x||\ndmrClusterName|x||x|||||\negressFlowWindowSize||||||x||\ninitiator||||||x||\nremoteNodeName|x|x||||||\nspan||||||x||\ntransportCompressedEnabled||||||x||\ntransportTlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nDmrClusterLinkQueueEventSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nDmrClusterLinkQueueEventSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nDmrClusterLinkQueueEventSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nDmrClusterLinkQueueEventSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceDmrClusterLink",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Link object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLink"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Link object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/attributes": {
+      "get": {
+        "description": "Get a list of Link Attribute objects.\n\nA Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nattributeName|x|||\nattributeValue|x|||\ndmrClusterName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterLinkAttributes",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Link Attribute objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkAttributesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Link Attribute objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Link Attribute object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nattributeName|x|x|x||||\nattributeValue|x|x|x||||\ndmrClusterName|x|||x|||\nremoteNodeName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "createDmrClusterLinkAttribute",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Link Attribute object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkAttribute"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link Attribute object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkAttributeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Link Attribute object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/attributes/{attributeName},{attributeValue}": {
+      "delete": {
+        "description": "Delete a Link Attribute object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "deleteDmrClusterLinkAttribute",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Attribute.",
+            "in": "path",
+            "name": "attributeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the Attribute.",
+            "in": "path",
+            "name": "attributeValue",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Link Attribute object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Link Attribute object.\n\nA Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nattributeName|x|||\nattributeValue|x|||\ndmrClusterName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getDmrClusterLinkAttribute",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Attribute.",
+            "in": "path",
+            "name": "attributeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the Attribute.",
+            "in": "path",
+            "name": "attributeValue",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Link Attribute object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkAttributeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Link Attribute object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/remoteAddresses": {
+      "get": {
+        "description": "Get a list of Remote Address objects.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nremoteAddress|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLinkRemoteAddresses",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Remote Address objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkRemoteAddressesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Remote Address objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Remote Address object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x|||x|||\nremoteAddress|x|x|x||||\nremoteNodeName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createDmrClusterLinkRemoteAddress",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Remote Address object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkRemoteAddress"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Remote Address object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkRemoteAddressResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Remote Address object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/remoteAddresses/{remoteAddress}": {
+      "delete": {
+        "description": "Delete a Remote Address object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteDmrClusterLinkRemoteAddress",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).",
+            "in": "path",
+            "name": "remoteAddress",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Remote Address object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Remote Address object.\n\nEach Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x|||\nremoteAddress|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getDmrClusterLinkRemoteAddress",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).",
+            "in": "path",
+            "name": "remoteAddress",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Remote Address object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkRemoteAddressResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Remote Address object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/tlsTrustedCommonNames": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|\nremoteNodeName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getDmrClusterLinkTlsTrustedCommonNames",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNamesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Trusted Common Name objects.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "deprecated": true,
+        "description": "Create a Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ndmrClusterName|x|||x||x|\nremoteNodeName|x|||x||x|\ntlsTrustedCommonName|x|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "createDmrClusterLinkTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Trusted Common Name object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonName"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Trusted Common Name object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Trusted Common Name object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete a Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "deleteDmrClusterLinkTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected trusted common name of the remote certificate.",
+            "in": "path",
+            "name": "tlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Trusted Common Name object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "deprecated": true,
+        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the Link are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmrClusterName|x||x|\nremoteNodeName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getDmrClusterLinkTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Cluster.",
+            "in": "path",
+            "name": "dmrClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the Link.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected trusted common name of the remote certificate.",
+            "in": "path",
+            "name": "tlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Trusted Common Name object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DmrClusterLinkTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Trusted Common Name object.",
+        "tags": [
+          "all",
+          "dmrCluster"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/domainCertAuthorities": {
+      "get": {
+        "description": "Get a list of Domain Certificate Authority objects.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.19.",
+        "operationId": "getDomainCertAuthorities",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Domain Certificate Authority objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DomainCertAuthoritiesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Domain Certificate Authority objects.",
+        "tags": [
+          "all",
+          "domainCertAuthority"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Domain Certificate Authority object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "createDomainCertAuthority",
+        "parameters": [
+          {
+            "description": "The Domain Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DomainCertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Domain Certificate Authority object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DomainCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Domain Certificate Authority object.",
+        "tags": [
+          "all",
+          "domainCertAuthority"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/domainCertAuthorities/{certAuthorityName}": {
+      "delete": {
+        "description": "Delete a Domain Certificate Authority object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nCertificate Authorities trusted for domain verification.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "deleteDomainCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Domain Certificate Authority object.",
+        "tags": [
+          "all",
+          "domainCertAuthority"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Domain Certificate Authority object.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncertAuthorityName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "getDomainCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Domain Certificate Authority object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DomainCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Domain Certificate Authority object.",
+        "tags": [
+          "all",
+          "domainCertAuthority"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "patch": {
+        "description": "Update a Domain Certificate Authority object. Any attribute missing from the request will be left unchanged.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "updateDomainCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Domain Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DomainCertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Domain Certificate Authority object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DomainCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Domain Certificate Authority object.",
+        "tags": [
+          "all",
+          "domainCertAuthority"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "put": {
+        "description": "Replace a Domain Certificate Authority object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nCertificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncertAuthorityName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.19.",
+        "operationId": "replaceDomainCertAuthority",
+        "parameters": [
+          {
+            "description": "The name of the Certificate Authority.",
+            "in": "path",
+            "name": "certAuthorityName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Domain Certificate Authority object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/DomainCertAuthority"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Domain Certificate Authority object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/DomainCertAuthorityResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Domain Certificate Authority object.",
+        "tags": [
+          "all",
+          "domainCertAuthority"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns": {
+      "get": {
+        "description": "Get a list of Message VPN objects.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName|||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||x|\ndistributedCacheManagementEnabled|||x|\nmsgVpnName|x|||\nreplicationBridgeAuthenticationBasicPassword||x||x\nreplicationBridgeAuthenticationClientCertContent||x||x\nreplicationBridgeAuthenticationClientCertPassword||x||\nreplicationEnabledQueueBehavior||x||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpns",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Message VPN objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Message VPN objects.",
+        "tags": [
+          "all",
+          "msgVpn"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Message VPN object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName||||||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled||||||x|\ndistributedCacheManagementEnabled||||||x|\nmsgVpnName|x|x|x||||\nreplicationBridgeAuthenticationBasicPassword|||||x||x\nreplicationBridgeAuthenticationClientCertContent|||||x||x\nreplicationBridgeAuthenticationClientCertPassword|||||x||\nreplicationEnabledQueueBehavior|||||x||\nrestTlsServerCertEnforceTrustedCommonNameEnabled||||||x|\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpn|authenticationBasicProfileName|authenticationBasicType|\nMsgVpn|authorizationProfileName|authorizationType|\nMsgVpn|eventPublishTopicFormatMqttEnabled|eventPublishTopicFormatSmfEnabled|\nMsgVpn|eventPublishTopicFormatSmfEnabled|eventPublishTopicFormatMqttEnabled|\nMsgVpn|replicationBridgeAuthenticationBasicClientUsername|replicationBridgeAuthenticationBasicPassword|\nMsgVpn|replicationBridgeAuthenticationBasicPassword|replicationBridgeAuthenticationBasicClientUsername|\nMsgVpn|replicationBridgeAuthenticationClientCertPassword|replicationBridgeAuthenticationClientCertContent|\nMsgVpn|replicationEnabledQueueBehavior|replicationEnabled|\nMsgVpnEventConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventEgressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventEgressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventEgressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventEgressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventEgressMsgRateThreshold|clearValue|setValue|\nMsgVpnEventEgressMsgRateThreshold|setValue|clearValue|\nMsgVpnEventEndpointCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventEndpointCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventEndpointCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventEndpointCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventIngressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventIngressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventIngressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventIngressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventIngressMsgRateThreshold|clearValue|setValue|\nMsgVpnEventIngressMsgRateThreshold|setValue|clearValue|\nMsgVpnEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceAmqpConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceAmqpConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceAmqpConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceAmqpConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceMqttConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceMqttConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceMqttConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceMqttConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceRestIncomingConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceRestIncomingConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceRestIncomingConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceRestIncomingConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceSmfConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceSmfConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceSmfConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceSmfConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceWebConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceWebConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceWebConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceWebConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventSubscriptionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventSubscriptionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventSubscriptionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventSubscriptionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventTransactedSessionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventTransactedSessionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventTransactedSessionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventTransactedSessionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventTransactionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventTransactionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventTransactionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventTransactionCountThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpn",
+        "parameters": [
+          {
+            "description": "The Message VPN object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpn"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Message VPN object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Message VPN object.",
+        "tags": [
+          "all",
+          "msgVpn"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}": {
+      "delete": {
+        "description": "Delete a Message VPN object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpn",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Message VPN object.",
+        "tags": [
+          "all",
+          "msgVpn"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Message VPN object.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName|||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||x|\ndistributedCacheManagementEnabled|||x|\nmsgVpnName|x|||\nreplicationBridgeAuthenticationBasicPassword||x||x\nreplicationBridgeAuthenticationClientCertContent||x||x\nreplicationBridgeAuthenticationClientCertPassword||x||\nreplicationEnabledQueueBehavior||x||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpn",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Message VPN object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Message VPN object.",
+        "tags": [
+          "all",
+          "msgVpn"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Message VPN object. Any attribute missing from the request will be left unchanged.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName|||||||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||||||x|\ndistributedCacheManagementEnabled|||||||x|\nmsgVpnName|x|x||||||\nreplicationBridgeAuthenticationBasicPassword||||x||||x\nreplicationBridgeAuthenticationClientCertContent||||x||||x\nreplicationBridgeAuthenticationClientCertPassword||||x||||\nreplicationEnabledQueueBehavior||||x||||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||||||x|\nserviceAmqpPlainTextListenPort||||||x||\nserviceAmqpTlsListenPort||||||x||\nserviceMqttPlainTextListenPort||||||x||\nserviceMqttTlsListenPort||||||x||\nserviceMqttTlsWebSocketListenPort||||||x||\nserviceMqttWebSocketListenPort||||||x||\nserviceRestIncomingPlainTextListenPort||||||x||\nserviceRestIncomingTlsListenPort||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpn|authenticationBasicProfileName|authenticationBasicType|\nMsgVpn|authorizationProfileName|authorizationType|\nMsgVpn|eventPublishTopicFormatMqttEnabled|eventPublishTopicFormatSmfEnabled|\nMsgVpn|eventPublishTopicFormatSmfEnabled|eventPublishTopicFormatMqttEnabled|\nMsgVpn|replicationBridgeAuthenticationBasicClientUsername|replicationBridgeAuthenticationBasicPassword|\nMsgVpn|replicationBridgeAuthenticationBasicPassword|replicationBridgeAuthenticationBasicClientUsername|\nMsgVpn|replicationBridgeAuthenticationClientCertPassword|replicationBridgeAuthenticationClientCertContent|\nMsgVpn|replicationEnabledQueueBehavior|replicationEnabled|\nMsgVpnEventConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventEgressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventEgressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventEgressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventEgressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventEgressMsgRateThreshold|clearValue|setValue|\nMsgVpnEventEgressMsgRateThreshold|setValue|clearValue|\nMsgVpnEventEndpointCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventEndpointCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventEndpointCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventEndpointCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventIngressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventIngressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventIngressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventIngressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventIngressMsgRateThreshold|clearValue|setValue|\nMsgVpnEventIngressMsgRateThreshold|setValue|clearValue|\nMsgVpnEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceAmqpConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceAmqpConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceAmqpConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceAmqpConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceMqttConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceMqttConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceMqttConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceMqttConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceRestIncomingConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceRestIncomingConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceRestIncomingConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceRestIncomingConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceSmfConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceSmfConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceSmfConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceSmfConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceWebConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceWebConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceWebConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceWebConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventSubscriptionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventSubscriptionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventSubscriptionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventSubscriptionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventTransactedSessionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventTransactedSessionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventTransactedSessionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventTransactedSessionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventTransactionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventTransactionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventTransactionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventTransactionCountThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nalias|global/read-write\nauthenticationBasicEnabled|global/read-write\nauthenticationBasicProfileName|global/read-write\nauthenticationBasicRadiusDomain|global/read-write\nauthenticationBasicType|global/read-write\nauthenticationClientCertAllowApiProvidedUsernameEnabled|global/read-write\nauthenticationClientCertCertificateMatchingRulesEnabled|global/read-write\nauthenticationClientCertEnabled|global/read-write\nauthenticationClientCertMaxChainDepth|global/read-write\nauthenticationClientCertRevocationCheckMode|global/read-write\nauthenticationClientCertUsernameSource|global/read-write\nauthenticationClientCertValidateDateEnabled|global/read-write\nauthenticationKerberosAllowApiProvidedUsernameEnabled|global/read-write\nauthenticationKerberosEnabled|global/read-write\nauthenticationOauthEnabled|global/read-write\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|global/read-write\nbridgingTlsServerCertMaxChainDepth|global/read-write\nbridgingTlsServerCertValidateDateEnabled|global/read-write\nbridgingTlsServerCertValidateNameEnabled|global/read-write\ndmrEnabled|global/read-write\nexportSubscriptionsEnabled|global/read-write\nmaxConnectionCount|global/read-write\nmaxEgressFlowCount|global/read-write\nmaxEndpointCount|global/read-write\nmaxIngressFlowCount|global/read-write\nmaxMsgSpoolUsage|global/read-write\nmaxSubscriptionCount|global/read-write\nmaxTransactedSessionCount|global/read-write\nmaxTransactionCount|global/read-write\nmqttRetainMaxMemory|global/read-write\nreplicationBridgeAuthenticationBasicClientUsername|global/read-write\nreplicationBridgeAuthenticationBasicPassword|global/read-write\nreplicationBridgeAuthenticationClientCertContent|global/read-write\nreplicationBridgeAuthenticationClientCertPassword|global/read-write\nreplicationBridgeAuthenticationScheme|global/read-write\nreplicationBridgeCompressedDataEnabled|global/read-write\nreplicationBridgeEgressFlowWindowSize|global/read-write\nreplicationBridgeRetryDelay|global/read-write\nreplicationBridgeTlsEnabled|global/read-write\nreplicationBridgeUnidirectionalClientProfileName|global/read-write\nreplicationEnabled|global/read-write\nreplicationEnabledQueueBehavior|global/read-write\nreplicationQueueMaxMsgSpoolUsage|global/read-write\nreplicationRole|global/read-write\nrestTlsServerCertEnforceTrustedCommonNameEnabled|global/read-write\nrestTlsServerCertMaxChainDepth|global/read-write\nrestTlsServerCertValidateDateEnabled|global/read-write\nrestTlsServerCertValidateNameEnabled|global/read-write\nsempOverMsgBusAdminClientEnabled|global/read-write\nsempOverMsgBusAdminDistributedCacheEnabled|global/read-write\nsempOverMsgBusAdminEnabled|global/read-write\nsempOverMsgBusEnabled|global/read-write\nsempOverMsgBusShowEnabled|global/read-write\nserviceAmqpMaxConnectionCount|global/read-write\nserviceAmqpPlainTextListenPort|global/read-write\nserviceAmqpTlsListenPort|global/read-write\nserviceMqttMaxConnectionCount|global/read-write\nserviceMqttPlainTextListenPort|global/read-write\nserviceMqttTlsListenPort|global/read-write\nserviceMqttTlsWebSocketListenPort|global/read-write\nserviceMqttWebSocketListenPort|global/read-write\nserviceRestIncomingMaxConnectionCount|global/read-write\nserviceRestIncomingPlainTextListenPort|global/read-write\nserviceRestIncomingTlsListenPort|global/read-write\nserviceRestOutgoingMaxConnectionCount|global/read-write\nserviceSmfMaxConnectionCount|global/read-write\nserviceWebMaxConnectionCount|global/read-write\n\n\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpn",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Message VPN object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpn"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Message VPN object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Message VPN object.",
+        "tags": [
+          "all",
+          "msgVpn"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Message VPN object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nMessage VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationOauthDefaultProviderName|||||||x|\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|||||||x|\ndistributedCacheManagementEnabled|||||||x|\nmsgVpnName|x|x||||||\nreplicationBridgeAuthenticationBasicPassword||||x||||x\nreplicationBridgeAuthenticationClientCertContent||||x||||x\nreplicationBridgeAuthenticationClientCertPassword||||x||||\nreplicationEnabledQueueBehavior||||x||||\nrestTlsServerCertEnforceTrustedCommonNameEnabled|||||||x|\nserviceAmqpPlainTextListenPort||||||x||\nserviceAmqpTlsListenPort||||||x||\nserviceMqttPlainTextListenPort||||||x||\nserviceMqttTlsListenPort||||||x||\nserviceMqttTlsWebSocketListenPort||||||x||\nserviceMqttWebSocketListenPort||||||x||\nserviceRestIncomingPlainTextListenPort||||||x||\nserviceRestIncomingTlsListenPort||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpn|authenticationBasicProfileName|authenticationBasicType|\nMsgVpn|authorizationProfileName|authorizationType|\nMsgVpn|eventPublishTopicFormatMqttEnabled|eventPublishTopicFormatSmfEnabled|\nMsgVpn|eventPublishTopicFormatSmfEnabled|eventPublishTopicFormatMqttEnabled|\nMsgVpn|replicationBridgeAuthenticationBasicClientUsername|replicationBridgeAuthenticationBasicPassword|\nMsgVpn|replicationBridgeAuthenticationBasicPassword|replicationBridgeAuthenticationBasicClientUsername|\nMsgVpn|replicationBridgeAuthenticationClientCertPassword|replicationBridgeAuthenticationClientCertContent|\nMsgVpn|replicationEnabledQueueBehavior|replicationEnabled|\nMsgVpnEventConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventEgressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventEgressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventEgressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventEgressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventEgressMsgRateThreshold|clearValue|setValue|\nMsgVpnEventEgressMsgRateThreshold|setValue|clearValue|\nMsgVpnEventEndpointCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventEndpointCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventEndpointCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventEndpointCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventIngressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventIngressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventIngressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventIngressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventIngressMsgRateThreshold|clearValue|setValue|\nMsgVpnEventIngressMsgRateThreshold|setValue|clearValue|\nMsgVpnEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceAmqpConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceAmqpConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceAmqpConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceAmqpConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceMqttConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceMqttConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceMqttConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceMqttConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceRestIncomingConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceRestIncomingConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceRestIncomingConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceRestIncomingConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceSmfConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceSmfConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceSmfConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceSmfConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventServiceWebConnectionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventServiceWebConnectionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventServiceWebConnectionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventServiceWebConnectionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventSubscriptionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventSubscriptionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventSubscriptionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventSubscriptionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventTransactedSessionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventTransactedSessionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventTransactedSessionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventTransactedSessionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnEventTransactionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnEventTransactionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnEventTransactionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnEventTransactionCountThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nalias|global/read-write\nauthenticationBasicEnabled|global/read-write\nauthenticationBasicProfileName|global/read-write\nauthenticationBasicRadiusDomain|global/read-write\nauthenticationBasicType|global/read-write\nauthenticationClientCertAllowApiProvidedUsernameEnabled|global/read-write\nauthenticationClientCertCertificateMatchingRulesEnabled|global/read-write\nauthenticationClientCertEnabled|global/read-write\nauthenticationClientCertMaxChainDepth|global/read-write\nauthenticationClientCertRevocationCheckMode|global/read-write\nauthenticationClientCertUsernameSource|global/read-write\nauthenticationClientCertValidateDateEnabled|global/read-write\nauthenticationKerberosAllowApiProvidedUsernameEnabled|global/read-write\nauthenticationKerberosEnabled|global/read-write\nauthenticationOauthEnabled|global/read-write\nbridgingTlsServerCertEnforceTrustedCommonNameEnabled|global/read-write\nbridgingTlsServerCertMaxChainDepth|global/read-write\nbridgingTlsServerCertValidateDateEnabled|global/read-write\nbridgingTlsServerCertValidateNameEnabled|global/read-write\ndmrEnabled|global/read-write\nexportSubscriptionsEnabled|global/read-write\nmaxConnectionCount|global/read-write\nmaxEgressFlowCount|global/read-write\nmaxEndpointCount|global/read-write\nmaxIngressFlowCount|global/read-write\nmaxMsgSpoolUsage|global/read-write\nmaxSubscriptionCount|global/read-write\nmaxTransactedSessionCount|global/read-write\nmaxTransactionCount|global/read-write\nmqttRetainMaxMemory|global/read-write\nreplicationBridgeAuthenticationBasicClientUsername|global/read-write\nreplicationBridgeAuthenticationBasicPassword|global/read-write\nreplicationBridgeAuthenticationClientCertContent|global/read-write\nreplicationBridgeAuthenticationClientCertPassword|global/read-write\nreplicationBridgeAuthenticationScheme|global/read-write\nreplicationBridgeCompressedDataEnabled|global/read-write\nreplicationBridgeEgressFlowWindowSize|global/read-write\nreplicationBridgeRetryDelay|global/read-write\nreplicationBridgeTlsEnabled|global/read-write\nreplicationBridgeUnidirectionalClientProfileName|global/read-write\nreplicationEnabled|global/read-write\nreplicationEnabledQueueBehavior|global/read-write\nreplicationQueueMaxMsgSpoolUsage|global/read-write\nreplicationRole|global/read-write\nrestTlsServerCertEnforceTrustedCommonNameEnabled|global/read-write\nrestTlsServerCertMaxChainDepth|global/read-write\nrestTlsServerCertValidateDateEnabled|global/read-write\nrestTlsServerCertValidateNameEnabled|global/read-write\nsempOverMsgBusAdminClientEnabled|global/read-write\nsempOverMsgBusAdminDistributedCacheEnabled|global/read-write\nsempOverMsgBusAdminEnabled|global/read-write\nsempOverMsgBusEnabled|global/read-write\nsempOverMsgBusShowEnabled|global/read-write\nserviceAmqpMaxConnectionCount|global/read-write\nserviceAmqpPlainTextListenPort|global/read-write\nserviceAmqpTlsListenPort|global/read-write\nserviceMqttMaxConnectionCount|global/read-write\nserviceMqttPlainTextListenPort|global/read-write\nserviceMqttTlsListenPort|global/read-write\nserviceMqttTlsWebSocketListenPort|global/read-write\nserviceMqttWebSocketListenPort|global/read-write\nserviceRestIncomingMaxConnectionCount|global/read-write\nserviceRestIncomingPlainTextListenPort|global/read-write\nserviceRestIncomingTlsListenPort|global/read-write\nserviceRestOutgoingMaxConnectionCount|global/read-write\nserviceSmfMaxConnectionCount|global/read-write\nserviceWebMaxConnectionCount|global/read-write\n\n\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpn",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Message VPN object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpn"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Message VPN object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Message VPN object.",
+        "tags": [
+          "all",
+          "msgVpn"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles": {
+      "get": {
+        "description": "Get a list of ACL Profile objects.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnAclProfiles",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of ACL Profile objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfilesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of ACL Profile objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create an ACL Profile object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|x|x||||\nmsgVpnName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnAclProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The ACL Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The ACL Profile object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an ACL Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}": {
+      "delete": {
+        "description": "Delete an ACL Profile object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnAclProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an ACL Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get an ACL Profile object.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnAclProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The ACL Profile object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an ACL Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update an ACL Profile object. Any attribute missing from the request will be left unchanged.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|x||||||\nmsgVpnName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnAclProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The ACL Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The ACL Profile object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update an ACL Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace an ACL Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nAn ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|x||||||\nmsgVpnName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnAclProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The ACL Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The ACL Profile object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace an ACL Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/clientConnectExceptions": {
+      "get": {
+        "description": "Get a list of Client Connect Exception objects.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nclientConnectExceptionAddress|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnAclProfileClientConnectExceptions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Client Connect Exception objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Client Connect Exception objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Client Connect Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|||x|||\nclientConnectExceptionAddress|x|x|x||||\nmsgVpnName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnAclProfileClientConnectException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Connect Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileClientConnectException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Connect Exception object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Client Connect Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/clientConnectExceptions/{clientConnectExceptionAddress}": {
+      "delete": {
+        "description": "Delete a Client Connect Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnAclProfileClientConnectException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The IP address/netmask of the client connect exception in canonical CIDR form.",
+            "in": "path",
+            "name": "clientConnectExceptionAddress",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Client Connect Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Client Connect Exception object.\n\nA Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nclientConnectExceptionAddress|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnAclProfileClientConnectException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The IP address/netmask of the client connect exception in canonical CIDR form.",
+            "in": "path",
+            "name": "clientConnectExceptionAddress",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Connect Exception object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileClientConnectExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Client Connect Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishExceptions": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of Publish Topic Exception objects.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x||x|\nmsgVpnName|x||x|\npublishExceptionTopic|x||x|\ntopicSyntax|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
+        "operationId": "getMsgVpnAclProfilePublishExceptions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Publish Topic Exception objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Publish Topic Exception objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "deprecated": true,
+        "description": "Create a Publish Topic Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|||x||x|\nmsgVpnName|x|||x||x|\npublishExceptionTopic|x|x|x|||x|\ntopicSyntax|x|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
+        "operationId": "createMsgVpnAclProfilePublishException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Publish Topic Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfilePublishException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Publish Topic Exception object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Publish Topic Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishExceptions/{topicSyntax},{publishExceptionTopic}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete a Publish Topic Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
+        "operationId": "deleteMsgVpnAclProfilePublishException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "topicSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "publishExceptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Publish Topic Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "deprecated": true,
+        "description": "Get a Publish Topic Exception object.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x||x|\nmsgVpnName|x||x|\npublishExceptionTopic|x||x|\ntopicSyntax|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by publishTopicExceptions.",
+        "operationId": "getMsgVpnAclProfilePublishException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "topicSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "publishExceptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Publish Topic Exception object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfilePublishExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Publish Topic Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishTopicExceptions": {
+      "get": {
+        "description": "Get a list of Publish Topic Exception objects.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\npublishTopicException|x|||\npublishTopicExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfilePublishTopicExceptions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Publish Topic Exception objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Publish Topic Exception objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Publish Topic Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|||x|||\nmsgVpnName|x|||x|||\npublishTopicException|x|x|x||||\npublishTopicExceptionSyntax|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "createMsgVpnAclProfilePublishTopicException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Publish Topic Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Publish Topic Exception object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Publish Topic Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishTopicExceptions/{publishTopicExceptionSyntax},{publishTopicException}": {
+      "delete": {
+        "description": "Delete a Publish Topic Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "deleteMsgVpnAclProfilePublishTopicException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "publishTopicExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "publishTopicException",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Publish Topic Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Publish Topic Exception object.\n\nA Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\npublishTopicException|x|||\npublishTopicExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfilePublishTopicException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "publishTopicExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "publishTopicException",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Publish Topic Exception object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfilePublishTopicExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Publish Topic Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeExceptions": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of Subscribe Topic Exception objects.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x||x|\nmsgVpnName|x||x|\nsubscribeExceptionTopic|x||x|\ntopicSyntax|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+        "operationId": "getMsgVpnAclProfileSubscribeExceptions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Subscribe Topic Exception objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Subscribe Topic Exception objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "deprecated": true,
+        "description": "Create a Subscribe Topic Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|||x||x|\nmsgVpnName|x|||x||x|\nsubscribeExceptionTopic|x|x|x|||x|\ntopicSyntax|x|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+        "operationId": "createMsgVpnAclProfileSubscribeException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Subscribe Topic Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Subscribe Topic Exception object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Subscribe Topic Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeExceptions/{topicSyntax},{subscribeExceptionTopic}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete a Subscribe Topic Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+        "operationId": "deleteMsgVpnAclProfileSubscribeException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "topicSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeExceptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Subscribe Topic Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "deprecated": true,
+        "description": "Get a Subscribe Topic Exception object.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x||x|\nmsgVpnName|x||x|\nsubscribeExceptionTopic|x||x|\ntopicSyntax|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.14. Replaced by subscribeTopicExceptions.",
+        "operationId": "getMsgVpnAclProfileSubscribeException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "topicSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeExceptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Subscribe Topic Exception object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Subscribe Topic Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeShareNameExceptions": {
+      "get": {
+        "description": "Get a list of Subscribe Share Name Exception objects.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\nsubscribeShareNameException|x|||\nsubscribeShareNameExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfileSubscribeShareNameExceptions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Subscribe Share Name Exception objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Subscribe Share Name Exception objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Subscribe Share Name Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|||x|||\nmsgVpnName|x|||x|||\nsubscribeShareNameException|x|x|x||||\nsubscribeShareNameExceptionSyntax|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "createMsgVpnAclProfileSubscribeShareNameException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Subscribe Share Name Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Subscribe Share Name Exception object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Subscribe Share Name Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeShareNameExceptions/{subscribeShareNameExceptionSyntax},{subscribeShareNameException}": {
+      "delete": {
+        "description": "Delete a Subscribe Share Name Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "deleteMsgVpnAclProfileSubscribeShareNameException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the subscribe share name for the exception to the default action taken.",
+            "in": "path",
+            "name": "subscribeShareNameExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The subscribe share name exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeShareNameException",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Subscribe Share Name Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Subscribe Share Name Exception object.\n\nA Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\nsubscribeShareNameException|x|||\nsubscribeShareNameExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfileSubscribeShareNameException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the subscribe share name for the exception to the default action taken.",
+            "in": "path",
+            "name": "subscribeShareNameExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The subscribe share name exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeShareNameException",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Subscribe Share Name Exception object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeShareNameExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Subscribe Share Name Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeTopicExceptions": {
+      "get": {
+        "description": "Get a list of Subscribe Topic Exception objects.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\nsubscribeTopicException|x|||\nsubscribeTopicExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfileSubscribeTopicExceptions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Subscribe Topic Exception objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Subscribe Topic Exception objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Subscribe Topic Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName|x|||x|||\nmsgVpnName|x|||x|||\nsubscribeTopicException|x|x|x||||\nsubscribeTopicExceptionSyntax|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "createMsgVpnAclProfileSubscribeTopicException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Subscribe Topic Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Subscribe Topic Exception object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Subscribe Topic Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeTopicExceptions/{subscribeTopicExceptionSyntax},{subscribeTopicException}": {
+      "delete": {
+        "description": "Delete a Subscribe Topic Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "deleteMsgVpnAclProfileSubscribeTopicException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "subscribeTopicExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeTopicException",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Subscribe Topic Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Subscribe Topic Exception object.\n\nA Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naclProfileName|x|||\nmsgVpnName|x|||\nsubscribeTopicException|x|||\nsubscribeTopicExceptionSyntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnAclProfileSubscribeTopicException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ACL Profile.",
+            "in": "path",
+            "name": "aclProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the topic for the exception to the default action taken.",
+            "in": "path",
+            "name": "subscribeTopicExceptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for the exception to the default action taken. May include wildcard characters.",
+            "in": "path",
+            "name": "subscribeTopicException",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Subscribe Topic Exception object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAclProfileSubscribeTopicExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Subscribe Topic Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "aclProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles": {
+      "get": {
+        "description": "Get a list of OAuth Profile objects.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientSecret||x||x\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfiles",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of OAuth Profile objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfilesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of OAuth Profile objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create an OAuth Profile object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nclientSecret|||||x||x\nmsgVpnName|x|||x|||\noauthProfileName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "createMsgVpnAuthenticationOauthProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OAuth Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OAuth Profile object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an OAuth Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}": {
+      "delete": {
+        "description": "Delete an OAuth Profile object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "deleteMsgVpnAuthenticationOauthProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an OAuth Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get an OAuth Profile object.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientSecret||x||x\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OAuth Profile object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an OAuth Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "patch": {
+        "description": "Update an OAuth Profile object. Any attribute missing from the request will be left unchanged.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nclientSecret||||x||||x\nmsgVpnName|x||x|||||\noauthProfileName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "updateMsgVpnAuthenticationOauthProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OAuth Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OAuth Profile object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update an OAuth Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "put": {
+        "description": "Replace an OAuth Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nclientSecret||||x||||x\nmsgVpnName|x||x|||||\noauthProfileName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "replaceMsgVpnAuthenticationOauthProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OAuth Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OAuth Profile object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace an OAuth Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/clientRequiredClaims": {
+      "get": {
+        "description": "Get a list of Required Claim objects.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientRequiredClaimName|x|||\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfileClientRequiredClaims",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Required Claim objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Required Claim objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Required Claim object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nclientRequiredClaimName|x|x|x||||\nclientRequiredClaimValue||x|x||||\nmsgVpnName|x|||x|||\noauthProfileName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "createMsgVpnAuthenticationOauthProfileClientRequiredClaim",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Required Claim object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaim"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Required Claim object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Required Claim object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/clientRequiredClaims/{clientRequiredClaimName}": {
+      "delete": {
+        "description": "Delete a Required Claim object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAdditional claims to be verified in the ID token.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "deleteMsgVpnAuthenticationOauthProfileClientRequiredClaim",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ID token claim to verify.",
+            "in": "path",
+            "name": "clientRequiredClaimName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Required Claim object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Required Claim object.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientRequiredClaimName|x|||\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfileClientRequiredClaim",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ID token claim to verify.",
+            "in": "path",
+            "name": "clientRequiredClaimName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Required Claim object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileClientRequiredClaimResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Required Claim object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/resourceServerRequiredClaims": {
+      "get": {
+        "description": "Get a list of Required Claim objects.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthProfileName|x|||\nresourceServerRequiredClaimName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfileResourceServerRequiredClaims",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Required Claim objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Required Claim objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Required Claim object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\noauthProfileName|x|||x|||\nresourceServerRequiredClaimName|x|x|x||||\nresourceServerRequiredClaimValue||x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "createMsgVpnAuthenticationOauthProfileResourceServerRequiredClaim",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Required Claim object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaim"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Required Claim object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Required Claim object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/resourceServerRequiredClaims/{resourceServerRequiredClaimName}": {
+      "delete": {
+        "description": "Delete a Required Claim object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAdditional claims to be verified in the access token.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "deleteMsgVpnAuthenticationOauthProfileResourceServerRequiredClaim",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the access token claim to verify.",
+            "in": "path",
+            "name": "resourceServerRequiredClaimName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Required Claim object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Required Claim object.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthProfileName|x|||\nresourceServerRequiredClaimName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.25.",
+        "operationId": "getMsgVpnAuthenticationOauthProfileResourceServerRequiredClaim",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the access token claim to verify.",
+            "in": "path",
+            "name": "resourceServerRequiredClaimName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Required Claim object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaimResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Required Claim object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProfile"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/authenticationOauthProviders": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of OAuth Provider objects.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naudienceClaimName|||x|\naudienceClaimSource|||x|\naudienceClaimValue|||x|\naudienceValidationEnabled|||x|\nauthorizationGroupClaimName|||x|\nauthorizationGroupClaimSource|||x|\nauthorizationGroupEnabled|||x|\ndisconnectOnTokenExpirationEnabled|||x|\nenabled|||x|\njwksRefreshInterval|||x|\njwksUri|||x|\nmsgVpnName|x||x|\noauthProviderName|x||x|\ntokenIgnoreTimeLimitsEnabled|||x|\ntokenIntrospectionParameterName|||x|\ntokenIntrospectionPassword||x|x|x\ntokenIntrospectionTimeout|||x|\ntokenIntrospectionUri|||x|\ntokenIntrospectionUsername|||x|\nusernameClaimName|||x|\nusernameClaimSource|||x|\nusernameValidateEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "getMsgVpnAuthenticationOauthProviders",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of OAuth Provider objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvidersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of OAuth Provider objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProvider"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "deprecated": true,
+        "description": "Create an OAuth Provider object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naudienceClaimName||||||x|\naudienceClaimSource||||||x|\naudienceClaimValue||||||x|\naudienceValidationEnabled||||||x|\nauthorizationGroupClaimName||||||x|\nauthorizationGroupClaimSource||||||x|\nauthorizationGroupEnabled||||||x|\ndisconnectOnTokenExpirationEnabled||||||x|\nenabled||||||x|\njwksRefreshInterval||||||x|\njwksUri||||||x|\nmsgVpnName|x|||x||x|\noauthProviderName|x|x|x|||x|\ntokenIgnoreTimeLimitsEnabled||||||x|\ntokenIntrospectionParameterName||||||x|\ntokenIntrospectionPassword|||||x|x|x\ntokenIntrospectionTimeout||||||x|\ntokenIntrospectionUri||||||x|\ntokenIntrospectionUsername||||||x|\nusernameClaimName||||||x|\nusernameClaimSource||||||x|\nusernameValidateEnabled||||||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "createMsgVpnAuthenticationOauthProvider",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OAuth Provider object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvider"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OAuth Provider object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an OAuth Provider object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProvider"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/authenticationOauthProviders/{oauthProviderName}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete an OAuth Provider object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "deleteMsgVpnAuthenticationOauthProvider",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth Provider.",
+            "in": "path",
+            "name": "oauthProviderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an OAuth Provider object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProvider"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "deprecated": true,
+        "description": "Get an OAuth Provider object.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\naudienceClaimName|||x|\naudienceClaimSource|||x|\naudienceClaimValue|||x|\naudienceValidationEnabled|||x|\nauthorizationGroupClaimName|||x|\nauthorizationGroupClaimSource|||x|\nauthorizationGroupEnabled|||x|\ndisconnectOnTokenExpirationEnabled|||x|\nenabled|||x|\njwksRefreshInterval|||x|\njwksUri|||x|\nmsgVpnName|x||x|\noauthProviderName|x||x|\ntokenIgnoreTimeLimitsEnabled|||x|\ntokenIntrospectionParameterName|||x|\ntokenIntrospectionPassword||x|x|x\ntokenIntrospectionTimeout|||x|\ntokenIntrospectionUri|||x|\ntokenIntrospectionUsername|||x|\nusernameClaimName|||x|\nusernameClaimSource|||x|\nusernameValidateEnabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "getMsgVpnAuthenticationOauthProvider",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth Provider.",
+            "in": "path",
+            "name": "oauthProviderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OAuth Provider object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an OAuth Provider object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProvider"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "patch": {
+        "deprecated": true,
+        "description": "Update an OAuth Provider object. Any attribute missing from the request will be left unchanged.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naudienceClaimName|||||||x|\naudienceClaimSource|||||||x|\naudienceClaimValue|||||||x|\naudienceValidationEnabled|||||||x|\nauthorizationGroupClaimName|||||||x|\nauthorizationGroupClaimSource|||||||x|\nauthorizationGroupEnabled|||||||x|\ndisconnectOnTokenExpirationEnabled|||||||x|\nenabled|||||||x|\njwksRefreshInterval|||||||x|\njwksUri|||||||x|\nmsgVpnName|x||x||||x|\noauthProviderName|x|x|||||x|\ntokenIgnoreTimeLimitsEnabled|||||||x|\ntokenIntrospectionParameterName|||||||x|\ntokenIntrospectionPassword||||x|||x|x\ntokenIntrospectionTimeout|||||||x|\ntokenIntrospectionUri|||||||x|\ntokenIntrospectionUsername|||||||x|\nusernameClaimName|||||||x|\nusernameClaimSource|||||||x|\nusernameValidateEnabled|||||||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "updateMsgVpnAuthenticationOauthProvider",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth Provider.",
+            "in": "path",
+            "name": "oauthProviderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OAuth Provider object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvider"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OAuth Provider object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update an OAuth Provider object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProvider"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "put": {
+        "deprecated": true,
+        "description": "Replace an OAuth Provider object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nOAuth Providers contain information about the issuer of an OAuth token that is needed to validate the token and derive a client username from it.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naudienceClaimName|||||||x|\naudienceClaimSource|||||||x|\naudienceClaimValue|||||||x|\naudienceValidationEnabled|||||||x|\nauthorizationGroupClaimName|||||||x|\nauthorizationGroupClaimSource|||||||x|\nauthorizationGroupEnabled|||||||x|\ndisconnectOnTokenExpirationEnabled|||||||x|\nenabled|||||||x|\njwksRefreshInterval|||||||x|\njwksUri|||||||x|\nmsgVpnName|x||x||||x|\noauthProviderName|x|x|||||x|\ntokenIgnoreTimeLimitsEnabled|||||||x|\ntokenIntrospectionParameterName|||||||x|\ntokenIntrospectionPassword||||x|||x|x\ntokenIntrospectionTimeout|||||||x|\ntokenIntrospectionUri|||||||x|\ntokenIntrospectionUsername|||||||x|\nusernameClaimName|||||||x|\nusernameClaimSource|||||||x|\nusernameValidateEnabled|||||||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.25. Replaced by authenticationOauthProfiles.",
+        "operationId": "replaceMsgVpnAuthenticationOauthProvider",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the OAuth Provider.",
+            "in": "path",
+            "name": "oauthProviderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OAuth Provider object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProvider"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OAuth Provider object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthenticationOauthProviderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace an OAuth Provider object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authenticationOauthProvider"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/authorizationGroups": {
+      "get": {
+        "description": "Get a list of Authorization Group objects.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthorizationGroupName|x|||\nmsgVpnName|x|||\norderAfterAuthorizationGroupName||x||\norderBeforeAuthorizationGroupName||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnAuthorizationGroups",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Authorization Group objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthorizationGroupsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Authorization Group objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authorizationGroup"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create an Authorization Group object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthorizationGroupName|x|x|x||||\nmsgVpnName|x|||x|||\norderAfterAuthorizationGroupName|||||x||\norderBeforeAuthorizationGroupName|||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnAuthorizationGroup|orderAfterAuthorizationGroupName||orderBeforeAuthorizationGroupName\nMsgVpnAuthorizationGroup|orderBeforeAuthorizationGroupName||orderAfterAuthorizationGroupName\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnAuthorizationGroup",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Authorization Group object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthorizationGroup"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Authorization Group object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an Authorization Group object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authorizationGroup"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/authorizationGroups/{authorizationGroupName}": {
+      "delete": {
+        "description": "Delete an Authorization Group object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnAuthorizationGroup",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
+            "in": "path",
+            "name": "authorizationGroupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an Authorization Group object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authorizationGroup"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get an Authorization Group object.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthorizationGroupName|x|||\nmsgVpnName|x|||\norderAfterAuthorizationGroupName||x||\norderBeforeAuthorizationGroupName||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnAuthorizationGroup",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
+            "in": "path",
+            "name": "authorizationGroupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Authorization Group object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an Authorization Group object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authorizationGroup"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update an Authorization Group object. Any attribute missing from the request will be left unchanged.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName||||||x||\nauthorizationGroupName|x|x||||||\nclientProfileName||||||x||\nmsgVpnName|x||x|||||\norderAfterAuthorizationGroupName||||x||||\norderBeforeAuthorizationGroupName||||x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnAuthorizationGroup|orderAfterAuthorizationGroupName||orderBeforeAuthorizationGroupName\nMsgVpnAuthorizationGroup|orderBeforeAuthorizationGroupName||orderAfterAuthorizationGroupName\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnAuthorizationGroup",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
+            "in": "path",
+            "name": "authorizationGroupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Authorization Group object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthorizationGroup"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Authorization Group object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update an Authorization Group object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authorizationGroup"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace an Authorization Group object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nTo use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName||||||x||\nauthorizationGroupName|x|x||||||\nclientProfileName||||||x||\nmsgVpnName|x||x|||||\norderAfterAuthorizationGroupName||||x||||\norderBeforeAuthorizationGroupName||||x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnAuthorizationGroup|orderAfterAuthorizationGroupName||orderBeforeAuthorizationGroupName\nMsgVpnAuthorizationGroup|orderBeforeAuthorizationGroupName||orderAfterAuthorizationGroupName\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnAuthorizationGroup",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
+            "in": "path",
+            "name": "authorizationGroupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Authorization Group object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthorizationGroup"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Authorization Group object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnAuthorizationGroupResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace an Authorization Group object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "authorizationGroup"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/bridges": {
+      "get": {
+        "description": "Get a list of Bridge objects.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\nremoteAuthenticationBasicPassword||x||x\nremoteAuthenticationClientCertContent||x||x\nremoteAuthenticationClientCertPassword||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnBridges",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Bridge objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Bridge objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Bridge object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x|x|x||||\nbridgeVirtualRouter|x|x|x||||\nmsgVpnName|x|||x|||\nremoteAuthenticationBasicPassword|||||x||x\nremoteAuthenticationClientCertContent|||||x||x\nremoteAuthenticationClientCertPassword|||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridge|remoteAuthenticationBasicClientUsername|remoteAuthenticationBasicPassword|\nMsgVpnBridge|remoteAuthenticationBasicPassword|remoteAuthenticationBasicClientUsername|\nMsgVpnBridge|remoteAuthenticationClientCertPassword|remoteAuthenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnBridge",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Bridge object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridge"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Bridge object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Bridge object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}": {
+      "delete": {
+        "description": "Delete a Bridge object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnBridge",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Bridge object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Bridge object.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\nremoteAuthenticationBasicPassword||x||x\nremoteAuthenticationClientCertContent||x||x\nremoteAuthenticationClientCertPassword||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnBridge",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Bridge object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Bridge object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Bridge object. Any attribute missing from the request will be left unchanged.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x|x||||||\nbridgeVirtualRouter|x|x||||||\nmaxTtl||||||x||\nmsgVpnName|x||x|||||\nremoteAuthenticationBasicClientUsername||||||x||\nremoteAuthenticationBasicPassword||||x||x||x\nremoteAuthenticationClientCertContent||||x||x||x\nremoteAuthenticationClientCertPassword||||x||x||\nremoteAuthenticationScheme||||||x||\nremoteDeliverToOnePriority||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridge|remoteAuthenticationBasicClientUsername|remoteAuthenticationBasicPassword|\nMsgVpnBridge|remoteAuthenticationBasicPassword|remoteAuthenticationBasicClientUsername|\nMsgVpnBridge|remoteAuthenticationClientCertPassword|remoteAuthenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnBridge",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Bridge object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridge"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Bridge object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Bridge object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Bridge object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nBridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x|x||||||\nbridgeVirtualRouter|x|x||||||\nmaxTtl||||||x||\nmsgVpnName|x||x|||||\nremoteAuthenticationBasicClientUsername||||||x||\nremoteAuthenticationBasicPassword||||x||x||x\nremoteAuthenticationClientCertContent||||x||x||x\nremoteAuthenticationClientCertPassword||||x||x||\nremoteAuthenticationScheme||||||x||\nremoteDeliverToOnePriority||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridge|remoteAuthenticationBasicClientUsername|remoteAuthenticationBasicPassword|\nMsgVpnBridge|remoteAuthenticationBasicPassword|remoteAuthenticationBasicClientUsername|\nMsgVpnBridge|remoteAuthenticationClientCertPassword|remoteAuthenticationClientCertContent|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnBridge",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Bridge object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridge"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Bridge object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Bridge object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteMsgVpns": {
+      "get": {
+        "description": "Get a list of Remote Message VPN objects.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\npassword||x||x\nremoteMsgVpnInterface|x|||\nremoteMsgVpnLocation|x|||\nremoteMsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnBridgeRemoteMsgVpns",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Remote Message VPN objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Remote Message VPN objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Remote Message VPN object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x|||x|||\nbridgeVirtualRouter|x|||x|||\nmsgVpnName|x|||x|||\npassword|||||x||x\nremoteMsgVpnInterface|x|x|||||\nremoteMsgVpnLocation|x|x|x||||\nremoteMsgVpnName|x|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridgeRemoteMsgVpn|clientUsername|password|\nMsgVpnBridgeRemoteMsgVpn|password|clientUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnBridgeRemoteMsgVpn",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Remote Message VPN object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpn"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Remote Message VPN object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Remote Message VPN object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteMsgVpns/{remoteMsgVpnName},{remoteMsgVpnLocation},{remoteMsgVpnInterface}": {
+      "delete": {
+        "description": "Delete a Remote Message VPN object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnBridgeRemoteMsgVpn",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Message VPN.",
+            "in": "path",
+            "name": "remoteMsgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+            "in": "path",
+            "name": "remoteMsgVpnLocation",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
+            "in": "path",
+            "name": "remoteMsgVpnInterface",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Remote Message VPN object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Remote Message VPN object.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\npassword||x||x\nremoteMsgVpnInterface|x|||\nremoteMsgVpnLocation|x|||\nremoteMsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnBridgeRemoteMsgVpn",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Message VPN.",
+            "in": "path",
+            "name": "remoteMsgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+            "in": "path",
+            "name": "remoteMsgVpnLocation",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
+            "in": "path",
+            "name": "remoteMsgVpnInterface",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Remote Message VPN object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Remote Message VPN object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Remote Message VPN object. Any attribute missing from the request will be left unchanged.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x||x|||||\nbridgeVirtualRouter|x||x|||||\nclientUsername||||||x||\ncompressedDataEnabled||||||x||\negressFlowWindowSize||||||x||\nmsgVpnName|x||x|||||\npassword||||x||x||x\nremoteMsgVpnInterface|x|x||||||\nremoteMsgVpnLocation|x|x||||||\nremoteMsgVpnName|x|x||||||\ntlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridgeRemoteMsgVpn|clientUsername|password|\nMsgVpnBridgeRemoteMsgVpn|password|clientUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnBridgeRemoteMsgVpn",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Message VPN.",
+            "in": "path",
+            "name": "remoteMsgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+            "in": "path",
+            "name": "remoteMsgVpnLocation",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
+            "in": "path",
+            "name": "remoteMsgVpnInterface",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Remote Message VPN object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpn"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Remote Message VPN object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Remote Message VPN object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Remote Message VPN object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x||x|||||\nbridgeVirtualRouter|x||x|||||\nclientUsername||||||x||\ncompressedDataEnabled||||||x||\negressFlowWindowSize||||||x||\nmsgVpnName|x||x|||||\npassword||||x||x||x\nremoteMsgVpnInterface|x|x||||||\nremoteMsgVpnLocation|x|x||||||\nremoteMsgVpnName|x|x||||||\ntlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnBridgeRemoteMsgVpn|clientUsername|password|\nMsgVpnBridgeRemoteMsgVpn|password|clientUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnBridgeRemoteMsgVpn",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Message VPN.",
+            "in": "path",
+            "name": "remoteMsgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+            "in": "path",
+            "name": "remoteMsgVpnLocation",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remoteMsgVpnLocation` must not be a virtual router name.",
+            "in": "path",
+            "name": "remoteMsgVpnInterface",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Remote Message VPN object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpn"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Remote Message VPN object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteMsgVpnResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Remote Message VPN object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteSubscriptions": {
+      "get": {
+        "description": "Get a list of Remote Subscription objects.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\nremoteSubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnBridgeRemoteSubscriptions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Remote Subscription objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Remote Subscription objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Remote Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x|||x|||\nbridgeVirtualRouter|x|||x|||\ndeliverAlwaysEnabled||x|x||||\nmsgVpnName|x|||x|||\nremoteSubscriptionTopic|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnBridgeRemoteSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Remote Subscription object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscription"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Remote Subscription object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Remote Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteSubscriptions/{remoteSubscriptionTopic}": {
+      "delete": {
+        "description": "Delete a Remote Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnBridgeRemoteSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic of the Bridge remote subscription.",
+            "in": "path",
+            "name": "remoteSubscriptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Remote Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Remote Subscription object.\n\nA Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x|||\nbridgeVirtualRouter|x|||\nmsgVpnName|x|||\nremoteSubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnBridgeRemoteSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic of the Bridge remote subscription.",
+            "in": "path",
+            "name": "remoteSubscriptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Remote Subscription object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeRemoteSubscriptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Remote Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/tlsTrustedCommonNames": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x||x|\nbridgeVirtualRouter|x||x|\nmsgVpnName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getMsgVpnBridgeTlsTrustedCommonNames",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNamesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Trusted Common Name objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "deprecated": true,
+        "description": "Create a Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nbridgeName|x|||x||x|\nbridgeVirtualRouter|x|||x||x|\nmsgVpnName|x|||x||x|\ntlsTrustedCommonName|x|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "createMsgVpnBridgeTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Trusted Common Name object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonName"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Trusted Common Name object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Trusted Common Name object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete a Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "deleteMsgVpnBridgeTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected trusted common name of the remote certificate.",
+            "in": "path",
+            "name": "tlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Trusted Common Name object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "deprecated": true,
+        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the Bridge are used by encrypted transports to verify the name in the certificate presented by the remote node. They must include the common name of the remote node's server certificate or client certificate, depending upon the initiator of the connection.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridgeName|x||x|\nbridgeVirtualRouter|x||x|\nmsgVpnName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.18. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getMsgVpnBridgeTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Bridge.",
+            "in": "path",
+            "name": "bridgeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the Bridge.",
+            "in": "path",
+            "name": "bridgeVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected trusted common name of the remote certificate.",
+            "in": "path",
+            "name": "tlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Trusted Common Name object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnBridgeTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Trusted Common Name object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "bridge"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/certMatchingRules": {
+      "get": {
+        "description": "Get a list of Certificate Matching Rule objects.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnCertMatchingRules",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRulesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Certificate Matching Rule object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nruleName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "createMsgVpnCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRule"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}": {
+      "delete": {
+        "description": "Delete a Certificate Matching Rule object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "deleteMsgVpnCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Certificate Matching Rule object.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "patch": {
+        "description": "Update a Certificate Matching Rule object. Any attribute missing from the request will be left unchanged.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nruleName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "updateMsgVpnCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRule"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "put": {
+        "description": "Replace a Certificate Matching Rule object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nruleName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "replaceMsgVpnCertMatchingRule",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRule"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Certificate Matching Rule object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/attributeFilters": {
+      "get": {
+        "description": "Get a list of Certificate Matching Rule Attribute Filter objects.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nfilterName|x|||\nmsgVpnName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.28.",
+        "operationId": "getMsgVpnCertMatchingRuleAttributeFilters",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule Attribute Filter objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFiltersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule Attribute Filter objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Certificate Matching Rule Attribute Filter object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nfilterName|x|x|x||||\nmsgVpnName|x|||x|||\nruleName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "createMsgVpnCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/attributeFilters/{filterName}": {
+      "delete": {
+        "description": "Delete a Certificate Matching Rule Attribute Filter object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "deleteMsgVpnCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Certificate Matching Rule Attribute Filter object.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nfilterName|x|||\nmsgVpnName|x|||\nruleName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "getMsgVpnCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "patch": {
+        "description": "Update a Certificate Matching Rule Attribute Filter object. Any attribute missing from the request will be left unchanged.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nfilterName|x|x||||||\nmsgVpnName|x||x|||||\nruleName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "updateMsgVpnCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "put": {
+        "description": "Replace a Certificate Matching Rule Attribute Filter object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nfilterName|x|x||||||\nmsgVpnName|x||x|||||\nruleName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.28.",
+        "operationId": "replaceMsgVpnCertMatchingRuleAttributeFilter",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the filter.",
+            "in": "path",
+            "name": "filterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Attribute Filter object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleAttributeFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Certificate Matching Rule Attribute Filter object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/conditions": {
+      "get": {
+        "description": "Get a list of Certificate Matching Rule Condition objects.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nruleName|x|||\nsource|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnCertMatchingRuleConditions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Certificate Matching Rule Condition objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Certificate Matching Rule Condition objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Certificate Matching Rule Condition object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nattribute||x|||||\nexpression||x|||||\nmsgVpnName|x|||x|||\nruleName|x|||x|||\nsource|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "createMsgVpnCertMatchingRuleCondition",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Certificate Matching Rule Condition object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleCondition"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Condition object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Certificate Matching Rule Condition object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/conditions/{source}": {
+      "delete": {
+        "description": "Delete a Certificate Matching Rule Condition object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "deleteMsgVpnCertMatchingRuleCondition",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Certificate field to be compared with the Attribute.",
+            "in": "path",
+            "name": "source",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Certificate Matching Rule Condition object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Certificate Matching Rule Condition object.\n\nA Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nruleName|x|||\nsource|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnCertMatchingRuleCondition",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the rule.",
+            "in": "path",
+            "name": "ruleName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Certificate field to be compared with the Attribute.",
+            "in": "path",
+            "name": "source",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Certificate Matching Rule Condition object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnCertMatchingRuleConditionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Certificate Matching Rule Condition object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "certMatchingRule"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/clientProfiles": {
+      "get": {
+        "description": "Get a list of Client Profile objects.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled|||x|\napiQueueManagementCopyFromOnCreateName|||x|\napiTopicEndpointManagementCopyFromOnCreateName|||x|\nclientProfileName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnClientProfiles",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Client Profile objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientProfilesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Client Profile objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Client Profile object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled||||||x|\napiQueueManagementCopyFromOnCreateName||||||x|\napiTopicEndpointManagementCopyFromOnCreateName||||||x|\nclientProfileName|x|x|x||||\nmsgVpnName|x|||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnClientProfileEventClientProvisionedEndpointSpoolUsageThreshold|clearPercent|setPercent|\nMsgVpnClientProfileEventClientProvisionedEndpointSpoolUsageThreshold|setPercent|clearPercent|\nMsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventEgressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventEgressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventEgressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventEgressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventIngressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventIngressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventIngressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventIngressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventSubscriptionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventSubscriptionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventSubscriptionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventSubscriptionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventTransactedSessionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventTransactedSessionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventTransactedSessionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventTransactedSessionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventTransactionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventTransactionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventTransactionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventTransactionCountThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnClientProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Profile object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Client Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/clientProfiles/{clientProfileName}": {
+      "delete": {
+        "description": "Delete a Client Profile object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnClientProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Client Profile.",
+            "in": "path",
+            "name": "clientProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Client Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Client Profile object.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled|||x|\napiQueueManagementCopyFromOnCreateName|||x|\napiTopicEndpointManagementCopyFromOnCreateName|||x|\nclientProfileName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnClientProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Client Profile.",
+            "in": "path",
+            "name": "clientProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Profile object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Client Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Client Profile object. Any attribute missing from the request will be left unchanged.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled|||||||x|\napiQueueManagementCopyFromOnCreateName|||||||x|\napiTopicEndpointManagementCopyFromOnCreateName|||||||x|\nclientProfileName|x|x||||||\nmsgVpnName|x||x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnClientProfileEventClientProvisionedEndpointSpoolUsageThreshold|clearPercent|setPercent|\nMsgVpnClientProfileEventClientProvisionedEndpointSpoolUsageThreshold|setPercent|clearPercent|\nMsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventEgressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventEgressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventEgressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventEgressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventIngressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventIngressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventIngressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventIngressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventSubscriptionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventSubscriptionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventSubscriptionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventSubscriptionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventTransactedSessionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventTransactedSessionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventTransactedSessionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventTransactedSessionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventTransactionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventTransactionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventTransactionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventTransactionCountThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnClientProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Client Profile.",
+            "in": "path",
+            "name": "clientProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Profile object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Client Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Client Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nClient Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nallowCutThroughForwardingEnabled|||||||x|\napiQueueManagementCopyFromOnCreateName|||||||x|\napiTopicEndpointManagementCopyFromOnCreateName|||||||x|\nclientProfileName|x|x||||||\nmsgVpnName|x||x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnClientProfileEventClientProvisionedEndpointSpoolUsageThreshold|clearPercent|setPercent|\nMsgVpnClientProfileEventClientProvisionedEndpointSpoolUsageThreshold|setPercent|clearPercent|\nMsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventConnectionCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventEgressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventEgressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventEgressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventEgressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventEndpointCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventIngressFlowCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventIngressFlowCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventIngressFlowCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventIngressFlowCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventServiceSmfConnectionCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventServiceWebConnectionCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventSubscriptionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventSubscriptionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventSubscriptionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventSubscriptionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventTransactedSessionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventTransactedSessionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventTransactedSessionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventTransactedSessionCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnClientProfileEventTransactionCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnClientProfileEventTransactionCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnClientProfileEventTransactionCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnClientProfileEventTransactionCountThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnClientProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Client Profile.",
+            "in": "path",
+            "name": "clientProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Profile object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Client Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/clientUsernames": {
+      "get": {
+        "description": "Get a list of Client Username objects.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientUsername|x|||\nmsgVpnName|x|||\npassword||x||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnClientUsernames",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Client Username objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientUsernamesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Client Username objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientUsername"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Client Username object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nclientUsername|x|x|x||||\nmsgVpnName|x|||x|||\npassword|||||x||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnClientUsername",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Username object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientUsername"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Username object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Client Username object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientUsername"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}": {
+      "delete": {
+        "description": "Delete a Client Username object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnClientUsername",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Client Username.",
+            "in": "path",
+            "name": "clientUsername",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Client Username object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientUsername"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Client Username object.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientUsername|x|||\nmsgVpnName|x|||\npassword||x||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnClientUsername",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Client Username.",
+            "in": "path",
+            "name": "clientUsername",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Username object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Client Username object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientUsername"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Client Username object. Any attribute missing from the request will be left unchanged.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName||||||x||\nclientProfileName||||||x||\nclientUsername|x|x||||||\nmsgVpnName|x||x|||||\npassword||||x||||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnClientUsername",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Client Username.",
+            "in": "path",
+            "name": "clientUsername",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Username object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientUsername"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Username object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Client Username object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientUsername"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Client Username object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naclProfileName||||||x||\nclientProfileName||||||x||\nclientUsername|x|x||||||\nmsgVpnName|x||x|||||\npassword||||x||||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnClientUsername",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Client Username.",
+            "in": "path",
+            "name": "clientUsername",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Username object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientUsername"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Username object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientUsernameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Client Username object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientUsername"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}/attributes": {
+      "get": {
+        "description": "Get a list of Client Username Attribute objects.\n\nA ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nattributeName|x|||\nattributeValue|x|||\nclientUsername|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnClientUsernameAttributes",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Client Username.",
+            "in": "path",
+            "name": "clientUsername",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Client Username Attribute objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientUsernameAttributesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Client Username Attribute objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientUsername"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Client Username Attribute object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nattributeName|x|x|x||||\nattributeValue|x|x|x||||\nclientUsername|x|||x|||\nmsgVpnName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "createMsgVpnClientUsernameAttribute",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Client Username.",
+            "in": "path",
+            "name": "clientUsername",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client Username Attribute object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientUsernameAttribute"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Username Attribute object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientUsernameAttributeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Client Username Attribute object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientUsername"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}/attributes/{attributeName},{attributeValue}": {
+      "delete": {
+        "description": "Delete a Client Username Attribute object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "deleteMsgVpnClientUsernameAttribute",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Client Username.",
+            "in": "path",
+            "name": "clientUsername",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Attribute.",
+            "in": "path",
+            "name": "attributeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the Attribute.",
+            "in": "path",
+            "name": "attributeValue",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Client Username Attribute object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientUsername"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Client Username Attribute object.\n\nA ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nattributeName|x|||\nattributeValue|x|||\nclientUsername|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnClientUsernameAttribute",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Client Username.",
+            "in": "path",
+            "name": "clientUsername",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Attribute.",
+            "in": "path",
+            "name": "attributeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the Attribute.",
+            "in": "path",
+            "name": "attributeValue",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Client Username Attribute object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnClientUsernameAttributeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Client Username Attribute object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "clientUsername"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches": {
+      "get": {
+        "description": "Get a list of Distributed Cache objects.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCaches",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Distributed Cache objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCachesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Distributed Cache objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Distributed Cache object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x|x||||\ncacheVirtualRouter||x|||||\nmsgVpnName|x|||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnDistributedCache|scheduledDeleteMsgDayList|scheduledDeleteMsgTimeList|\nMsgVpnDistributedCache|scheduledDeleteMsgTimeList|scheduledDeleteMsgDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDistributedCache",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Distributed Cache object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCache"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Distributed Cache object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Distributed Cache object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}": {
+      "delete": {
+        "description": "Delete a Distributed Cache object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDistributedCache",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Distributed Cache object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Distributed Cache object.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCache",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Distributed Cache object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Distributed Cache object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Distributed Cache object. Any attribute missing from the request will be left unchanged.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||||\ncacheVirtualRouter||x||||||\nmsgVpnName|x||x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnDistributedCache|scheduledDeleteMsgDayList|scheduledDeleteMsgTimeList|\nMsgVpnDistributedCache|scheduledDeleteMsgTimeList|scheduledDeleteMsgDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateMsgVpnDistributedCache",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Distributed Cache object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCache"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Distributed Cache object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Distributed Cache object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Distributed Cache object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||||\ncacheVirtualRouter||x||||||\nmsgVpnName|x||x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnDistributedCache|scheduledDeleteMsgDayList|scheduledDeleteMsgTimeList|\nMsgVpnDistributedCache|scheduledDeleteMsgTimeList|scheduledDeleteMsgDayList|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceMsgVpnDistributedCache",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Distributed Cache object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCache"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Distributed Cache object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Distributed Cache object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters": {
+      "get": {
+        "description": "Get a list of Cache Cluster objects.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusters",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Cache Cluster objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClustersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Cache Cluster objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Cache Cluster object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|||x|||\nclusterName|x|x|x||||\nmsgVpnName|x|||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnDistributedCacheClusterEventDataByteRateThreshold|clearValue|setValue|\nMsgVpnDistributedCacheClusterEventDataByteRateThreshold|setValue|clearValue|\nMsgVpnDistributedCacheClusterEventDataMsgRateThreshold|clearValue|setValue|\nMsgVpnDistributedCacheClusterEventDataMsgRateThreshold|setValue|clearValue|\nMsgVpnDistributedCacheClusterEventMaxMemoryThreshold|clearPercent|setPercent|\nMsgVpnDistributedCacheClusterEventMaxMemoryThreshold|setPercent|clearPercent|\nMsgVpnDistributedCacheClusterEventMaxTopicsThreshold|clearPercent|setPercent|\nMsgVpnDistributedCacheClusterEventMaxTopicsThreshold|setPercent|clearPercent|\nMsgVpnDistributedCacheClusterEventRequestQueueDepthThreshold|clearPercent|setPercent|\nMsgVpnDistributedCacheClusterEventRequestQueueDepthThreshold|setPercent|clearPercent|\nMsgVpnDistributedCacheClusterEventRequestRateThreshold|clearValue|setValue|\nMsgVpnDistributedCacheClusterEventRequestRateThreshold|setValue|clearValue|\nMsgVpnDistributedCacheClusterEventResponseRateThreshold|clearValue|setValue|\nMsgVpnDistributedCacheClusterEventResponseRateThreshold|setValue|clearValue|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDistributedCacheCluster",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Cache Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheCluster"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cache Cluster object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Cache Cluster object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}": {
+      "delete": {
+        "description": "Delete a Cache Cluster object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDistributedCacheCluster",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Cache Cluster object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Cache Cluster object.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheCluster",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cache Cluster object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Cache Cluster object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Cache Cluster object. Any attribute missing from the request will be left unchanged.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||||\nclusterName|x|x||||||\ndeliverToOneOverrideEnabled||||||x||\nmsgVpnName|x||x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnDistributedCacheClusterEventDataByteRateThreshold|clearValue|setValue|\nMsgVpnDistributedCacheClusterEventDataByteRateThreshold|setValue|clearValue|\nMsgVpnDistributedCacheClusterEventDataMsgRateThreshold|clearValue|setValue|\nMsgVpnDistributedCacheClusterEventDataMsgRateThreshold|setValue|clearValue|\nMsgVpnDistributedCacheClusterEventMaxMemoryThreshold|clearPercent|setPercent|\nMsgVpnDistributedCacheClusterEventMaxMemoryThreshold|setPercent|clearPercent|\nMsgVpnDistributedCacheClusterEventMaxTopicsThreshold|clearPercent|setPercent|\nMsgVpnDistributedCacheClusterEventMaxTopicsThreshold|setPercent|clearPercent|\nMsgVpnDistributedCacheClusterEventRequestQueueDepthThreshold|clearPercent|setPercent|\nMsgVpnDistributedCacheClusterEventRequestQueueDepthThreshold|setPercent|clearPercent|\nMsgVpnDistributedCacheClusterEventRequestRateThreshold|clearValue|setValue|\nMsgVpnDistributedCacheClusterEventRequestRateThreshold|setValue|clearValue|\nMsgVpnDistributedCacheClusterEventResponseRateThreshold|clearValue|setValue|\nMsgVpnDistributedCacheClusterEventResponseRateThreshold|setValue|clearValue|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateMsgVpnDistributedCacheCluster",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Cache Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheCluster"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cache Cluster object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Cache Cluster object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Cache Cluster object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||||\nclusterName|x|x||||||\ndeliverToOneOverrideEnabled||||||x||\nmsgVpnName|x||x|||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnDistributedCacheClusterEventDataByteRateThreshold|clearValue|setValue|\nMsgVpnDistributedCacheClusterEventDataByteRateThreshold|setValue|clearValue|\nMsgVpnDistributedCacheClusterEventDataMsgRateThreshold|clearValue|setValue|\nMsgVpnDistributedCacheClusterEventDataMsgRateThreshold|setValue|clearValue|\nMsgVpnDistributedCacheClusterEventMaxMemoryThreshold|clearPercent|setPercent|\nMsgVpnDistributedCacheClusterEventMaxMemoryThreshold|setPercent|clearPercent|\nMsgVpnDistributedCacheClusterEventMaxTopicsThreshold|clearPercent|setPercent|\nMsgVpnDistributedCacheClusterEventMaxTopicsThreshold|setPercent|clearPercent|\nMsgVpnDistributedCacheClusterEventRequestQueueDepthThreshold|clearPercent|setPercent|\nMsgVpnDistributedCacheClusterEventRequestQueueDepthThreshold|setPercent|clearPercent|\nMsgVpnDistributedCacheClusterEventRequestRateThreshold|clearValue|setValue|\nMsgVpnDistributedCacheClusterEventRequestRateThreshold|setValue|clearValue|\nMsgVpnDistributedCacheClusterEventResponseRateThreshold|clearValue|setValue|\nMsgVpnDistributedCacheClusterEventResponseRateThreshold|setValue|clearValue|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceMsgVpnDistributedCacheCluster",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Cache Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheCluster"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cache Cluster object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Cache Cluster object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters": {
+      "get": {
+        "description": "Get a list of Home Cache Cluster objects.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nhomeClusterName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusters",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Home Cache Cluster objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClustersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Home Cache Cluster objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Home Cache Cluster object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|||x|||\nclusterName|x|||x|||\nhomeClusterName|x|x|x||||\nmsgVpnName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDistributedCacheClusterGlobalCachingHomeCluster",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Home Cache Cluster object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeCluster"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Home Cache Cluster object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Home Cache Cluster object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}": {
+      "delete": {
+        "description": "Delete a Home Cache Cluster object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDistributedCacheClusterGlobalCachingHomeCluster",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Home Cache Cluster object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Home Cache Cluster object.\n\nA Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nhomeClusterName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeCluster",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Home Cache Cluster object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Home Cache Cluster object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}/topicPrefixes": {
+      "get": {
+        "description": "Get a list of Topic Prefix objects.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nhomeClusterName|x|||\nmsgVpnName|x|||\ntopicPrefix|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixes",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Topic Prefix objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Topic Prefix objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Topic Prefix object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|||x|||\nclusterName|x|||x|||\nhomeClusterName|x|||x|||\nmsgVpnName|x|||x|||\ntopicPrefix|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Topic Prefix object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Prefix object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Topic Prefix object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}/topicPrefixes/{topicPrefix}": {
+      "delete": {
+        "description": "Delete a Topic Prefix object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.",
+            "in": "path",
+            "name": "topicPrefix",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Topic Prefix object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Topic Prefix object.\n\nA Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nhomeClusterName|x|||\nmsgVpnName|x|||\ntopicPrefix|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the remote Home Cache Cluster.",
+            "in": "path",
+            "name": "homeClusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.",
+            "in": "path",
+            "name": "topicPrefix",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Prefix object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefixResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Topic Prefix object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances": {
+      "get": {
+        "description": "Get a list of Cache Instance objects.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\ninstanceName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterInstances",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Cache Instance objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstancesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Cache Instance objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Cache Instance object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|||x|||\nclusterName|x|||x|||\ninstanceName|x|x|x||||\nmsgVpnName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDistributedCacheClusterInstance",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Cache Instance object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstance"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cache Instance object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Cache Instance object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}": {
+      "delete": {
+        "description": "Delete a Cache Instance object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDistributedCacheClusterInstance",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Cache Instance object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Cache Instance object.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\ninstanceName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterInstance",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cache Instance object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Cache Instance object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Cache Instance object. Any attribute missing from the request will be left unchanged.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||||\nclusterName|x||x|||||\ninstanceName|x|x||||||\nmsgVpnName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateMsgVpnDistributedCacheClusterInstance",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Cache Instance object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstance"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cache Instance object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Cache Instance object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Cache Instance object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x||x|||||\nclusterName|x||x|||||\ninstanceName|x|x||||||\nmsgVpnName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceMsgVpnDistributedCacheClusterInstance",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Instance.",
+            "in": "path",
+            "name": "instanceName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Cache Instance object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstance"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Cache Instance object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterInstanceResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Cache Instance object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/topics": {
+      "get": {
+        "description": "Get a list of Topic objects.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nmsgVpnName|x|||\ntopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterTopics",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Topic objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Topic objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Topic object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|||x|||\nclusterName|x|||x|||\nmsgVpnName|x|||x|||\ntopic|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDistributedCacheClusterTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Topic object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopic"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/topics/{topic}": {
+      "delete": {
+        "description": "Delete a Topic object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDistributedCacheClusterTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the Topic in the form a/b/c.",
+            "in": "path",
+            "name": "topic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Topic object.\n\nThe Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nclusterName|x|||\nmsgVpnName|x|||\ntopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDistributedCacheClusterTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Distributed Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Cache Cluster.",
+            "in": "path",
+            "name": "clusterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The value of the Topic in the form a/b/c.",
+            "in": "path",
+            "name": "topic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDistributedCacheClusterTopicResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "distributedCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/dmrBridges": {
+      "get": {
+        "description": "Get a list of DMR Bridge objects.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDmrBridges",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of DMR Bridge objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDmrBridgesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of DMR Bridge objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "dmrBridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a DMR Bridge object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nremoteNodeName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnDmrBridge",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The DMR Bridge object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDmrBridge"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The DMR Bridge object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a DMR Bridge object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "dmrBridge"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/dmrBridges/{remoteNodeName}": {
+      "delete": {
+        "description": "Delete a DMR Bridge object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnDmrBridge",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the DMR Bridge.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a DMR Bridge object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "dmrBridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a DMR Bridge object.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nremoteNodeName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnDmrBridge",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the DMR Bridge.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The DMR Bridge object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a DMR Bridge object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "dmrBridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a DMR Bridge object. Any attribute missing from the request will be left unchanged.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nremoteNodeName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateMsgVpnDmrBridge",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the DMR Bridge.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The DMR Bridge object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDmrBridge"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The DMR Bridge object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a DMR Bridge object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "dmrBridge"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a DMR Bridge object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nremoteNodeName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceMsgVpnDmrBridge",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the node at the remote end of the DMR Bridge.",
+            "in": "path",
+            "name": "remoteNodeName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The DMR Bridge object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDmrBridge"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The DMR Bridge object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnDmrBridgeResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a DMR Bridge object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "dmrBridge"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/jndiConnectionFactories": {
+      "get": {
+        "description": "Get a list of JNDI Connection Factory objects.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.2.",
+        "operationId": "getMsgVpnJndiConnectionFactories",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of JNDI Connection Factory objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactoriesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of JNDI Connection Factory objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a JNDI Connection Factory object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|x|x||||\nmsgVpnName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "createMsgVpnJndiConnectionFactory",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI Connection Factory object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactory"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The JNDI Connection Factory object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a JNDI Connection Factory object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/jndiConnectionFactories/{connectionFactoryName}": {
+      "delete": {
+        "description": "Delete a JNDI Connection Factory object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "deleteMsgVpnJndiConnectionFactory",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the JMS Connection Factory.",
+            "in": "path",
+            "name": "connectionFactoryName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a JNDI Connection Factory object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a JNDI Connection Factory object.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getMsgVpnJndiConnectionFactory",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the JMS Connection Factory.",
+            "in": "path",
+            "name": "connectionFactoryName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The JNDI Connection Factory object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a JNDI Connection Factory object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a JNDI Connection Factory object. Any attribute missing from the request will be left unchanged.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|x||||||\nmsgVpnName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "updateMsgVpnJndiConnectionFactory",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the JMS Connection Factory.",
+            "in": "path",
+            "name": "connectionFactoryName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI Connection Factory object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactory"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The JNDI Connection Factory object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a JNDI Connection Factory object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a JNDI Connection Factory object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nconnectionFactoryName|x|x||||||\nmsgVpnName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "replaceMsgVpnJndiConnectionFactory",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the JMS Connection Factory.",
+            "in": "path",
+            "name": "connectionFactoryName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI Connection Factory object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactory"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The JNDI Connection Factory object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiConnectionFactoryResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a JNDI Connection Factory object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/jndiQueues": {
+      "get": {
+        "description": "Get a list of JNDI Queue objects.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.2.",
+        "operationId": "getMsgVpnJndiQueues",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of JNDI Queue objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiQueuesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of JNDI Queue objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a JNDI Queue object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nqueueName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "createMsgVpnJndiQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI Queue object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiQueue"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The JNDI Queue object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a JNDI Queue object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/jndiQueues/{queueName}": {
+      "delete": {
+        "description": "Delete a JNDI Queue object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "deleteMsgVpnJndiQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI name of the JMS Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a JNDI Queue object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a JNDI Queue object.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getMsgVpnJndiQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI name of the JMS Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The JNDI Queue object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a JNDI Queue object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a JNDI Queue object. Any attribute missing from the request will be left unchanged.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nqueueName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "updateMsgVpnJndiQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI name of the JMS Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI Queue object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiQueue"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The JNDI Queue object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a JNDI Queue object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a JNDI Queue object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nqueueName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "replaceMsgVpnJndiQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI name of the JMS Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI Queue object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiQueue"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The JNDI Queue object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiQueueResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a JNDI Queue object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/jndiTopics": {
+      "get": {
+        "description": "Get a list of JNDI Topic objects.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntopicName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.2.",
+        "operationId": "getMsgVpnJndiTopics",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of JNDI Topic objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiTopicsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of JNDI Topic objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a JNDI Topic object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\ntopicName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "createMsgVpnJndiTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI Topic object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiTopic"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The JNDI Topic object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a JNDI Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/jndiTopics/{topicName}": {
+      "delete": {
+        "description": "Delete a JNDI Topic object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "deleteMsgVpnJndiTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI name of the JMS Topic.",
+            "in": "path",
+            "name": "topicName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a JNDI Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a JNDI Topic object.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntopicName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "getMsgVpnJndiTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI name of the JMS Topic.",
+            "in": "path",
+            "name": "topicName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The JNDI Topic object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a JNDI Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a JNDI Topic object. Any attribute missing from the request will be left unchanged.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\ntopicName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "updateMsgVpnJndiTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI name of the JMS Topic.",
+            "in": "path",
+            "name": "topicName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI Topic object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiTopic"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The JNDI Topic object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a JNDI Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a JNDI Topic object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\ntopicName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.2.",
+        "operationId": "replaceMsgVpnJndiTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI name of the JMS Topic.",
+            "in": "path",
+            "name": "topicName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The JNDI Topic object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiTopic"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The JNDI Topic object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnJndiTopicResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a JNDI Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "jndi"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/kafkaReceivers": {
+      "get": {
+        "description": "Get a list of Kafka Receiver objects.\n\nA Kafka Receiver receives messages from a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\nauthenticationOauthClientSecret||x||x\nauthenticationScramPassword||x||x\nkafkaReceiverName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.36.",
+        "operationId": "getMsgVpnKafkaReceivers",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Kafka Receiver objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiversResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Kafka Receiver objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaReceiver"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Kafka Receiver object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Kafka Receiver receives messages from a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword|||||x||x\nauthenticationClientCertContent|||||x||x\nauthenticationClientCertPassword|||||x||\nauthenticationOauthClientSecret|||||x||x\nauthenticationScramPassword|||||x||x\nkafkaReceiverName|x|x|x||||\nmsgVpnName|x|||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnKafkaReceiver|authenticationBasicPassword|authenticationBasicUsername|\nMsgVpnKafkaReceiver|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnKafkaReceiver|authenticationScramPassword|authenticationScramUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "createMsgVpnKafkaReceiver",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Kafka Receiver object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiver"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Kafka Receiver object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiverResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Kafka Receiver object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaReceiver"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/kafkaReceivers/{kafkaReceiverName}": {
+      "delete": {
+        "description": "Delete a Kafka Receiver object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Kafka Receiver receives messages from a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "deleteMsgVpnKafkaReceiver",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Receiver.",
+            "in": "path",
+            "name": "kafkaReceiverName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Kafka Receiver object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaReceiver"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Kafka Receiver object.\n\nA Kafka Receiver receives messages from a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\nauthenticationOauthClientSecret||x||x\nauthenticationScramPassword||x||x\nkafkaReceiverName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "getMsgVpnKafkaReceiver",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Receiver.",
+            "in": "path",
+            "name": "kafkaReceiverName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Kafka Receiver object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiverResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Kafka Receiver object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaReceiver"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Kafka Receiver object. Any attribute missing from the request will be left unchanged.\n\nA Kafka Receiver receives messages from a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||x||x\nauthenticationBasicUsername||||||x||\nauthenticationClientCertContent||||x||x||x\nauthenticationClientCertPassword||||x||x||\nauthenticationOauthClientId||||||x||\nauthenticationOauthClientScope||||||x||\nauthenticationOauthClientSecret||||x||x||x\nauthenticationOauthClientTokenEndpoint||||||x||\nauthenticationScheme||||||x||\nauthenticationScramHash||||||x||\nauthenticationScramPassword||||x||x||x\nauthenticationScramUsername||||||x||\nbatchDelay||||||x||\nbatchMaxSize||||||x||\nbootstrapAddressList||||||x||\ngroupId||||||x||\ngroupKeepaliveInterval||||||x||\ngroupKeepaliveTimeout||||||x||\ngroupMembershipType||||||x||\ngroupPartitionSchemeList||||||x||\nkafkaReceiverName|x|x||||||\nmetadataTopicExcludeList||||||x||\nmetadataTopicRefreshInterval||||||x||\nmsgVpnName|x||x|||||\ntransportTlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnKafkaReceiver|authenticationBasicPassword|authenticationBasicUsername|\nMsgVpnKafkaReceiver|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnKafkaReceiver|authenticationScramPassword|authenticationScramUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "updateMsgVpnKafkaReceiver",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Receiver.",
+            "in": "path",
+            "name": "kafkaReceiverName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Kafka Receiver object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiver"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Kafka Receiver object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiverResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Kafka Receiver object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaReceiver"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Kafka Receiver object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Kafka Receiver receives messages from a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||x||x\nauthenticationBasicUsername||||||x||\nauthenticationClientCertContent||||x||x||x\nauthenticationClientCertPassword||||x||x||\nauthenticationOauthClientId||||||x||\nauthenticationOauthClientScope||||||x||\nauthenticationOauthClientSecret||||x||x||x\nauthenticationOauthClientTokenEndpoint||||||x||\nauthenticationScheme||||||x||\nauthenticationScramHash||||||x||\nauthenticationScramPassword||||x||x||x\nauthenticationScramUsername||||||x||\nbatchDelay||||||x||\nbatchMaxSize||||||x||\nbootstrapAddressList||||||x||\ngroupId||||||x||\ngroupKeepaliveInterval||||||x||\ngroupKeepaliveTimeout||||||x||\ngroupMembershipType||||||x||\ngroupPartitionSchemeList||||||x||\nkafkaReceiverName|x|x||||||\nmetadataTopicExcludeList||||||x||\nmetadataTopicRefreshInterval||||||x||\nmsgVpnName|x||x|||||\ntransportTlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnKafkaReceiver|authenticationBasicPassword|authenticationBasicUsername|\nMsgVpnKafkaReceiver|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnKafkaReceiver|authenticationScramPassword|authenticationScramUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "replaceMsgVpnKafkaReceiver",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Receiver.",
+            "in": "path",
+            "name": "kafkaReceiverName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Kafka Receiver object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiver"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Kafka Receiver object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiverResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Kafka Receiver object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaReceiver"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/kafkaReceivers/{kafkaReceiverName}/topicBindings": {
+      "get": {
+        "description": "Get a list of Topic Binding objects.\n\nA Topic Binding receives messages from a remote Kafka Topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nkafkaReceiverName|x|||\nmsgVpnName|x|||\ntopicName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.36.",
+        "operationId": "getMsgVpnKafkaReceiverTopicBindings",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Receiver.",
+            "in": "path",
+            "name": "kafkaReceiverName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Topic Binding objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiverTopicBindingsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Topic Binding objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaReceiver"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Topic Binding object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Topic Binding receives messages from a remote Kafka Topic.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nkafkaReceiverName|x|||x|||\nmsgVpnName|x|||x|||\ntopicName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "createMsgVpnKafkaReceiverTopicBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Receiver.",
+            "in": "path",
+            "name": "kafkaReceiverName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Topic Binding object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiverTopicBinding"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Binding object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiverTopicBindingResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Topic Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaReceiver"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/kafkaReceivers/{kafkaReceiverName}/topicBindings/{topicName}": {
+      "delete": {
+        "description": "Delete a Topic Binding object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Topic Binding receives messages from a remote Kafka Topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "deleteMsgVpnKafkaReceiverTopicBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Receiver.",
+            "in": "path",
+            "name": "kafkaReceiverName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic.",
+            "in": "path",
+            "name": "topicName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Topic Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaReceiver"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Topic Binding object.\n\nA Topic Binding receives messages from a remote Kafka Topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nkafkaReceiverName|x|||\nmsgVpnName|x|||\ntopicName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "getMsgVpnKafkaReceiverTopicBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Receiver.",
+            "in": "path",
+            "name": "kafkaReceiverName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic.",
+            "in": "path",
+            "name": "topicName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Binding object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiverTopicBindingResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Topic Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaReceiver"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Topic Binding object. Any attribute missing from the request will be left unchanged.\n\nA Topic Binding receives messages from a remote Kafka Topic.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ninitialOffset||||||x||\nkafkaReceiverName|x||x|||||\nlocalKey||||||x||\nlocalTopic||||||x||\nmsgVpnName|x||x|||||\ntopicName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "updateMsgVpnKafkaReceiverTopicBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Receiver.",
+            "in": "path",
+            "name": "kafkaReceiverName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic.",
+            "in": "path",
+            "name": "topicName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Topic Binding object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiverTopicBinding"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Binding object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiverTopicBindingResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Topic Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaReceiver"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Topic Binding object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Topic Binding receives messages from a remote Kafka Topic.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ninitialOffset||||||x||\nkafkaReceiverName|x||x|||||\nlocalKey||||||x||\nlocalTopic||||||x||\nmsgVpnName|x||x|||||\ntopicName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "replaceMsgVpnKafkaReceiverTopicBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Receiver.",
+            "in": "path",
+            "name": "kafkaReceiverName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic.",
+            "in": "path",
+            "name": "topicName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Topic Binding object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiverTopicBinding"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Binding object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaReceiverTopicBindingResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Topic Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaReceiver"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/kafkaSenders": {
+      "get": {
+        "description": "Get a list of Kafka Sender objects.\n\nA Kafka Sender sends messages to a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\nauthenticationOauthClientSecret||x||x\nauthenticationScramPassword||x||x\nkafkaSenderName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.36.",
+        "operationId": "getMsgVpnKafkaSenders",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Kafka Sender objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSendersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Kafka Sender objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaSender"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Kafka Sender object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Kafka Sender sends messages to a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword|||||x||x\nauthenticationClientCertContent|||||x||x\nauthenticationClientCertPassword|||||x||\nauthenticationOauthClientSecret|||||x||x\nauthenticationScramPassword|||||x||x\nkafkaSenderName|x|x|x||||\nmsgVpnName|x|||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnKafkaSender|authenticationBasicPassword|authenticationBasicUsername|\nMsgVpnKafkaSender|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnKafkaSender|authenticationScramPassword|authenticationScramUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "createMsgVpnKafkaSender",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Kafka Sender object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSender"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Kafka Sender object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSenderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Kafka Sender object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaSender"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/kafkaSenders/{kafkaSenderName}": {
+      "delete": {
+        "description": "Delete a Kafka Sender object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Kafka Sender sends messages to a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "deleteMsgVpnKafkaSender",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Sender.",
+            "in": "path",
+            "name": "kafkaSenderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Kafka Sender object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaSender"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Kafka Sender object.\n\nA Kafka Sender sends messages to a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\nauthenticationOauthClientSecret||x||x\nauthenticationScramPassword||x||x\nkafkaSenderName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "getMsgVpnKafkaSender",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Sender.",
+            "in": "path",
+            "name": "kafkaSenderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Kafka Sender object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSenderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Kafka Sender object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaSender"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Kafka Sender object. Any attribute missing from the request will be left unchanged.\n\nA Kafka Sender sends messages to a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||x||x\nauthenticationBasicUsername||||||x||\nauthenticationClientCertContent||||x||x||x\nauthenticationClientCertPassword||||x||x||\nauthenticationOauthClientId||||||x||\nauthenticationOauthClientScope||||||x||\nauthenticationOauthClientSecret||||x||x||x\nauthenticationOauthClientTokenEndpoint||||||x||\nauthenticationScheme||||||x||\nauthenticationScramHash||||||x||\nauthenticationScramPassword||||x||x||x\nauthenticationScramUsername||||||x||\nbatchDelay||||||x||\nbatchMaxMsgCount||||||x||\nbatchMaxSize||||||x||\nbootstrapAddressList||||||x||\nidempotenceEnabled||||||x||\nkafkaSenderName|x|x||||||\nmsgVpnName|x||x|||||\ntransportCompressionEnabled||||||x||\ntransportCompressionLevel||||||x||\ntransportCompressionType||||||x||\ntransportTlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnKafkaSender|authenticationBasicPassword|authenticationBasicUsername|\nMsgVpnKafkaSender|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnKafkaSender|authenticationScramPassword|authenticationScramUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "updateMsgVpnKafkaSender",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Sender.",
+            "in": "path",
+            "name": "kafkaSenderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Kafka Sender object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSender"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Kafka Sender object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSenderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Kafka Sender object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaSender"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Kafka Sender object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Kafka Sender sends messages to a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||x||x\nauthenticationBasicUsername||||||x||\nauthenticationClientCertContent||||x||x||x\nauthenticationClientCertPassword||||x||x||\nauthenticationOauthClientId||||||x||\nauthenticationOauthClientScope||||||x||\nauthenticationOauthClientSecret||||x||x||x\nauthenticationOauthClientTokenEndpoint||||||x||\nauthenticationScheme||||||x||\nauthenticationScramHash||||||x||\nauthenticationScramPassword||||x||x||x\nauthenticationScramUsername||||||x||\nbatchDelay||||||x||\nbatchMaxMsgCount||||||x||\nbatchMaxSize||||||x||\nbootstrapAddressList||||||x||\nidempotenceEnabled||||||x||\nkafkaSenderName|x|x||||||\nmsgVpnName|x||x|||||\ntransportCompressionEnabled||||||x||\ntransportCompressionLevel||||||x||\ntransportCompressionType||||||x||\ntransportTlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnKafkaSender|authenticationBasicPassword|authenticationBasicUsername|\nMsgVpnKafkaSender|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnKafkaSender|authenticationScramPassword|authenticationScramUsername|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "replaceMsgVpnKafkaSender",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Sender.",
+            "in": "path",
+            "name": "kafkaSenderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Kafka Sender object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSender"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Kafka Sender object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSenderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Kafka Sender object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaSender"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/kafkaSenders/{kafkaSenderName}/queueBindings": {
+      "get": {
+        "description": "Get a list of Queue Binding objects.\n\nA Queue Binding sends messages from a local Solace Queue to a remote Kafka topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nkafkaSenderName|x|||\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.36.",
+        "operationId": "getMsgVpnKafkaSenderQueueBindings",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Sender.",
+            "in": "path",
+            "name": "kafkaSenderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Queue Binding objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSenderQueueBindingsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Queue Binding objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaSender"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Queue Binding object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Binding sends messages from a local Solace Queue to a remote Kafka topic.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nkafkaSenderName|x|||x|||\nmsgVpnName|x|||x|||\nqueueName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "createMsgVpnKafkaSenderQueueBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Sender.",
+            "in": "path",
+            "name": "kafkaSenderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Binding object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSenderQueueBinding"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Binding object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSenderQueueBindingResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Queue Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaSender"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/kafkaSenders/{kafkaSenderName}/queueBindings/{queueName}": {
+      "delete": {
+        "description": "Delete a Queue Binding object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Binding sends messages from a local Solace Queue to a remote Kafka topic.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "deleteMsgVpnKafkaSenderQueueBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Sender.",
+            "in": "path",
+            "name": "kafkaSenderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Queue Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaSender"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Queue Binding object.\n\nA Queue Binding sends messages from a local Solace Queue to a remote Kafka topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nkafkaSenderName|x|||\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "getMsgVpnKafkaSenderQueueBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Sender.",
+            "in": "path",
+            "name": "kafkaSenderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Binding object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSenderQueueBindingResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Queue Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaSender"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Queue Binding object. Any attribute missing from the request will be left unchanged.\n\nA Queue Binding sends messages from a local Solace Queue to a remote Kafka topic.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nackMode||||||x||\nkafkaSenderName|x||x|||||\nmsgVpnName|x||x|||||\npartitionConsistentHash||||||x||\npartitionExplicitNumber||||||x||\npartitionRandomFallbackEnabled||||||x||\npartitionScheme||||||x||\nqueueName|x|x||||||\nremoteKey||||||x||\nremoteTopic||||||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "updateMsgVpnKafkaSenderQueueBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Sender.",
+            "in": "path",
+            "name": "kafkaSenderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Binding object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSenderQueueBinding"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Binding object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSenderQueueBindingResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Queue Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaSender"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Queue Binding object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Queue Binding sends messages from a local Solace Queue to a remote Kafka topic.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nackMode||||||x||\nkafkaSenderName|x||x|||||\nmsgVpnName|x||x|||||\npartitionConsistentHash||||||x||\npartitionExplicitNumber||||||x||\npartitionRandomFallbackEnabled||||||x||\npartitionScheme||||||x||\nqueueName|x|x||||||\nremoteKey||||||x||\nremoteTopic||||||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "replaceMsgVpnKafkaSenderQueueBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Kafka Sender.",
+            "in": "path",
+            "name": "kafkaSenderName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Binding object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSenderQueueBinding"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Binding object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnKafkaSenderQueueBindingResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Queue Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "kafkaSender"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/mqttRetainCaches": {
+      "get": {
+        "description": "Get a list of MQTT Retain Cache objects.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnMqttRetainCaches",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of MQTT Retain Cache objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttRetainCachesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of MQTT Retain Cache objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttRetainCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create an MQTT Retain Cache object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x|x||||\nmsgVpnName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "createMsgVpnMqttRetainCache",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT Retain Cache object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttRetainCache"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The MQTT Retain Cache object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an MQTT Retain Cache object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttRetainCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/mqttRetainCaches/{cacheName}": {
+      "delete": {
+        "description": "Delete an MQTT Retain Cache object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "deleteMsgVpnMqttRetainCache",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the MQTT Retain Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an MQTT Retain Cache object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttRetainCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get an MQTT Retain Cache object.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncacheName|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "getMsgVpnMqttRetainCache",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the MQTT Retain Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The MQTT Retain Cache object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an MQTT Retain Cache object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttRetainCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update an MQTT Retain Cache object. Any attribute missing from the request will be left unchanged.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||||\nmsgVpnName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "updateMsgVpnMqttRetainCache",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the MQTT Retain Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT Retain Cache object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttRetainCache"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The MQTT Retain Cache object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update an MQTT Retain Cache object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttRetainCache"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace an MQTT Retain Cache object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nUsing MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ncacheName|x|x||||||\nmsgVpnName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.11.",
+        "operationId": "replaceMsgVpnMqttRetainCache",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the MQTT Retain Cache.",
+            "in": "path",
+            "name": "cacheName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT Retain Cache object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttRetainCache"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The MQTT Retain Cache object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttRetainCacheResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace an MQTT Retain Cache object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttRetainCache"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/mqttSessions": {
+      "get": {
+        "description": "Get a list of MQTT Session objects.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||\nmqttSessionVirtualRouter|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnMqttSessions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of MQTT Session objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of MQTT Session objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttSession"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create an MQTT Session object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|x|x||||\nmqttSessionVirtualRouter|x|x|x||||\nmsgVpnName|x|||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnMqttSessionQueueEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "createMsgVpnMqttSession",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT Session object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSession"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The MQTT Session object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an MQTT Session object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttSession"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}": {
+      "delete": {
+        "description": "Delete an MQTT Session object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "deleteMsgVpnMqttSession",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an MQTT Session object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttSession"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get an MQTT Session object.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||\nmqttSessionVirtualRouter|x|||\nmsgVpnName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnMqttSession",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The MQTT Session object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an MQTT Session object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttSession"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update an MQTT Session object. Any attribute missing from the request will be left unchanged.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|x||||||\nmqttSessionVirtualRouter|x|x||||||\nmsgVpnName|x||x|||||\nowner||||||x||\nqueueRejectMsgToSenderOnDiscardBehavior||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnMqttSessionQueueEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "updateMsgVpnMqttSession",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT Session object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSession"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The MQTT Session object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update an MQTT Session object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttSession"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace an MQTT Session object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nAn MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|x||||||\nmqttSessionVirtualRouter|x|x||||||\nmsgVpnName|x||x|||||\nowner||||||x||\nqueueRejectMsgToSenderOnDiscardBehavior||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnMqttSessionQueueEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnMqttSessionQueueEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "replaceMsgVpnMqttSession",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT Session object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSession"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The MQTT Session object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace an MQTT Session object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttSession"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}/subscriptions": {
+      "get": {
+        "description": "Get a list of Subscription objects.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||\nmqttSessionVirtualRouter|x|||\nmsgVpnName|x|||\nsubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnMqttSessionSubscriptions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Subscription objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Subscription objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttSession"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||x|||\nmqttSessionVirtualRouter|x|||x|||\nmsgVpnName|x|||x|||\nsubscriptionTopic|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "createMsgVpnMqttSessionSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Subscription object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscription"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Subscription object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttSession"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}/subscriptions/{subscriptionTopic}": {
+      "delete": {
+        "description": "Delete a Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "deleteMsgVpnMqttSessionSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT subscription topic.",
+            "in": "path",
+            "name": "subscriptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttSession"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Subscription object.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqttSessionClientId|x|||\nmqttSessionVirtualRouter|x|||\nmsgVpnName|x|||\nsubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnMqttSessionSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT subscription topic.",
+            "in": "path",
+            "name": "subscriptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Subscription object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttSession"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Subscription object. Any attribute missing from the request will be left unchanged.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x||x|||||\nmqttSessionVirtualRouter|x||x|||||\nmsgVpnName|x||x|||||\nsubscriptionTopic|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "updateMsgVpnMqttSessionSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT subscription topic.",
+            "in": "path",
+            "name": "subscriptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Subscription object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscription"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Subscription object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttSession"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Subscription object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nAn MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmqttSessionClientId|x||x|||||\nmqttSessionVirtualRouter|x||x|||||\nmsgVpnName|x||x|||||\nsubscriptionTopic|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "replaceMsgVpnMqttSessionSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+            "in": "path",
+            "name": "mqttSessionClientId",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The virtual router of the MQTT Session.",
+            "in": "path",
+            "name": "mqttSessionVirtualRouter",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The MQTT subscription topic.",
+            "in": "path",
+            "name": "subscriptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Subscription object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscription"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Subscription object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnMqttSessionSubscriptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "mqttSession"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/proxies": {
+      "get": {
+        "description": "Get a list of Proxy objects.\n\nProxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\nmsgVpnName|x|||\nproxyName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.36.",
+        "operationId": "getMsgVpnProxies",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Proxy objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnProxiesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Proxy objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "proxy"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Proxy object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nProxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword|||||x||x\nmsgVpnName|x|||x|||\nproxyName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "createMsgVpnProxy",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Proxy object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnProxy"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Proxy object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnProxyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Proxy object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "proxy"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/proxies/{proxyName}": {
+      "delete": {
+        "description": "Delete a Proxy object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nProxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "deleteMsgVpnProxy",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the proxy.",
+            "in": "path",
+            "name": "proxyName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Proxy object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "proxy"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Proxy object.\n\nProxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||x||x\nmsgVpnName|x|||\nproxyName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "getMsgVpnProxy",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the proxy.",
+            "in": "path",
+            "name": "proxyName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Proxy object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnProxyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Proxy object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "proxy"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Proxy object. Any attribute missing from the request will be left unchanged.\n\nProxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||||x\nmsgVpnName|x||x|||||\nproxyName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "updateMsgVpnProxy",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the proxy.",
+            "in": "path",
+            "name": "proxyName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Proxy object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnProxy"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Proxy object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnProxyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Proxy object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "proxy"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Proxy object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nProxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationBasicPassword||||x||||x\nmsgVpnName|x||x|||||\nproxyName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.36.",
+        "operationId": "replaceMsgVpnProxy",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the proxy.",
+            "in": "path",
+            "name": "proxyName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Proxy object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnProxy"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Proxy object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnProxyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Proxy object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "proxy"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/queueTemplates": {
+      "get": {
+        "description": "Get a list of Queue Template objects.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueTemplateName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnQueueTemplates",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Queue Template objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueTemplatesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Queue Template objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queueTemplate"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Queue Template object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nqueueTemplateName|x|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnQueueTemplateEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueTemplateEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueTemplateEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueTemplateEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueTemplateEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "createMsgVpnQueueTemplate",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Template object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueTemplate"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Template object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Queue Template object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queueTemplate"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/queueTemplates/{queueTemplateName}": {
+      "delete": {
+        "description": "Delete a Queue Template object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "deleteMsgVpnQueueTemplate",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue Template.",
+            "in": "path",
+            "name": "queueTemplateName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Queue Template object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queueTemplate"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Queue Template object.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueTemplateName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnQueueTemplate",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue Template.",
+            "in": "path",
+            "name": "queueTemplateName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Template object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Queue Template object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queueTemplate"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "patch": {
+        "description": "Update a Queue Template object. Any attribute missing from the request will be left unchanged.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nqueueTemplateName|x|x||||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnQueueTemplateEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueTemplateEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueTemplateEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueTemplateEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueTemplateEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "updateMsgVpnQueueTemplate",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue Template.",
+            "in": "path",
+            "name": "queueTemplateName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Template object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueTemplate"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Template object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Queue Template object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queueTemplate"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "put": {
+        "description": "Replace a Queue Template object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nqueueTemplateName|x|x||||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnQueueTemplateEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueTemplateEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueTemplateEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueTemplateEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueTemplateEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueTemplateEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "replaceMsgVpnQueueTemplate",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue Template.",
+            "in": "path",
+            "name": "queueTemplateName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Template object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueTemplate"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Template object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueTemplateResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Queue Template object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queueTemplate"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/queues": {
+      "get": {
+        "description": "Get a list of Queue objects.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnQueues",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Queue objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueuesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Queue objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Queue object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nqueueName|x|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnQueueEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnQueueEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnQueueEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueue"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Queue object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/queues/{queueName}": {
+      "delete": {
+        "description": "Delete a Queue object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Queue object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Queue object.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Queue object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Queue object. Any attribute missing from the request will be left unchanged.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naccessType||||||x||\nmsgVpnName|x||x|||||\nowner||||||x||\npermission||||||x||\nqueueName|x|x||||||\nredeliveryDelayEnabled||||||x||\nredeliveryDelayInitialInterval||||||x||\nredeliveryDelayMaxInterval||||||x||\nredeliveryDelayMultiplier||||||x||\nrejectMsgToSenderOnDiscardBehavior||||||x||\nrespectMsgPriorityEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnQueueEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnQueueEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnQueueEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueue"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Queue object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Queue object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naccessType||||||x||\nmsgVpnName|x||x|||||\nowner||||||x||\npermission||||||x||\nqueueName|x|x||||||\nredeliveryDelayEnabled||||||x||\nredeliveryDelayInitialInterval||||||x||\nredeliveryDelayMaxInterval||||||x||\nredeliveryDelayMultiplier||||||x||\nrejectMsgToSenderOnDiscardBehavior||||||x||\nrespectMsgPriorityEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnQueueEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnQueueEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnQueueEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnQueueEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnQueueEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnQueueEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnQueue",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueue"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Queue object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/queues/{queueName}/subscriptions": {
+      "get": {
+        "description": "Get a list of Queue Subscription objects.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\nsubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnQueueSubscriptions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Queue Subscription objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueSubscriptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Queue Subscription objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Queue Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nqueueName|x|||x|||\nsubscriptionTopic|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnQueueSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Subscription object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueSubscription"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Subscription object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueSubscriptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Queue Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/queues/{queueName}/subscriptions/{subscriptionTopic}": {
+      "delete": {
+        "description": "Delete a Queue Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnQueueSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic of the Subscription.",
+            "in": "path",
+            "name": "subscriptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Queue Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Queue Subscription object.\n\nOne or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueName|x|||\nsubscriptionTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnQueueSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Queue.",
+            "in": "path",
+            "name": "queueName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic of the Subscription.",
+            "in": "path",
+            "name": "subscriptionTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Subscription object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnQueueSubscriptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Queue Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "queue"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/replayLogs": {
+      "get": {
+        "description": "Get a list of Replay Log objects.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplayLogName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.10.",
+        "operationId": "getMsgVpnReplayLogs",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Replay Log objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLogsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Replay Log objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replayLog"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Replay Log object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nreplayLogName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.10.",
+        "operationId": "createMsgVpnReplayLog",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Replay Log object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLog"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Replay Log object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLogResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Replay Log object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replayLog"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}": {
+      "delete": {
+        "description": "Delete a Replay Log object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.10.",
+        "operationId": "deleteMsgVpnReplayLog",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Replay Log.",
+            "in": "path",
+            "name": "replayLogName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Replay Log object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replayLog"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Replay Log object.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplayLogName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.10.",
+        "operationId": "getMsgVpnReplayLog",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Replay Log.",
+            "in": "path",
+            "name": "replayLogName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Replay Log object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLogResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Replay Log object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replayLog"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Replay Log object. Any attribute missing from the request will be left unchanged.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nreplayLogName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.10.",
+        "operationId": "updateMsgVpnReplayLog",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Replay Log.",
+            "in": "path",
+            "name": "replayLogName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Replay Log object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLog"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Replay Log object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLogResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Replay Log object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replayLog"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Replay Log object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nWhen the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nreplayLogName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.10.",
+        "operationId": "replaceMsgVpnReplayLog",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Replay Log.",
+            "in": "path",
+            "name": "replayLogName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Replay Log object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLog"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Replay Log object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLogResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Replay Log object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replayLog"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}/topicFilterSubscriptions": {
+      "get": {
+        "description": "Get a list of Topic Filter Subscription objects.\n\nOne or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplayLogName|x|||\ntopicFilterSubscription|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnReplayLogTopicFilterSubscriptions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Replay Log.",
+            "in": "path",
+            "name": "replayLogName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Topic Filter Subscription objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Topic Filter Subscription objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replayLog"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Topic Filter Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOne or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nreplayLogName|x|||x|||\ntopicFilterSubscription|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "createMsgVpnReplayLogTopicFilterSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Replay Log.",
+            "in": "path",
+            "name": "replayLogName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Topic Filter Subscription object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscription"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Filter Subscription object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Topic Filter Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replayLog"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}/topicFilterSubscriptions/{topicFilterSubscription}": {
+      "delete": {
+        "description": "Delete a Topic Filter Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nOne or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "deleteMsgVpnReplayLogTopicFilterSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Replay Log.",
+            "in": "path",
+            "name": "replayLogName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic of the Subscription.",
+            "in": "path",
+            "name": "topicFilterSubscription",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Topic Filter Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replayLog"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Topic Filter Subscription object.\n\nOne or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplayLogName|x|||\ntopicFilterSubscription|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.27.",
+        "operationId": "getMsgVpnReplayLogTopicFilterSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Replay Log.",
+            "in": "path",
+            "name": "replayLogName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic of the Subscription.",
+            "in": "path",
+            "name": "topicFilterSubscription",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Filter Subscription object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplayLogTopicFilterSubscriptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Topic Filter Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replayLog"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/replicatedTopics": {
+      "get": {
+        "description": "Get a list of Replicated Topic objects.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplicatedTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnReplicatedTopics",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Replicated Topic objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplicatedTopicsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Replicated Topic objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replicatedTopic"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Replicated Topic object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nreplicatedTopic|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "createMsgVpnReplicatedTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Replicated Topic object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplicatedTopic"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Replicated Topic object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Replicated Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replicatedTopic"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/replicatedTopics/{replicatedTopic}": {
+      "delete": {
+        "description": "Delete a Replicated Topic object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "deleteMsgVpnReplicatedTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
+            "in": "path",
+            "name": "replicatedTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Replicated Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replicatedTopic"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Replicated Topic object.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreplicatedTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnReplicatedTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
+            "in": "path",
+            "name": "replicatedTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Replicated Topic object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Replicated Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replicatedTopic"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Replicated Topic object. Any attribute missing from the request will be left unchanged.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nreplicatedTopic|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "updateMsgVpnReplicatedTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
+            "in": "path",
+            "name": "replicatedTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Replicated Topic object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplicatedTopic"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Replicated Topic object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Replicated Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replicatedTopic"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Replicated Topic object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nTo indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nreplicatedTopic|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "replaceMsgVpnReplicatedTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
+            "in": "path",
+            "name": "replicatedTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Replicated Topic object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplicatedTopic"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Replicated Topic object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnReplicatedTopicResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Replicated Topic object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "replicatedTopic"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints": {
+      "get": {
+        "description": "Get a list of REST Delivery Point objects.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnRestDeliveryPoints",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of REST Delivery Point objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of REST Delivery Point objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a REST Delivery Point object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nrestDeliveryPointName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnRestDeliveryPoint",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The REST Delivery Point object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPoint"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The REST Delivery Point object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a REST Delivery Point object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}": {
+      "delete": {
+        "description": "Delete a REST Delivery Point object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnRestDeliveryPoint",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a REST Delivery Point object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a REST Delivery Point object.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnRestDeliveryPoint",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The REST Delivery Point object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a REST Delivery Point object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a REST Delivery Point object. Any attribute missing from the request will be left unchanged.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nclientProfileName||||||x||\nmsgVpnName|x||x|||||\nrestDeliveryPointName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnRestDeliveryPoint",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The REST Delivery Point object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPoint"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The REST Delivery Point object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a REST Delivery Point object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a REST Delivery Point object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nclientProfileName||||||x||\nmsgVpnName|x||x|||||\nrestDeliveryPointName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnRestDeliveryPoint",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The REST Delivery Point object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPoint"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The REST Delivery Point object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a REST Delivery Point object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings": {
+      "get": {
+        "description": "Get a list of Queue Binding objects.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindings",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Queue Binding objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Queue Binding objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Queue Binding object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nqueueBindingName|x|x|x||||\nrestDeliveryPointName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnRestDeliveryPointQueueBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Binding object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBinding"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Binding object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Queue Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}": {
+      "delete": {
+        "description": "Delete a Queue Binding object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnRestDeliveryPointQueueBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Queue Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Queue Binding object.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Binding object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Queue Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Queue Binding object. Any attribute missing from the request will be left unchanged.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nqueueBindingName|x|x||||||\nrestDeliveryPointName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnRestDeliveryPointQueueBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Binding object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBinding"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Binding object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Queue Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Queue Binding object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\nqueueBindingName|x|x||||||\nrestDeliveryPointName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnRestDeliveryPointQueueBinding",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Queue Binding object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBinding"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Queue Binding object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Queue Binding object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/protectedRequestHeaders": {
+      "get": {
+        "description": "Get a list of Protected Request Header objects.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nheaderName|x|||\nheaderValue||x||x\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.30.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaders",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Protected Request Header objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeadersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Protected Request Header objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Protected Request Header object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nheaderName|x|x|x||||\nheaderValue|||||x||x\nmsgVpnName|x|||x|||\nqueueBindingName|x|||x|||\nrestDeliveryPointName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "createMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Protected Request Header object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Protected Request Header object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Protected Request Header object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/protectedRequestHeaders/{headerName}": {
+      "delete": {
+        "description": "Delete a Protected Request Header object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "deleteMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the protected HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Protected Request Header object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Protected Request Header object.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nheaderName|x|||\nheaderValue||x||x\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the protected HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Protected Request Header object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Protected Request Header object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "patch": {
+        "description": "Update a Protected Request Header object. Any attribute missing from the request will be left unchanged.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nheaderName|x|x||||||\nheaderValue||||x||||x\nmsgVpnName|x||x|||||\nqueueBindingName|x||x|||||\nrestDeliveryPointName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "updateMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the protected HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Protected Request Header object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Protected Request Header object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Protected Request Header object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "put": {
+        "description": "Replace a Protected Request Header object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nheaderName|x|x||||||\nheaderValue||||x||||x\nmsgVpnName|x||x|||||\nqueueBindingName|x||x|||||\nrestDeliveryPointName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.30.",
+        "operationId": "replaceMsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the protected HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Protected Request Header object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Protected Request Header object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeaderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Protected Request Header object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/requestHeaders": {
+      "get": {
+        "description": "Get a list of Request Header objects.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nheaderName|x|||\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.23.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindingRequestHeaders",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Request Header objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeadersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Request Header objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Request Header object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nheaderName|x|x|x||||\nmsgVpnName|x|||x|||\nqueueBindingName|x|||x|||\nrestDeliveryPointName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "createMsgVpnRestDeliveryPointQueueBindingRequestHeader",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Request Header object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Request Header object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Request Header object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/requestHeaders/{headerName}": {
+      "delete": {
+        "description": "Delete a Request Header object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA request header to be added to the HTTP request.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "deleteMsgVpnRestDeliveryPointQueueBindingRequestHeader",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Request Header object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Request Header object.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nheaderName|x|||\nmsgVpnName|x|||\nqueueBindingName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "getMsgVpnRestDeliveryPointQueueBindingRequestHeader",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Request Header object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Request Header object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "patch": {
+        "description": "Update a Request Header object. Any attribute missing from the request will be left unchanged.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nheaderName|x|x||||||\nmsgVpnName|x||x|||||\nqueueBindingName|x||x|||||\nrestDeliveryPointName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "updateMsgVpnRestDeliveryPointQueueBindingRequestHeader",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Request Header object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Request Header object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Request Header object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "put": {
+        "description": "Replace a Request Header object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nheaderName|x|x||||||\nmsgVpnName|x||x|||||\nqueueBindingName|x||x|||||\nrestDeliveryPointName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.23.",
+        "operationId": "replaceMsgVpnRestDeliveryPointQueueBindingRequestHeader",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of a queue in the Message VPN.",
+            "in": "path",
+            "name": "queueBindingName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the HTTP request header.",
+            "in": "path",
+            "name": "headerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Request Header object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeader"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Request Header object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointQueueBindingRequestHeaderResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Request Header object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers": {
+      "get": {
+        "description": "Get a list of REST Consumer objects.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\nauthenticationHttpBasicPassword||x||x\nauthenticationHttpHeaderValue||x||x\nauthenticationOauthClientSecret||x||x\nauthenticationOauthJwtSecretKey||x||x\nmsgVpnName|x|||\nrestConsumerName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumers",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of REST Consumer objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of REST Consumer objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a REST Consumer object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey|||||x||x\nauthenticationClientCertContent|||||x||x\nauthenticationClientCertPassword|||||x||\nauthenticationHttpBasicPassword|||||x||x\nauthenticationHttpHeaderValue|||||x||x\nauthenticationOauthClientSecret|||||x||x\nauthenticationOauthJwtSecretKey|||||x||x\nmsgVpnName|x|||x|||\nrestConsumerName|x|x|x||||\nrestDeliveryPointName|x|||x|||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnRestDeliveryPointRestConsumer|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicPassword|authenticationHttpBasicUsername|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicUsername|authenticationHttpBasicPassword|\nMsgVpnRestDeliveryPointRestConsumer|remotePort|tlsEnabled|\nMsgVpnRestDeliveryPointRestConsumer|tlsEnabled|remotePort|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnRestDeliveryPointRestConsumer",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The REST Consumer object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumer"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The REST Consumer object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a REST Consumer object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}": {
+      "delete": {
+        "description": "Delete a REST Consumer object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnRestDeliveryPointRestConsumer",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a REST Consumer object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a REST Consumer object.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey||x||x\nauthenticationClientCertContent||x||x\nauthenticationClientCertPassword||x||\nauthenticationHttpBasicPassword||x||x\nauthenticationHttpHeaderValue||x||x\nauthenticationOauthClientSecret||x||x\nauthenticationOauthJwtSecretKey||x||x\nmsgVpnName|x|||\nrestConsumerName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumer",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The REST Consumer object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a REST Consumer object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a REST Consumer object. Any attribute missing from the request will be left unchanged.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey||||x||||x\nauthenticationClientCertContent||||x||x||x\nauthenticationClientCertPassword||||x||x||\nauthenticationHttpBasicPassword||||x||x||x\nauthenticationHttpBasicUsername||||||x||\nauthenticationHttpHeaderValue||||x||||x\nauthenticationOauthClientId||||||x||\nauthenticationOauthClientScope||||||x||\nauthenticationOauthClientSecret||||x||x||x\nauthenticationOauthClientTokenEndpoint||||||x||\nauthenticationOauthClientTokenExpiryDefault||||||x||\nauthenticationOauthJwtSecretKey||||x||x||x\nauthenticationOauthJwtTokenEndpoint||||||x||\nauthenticationOauthJwtTokenExpiryDefault||||||x||\nauthenticationScheme||||||x||\nmsgVpnName|x||x|||||\noutgoingConnectionCount||||||x||\nremoteHost||||||x||\nremotePort||||||x||\nrestConsumerName|x|x||||||\nrestDeliveryPointName|x||x|||||\ntlsCipherSuiteList||||||x||\ntlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnRestDeliveryPointRestConsumer|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicPassword|authenticationHttpBasicUsername|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicUsername|authenticationHttpBasicPassword|\nMsgVpnRestDeliveryPointRestConsumer|remotePort|tlsEnabled|\nMsgVpnRestDeliveryPointRestConsumer|tlsEnabled|remotePort|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "updateMsgVpnRestDeliveryPointRestConsumer",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The REST Consumer object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumer"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The REST Consumer object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a REST Consumer object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a REST Consumer object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nREST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthenticationAwsSecretAccessKey||||x||||x\nauthenticationClientCertContent||||x||x||x\nauthenticationClientCertPassword||||x||x||\nauthenticationHttpBasicPassword||||x||x||x\nauthenticationHttpBasicUsername||||||x||\nauthenticationHttpHeaderValue||||x||||x\nauthenticationOauthClientId||||||x||\nauthenticationOauthClientScope||||||x||\nauthenticationOauthClientSecret||||x||x||x\nauthenticationOauthClientTokenEndpoint||||||x||\nauthenticationOauthClientTokenExpiryDefault||||||x||\nauthenticationOauthJwtSecretKey||||x||x||x\nauthenticationOauthJwtTokenEndpoint||||||x||\nauthenticationOauthJwtTokenExpiryDefault||||||x||\nauthenticationScheme||||||x||\nmsgVpnName|x||x|||||\noutgoingConnectionCount||||||x||\nremoteHost||||||x||\nremotePort||||||x||\nrestConsumerName|x|x||||||\nrestDeliveryPointName|x||x|||||\ntlsCipherSuiteList||||||x||\ntlsEnabled||||||x||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnRestDeliveryPointRestConsumer|authenticationClientCertPassword|authenticationClientCertContent|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicPassword|authenticationHttpBasicUsername|\nMsgVpnRestDeliveryPointRestConsumer|authenticationHttpBasicUsername|authenticationHttpBasicPassword|\nMsgVpnRestDeliveryPointRestConsumer|remotePort|tlsEnabled|\nMsgVpnRestDeliveryPointRestConsumer|tlsEnabled|remotePort|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "replaceMsgVpnRestDeliveryPointRestConsumer",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The REST Consumer object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumer"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The REST Consumer object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a REST Consumer object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/oauthJwtClaims": {
+      "get": {
+        "description": "Get a list of Claim objects.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthJwtClaimName|x|||\nrestConsumerName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.21.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumerOauthJwtClaims",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Claim objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Claim objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Claim object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\noauthJwtClaimName|x|x|x||||\noauthJwtClaimValue||x|x||||\nrestConsumerName|x|||x|||\nrestDeliveryPointName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "operationId": "createMsgVpnRestDeliveryPointRestConsumerOauthJwtClaim",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Claim object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaim"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Claim object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Claim object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/oauthJwtClaims/{oauthJwtClaimName}": {
+      "delete": {
+        "description": "Delete a Claim object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "operationId": "deleteMsgVpnRestDeliveryPointRestConsumerOauthJwtClaim",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the additional claim. Cannot be \"exp\", \"iat\", or \"jti\".",
+            "in": "path",
+            "name": "oauthJwtClaimName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Claim object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Claim object.\n\nA Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthJwtClaimName|x|||\nrestConsumerName|x|||\nrestDeliveryPointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.21.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumerOauthJwtClaim",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the additional claim. Cannot be \"exp\", \"iat\", or \"jti\".",
+            "in": "path",
+            "name": "oauthJwtClaimName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Claim object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaimResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Claim object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/tlsTrustedCommonNames": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a list of Trusted Common Name objects.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|\nrestConsumerName|x||x|\nrestDeliveryPointName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNames",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Trusted Common Name objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNamesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Trusted Common Name objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "deprecated": true,
+        "description": "Create a Trusted Common Name object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x||x|\nrestConsumerName|x|||x||x|\nrestDeliveryPointName|x|||x||x|\ntlsTrustedCommonName|x|x|x|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "createMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Trusted Common Name object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Trusted Common Name object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Trusted Common Name object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/tlsTrustedCommonNames/{tlsTrustedCommonName}": {
+      "delete": {
+        "deprecated": true,
+        "description": "Delete a Trusted Common Name object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "deleteMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected trusted common name of the remote certificate.",
+            "in": "path",
+            "name": "tlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Trusted Common Name object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "deprecated": true,
+        "description": "Get a Trusted Common Name object.\n\nThe Trusted Common Names for the REST Consumer are used by encrypted transports to verify the name in the certificate presented by the remote REST consumer. They must include the common name of the remote REST consumer's server certificate.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|\nrestConsumerName|x||x|\nrestDeliveryPointName|x||x|\ntlsTrustedCommonName|x||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been deprecated since 2.17. Common Name validation has been replaced by Server Certificate Name validation.",
+        "operationId": "getMsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonName",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Delivery Point.",
+            "in": "path",
+            "name": "restDeliveryPointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the REST Consumer.",
+            "in": "path",
+            "name": "restConsumerName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The expected trusted common name of the remote certificate.",
+            "in": "path",
+            "name": "tlsTrustedCommonName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Trusted Common Name object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnRestDeliveryPointRestConsumerTlsTrustedCommonNameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Trusted Common Name object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "restDeliveryPoint"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/sequencedTopics": {
+      "get": {
+        "description": "Get a list of Sequenced Topic objects.\n\nA Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nsequencedTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnSequencedTopics",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Sequenced Topic objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnSequencedTopicsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Sequenced Topic objects.",
+        "tags": [
+          "all",
+          "msgVpn"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Sequenced Topic object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nsequencedTopic|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "createMsgVpnSequencedTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Sequenced Topic object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnSequencedTopic"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Sequenced Topic object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnSequencedTopicResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Sequenced Topic object.",
+        "tags": [
+          "all",
+          "msgVpn"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/sequencedTopics/{sequencedTopic}": {
+      "delete": {
+        "description": "Delete a Sequenced Topic object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "deleteMsgVpnSequencedTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Topic for applying sequence numbers.",
+            "in": "path",
+            "name": "sequencedTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Sequenced Topic object.",
+        "tags": [
+          "all",
+          "msgVpn"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Sequenced Topic object.\n\nA Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nsequencedTopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.0.",
+        "operationId": "getMsgVpnSequencedTopic",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Topic for applying sequence numbers.",
+            "in": "path",
+            "name": "sequencedTopic",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Sequenced Topic object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnSequencedTopicResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Sequenced Topic object.",
+        "tags": [
+          "all",
+          "msgVpn"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/telemetryProfiles": {
+      "get": {
+        "description": "Get a list of Telemetry Profile objects.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntelemetryProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfiles",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Telemetry Profile objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfilesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Telemetry Profile objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Telemetry Profile object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\ntelemetryProfileName|x|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnTelemetryProfileQueueEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTelemetryProfileQueueEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTelemetryProfileQueueEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTelemetryProfileQueueEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "createMsgVpnTelemetryProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Telemetry Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Telemetry Profile object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Telemetry Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}": {
+      "delete": {
+        "description": "Delete a Telemetry Profile object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "deleteMsgVpnTelemetryProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Telemetry Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Telemetry Profile object.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntelemetryProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Telemetry Profile object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Telemetry Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Telemetry Profile object. Any attribute missing from the request will be left unchanged.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\ntelemetryProfileName|x|x||||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnTelemetryProfileQueueEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTelemetryProfileQueueEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTelemetryProfileQueueEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTelemetryProfileQueueEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "updateMsgVpnTelemetryProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Telemetry Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Telemetry Profile object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Telemetry Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Telemetry Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nUsing the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\ntelemetryProfileName|x|x||||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnTelemetryProfileQueueEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTelemetryProfileQueueEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTelemetryProfileQueueEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTelemetryProfileQueueEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTelemetryProfileQueueEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTelemetryProfileReceiverEventConnectionCountPerClientUsernameThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "replaceMsgVpnTelemetryProfile",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Telemetry Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Telemetry Profile object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Telemetry Profile object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/receiverAclConnectExceptions": {
+      "get": {
+        "description": "Get a list of Receiver ACL Connect Exception objects.\n\nA Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreceiverAclConnectExceptionAddress|x|||\ntelemetryProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileReceiverAclConnectExceptions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Receiver ACL Connect Exception objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Receiver ACL Connect Exception objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Receiver ACL Connect Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nreceiverAclConnectExceptionAddress|x|x|x||||\ntelemetryProfileName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "createMsgVpnTelemetryProfileReceiverAclConnectException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Receiver ACL Connect Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Receiver ACL Connect Exception object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Receiver ACL Connect Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/receiverAclConnectExceptions/{receiverAclConnectExceptionAddress}": {
+      "delete": {
+        "description": "Delete a Receiver ACL Connect Exception object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "deleteMsgVpnTelemetryProfileReceiverAclConnectException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The IP address/netmask of the receiver connect exception in CIDR form.",
+            "in": "path",
+            "name": "receiverAclConnectExceptionAddress",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Receiver ACL Connect Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Receiver ACL Connect Exception object.\n\nA Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nreceiverAclConnectExceptionAddress|x|||\ntelemetryProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileReceiverAclConnectException",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The IP address/netmask of the receiver connect exception in CIDR form.",
+            "in": "path",
+            "name": "receiverAclConnectExceptionAddress",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Receiver ACL Connect Exception object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileReceiverAclConnectExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Receiver ACL Connect Exception object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters": {
+      "get": {
+        "description": "Get a list of Trace Filter objects.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntelemetryProfileName|x|||\ntraceFilterName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileTraceFilters",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Trace Filter objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFiltersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Trace Filter objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Trace Filter object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\ntelemetryProfileName|x|||x|||\ntraceFilterName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "createMsgVpnTelemetryProfileTraceFilter",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Trace Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Trace Filter object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Trace Filter object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters/{traceFilterName}": {
+      "delete": {
+        "description": "Delete a Trace Filter object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "deleteMsgVpnTelemetryProfileTraceFilter",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+            "in": "path",
+            "name": "traceFilterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Trace Filter object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Trace Filter object.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntelemetryProfileName|x|||\ntraceFilterName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileTraceFilter",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+            "in": "path",
+            "name": "traceFilterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Trace Filter object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Trace Filter object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Trace Filter object. Any attribute missing from the request will be left unchanged.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\ntelemetryProfileName|x||x|||||\ntraceFilterName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "updateMsgVpnTelemetryProfileTraceFilter",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+            "in": "path",
+            "name": "traceFilterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Trace Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Trace Filter object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Trace Filter object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Trace Filter object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\ntelemetryProfileName|x||x|||||\ntraceFilterName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "replaceMsgVpnTelemetryProfileTraceFilter",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+            "in": "path",
+            "name": "traceFilterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Trace Filter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Trace Filter object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Trace Filter object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters/{traceFilterName}/subscriptions": {
+      "get": {
+        "description": "Get a list of Telemetry Trace Filter Subscription objects.\n\nTrace filter subscriptions control which messages will be attracted by the tracing filter.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nsubscription|x|||\nsubscriptionSyntax|x|||\ntelemetryProfileName|x|||\ntraceFilterName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileTraceFilterSubscriptions",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+            "in": "path",
+            "name": "traceFilterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Telemetry Trace Filter Subscription objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Telemetry Trace Filter Subscription objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Telemetry Trace Filter Subscription object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTrace filter subscriptions control which messages will be attracted by the tracing filter.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\nsubscription|x|x|x||||\nsubscriptionSyntax|x|x|x||||\ntelemetryProfileName|x|||x|||\ntraceFilterName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "createMsgVpnTelemetryProfileTraceFilterSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+            "in": "path",
+            "name": "traceFilterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Telemetry Trace Filter Subscription object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscription"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Telemetry Trace Filter Subscription object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Telemetry Trace Filter Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters/{traceFilterName}/subscriptions/{subscription},{subscriptionSyntax}": {
+      "delete": {
+        "description": "Delete a Telemetry Trace Filter Subscription object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nTrace filter subscriptions control which messages will be attracted by the tracing filter.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "deleteMsgVpnTelemetryProfileTraceFilterSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+            "in": "path",
+            "name": "traceFilterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Messages matching this subscription will follow this filter's configuration.",
+            "in": "path",
+            "name": "subscription",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the trace filter subscription.",
+            "in": "path",
+            "name": "subscriptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Telemetry Trace Filter Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Telemetry Trace Filter Subscription object.\n\nTrace filter subscriptions control which messages will be attracted by the tracing filter.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\nsubscription|x|||\nsubscriptionSyntax|x|||\ntelemetryProfileName|x|||\ntraceFilterName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.31.",
+        "operationId": "getMsgVpnTelemetryProfileTraceFilterSubscription",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Telemetry Profile.",
+            "in": "path",
+            "name": "telemetryProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+            "in": "path",
+            "name": "traceFilterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Messages matching this subscription will follow this filter's configuration.",
+            "in": "path",
+            "name": "subscription",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The syntax of the trace filter subscription.",
+            "in": "path",
+            "name": "subscriptionSyntax",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Telemetry Trace Filter Subscription object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTelemetryProfileTraceFilterSubscriptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Telemetry Trace Filter Subscription object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "telemetryProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/topicEndpointTemplates": {
+      "get": {
+        "description": "Get a list of Topic Endpoint Template objects.\n\nA Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntopicEndpointTemplateName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnTopicEndpointTemplates",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Topic Endpoint Template objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointTemplatesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Topic Endpoint Template objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpointTemplate"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Topic Endpoint Template object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\ntopicEndpointTemplateName|x|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnTopicEndpointTemplateEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "createMsgVpnTopicEndpointTemplate",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Topic Endpoint Template object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Endpoint Template object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointTemplateResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Topic Endpoint Template object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpointTemplate"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/topicEndpointTemplates/{topicEndpointTemplateName}": {
+      "delete": {
+        "description": "Delete a Topic Endpoint Template object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "deleteMsgVpnTopicEndpointTemplate",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic Endpoint Template.",
+            "in": "path",
+            "name": "topicEndpointTemplateName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Topic Endpoint Template object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpointTemplate"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Topic Endpoint Template object.\n\nA Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntopicEndpointTemplateName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "getMsgVpnTopicEndpointTemplate",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic Endpoint Template.",
+            "in": "path",
+            "name": "topicEndpointTemplateName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Endpoint Template object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointTemplateResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Topic Endpoint Template object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpointTemplate"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "patch": {
+        "description": "Update a Topic Endpoint Template object. Any attribute missing from the request will be left unchanged.\n\nA Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\ntopicEndpointTemplateName|x|x||||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnTopicEndpointTemplateEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "updateMsgVpnTopicEndpointTemplate",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic Endpoint Template.",
+            "in": "path",
+            "name": "topicEndpointTemplateName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Topic Endpoint Template object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Endpoint Template object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointTemplateResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Topic Endpoint Template object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpointTemplate"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "put": {
+        "description": "Replace a Topic Endpoint Template object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x||x|||||\ntopicEndpointTemplateName|x|x||||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnTopicEndpointTemplateEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventMsgSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointTemplateEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.14.",
+        "operationId": "replaceMsgVpnTopicEndpointTemplate",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic Endpoint Template.",
+            "in": "path",
+            "name": "topicEndpointTemplateName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Topic Endpoint Template object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointTemplate"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Endpoint Template object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointTemplateResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Topic Endpoint Template object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpointTemplate"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/msgVpns/{msgVpnName}/topicEndpoints": {
+      "get": {
+        "description": "Get a list of Topic Endpoint objects.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntopicEndpointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnTopicEndpoints",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Topic Endpoint objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Topic Endpoint objects.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Topic Endpoint object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|||x|||\ntopicEndpointName|x|x|x||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnTopicEndpointEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointEventSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointEventSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "createMsgVpnTopicEndpoint",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Topic Endpoint object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpoint"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Endpoint object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Topic Endpoint object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpoint"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/msgVpns/{msgVpnName}/topicEndpoints/{topicEndpointName}": {
+      "delete": {
+        "description": "Delete a Topic Endpoint object. The deletion of instances of this object are synchronized to HA mates and replication sites via config-sync.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "deleteMsgVpnTopicEndpoint",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic Endpoint.",
+            "in": "path",
+            "name": "topicEndpointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Topic Endpoint object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Topic Endpoint object.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\ntopicEndpointName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "getMsgVpnTopicEndpoint",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic Endpoint.",
+            "in": "path",
+            "name": "topicEndpointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Endpoint object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Topic Endpoint object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Topic Endpoint object. Any attribute missing from the request will be left unchanged.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naccessType||||||x||\nmsgVpnName|x||x|||||\nowner||||||x||\npermission||||||x||\nredeliveryDelayEnabled||||||x||\nredeliveryDelayInitialInterval||||||x||\nredeliveryDelayMaxInterval||||||x||\nredeliveryDelayMultiplier||||||x||\nrejectMsgToSenderOnDiscardBehavior||||||x||\nrespectMsgPriorityEnabled||||||x||\ntopicEndpointName|x|x||||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnTopicEndpointEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointEventSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointEventSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "updateMsgVpnTopicEndpoint",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic Endpoint.",
+            "in": "path",
+            "name": "topicEndpointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Topic Endpoint object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpoint"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Endpoint object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Topic Endpoint object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpoint"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Topic Endpoint object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\naccessType||||||x||\nmsgVpnName|x||x|||||\nowner||||||x||\npermission||||||x||\nredeliveryDelayEnabled||||||x||\nredeliveryDelayInitialInterval||||||x||\nredeliveryDelayMaxInterval||||||x||\nredeliveryDelayMultiplier||||||x||\nrejectMsgToSenderOnDiscardBehavior||||||x||\nrespectMsgPriorityEnabled||||||x||\ntopicEndpointName|x|x||||||\n\n\n\nThe following attributes in the request may only be provided in certain combinations with other attributes:\n\n\nClass|Attribute|Requires|Conflicts\n:---|:---|:---|:---\nMsgVpnTopicEndpointEventBindCountThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointEventBindCountThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventBindCountThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointEventBindCountThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointEventRejectLowPriorityMsgLimitThreshold|setValue|clearValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventSpoolUsageThreshold|clearPercent|setPercent|clearValue, setValue\nMsgVpnTopicEndpointEventSpoolUsageThreshold|clearValue|setValue|clearPercent, setPercent\nMsgVpnTopicEndpointEventSpoolUsageThreshold|setPercent|clearPercent|clearValue, setValue\nMsgVpnTopicEndpointEventSpoolUsageThreshold|setValue|clearValue|clearPercent, setPercent\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-write\" is required to perform this operation.\n\nThis has been available since 2.1.",
+        "operationId": "replaceMsgVpnTopicEndpoint",
+        "parameters": [
+          {
+            "description": "The name of the Message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the Topic Endpoint.",
+            "in": "path",
+            "name": "topicEndpointName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Topic Endpoint object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpoint"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Topic Endpoint object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/MsgVpnTopicEndpointResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Topic Endpoint object.",
+        "tags": [
+          "all",
+          "msgVpn",
+          "topicEndpoint"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles": {
+      "get": {
+        "description": "Get a list of OAuth Profile objects.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientSecret||x||x\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfiles",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of OAuth Profile objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfilesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of OAuth Profile objects.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create an OAuth Profile object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nclientSecret|||||x||x\noauthProfileName|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "createOauthProfile",
+        "parameters": [
+          {
+            "description": "The OAuth Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OAuth Profile object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an OAuth Profile object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}": {
+      "delete": {
+        "description": "Delete an OAuth Profile object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "deleteOauthProfile",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an OAuth Profile object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get an OAuth Profile object.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientSecret||x||x\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfile",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OAuth Profile object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an OAuth Profile object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update an OAuth Profile object. Any attribute missing from the request will be left unchanged.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nclientSecret||||x||||x\noauthProfileName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\naccessLevelGroupsClaimName|global/admin\naccessLevelGroupsClaimStringFormat|global/admin\nclientId|global/admin\nclientRedirectUri|global/admin\nclientRequiredType|global/admin\nclientScope|global/admin\nclientSecret|global/admin\nclientValidateTypeEnabled|global/admin\ndefaultGlobalAccessLevel|global/admin\ndisplayName|global/admin\nenabled|global/admin\nendpointAuthorization|global/admin\nendpointDiscovery|global/admin\nendpointDiscoveryRefreshInterval|global/admin\nendpointIntrospection|global/admin\nendpointIntrospectionTimeout|global/admin\nendpointJwks|global/admin\nendpointJwksRefreshInterval|global/admin\nendpointToken|global/admin\nendpointTokenTimeout|global/admin\nendpointUserinfo|global/admin\nendpointUserinfoTimeout|global/admin\ninteractiveEnabled|global/admin\ninteractivePromptForExpiredSession|global/admin\ninteractivePromptForNewSession|global/admin\nissuer|global/admin\noauthRole|global/admin\nresourceServerParseAccessTokenEnabled|global/admin\nresourceServerRequiredAudience|global/admin\nresourceServerRequiredIssuer|global/admin\nresourceServerRequiredScope|global/admin\nresourceServerRequiredType|global/admin\nresourceServerValidateAudienceEnabled|global/admin\nresourceServerValidateIssuerEnabled|global/admin\nresourceServerValidateScopeEnabled|global/admin\nresourceServerValidateTypeEnabled|global/admin\nsempEnabled|global/admin\nusernameClaimName|global/admin\n\n\n\nThis has been available since 2.24.",
+        "operationId": "updateOauthProfile",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OAuth Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OAuth Profile object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update an OAuth Profile object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace an OAuth Profile object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nOAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nclientSecret||||x||||x\noauthProfileName|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\naccessLevelGroupsClaimName|global/admin\naccessLevelGroupsClaimStringFormat|global/admin\nclientId|global/admin\nclientRedirectUri|global/admin\nclientRequiredType|global/admin\nclientScope|global/admin\nclientSecret|global/admin\nclientValidateTypeEnabled|global/admin\ndefaultGlobalAccessLevel|global/admin\ndisplayName|global/admin\nenabled|global/admin\nendpointAuthorization|global/admin\nendpointDiscovery|global/admin\nendpointDiscoveryRefreshInterval|global/admin\nendpointIntrospection|global/admin\nendpointIntrospectionTimeout|global/admin\nendpointJwks|global/admin\nendpointJwksRefreshInterval|global/admin\nendpointToken|global/admin\nendpointTokenTimeout|global/admin\nendpointUserinfo|global/admin\nendpointUserinfoTimeout|global/admin\ninteractiveEnabled|global/admin\ninteractivePromptForExpiredSession|global/admin\ninteractivePromptForNewSession|global/admin\nissuer|global/admin\noauthRole|global/admin\nresourceServerParseAccessTokenEnabled|global/admin\nresourceServerRequiredAudience|global/admin\nresourceServerRequiredIssuer|global/admin\nresourceServerRequiredScope|global/admin\nresourceServerRequiredType|global/admin\nresourceServerValidateAudienceEnabled|global/admin\nresourceServerValidateIssuerEnabled|global/admin\nresourceServerValidateScopeEnabled|global/admin\nresourceServerValidateTypeEnabled|global/admin\nsempEnabled|global/admin\nusernameClaimName|global/admin\n\n\n\nThis has been available since 2.24.",
+        "operationId": "replaceOauthProfile",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The OAuth Profile object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfile"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The OAuth Profile object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace an OAuth Profile object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/accessLevelGroups": {
+      "get": {
+        "description": "Get a list of Group Access Level objects.\n\nThe name of a group as it exists on the OAuth server being used to authenticate SEMP users.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ngroupName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileAccessLevelGroups",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Group Access Level objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Group Access Level objects.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Group Access Level object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nThe name of a group as it exists on the OAuth server being used to authenticate SEMP users.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ngroupName|x|x|x||||\noauthProfileName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nglobalAccessLevel|global/admin\n\n\n\nThis has been available since 2.24.",
+        "operationId": "createOauthProfileAccessLevelGroup",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Group Access Level object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroup"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Group Access Level object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Group Access Level object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/accessLevelGroups/{groupName}": {
+      "delete": {
+        "description": "Delete a Group Access Level object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nThe name of a group as it exists on the OAuth server being used to authenticate SEMP users.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "deleteOauthProfileAccessLevelGroup",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the group.",
+            "in": "path",
+            "name": "groupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Group Access Level object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Group Access Level object.\n\nThe name of a group as it exists on the OAuth server being used to authenticate SEMP users.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ngroupName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileAccessLevelGroup",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the group.",
+            "in": "path",
+            "name": "groupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Group Access Level object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Group Access Level object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Group Access Level object. Any attribute missing from the request will be left unchanged.\n\nThe name of a group as it exists on the OAuth server being used to authenticate SEMP users.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ngroupName|x|x||||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nglobalAccessLevel|global/admin\n\n\n\nThis has been available since 2.24.",
+        "operationId": "updateOauthProfileAccessLevelGroup",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the group.",
+            "in": "path",
+            "name": "groupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Group Access Level object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroup"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Group Access Level object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Group Access Level object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Group Access Level object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nThe name of a group as it exists on the OAuth server being used to authenticate SEMP users.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ngroupName|x|x||||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nglobalAccessLevel|global/admin\n\n\n\nThis has been available since 2.24.",
+        "operationId": "replaceOauthProfileAccessLevelGroup",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the group.",
+            "in": "path",
+            "name": "groupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Group Access Level object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroup"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Group Access Level object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Group Access Level object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/accessLevelGroups/{groupName}/msgVpnAccessLevelExceptions": {
+      "get": {
+        "description": "Get a list of Message VPN Access-Level Exception objects.\n\nMessage VPN access-level exceptions for members of this group.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ngroupName|x|||\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileAccessLevelGroupMsgVpnAccessLevelExceptions",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the group.",
+            "in": "path",
+            "name": "groupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Message VPN Access-Level Exception objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Message VPN Access-Level Exception objects.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Message VPN Access-Level Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nMessage VPN access-level exceptions for members of this group.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ngroupName|x|||x|||\nmsgVpnName|x|x|x||||\noauthProfileName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "createOauthProfileAccessLevelGroupMsgVpnAccessLevelException",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the group.",
+            "in": "path",
+            "name": "groupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Message VPN Access-Level Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Message VPN Access-Level Exception object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Message VPN Access-Level Exception object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/accessLevelGroups/{groupName}/msgVpnAccessLevelExceptions/{msgVpnName}": {
+      "delete": {
+        "description": "Delete a Message VPN Access-Level Exception object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nMessage VPN access-level exceptions for members of this group.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "deleteOauthProfileAccessLevelGroupMsgVpnAccessLevelException",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the group.",
+            "in": "path",
+            "name": "groupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Message VPN Access-Level Exception object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Message VPN Access-Level Exception object.\n\nMessage VPN access-level exceptions for members of this group.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ngroupName|x|||\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileAccessLevelGroupMsgVpnAccessLevelException",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the group.",
+            "in": "path",
+            "name": "groupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Message VPN Access-Level Exception object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Message VPN Access-Level Exception object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Message VPN Access-Level Exception object. Any attribute missing from the request will be left unchanged.\n\nMessage VPN access-level exceptions for members of this group.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ngroupName|x||x|||||\nmsgVpnName|x|x||||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "updateOauthProfileAccessLevelGroupMsgVpnAccessLevelException",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the group.",
+            "in": "path",
+            "name": "groupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Message VPN Access-Level Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Message VPN Access-Level Exception object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Message VPN Access-Level Exception object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Message VPN Access-Level Exception object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nMessage VPN access-level exceptions for members of this group.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\ngroupName|x||x|||||\nmsgVpnName|x|x||||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "replaceOauthProfileAccessLevelGroupMsgVpnAccessLevelException",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the group.",
+            "in": "path",
+            "name": "groupName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Message VPN Access-Level Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Message VPN Access-Level Exception object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileAccessLevelGroupMsgVpnAccessLevelExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Message VPN Access-Level Exception object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/clientAllowedHosts": {
+      "get": {
+        "description": "Get a list of Allowed Host Value objects.\n\nA valid hostname for this broker in OAuth redirects.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nallowedHost|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileClientAllowedHosts",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Allowed Host Value objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientAllowedHostsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Allowed Host Value objects.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create an Allowed Host Value object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA valid hostname for this broker in OAuth redirects.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nallowedHost|x|x|x||||\noauthProfileName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "createOauthProfileClientAllowedHost",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Allowed Host Value object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientAllowedHost"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Allowed Host Value object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientAllowedHostResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an Allowed Host Value object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/clientAllowedHosts/{allowedHost}": {
+      "delete": {
+        "description": "Delete an Allowed Host Value object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA valid hostname for this broker in OAuth redirects.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "deleteOauthProfileClientAllowedHost",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "An allowed value for the Host header.",
+            "in": "path",
+            "name": "allowedHost",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an Allowed Host Value object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get an Allowed Host Value object.\n\nA valid hostname for this broker in OAuth redirects.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nallowedHost|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileClientAllowedHost",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "An allowed value for the Host header.",
+            "in": "path",
+            "name": "allowedHost",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Allowed Host Value object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientAllowedHostResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an Allowed Host Value object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/clientAuthorizationParameters": {
+      "get": {
+        "description": "Get a list of Authorization Parameter objects.\n\nAdditional parameters to be passed to the OAuth authorization endpoint.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthorizationParameterName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileClientAuthorizationParameters",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Authorization Parameter objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientAuthorizationParametersResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Authorization Parameter objects.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create an Authorization Parameter object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nAdditional parameters to be passed to the OAuth authorization endpoint.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthorizationParameterName|x|x|x||||\noauthProfileName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "createOauthProfileClientAuthorizationParameter",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Authorization Parameter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Authorization Parameter object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientAuthorizationParameterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create an Authorization Parameter object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/clientAuthorizationParameters/{authorizationParameterName}": {
+      "delete": {
+        "description": "Delete an Authorization Parameter object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nAdditional parameters to be passed to the OAuth authorization endpoint.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "deleteOauthProfileClientAuthorizationParameter",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the authorization parameter.",
+            "in": "path",
+            "name": "authorizationParameterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete an Authorization Parameter object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get an Authorization Parameter object.\n\nAdditional parameters to be passed to the OAuth authorization endpoint.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthorizationParameterName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileClientAuthorizationParameter",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the authorization parameter.",
+            "in": "path",
+            "name": "authorizationParameterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Authorization Parameter object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientAuthorizationParameterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get an Authorization Parameter object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update an Authorization Parameter object. Any attribute missing from the request will be left unchanged.\n\nAdditional parameters to be passed to the OAuth authorization endpoint.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthorizationParameterName|x|x||||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "updateOauthProfileClientAuthorizationParameter",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the authorization parameter.",
+            "in": "path",
+            "name": "authorizationParameterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Authorization Parameter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Authorization Parameter object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientAuthorizationParameterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update an Authorization Parameter object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace an Authorization Parameter object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nAdditional parameters to be passed to the OAuth authorization endpoint.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nauthorizationParameterName|x|x||||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "replaceOauthProfileClientAuthorizationParameter",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the authorization parameter.",
+            "in": "path",
+            "name": "authorizationParameterName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Authorization Parameter object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientAuthorizationParameter"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Authorization Parameter object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientAuthorizationParameterResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace an Authorization Parameter object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/clientRequiredClaims": {
+      "get": {
+        "description": "Get a list of Required Claim objects.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientRequiredClaimName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileClientRequiredClaims",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Required Claim objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientRequiredClaimsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Required Claim objects.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Required Claim object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nclientRequiredClaimName|x|x|x||||\nclientRequiredClaimValue||x|x||||\noauthProfileName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "createOauthProfileClientRequiredClaim",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Required Claim object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientRequiredClaim"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Required Claim object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientRequiredClaimResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Required Claim object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/clientRequiredClaims/{clientRequiredClaimName}": {
+      "delete": {
+        "description": "Delete a Required Claim object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nAdditional claims to be verified in the ID token.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "deleteOauthProfileClientRequiredClaim",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ID token claim to verify.",
+            "in": "path",
+            "name": "clientRequiredClaimName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Required Claim object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Required Claim object.\n\nAdditional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclientRequiredClaimName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileClientRequiredClaim",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the ID token claim to verify.",
+            "in": "path",
+            "name": "clientRequiredClaimName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Required Claim object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileClientRequiredClaimResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Required Claim object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/defaultMsgVpnAccessLevelExceptions": {
+      "get": {
+        "description": "Get a list of Message VPN Access-Level Exception objects.\n\nDefault message VPN access-level exceptions.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileDefaultMsgVpnAccessLevelExceptions",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Message VPN Access-Level Exception objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelExceptionsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Message VPN Access-Level Exception objects.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Message VPN Access-Level Exception object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nDefault message VPN access-level exceptions.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x|x||||\noauthProfileName|x|||x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "createOauthProfileDefaultMsgVpnAccessLevelException",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Message VPN Access-Level Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Message VPN Access-Level Exception object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Message VPN Access-Level Exception object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/defaultMsgVpnAccessLevelExceptions/{msgVpnName}": {
+      "delete": {
+        "description": "Delete a Message VPN Access-Level Exception object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nDefault message VPN access-level exceptions.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "deleteOauthProfileDefaultMsgVpnAccessLevelException",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Message VPN Access-Level Exception object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Message VPN Access-Level Exception object.\n\nDefault message VPN access-level exceptions.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsgVpnName|x|||\noauthProfileName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileDefaultMsgVpnAccessLevelException",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Message VPN Access-Level Exception object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Message VPN Access-Level Exception object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "patch": {
+        "description": "Update a Message VPN Access-Level Exception object. Any attribute missing from the request will be left unchanged.\n\nDefault message VPN access-level exceptions.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "updateOauthProfileDefaultMsgVpnAccessLevelException",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Message VPN Access-Level Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Message VPN Access-Level Exception object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Message VPN Access-Level Exception object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "put": {
+        "description": "Replace a Message VPN Access-Level Exception object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nDefault message VPN access-level exceptions.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nmsgVpnName|x|x||||||\noauthProfileName|x||x|||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "replaceOauthProfileDefaultMsgVpnAccessLevelException",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the message VPN.",
+            "in": "path",
+            "name": "msgVpnName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Message VPN Access-Level Exception object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelException"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Message VPN Access-Level Exception object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileDefaultMsgVpnAccessLevelExceptionResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Message VPN Access-Level Exception object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/resourceServerRequiredClaims": {
+      "get": {
+        "description": "Get a list of Required Claim objects.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\noauthProfileName|x|||\nresourceServerRequiredClaimName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 100.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileResourceServerRequiredClaims",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Required Claim objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileResourceServerRequiredClaimsResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Required Claim objects.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "post": {
+        "description": "Create a Required Claim object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\noauthProfileName|x|||x|||\nresourceServerRequiredClaimName|x|x|x||||\nresourceServerRequiredClaimValue||x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "createOauthProfileResourceServerRequiredClaim",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Required Claim object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/OauthProfileResourceServerRequiredClaim"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Required Claim object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileResourceServerRequiredClaimResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Required Claim object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/oauthProfiles/{oauthProfileName}/resourceServerRequiredClaims/{resourceServerRequiredClaimName}": {
+      "delete": {
+        "description": "Delete a Required Claim object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nAdditional claims to be verified in the access token.\n\nA SEMP client authorized with a minimum access scope/level of \"global/admin\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "deleteOauthProfileResourceServerRequiredClaim",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the access token claim to verify.",
+            "in": "path",
+            "name": "resourceServerRequiredClaimName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Required Claim object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      },
+      "get": {
+        "description": "Get a Required Claim object.\n\nAdditional claims to be verified in the access token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\noauthProfileName|x|||\nresourceServerRequiredClaimName|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.24.",
+        "operationId": "getOauthProfileResourceServerRequiredClaim",
+        "parameters": [
+          {
+            "description": "The name of the OAuth profile.",
+            "in": "path",
+            "name": "oauthProfileName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The name of the access token claim to verify.",
+            "in": "path",
+            "name": "resourceServerRequiredClaimName",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Required Claim object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/OauthProfileResourceServerRequiredClaimResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Required Claim object.",
+        "tags": [
+          "all",
+          "oauthProfile"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/systemInformation": {
+      "get": {
+        "deprecated": true,
+        "description": "Get a System Information object.\n\nThe System Information object provides metadata about the SEMP API.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nplatform|||x|\nsempVersion|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been deprecated since 2.2. /systemInformation was replaced by /about/api.",
+        "operationId": "getSystemInformation",
+        "parameters": [
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The System Information object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SystemInformationResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a System Information object.",
+        "tags": [
+          "all",
+          "systemInformation"
+        ],
+        "x-supportedInSempDirect": false
+      }
+    },
+    "/virtualHostnames": {
+      "get": {
+        "description": "Get a list of Virtual Hostname objects.\n\nA Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.\n\nClients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.\n\nThis mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nvirtualHostname|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThe maximum number of objects that can be returned in a single page is 500.\n\nThis has been available since 2.17.",
+        "operationId": "getVirtualHostnames",
+        "parameters": [
+          {
+            "$ref": "#/parameters/countQuery"
+          },
+          {
+            "$ref": "#/parameters/cursorQuery"
+          },
+          {
+            "$ref": "#/parameters/forceFullPageQuery"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/whereQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The list of Virtual Hostname objects' attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/VirtualHostnamesResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a list of Virtual Hostname objects.",
+        "tags": [
+          "all",
+          "virtualHostname"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "post": {
+        "description": "Create a Virtual Hostname object. Any attribute missing from the request will be set to its default value. The creation of instances of this object are synchronized to HA mates via config-sync.\n\nA Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.\n\nClients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.\n\nThis mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.\n\n\nAttribute|Identifying|Const|Required|Read-Only|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nvirtualHostname|x|x|x||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.17.",
+        "operationId": "createVirtualHostname",
+        "parameters": [
+          {
+            "description": "The Virtual Hostname object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/VirtualHostname"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Virtual Hostname object's attributes after being created, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/VirtualHostnameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Create a Virtual Hostname object.",
+        "tags": [
+          "all",
+          "virtualHostname"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    },
+    "/virtualHostnames/{virtualHostname}": {
+      "delete": {
+        "description": "Delete a Virtual Hostname object. The deletion of instances of this object are synchronized to HA mates via config-sync.\n\nA Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.\n\nClients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.\n\nThis mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.17.",
+        "operationId": "deleteVirtualHostname",
+        "parameters": [
+          {
+            "description": "The virtual hostname.",
+            "in": "path",
+            "name": "virtualHostname",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The request metadata.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Delete a Virtual Hostname object.",
+        "tags": [
+          "all",
+          "virtualHostname"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "get": {
+        "description": "Get a Virtual Hostname object.\n\nA Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.\n\nClients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.\n\nThis mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nvirtualHostname|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since 2.17.",
+        "operationId": "getVirtualHostname",
+        "parameters": [
+          {
+            "description": "The virtual hostname.",
+            "in": "path",
+            "name": "virtualHostname",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Virtual Hostname object's attributes, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/VirtualHostnameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Get a Virtual Hostname object.",
+        "tags": [
+          "all",
+          "virtualHostname"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "patch": {
+        "description": "Update a Virtual Hostname object. Any attribute missing from the request will be left unchanged.\n\nA Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.\n\nClients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.\n\nThis mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nvirtualHostname|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.17.",
+        "operationId": "updateVirtualHostname",
+        "parameters": [
+          {
+            "description": "The virtual hostname.",
+            "in": "path",
+            "name": "virtualHostname",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Virtual Hostname object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/VirtualHostname"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Virtual Hostname object's attributes after being updated, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/VirtualHostnameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Update a Virtual Hostname object.",
+        "tags": [
+          "all",
+          "virtualHostname"
+        ],
+        "x-supportedInSempDirect": true
+      },
+      "put": {
+        "description": "Replace a Virtual Hostname object. Any attribute missing from the request will be set to its default value, subject to the exceptions in note 4.\n\nA Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.\n\nClients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.\n\nThis mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.\n\n\nAttribute|Identifying|Const|Read-Only|Write-Only|Requires-Disable|Auto-Disable|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:|:---:|:---:|:---:|:---:\nvirtualHostname|x|x||||||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-write\" is required to perform this operation.\n\nThis has been available since 2.17.",
+        "operationId": "replaceVirtualHostname",
+        "parameters": [
+          {
+            "description": "The virtual hostname.",
+            "in": "path",
+            "name": "virtualHostname",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "The Virtual Hostname object's attributes.",
+            "in": "body",
+            "name": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/VirtualHostname"
+            }
+          },
+          {
+            "$ref": "#/parameters/opaquePasswordQuery"
+          },
+          {
+            "$ref": "#/parameters/selectQuery"
+          },
+          {
+            "$ref": "#/parameters/solSessionHeader"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "The Virtual Hostname object's attributes after being replaced, and the request metadata.",
+            "schema": {
+              "$ref": "#/definitions/VirtualHostnameResponse"
+            }
+          },
+          "default": {
+            "description": "The error response.",
+            "schema": {
+              "$ref": "#/definitions/SempMetaOnlyResponse"
+            }
+          }
+        },
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ],
+        "summary": "Replace a Virtual Hostname object.",
+        "tags": [
+          "all",
+          "virtualHostname"
+        ],
+        "x-supportedInSempDirect": true
+      }
+    }
+  },
+  "produces": [
+    "application/json"
+  ],
+  "schemes": [
+    "http",
+    "https"
+  ],
+  "securityDefinitions": {
+    "basicAuth": {
+      "description": "basic authentication",
+      "type": "basic"
+    }
+  },
+  "swagger": "2.0",
+  "tags": []
+}
\ No newline at end of file
diff --git a/cmd/broker/client.go b/cmd/broker/client.go
new file mode 100644
index 00000000..4e01d360
--- /dev/null
+++ b/cmd/broker/client.go
@@ -0,0 +1,78 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package broker
+
+import (
+	"net/http/cookiejar"
+	"os"
+	"strings"
+	"terraform-provider-solacebroker/cmd/command"
+	"terraform-provider-solacebroker/internal/broker"
+	"terraform-provider-solacebroker/internal/semp"
+	"time"
+)
+
+func CliClient(url string) *semp.Client {
+	username := terraform.StringWithDefaultFromEnv("username", true, "")
+	password := terraform.StringWithDefaultFromEnv("password", false, "")
+	bearerToken := terraform.StringWithDefaultFromEnv("bearer_token", false, "")
+	retries, err := terraform.Int64WithDefaultFromEnv("retries", false, 10)
+	if err != nil {
+		terraform.LogCLIError("\nError: Unable to parse provider attribute. " + err.Error())
+		os.Exit(1)
+	}
+	retryMinInterval, err := terraform.DurationWithDefaultFromEnv("retry_min_interval", false, 3*time.Second)
+	if err != nil {
+		terraform.LogCLIError("\nError: Unable to parse provider attribute. " + err.Error())
+		os.Exit(1)
+	}
+	retryMaxInterval, err := terraform.DurationWithDefaultFromEnv("retry_max_interval", false, 30*time.Second)
+	if err != nil {
+		terraform.LogCLIError("\nError: Unable to parse provider attribute. " + err.Error())
+		os.Exit(1)
+	}
+	requestTimeoutDuration, err := terraform.DurationWithDefaultFromEnv("request_timeout_duration", false, time.Minute)
+	if err != nil {
+		terraform.LogCLIError("\nError: Unable to parse provider attribute. " + err.Error())
+		os.Exit(1)
+	}
+	requestMinInterval, err := terraform.DurationWithDefaultFromEnv("request_min_interval", false, 100*time.Millisecond)
+	if err != nil {
+		terraform.LogCLIError("\nError: Unable to parse provider attribute. " + err.Error())
+		os.Exit(1)
+	}
+	insecure_skip_verify, err := terraform.BooleanWithDefaultFromEnv("insecure_skip_verify", false, false)
+	if err != nil {
+		terraform.LogCLIError("\nError: Unable to parse provider attribute. " + err.Error())
+		os.Exit(1)
+	}
+	jar, _ := cookiejar.New(nil)
+	client := semp.NewClient(
+		getFullSempAPIURL(url),
+		insecure_skip_verify,
+		jar,
+		semp.BasicAuth(username, password),
+		semp.BearerToken(bearerToken),
+		semp.Retries(uint(retries), retryMinInterval, retryMaxInterval),
+		semp.RequestLimits(requestTimeoutDuration, requestMinInterval))
+	return client
+}
+
+func getFullSempAPIURL(url string) string {
+	url = strings.TrimSuffix(url, "/")
+	baseBath := strings.TrimPrefix(broker.SempDetail.BasePath, "/")
+	return url + "/" + baseBath
+}
diff --git a/cmd/command/configgenerator.go b/cmd/command/configgenerator.go
new file mode 100644
index 00000000..95386598
--- /dev/null
+++ b/cmd/command/configgenerator.go
@@ -0,0 +1,220 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package terraform
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"golang.org/x/exp/slices"
+	"net/http"
+	"os"
+	"regexp"
+	"strings"
+	internalbroker "terraform-provider-solacebroker/internal/broker"
+	"terraform-provider-solacebroker/internal/broker/generated"
+	"terraform-provider-solacebroker/internal/semp"
+)
+
+type BrokerObjectType string
+
+type IdentifyingAttribute struct {
+	key, value string
+}
+
+type GeneratorTerraformOutput struct {
+	TerraformOutput  map[string]ResourceConfig
+	SEMPDataResponse map[string]map[string]any
+}
+type BrokerObjectAttributes []IdentifyingAttribute
+
+var BrokerObjectRelationship = map[BrokerObjectType][]BrokerObjectType{}
+
+type BrokerRelationParameterPath struct {
+	path          string
+	terraformName string
+}
+
+var ObjectNamesCount = map[string]int{}
+
+func CreateBrokerObjectRelationships() {
+
+	//loop through entities
+	terraformNamePathMap := map[string]BrokerRelationParameterPath{}
+	for _, ds := range internalbroker.Entities {
+		rex := regexp.MustCompile(`{[^{}]*}`)
+		matches := rex.FindAllStringSubmatch(ds.PathTemplate, -1)
+
+		BrokerObjectRelationship[BrokerObjectType(ds.TerraformName)] = []BrokerObjectType{}
+
+		for i := range matches {
+
+			if i == 0 || len(matches) <= 1 {
+				var firstParameter string
+				firstParameter = strings.TrimPrefix(matches[0][0], "{")
+				firstParameter = strings.TrimSuffix(firstParameter, "}")
+
+				_, ok := terraformNamePathMap[firstParameter]
+				if !ok {
+					terraformNamePathMap[firstParameter] = BrokerRelationParameterPath{
+						ds.PathTemplate,
+						ds.TerraformName,
+					}
+				}
+			} else {
+				firstParameter := strings.TrimPrefix(matches[0][0], "{")
+				firstParameter = strings.TrimSuffix(firstParameter, "}")
+
+				//check if parent path is part of child path before we add
+				firstParameterRelationship, firstParameterRelationshipExist := terraformNamePathMap[firstParameter]
+				if firstParameterRelationshipExist && strings.Contains(ds.PathTemplate, firstParameterRelationship.path) {
+
+					children, ok := BrokerObjectRelationship[BrokerObjectType(firstParameterRelationship.terraformName)]
+					if !ok {
+						BrokerObjectRelationship[BrokerObjectType(firstParameterRelationship.terraformName)] = []BrokerObjectType{}
+						children = []BrokerObjectType{}
+					} else {
+						if !slices.Contains(children, BrokerObjectType(ds.TerraformName)) && ds.TerraformName != firstParameterRelationship.terraformName {
+							children = append(children, BrokerObjectType(ds.TerraformName))
+						}
+						//confirm if this should be child of child
+						for k := range children {
+							childrenOfChild, childrenOfChildExists := BrokerObjectRelationship[children[k]]
+							if childrenOfChildExists {
+								if !slices.Contains(childrenOfChild, BrokerObjectType(ds.TerraformName)) &&
+									strings.Contains(ds.TerraformName, string(children[k])) && ds.TerraformName != string(children[k]) {
+									childrenOfChild = append(childrenOfChild, BrokerObjectType(ds.TerraformName))
+								}
+							}
+							BrokerObjectRelationship[children[k]] = childrenOfChild
+						}
+					}
+
+					BrokerObjectRelationship[BrokerObjectType(firstParameterRelationship.terraformName)] = children
+				} else {
+
+					terraformNamePathMap[firstParameter] = BrokerRelationParameterPath{
+						ds.PathTemplate,
+						ds.TerraformName,
+					}
+
+				}
+			}
+		}
+	}
+}
+
+func ParseTerraformObject(ctx context.Context, client semp.Client, resourceName string, brokerObjectTerraformName string, providerSpecificIdentifier string, parentBrokerResourceAttributesRelationship map[string]string, parentResult map[string]any) GeneratorTerraformOutput {
+	var objectName string
+	tfObject := map[string]ResourceConfig{}
+	tfObjectSempDataResponse := map[string]map[string]any{}
+	entityToRead := internalbroker.EntityInputs{}
+	for _, ds := range internalbroker.Entities {
+		if strings.ToLower(ds.TerraformName) == strings.ToLower(brokerObjectTerraformName) {
+			entityToRead = ds
+			break
+		}
+	}
+	var path string
+	var err error
+
+	if len(parentResult) > 0 {
+		path, err = ResolveSempPathWithParent(entityToRead.PathTemplate, parentResult)
+		if err != nil {
+			LogCLIError("Error calling Broker Endpoint")
+			os.Exit(1)
+		}
+	} else {
+		path, err = ResolveSempPath(entityToRead.PathTemplate, providerSpecificIdentifier)
+		if err != nil {
+			LogCLIError("Error calling Broker Endpoint")
+			os.Exit(1)
+		}
+	}
+
+	sempData, err := client.RequestWithoutBodyForGenerator(ctx, generated.BasePath, http.MethodGet, path, []map[string]any{})
+	if err != nil {
+		if err == semp.ErrResourceNotFound {
+			// continue if error is resource not found
+			if len(parentResult) > 0 {
+				print("..")
+			}
+			sempData = []map[string]any{}
+		} else if errors.Is(err, semp.ErrBadRequest) {
+			// continue if error is also bad request
+			if len(parentResult) > 0 {
+				print("..")
+			}
+			sempData = []map[string]any{}
+		} else {
+			LogCLIError("SEMP call failed. " + err.Error() + " on path " + path)
+			os.Exit(1)
+		}
+	}
+
+	resourceKey := "solacebroker_" + brokerObjectTerraformName + " " + resourceName
+
+	resourceValues, err := GenerateTerraformString(entityToRead.Attributes, sempData, parentBrokerResourceAttributesRelationship, brokerObjectTerraformName)
+
+	//check resource names used and deduplicate to avoid collision
+	for i := range resourceValues {
+		totalOccurrence := 1
+		objectName = strings.ToLower(resourceKey) + GetNameForResource(strings.ToLower(resourceKey), resourceValues[i])
+		count, objectNameExists := ObjectNamesCount[objectName]
+		if objectNameExists {
+			totalOccurrence = count + 1
+		}
+		ObjectNamesCount[objectName] = totalOccurrence
+		objectName = objectName + "_" + fmt.Sprint(totalOccurrence)
+		tfObject[objectName] = resourceValues[i]
+		tfObjectSempDataResponse[objectName] = sempData[i]
+	}
+	return GeneratorTerraformOutput{
+		TerraformOutput:  tfObject,
+		SEMPDataResponse: tfObjectSempDataResponse,
+	}
+}
+
+func GetNameForResource(resourceTerraformName string, attributeResourceTerraform ResourceConfig) string {
+
+	resourceName := GenerateRandomString(6) //use generated if not able to identify
+
+	resourceTerraformName = strings.Split(resourceTerraformName, " ")[0]
+	resourceTerraformName = strings.ReplaceAll(strings.ToLower(resourceTerraformName), "solacebroker_", "")
+
+	//Get identifying attribute name to differentiate from multiples
+	for _, ds := range internalbroker.Entities {
+		if ds.TerraformName == resourceTerraformName {
+			for _, attr := range ds.Attributes {
+				if attr.Identifying &&
+					(strings.Contains(strings.ToLower(attr.TerraformName), "name") ||
+						strings.Contains(strings.ToLower(attr.TerraformName), "topic")) {
+					// intentionally continue looping till we get the best name
+					attr, found := attributeResourceTerraform.ResourceAttributes[attr.TerraformName]
+					value := attr.AttributeValue
+					if strings.Contains(value, ".") {
+						continue
+					}
+					if found {
+						//sanitize name
+						resourceName = "_" + value
+					}
+				}
+			}
+		}
+	}
+	return SanitizeHclIdentifierName(resourceName)
+}
diff --git a/cmd/command/configgenerator_test.go b/cmd/command/configgenerator_test.go
new file mode 100644
index 00000000..7b31f2c2
--- /dev/null
+++ b/cmd/command/configgenerator_test.go
@@ -0,0 +1,114 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package terraform
+
+import (
+	"testing"
+)
+
+func TestCreateBrokerObjectRelationships(t *testing.T) {
+	tests := []struct {
+		name string
+	}{
+		{"Generate Broker Relationship"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			CreateBrokerObjectRelationships()
+			if len(BrokerObjectRelationship) == 0 {
+				t.Errorf("Broker relationship not built ")
+			}
+			_, exist := BrokerObjectRelationship["msg_vpn"]
+			if !exist {
+				t.Errorf("Broker relationship does not contain msgVPn relation")
+			}
+		})
+	}
+}
+
+func TestGetNameForResource(t *testing.T) {
+	type args struct {
+		resourceTerraformName      string
+		attributeResourceTerraform ResourceConfig
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{
+			"GetNameForMsgVPN",
+			args{
+				resourceTerraformName: "solacebroker_msg_vpn qn",
+				attributeResourceTerraform: ResourceConfig{
+					ResourceAttributes: map[string]ResourceAttributeInfo{"msg_vpn_name": {
+						"test",
+						"no comment",
+					},
+						"ingress": {
+							"0",
+							"comment here",
+						},
+					},
+				},
+			},
+			"_test",
+		},
+		{
+			"GetNameForAclProfile",
+			args{
+				resourceTerraformName: "solacebroker_msg_vpn_acl_profile acl",
+				attributeResourceTerraform: ResourceConfig{
+					ResourceAttributes: map[string]ResourceAttributeInfo{"acl_profile_name": {
+						"default",
+						"no comment",
+					},
+						"random": {
+							"0",
+							"comment here",
+						},
+					},
+				},
+			},
+			"_default",
+		},
+		{
+			"GetNameForTopicName",
+			args{
+				resourceTerraformName: "solacebroker_msg_vpn_jndi_topic topic",
+				attributeResourceTerraform: ResourceConfig{
+					ResourceAttributes: map[string]ResourceAttributeInfo{"topic_name": {
+						"random",
+						"no comment",
+					},
+						"mock": {
+							"parameter",
+							"comment here",
+						},
+					},
+				},
+			},
+			"_random",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := GetNameForResource(tt.args.resourceTerraformName, tt.args.attributeResourceTerraform); got != tt.want {
+				t.Errorf("GetNameForResource() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/cmd/command/configwriter.go b/cmd/command/configwriter.go
new file mode 100644
index 00000000..4be79122
--- /dev/null
+++ b/cmd/command/configwriter.go
@@ -0,0 +1,48 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package terraform
+
+import (
+	"bytes"
+	"embed"
+	"os"
+	"text/template"
+)
+
+var (
+	//go:embed templates
+	templatefiles embed.FS
+)
+var terraformTemplate *template.Template
+
+func init() {
+	var err error
+	terraformTemplateString, _ := templatefiles.ReadFile("templates/terraform.template")
+	terraformTemplate, err = template.New("Object Template").Parse(string(terraformTemplateString))
+	if err != nil {
+		panic(err)
+	}
+}
+
+func GenerateTerraformFile(terraformObjectInfo *ObjectInfo) error {
+	var codeStream bytes.Buffer
+	err := terraformTemplate.Execute(&codeStream, terraformObjectInfo)
+	if err != nil {
+		LogCLIError("\nError: Templating error : " + err.Error() + "\n\n")
+		os.Exit(1)
+	}
+	return os.WriteFile(terraformObjectInfo.FileName, codeStream.Bytes(), 0664)
+}
diff --git a/cmd/command/configwriter_test.go b/cmd/command/configwriter_test.go
new file mode 100644
index 00000000..0fc93fb8
--- /dev/null
+++ b/cmd/command/configwriter_test.go
@@ -0,0 +1,55 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package terraform
+
+import "testing"
+
+func TestGenerateTerraformFile(t *testing.T) {
+	type args struct {
+		terraformObjectInfo *ObjectInfo
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			"CanGenerateFile",
+			args{terraformObjectInfo: &ObjectInfo{
+				Registry:        "",
+				BrokerURL:       "http://localhost:8080",
+				Username:        "admin",
+				Password:        "admin",
+				BearerToken:     "",
+				FileName:        "somefile.tf",
+				BrokerResources: []map[string]string{}},
+			},
+			false,
+		},
+		{
+			"FailToGenerateFile",
+			args{terraformObjectInfo: &ObjectInfo{}},
+			true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := GenerateTerraformFile(tt.args.terraformObjectInfo); (err != nil) != tt.wantErr {
+				t.Errorf("GenerateTerraformFile() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
diff --git a/cmd/command/templates/terraform.template b/cmd/command/templates/terraform.template
new file mode 100644
index 00000000..293fa847
--- /dev/null
+++ b/cmd/command/templates/terraform.template
@@ -0,0 +1,24 @@
+
+terraform {
+  required_providers {
+    solacebroker = {
+      source = "registry.terraform.io/solaceproducts/solacebroker"
+    }
+  }
+}
+
+provider solacebroker {
+  # username       = "admin"                 # This is a placeholder.
+  # password       = "admin"                 # This is a placeholder.
+  url            = "{{.BrokerURL}}"
+}
+
+{{range  .BrokerResources}}
+
+{{range $k, $v := . -}}
+resource {{$k}} {
+{{$v}}
+}
+{{end -}}
+
+{{end}}
\ No newline at end of file
diff --git a/cmd/command/util.go b/cmd/command/util.go
new file mode 100644
index 00000000..69c42143
--- /dev/null
+++ b/cmd/command/util.go
@@ -0,0 +1,410 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package terraform
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"math/rand"
+	"os"
+	"reflect"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+	"terraform-provider-solacebroker/internal/broker"
+	"text/tabwriter"
+	"time"
+)
+
+type Color string
+
+const (
+	Reset Color = "\033[0m"
+	Red   Color = "\033[31m"
+)
+
+var charset = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+
+type ResourceAttributeInfo struct {
+	AttributeValue string
+	Comment        string
+}
+
+type ResourceConfig struct {
+	ResourceAttributes map[string]ResourceAttributeInfo // indexed by resource attribute name
+}
+
+type ObjectInfo struct {
+	Registry        string
+	BrokerURL       string
+	Username        string
+	Password        string
+	BearerToken     string
+	FileName        string
+	BrokerResources []map[string]string
+}
+
+func StringWithDefaultFromEnv(name string, isMandatory bool, fallback string) string {
+	envValue := os.Getenv("SOLACEBROKER_" + strings.ToUpper(name))
+	if isMandatory && len(envValue) == 0 {
+		LogCLIError("SOLACEBROKER_" + strings.ToUpper(name) + " is mandatory but not available")
+		os.Exit(1)
+	} else if len(envValue) == 0 {
+		return fallback //default to fallback
+	}
+	return envValue
+}
+
+func Int64WithDefaultFromEnv(name string, isMandatory bool, fallback int64) (int64, error) {
+	envName := "SOLACEBROKER_" + strings.ToUpper(name)
+	s, ok := os.LookupEnv(envName)
+	if !ok && isMandatory {
+		return 0, errors.New("SOLACEBROKER_" + strings.ToUpper(name) + " is mandatory but not available")
+	} else if !ok {
+		return fallback, nil //default to fallback
+	}
+	return strconv.ParseInt(s, 10, 64)
+}
+
+func BooleanWithDefaultFromEnv(name string, isMandatory bool, fallback bool) (bool, error) {
+	envName := "SOLACEBROKER_" + strings.ToUpper(name)
+	s, ok := os.LookupEnv(envName)
+	if !ok && isMandatory {
+		return false, errors.New("SOLACEBROKER_" + strings.ToUpper(name) + " is mandatory but not available")
+	} else if !ok {
+		return fallback, nil //default to fallback
+	}
+	return strconv.ParseBool(s)
+}
+
+func DurationWithDefaultFromEnv(name string, isMandatory bool, fallback time.Duration) (time.Duration, error) {
+	envValue := os.Getenv("SOLACEBROKER_" + strings.ToUpper(name))
+	if isMandatory && len(envValue) == 0 {
+		return 0, errors.New("SOLACEBROKER_" + strings.ToUpper(name) + " is mandatory but not available")
+	} else if len(envValue) == 0 {
+		return fallback, nil //default to fallback
+	}
+	// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+	d, err := time.ParseDuration(envValue)
+	if err != nil {
+		return 0, errors.New(fmt.Errorf("%v is not valid; %q cannot be parsed as a duration: %w", "SOLACEBROKER_"+strings.ToUpper(name), envValue, err).Error())
+	}
+	return d, nil
+}
+
+func ResolveSempPath(pathTemplate string, v string) (string, error) {
+	identifiersValues := map[int]string{}
+	if strings.Contains(v, "/") {
+		identifier := strings.Split(v, "/")
+		for i, val := range identifier {
+			identifiersValues[i] = val
+		}
+	} else {
+		identifiersValues[0] = v
+	}
+	if !strings.Contains(pathTemplate, "{") {
+		return pathTemplate, nil
+	}
+	rex := regexp.MustCompile(`{[^{}]*}`)
+	out := rex.FindAllStringSubmatch(pathTemplate, -1)
+	generatedPath := pathTemplate
+	if len(out) < len(identifiersValues) {
+		LogCLIError("\nError: Too many provider specific identifiers. Required identifiers: " + fmt.Sprint(out))
+		os.Exit(1)
+	}
+
+	for i := range identifiersValues {
+		if i < len(out) {
+			generatedPath = strings.ReplaceAll(generatedPath, out[i][0], identifiersValues[i])
+		}
+	}
+	if len(out) > len(identifiersValues) {
+		//remove unused vars
+		for i := range out {
+			generatedPath = strings.ReplaceAll(generatedPath, out[i][0], "")
+		}
+	}
+
+	path := strings.ReplaceAll(generatedPath, "/,,", "")
+	path = strings.ReplaceAll(path, "/,", "")
+	if strings.HasSuffix(path, "/") {
+		path = strings.TrimSuffix(path, "/")
+	}
+	return path, nil
+}
+func ResolveSempPathWithParent(pathTemplate string, parentValues map[string]any) (string, error) {
+
+	if !strings.Contains(pathTemplate, "{") {
+		return pathTemplate, nil
+	}
+	rex := regexp.MustCompile(`{[^{}]*}`)
+	out := rex.FindAllStringSubmatch(pathTemplate, -1)
+	generatedPath := pathTemplate
+
+	for i := range out {
+		key := strings.TrimPrefix(out[i][0], "{")
+		key = strings.TrimSuffix(key, "}")
+		value, found := parentValues[key]
+
+		if found {
+			generatedPath = strings.ReplaceAll(generatedPath, out[i][0], fmt.Sprint(value))
+		}
+	}
+
+	//remove unused vars
+	for i := range out {
+		generatedPath = strings.ReplaceAll(generatedPath, out[i][0], "")
+	}
+
+	path := strings.ReplaceAll(generatedPath, "/,,", "")
+	path = strings.ReplaceAll(path, "/,", "")
+	if strings.HasSuffix(path, "/") {
+		path = strings.TrimSuffix(path, "/")
+	}
+	return path, nil
+}
+
+func newAttributeInfo(value string) ResourceAttributeInfo {
+	return ResourceAttributeInfo{
+		AttributeValue: value,
+		Comment:        "",
+	}
+}
+
+func addCommentToAttributeInfo(info ResourceAttributeInfo, comment string) ResourceAttributeInfo {
+	return ResourceAttributeInfo{
+		AttributeValue: info.AttributeValue,
+		Comment:        comment,
+	}
+}
+
+func GenerateTerraformString(attributes []*broker.AttributeInfo, values []map[string]interface{}, parentBrokerResourceAttributes map[string]string, brokerObjectTerraformName string) ([]ResourceConfig, error) {
+	var tfBrokerObjects []ResourceConfig
+	var attributesWithDefaultValue = []string{} // list of attributes, collected but not used
+	for k := range values {
+		resourceConfig := ResourceConfig{
+			ResourceAttributes: map[string]ResourceAttributeInfo{},
+		}
+		systemProvisioned := false
+		for _, attr := range attributes {
+			attributeParentNameAndValue, attributeExistInParent := parentBrokerResourceAttributes[attr.TerraformName]
+			if attr.Sensitive {
+				// write-only attributes can't be retrieved, so we don't expose them
+				continue
+			}
+			if !attr.Identifying && attr.ReadOnly {
+				// read-only attributes should only be in the datasource
+				continue
+			}
+			valuesRes := values[k][attr.SempName]
+			if attr.Identifying && attributeExistInParent {
+				resourceConfig.ResourceAttributes[attr.TerraformName] = newAttributeInfo(attributeParentNameAndValue)
+				continue
+			} else if attr.TerraformName == "client_profile_name" && attributeExistInParent {
+				//peculiar use case where client_profile is not identifying for msg_vpn_client_username but it is dependent
+				resourceConfig.ResourceAttributes[attr.TerraformName] = newAttributeInfo(attributeParentNameAndValue)
+				continue
+			}
+
+			switch attr.BaseType {
+			case broker.String:
+				if reflect.TypeOf(valuesRes) == nil || valuesRes == "" {
+					continue
+				}
+				if attr.Identifying && strings.Contains(valuesRes.(string), "#") {
+					systemProvisioned = true
+				}
+				if reflect.TypeOf(attr.Default) != nil && fmt.Sprint(attr.Default) == fmt.Sprint(valuesRes) {
+					//attributes with default values will be skipped
+					// WORKAROUND: Except if attribute is "authentication_basic_type" in "msg_vpn"
+					if brokerObjectTerraformName != "msg_vpn" || attr.TerraformName != "authentication_basic_type" {
+						attributesWithDefaultValue = append(attributesWithDefaultValue, attr.TerraformName)
+						continue
+					} else {
+						fmt.Println("Applying workaround: not ignoring default for `msg_vpn` attribute `authentication_basic_type`")
+					}
+				}
+
+				/// => value in val
+
+				val := "\"" + valuesRes.(string) + "\""
+				if strings.Contains(valuesRes.(string), "{") {
+					valueOutput := strings.ReplaceAll(valuesRes.(string), "\"", "\\\"")
+					val = "\"" + valueOutput + "\""
+				}
+				resourceConfig.ResourceAttributes[attr.TerraformName] = newAttributeInfo(val)
+			case broker.Int64:
+				if valuesRes == nil {
+					continue
+				}
+				intValue := valuesRes
+				if reflect.TypeOf(attr.Default) != nil && fmt.Sprint(attr.Default) == fmt.Sprint(intValue) {
+					//attributes with default values will be skipped
+					attributesWithDefaultValue = append(attributesWithDefaultValue, attr.TerraformName)
+
+					continue
+				}
+				val := fmt.Sprintf("%v", intValue)
+				resourceConfig.ResourceAttributes[attr.TerraformName] = newAttributeInfo(val)
+			case broker.Bool:
+				if valuesRes == nil {
+					continue
+				}
+				boolValue := valuesRes.(bool)
+				if reflect.TypeOf(attr.Default) != nil && fmt.Sprint(attr.Default) == fmt.Sprint(boolValue) {
+					//attributes with default values will be skipped
+					attributesWithDefaultValue = append(attributesWithDefaultValue, attr.TerraformName)
+					continue
+				}
+				val := strconv.FormatBool(boolValue)
+				resourceConfig.ResourceAttributes[attr.TerraformName] = newAttributeInfo(val)
+			case broker.Struct:
+				valueJson, err := json.Marshal(valuesRes)
+				if err != nil {
+					continue
+				}
+				if reflect.TypeOf(attr.Default) != nil && fmt.Sprint(attr.Default) == fmt.Sprint(valuesRes) {
+					//attributes with default values will be skipped
+					attributesWithDefaultValue = append(attributesWithDefaultValue, attr.TerraformName)
+					continue
+				}
+				output := strings.ReplaceAll(string(valueJson), "clearPercent", "clear_percent")
+				output = strings.ReplaceAll(output, "setPercent", "set_percent")
+				output = strings.ReplaceAll(output, "clearValue", "clear_value")
+				output = strings.ReplaceAll(output, "setValue", "set_value")
+				val := output
+				resourceConfig.ResourceAttributes[attr.TerraformName] = newAttributeInfo(val)
+			}
+			if attr.Deprecated && systemProvisioned {
+				addCommentToAttributeInfo(resourceConfig.ResourceAttributes[attr.TerraformName],
+					" # Note: This attribute is deprecated and may also be system provisioned.")
+			} else if attr.Deprecated && !systemProvisioned {
+				addCommentToAttributeInfo(resourceConfig.ResourceAttributes[attr.TerraformName],
+					" # Note: This attribute is deprecated.")
+			} else if !attr.Deprecated && systemProvisioned {
+				addCommentToAttributeInfo(resourceConfig.ResourceAttributes[attr.TerraformName],
+					" # Note: This attribute may be system provisioned.")
+			}
+		}
+		if !systemProvisioned {
+			tfBrokerObjects = append(tfBrokerObjects, resourceConfig)
+		} else {
+			//add to maintain index, it will not be included in generation
+			tfBrokerObjects = append(tfBrokerObjects, ResourceConfig{
+				ResourceAttributes: nil,
+			})
+		}
+	}
+	return tfBrokerObjects, nil
+}
+
+func randStr(n int) string {
+	b := make([]byte, n)
+	for i := range b {
+		b[i] = charset[rand.Intn(len(charset))]
+	}
+	return string(b)
+}
+
+func GenerateRandomString(n int) string {
+	return "_" + randStr(n)
+}
+
+func LogCLIError(err string) {
+	_, _ = fmt.Fprintf(os.Stdout, "%s %s %s\n", Red, err, Reset)
+}
+
+func LogCLIInfo(info string) {
+	_, _ = fmt.Fprintf(os.Stdout, "\n%s %s %s", Reset, info, Reset)
+}
+
+func GetParentResourceAttributes(parentObjectName string, brokerParentResource map[string]ResourceConfig) map[string]string {
+	parentResourceAttributes := map[string]string{}
+	parentResourceName := strings.ReplaceAll(parentObjectName, " ", ".")
+	for parentResourceObject := range brokerParentResource {
+		resourceAttributes := brokerParentResource[parentResourceObject].ResourceAttributes
+		for resourceAttributeName := range resourceAttributes {
+			parentResourceAttributes[resourceAttributeName] = parentResourceName + "." + resourceAttributeName
+		}
+	}
+	return parentResourceAttributes
+}
+
+func ConvertAttributeTextToMap(attribute string) map[string]string {
+	attributeMap := map[string]string{}
+	attributeSlice := strings.Split(attribute, "\n")
+	for i := range attributeSlice {
+		keyValue := strings.ReplaceAll(attributeSlice[i], "\t", "")
+		if strings.Contains(keyValue, "=") {
+			attributeMap[strings.Split(keyValue, "=")[0]] = strings.ReplaceAll(strings.Split(keyValue, "=")[1], "\"", "")
+		}
+	}
+	return attributeMap
+}
+
+func IndexOf(elm BrokerObjectType, data []BrokerObjectType) int {
+	for k, v := range data {
+		if elm == v {
+			return k
+		}
+	}
+	return -1
+}
+
+func ToFormattedHCL(brokerResources []map[string]ResourceConfig) []map[string]string {
+	var formattedResult []map[string]string
+	for _, resources := range brokerResources {
+		resourceCollection := make(map[string]string)
+		for resourceTypeAndName := range resources {
+			formattedResource := hclFormatResource(resources[resourceTypeAndName])
+			resourceCollection[resourceTypeAndName] = formattedResource
+		}
+		formattedResult = append(formattedResult, resourceCollection)
+	}
+	return formattedResult
+}
+
+func hclFormatResource(resourceConfig ResourceConfig) string {
+	var attributeNames []string
+	for attributeName := range resourceConfig.ResourceAttributes {
+		attributeNames = append(attributeNames, attributeName)
+	}
+	sort.Strings(attributeNames)
+	var b bytes.Buffer
+	w := tabwriter.NewWriter(&b, 0, 0, 2, ' ', 0)
+	for pos := range attributeNames {
+		attributeName := attributeNames[pos]
+		attributeConfigLine := "\t" + attributeName + "\t" + "= "
+		attributeConfigLine += resourceConfig.ResourceAttributes[attributeName].AttributeValue
+		attributeConfigLine += resourceConfig.ResourceAttributes[attributeName].Comment
+		fmt.Fprintln(w, attributeConfigLine)
+	}
+	w.Flush()
+	config := b.String()
+	return config
+}
+
+func SanitizeHclIdentifierName(name string) string {
+	name = regexp.MustCompile(`[^a-zA-Z0-9 ]+`).ReplaceAllString(strings.TrimSpace(name), "_")
+	if len(name) == 0 || (name[0] >= '0' && name[0] <= '9') || (len(name) == 1 && name[0] == '_') {
+		//just prepend static string to avoid checking all characters
+		name = "gn_" + name
+	}
+	return name
+}
diff --git a/cmd/command/util_test.go b/cmd/command/util_test.go
new file mode 100644
index 00000000..941dd633
--- /dev/null
+++ b/cmd/command/util_test.go
@@ -0,0 +1,272 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package terraform
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestResolveSempPath(t *testing.T) {
+	type args struct {
+		pathTemplate string
+		v            string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{
+			"MSGVPNParsing",
+			args{
+				pathTemplate: "/msgVpns/{msgVpnName}",
+				v:            "Test",
+			},
+			"/msgVpns/Test",
+			false,
+		},
+		{
+			"MSGVPNParsing",
+			args{
+				pathTemplate: "/msgVpns/{msgVpnName}/{anotherMock}",
+				v:            "Test/Mock",
+			},
+			"/msgVpns/Test/Mock",
+			false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := ResolveSempPath(tt.args.pathTemplate, tt.args.v)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("ResolveSempPath() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("ResolveSempPath() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestResolveSempPathWithParent(t *testing.T) {
+	type args struct {
+		pathTemplate string
+		parentValues map[string]any
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{
+			"MSGVPNParsing",
+			args{
+				pathTemplate: "/msgVpns/{msgVpnName}",
+				parentValues: map[string]any{"msgVpnName": "Test"},
+			},
+			"/msgVpns/Test",
+			false,
+		},
+		{
+			"Parsing where all values not available",
+			args{
+				pathTemplate: "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}",
+				parentValues: map[string]any{"msgVpnName": "Test"},
+			},
+			"/msgVpns/Test/bridges",
+			false,
+		},
+		{
+			"Parsing with commas",
+			args{
+				pathTemplate: "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}",
+				parentValues: map[string]any{"msgVpnName": "Test", "bridgeName": "TestBridge", "bridgeVirtualRouter": "TestingBridgeRouter"},
+			},
+			"/msgVpns/Test/bridges/TestBridge,TestingBridgeRouter",
+			false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := ResolveSempPathWithParent(tt.args.pathTemplate, tt.args.parentValues)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("ResolveSempPathWithParent() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("ResolveSempPathWithParent() got = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestStringWithDefaultFromEnv(t *testing.T) {
+	type args struct {
+		name        string
+		isMandatory bool
+		fallback    string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{
+			"GetDefaultValue",
+			args{
+				name:        "REGISTRY",
+				isMandatory: false,
+				fallback:    "Test",
+			},
+			"Test",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := StringWithDefaultFromEnv(tt.args.name, tt.args.isMandatory, tt.args.fallback); got != tt.want {
+				t.Errorf("StringWithDefaultFromEnv() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_addCommentToAttributeInfo(t *testing.T) {
+	type args struct {
+		info    ResourceAttributeInfo
+		comment string
+	}
+	tests := []struct {
+		name string
+		args args
+		want ResourceAttributeInfo
+	}{
+		{
+			"TestCommentAdd",
+			args{
+				info: ResourceAttributeInfo{
+					"test",
+					"",
+				},
+			},
+			ResourceAttributeInfo{
+				AttributeValue: "test",
+				Comment:        "",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := addCommentToAttributeInfo(tt.args.info, tt.args.comment); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("addCommentToAttributeInfo() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_newAttributeInfo(t *testing.T) {
+	type args struct {
+		value string
+	}
+	tests := []struct {
+		name string
+		args args
+		want ResourceAttributeInfo
+	}{
+		{
+			"AttributeTest",
+			args{value: "msg_vpn"},
+			ResourceAttributeInfo{
+				AttributeValue: "msg_vpn",
+				Comment:        "",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := newAttributeInfo(tt.args.value); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("newAttributeInfo() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestSanitizeHclIdentifierName(t *testing.T) {
+	type args struct {
+		name string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{
+			"SanitizeTextStartingWithNumber",
+			args{name: "1testing"},
+			"gn_1testing",
+		},
+		{
+			"SanitizeTextContainingSpecialCharacters",
+			args{name: "*testing*"},
+			"_testing_",
+		},
+		{
+			"SanitizeTextContainingSpecialCharactersTwo",
+			args{name: "#testing/"},
+			"_testing_",
+		},
+		{
+			"SanitizeTextContainingSpecialCharactersThree",
+			args{name: "$testing\""},
+			"_testing_",
+		},
+		{
+			"SanitizeTextContainingSpecialCharactersFour",
+			args{name: "%testing^"},
+			"_testing_",
+		},
+		{
+			"SanitizeTextContainingSpecialCharactersFive",
+			args{name: "%testing^"},
+			"_testing_",
+		},
+		{
+			"SanitizeTextEmpty",
+			args{name: ""},
+			"gn_",
+		},
+		{
+			"SanitizeTextContainingEmpty",
+			args{name: " "},
+			"gn_",
+		},
+		{
+			"SanitizeTextOnlySpecialCharacter",
+			args{name: "#"},
+			"gn__",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := SanitizeHclIdentifierName(tt.args.name); got != tt.want {
+				t.Errorf("SanitizeHclIdentifierName() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/cmd/completion.go b/cmd/completion.go
new file mode 100644
index 00000000..f2618085
--- /dev/null
+++ b/cmd/completion.go
@@ -0,0 +1,31 @@
+// Package cmd terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package cmd
+
+import "github.com/spf13/cobra"
+
+func completionCommand() *cobra.Command {
+	return &cobra.Command{
+		Use:   "completion",
+		Short: "Generate the autocompletion script for the specified shell",
+	}
+}
+
+func init() {
+	completion := completionCommand()
+	completion.Hidden = true
+	rootCmd.AddCommand(completion)
+}
diff --git a/cmd/generate.go b/cmd/generate.go
new file mode 100644
index 00000000..14dc824d
--- /dev/null
+++ b/cmd/generate.go
@@ -0,0 +1,299 @@
+// Package cmd terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"os"
+	"strings"
+	"terraform-provider-solacebroker/cmd/broker"
+	command "terraform-provider-solacebroker/cmd/command"
+	"terraform-provider-solacebroker/internal/semp"
+
+	"github.com/hashicorp/go-version"
+	"github.com/spf13/cobra"
+	"golang.org/x/exp/maps"
+)
+
+// generateCmd represents the generate command
+var generateCmd = &cobra.Command{
+	Use:   "generate --url=<terraform resource address> <provider-specific identifier> <filename>",
+	Short: "Generates a Terraform configuration file for a specified PubSubPlus Broker object and all child objects known to the provider",
+	Long: `The generate command on the provider binary generates a Terraform configuration file for the specified object and all child objects known to the provider.
+This is not a Terraform command. One can download the provider binary and can execute that binary with the "generate" command to generate a Terraform configuration file from the current configuration of a PubSubPlus event broker.
+
+ <binary> generate <terraform resource address> <provider-specific identifier> <filename>
+
+ where;
+	<binary> is the broker provider binary,
+	<terraform resource address> is the terraform resource address, for example http://localhost:8080,
+	<provider-specific identifier> are the similar to the Terraform Import command,this is the resource name and possible values to find a specific resource,
+	<filename> is the desirable name of the generated filename.
+
+For example:
+  terraform-provider-solacebroker generate --url=https://localhost:8080 solacebroker_msg_vpn.mq default my-messagevpn.tf
+
+This command would create a file my-messagevpn.tf that contains a resource definition for the default message VPN and any child objects, assuming the appropriate broker credentials were set in environment variables.`,
+
+	Run: func(cmd *cobra.Command, args []string) {
+		brokerURL, _ := cmd.Flags().GetString("url")
+		command.LogCLIInfo("Connecting to Broker : " + brokerURL)
+
+		client := broker.CliClient(brokerURL)
+		if client == nil {
+			command.LogCLIError("Error creating SEMP Client")
+			os.Exit(1)
+		}
+
+		brokerObjectType := cmd.Flags().Arg(0)
+
+		if len(brokerObjectType) == 0 {
+			command.LogCLIError("Terraform resource name not provided")
+			_ = cmd.Help()
+			os.Exit(1)
+		}
+		providerSpecificIdentifier := cmd.Flags().Arg(1)
+		if len(providerSpecificIdentifier) == 0 {
+			command.LogCLIError("Broker object not provided")
+			_ = cmd.Help()
+			os.Exit(1)
+		}
+
+		fileName := cmd.Flags().Arg(2)
+		if len(fileName) == 0 {
+			command.LogCLIError("\nError: Terraform file name not specified.\n\n")
+			_ = cmd.Help()
+			os.Exit(1)
+		}
+
+		if !strings.HasSuffix(fileName, ".tf") {
+			fileName = fileName + ".tf"
+		}
+
+		//Confirm SEMP version and connection via client
+		aboutPath := "/about/api"
+		result, err := client.RequestWithoutBody(cmd.Context(), http.MethodGet, aboutPath)
+		if err != nil {
+			command.LogCLIError("SEMP call failed. " + err.Error())
+			os.Exit(1)
+		}
+		brokerSempVersion, err := version.NewVersion(result["sempVersion"].(string))
+		if err != nil {
+			command.LogCLIError("Unable to parse SEMP version from API")
+			os.Exit(1)
+		}
+		command.LogCLIInfo("Connection successful")
+		command.LogCLIInfo("Broker SEMP version is " + brokerSempVersion.String())
+
+		command.LogCLIInfo("Attempt generation for broker object: " + brokerObjectType + " of " + providerSpecificIdentifier + " in file " + fileName)
+
+		object := &command.ObjectInfo{}
+
+		brokerObjectTypeName := brokerObjectType
+		brokerObjectInstanceName := strings.ToLower(brokerObjectType)
+		if strings.Contains(brokerObjectType, ".") {
+			brokerObjectTypeName = strings.Split(brokerObjectType, ".")[0]
+			//sanitize name
+			brokerObjectInstanceName = command.SanitizeHclIdentifierName(strings.Split(brokerObjectType, ".")[1])
+		}
+
+		brokerObjectTerraformName := strings.ReplaceAll(brokerObjectTypeName, "solacebroker_", "")
+
+		_, found := command.BrokerObjectRelationship[command.BrokerObjectType(brokerObjectTerraformName)]
+		if !found {
+			command.LogCLIError("\nError: Broker resource not found by terraform name : " + brokerObjectTerraformName + "\n\n")
+			os.Exit(1)
+		}
+		generatedResource := make(map[string]command.GeneratorTerraformOutput)
+		var brokerResources []map[string]command.ResourceConfig
+
+		// get all resources to be generated for
+		var resourcesToGenerate []command.BrokerObjectType
+		resourcesToGenerate = append(resourcesToGenerate, command.BrokerObjectType(brokerObjectTerraformName))
+		resourcesToGenerate = append(resourcesToGenerate, command.BrokerObjectRelationship[command.BrokerObjectType(brokerObjectTerraformName)]...)
+		for _, resource := range resourcesToGenerate {
+			generatedResults, generatedResourceChildren := generateForParentAndChildren(cmd.Context(), *client, string(resource), brokerObjectInstanceName, providerSpecificIdentifier, generatedResource)
+			brokerResources = append(brokerResources, generatedResults...)
+			maps.Copy(generatedResource, generatedResourceChildren)
+		}
+
+		fmt.Println("\nReplacing hardcoded names of inter-object dependencies by references where required ...")
+		fixInterObjectDependencies(brokerResources)
+
+		// Format the results
+		object.BrokerResources = command.ToFormattedHCL(brokerResources)
+
+		registry, ok := os.LookupEnv("SOLACEBROKER_REGISTRY_OVERRIDE")
+		if !ok {
+			registry = "registry.terraform.io"
+		}
+		object.Registry = registry
+		object.BrokerURL = brokerURL
+		object.Username = command.StringWithDefaultFromEnv("username", true, "")
+		object.Password = command.StringWithDefaultFromEnv("password", false, "")
+		if len(object.Password) == 0 {
+			object.BearerToken = command.StringWithDefaultFromEnv("bearer_token", true, "")
+		} else {
+			object.BearerToken = command.StringWithDefaultFromEnv("bearer_token", false, "")
+		}
+		object.FileName = fileName
+
+		command.LogCLIInfo("Found all resources. Generation started for file " + fileName)
+		_ = command.GenerateTerraformFile(object)
+		command.LogCLIInfo(fileName + " created successfully.")
+		os.Exit(0)
+	},
+}
+
+func generateForParentAndChildren(context context.Context, client semp.Client, parentTerraformName string, brokerObjectInstanceName string, providerSpecificIdentifier string, generatedResources map[string]command.GeneratorTerraformOutput) ([]map[string]command.ResourceConfig, map[string]command.GeneratorTerraformOutput) {
+	var brokerResources []map[string]command.ResourceConfig
+	var generatorTerraformOutputForParent command.GeneratorTerraformOutput
+
+	//get for parent
+	_, alreadyGenerated := generatedResources[parentTerraformName]
+
+	if !alreadyGenerated {
+		generatorTerraformOutputForParent = command.ParseTerraformObject(context, client, brokerObjectInstanceName, parentTerraformName, providerSpecificIdentifier, map[string]string{}, map[string]any{})
+		if len(generatorTerraformOutputForParent.TerraformOutput) > 0 {
+			command.LogCLIInfo("Generating terraform config for " + parentTerraformName)
+			resource := generatorTerraformOutputForParent.TerraformOutput
+			brokerResources = append(brokerResources, resource)
+			generatedResources[parentTerraformName] = generatorTerraformOutputForParent
+		}
+	} else {
+		//pick output for generated data
+		generatorTerraformOutputForParent = generatedResources[parentTerraformName]
+	}
+
+	childBrokerObjects := command.BrokerObjectRelationship[command.BrokerObjectType(parentTerraformName)]
+	//get all children resources
+
+	for _, childBrokerObject := range childBrokerObjects {
+
+		_, alreadyGeneratedChild := generatedResources[string(childBrokerObject)]
+
+		if !alreadyGeneratedChild {
+
+			command.LogCLIInfo("Generating terraform config for " + string(childBrokerObject) + " as related to " + parentTerraformName)
+
+			for key, parentBrokerResource := range generatorTerraformOutputForParent.TerraformOutput {
+
+				parentResourceAttributes := map[string]command.ResourceConfig{}
+
+				//use object name to build relationship
+				parentResourceAttributes[key] = parentBrokerResource
+
+				parentBrokerResourceAttributeRelationship := command.GetParentResourceAttributes(key, parentResourceAttributes)
+
+				brokerResourcesToAppend := map[string]command.ResourceConfig{}
+
+				//use parent semp response data to build semp request for children
+				generatorTerraformOutputForChild := command.ParseTerraformObject(context, client, brokerObjectInstanceName,
+					string(childBrokerObject),
+					providerSpecificIdentifier,
+					parentBrokerResourceAttributeRelationship,
+					generatorTerraformOutputForParent.SEMPDataResponse[key])
+
+				if len(generatorTerraformOutputForChild.TerraformOutput) > 0 {
+					generatedResources[string(childBrokerObject)] = generatorTerraformOutputForChild
+					for childBrokerResourceKey, childBrokerResourceValue := range generatorTerraformOutputForChild.TerraformOutput {
+						if len(generatorTerraformOutputForChild.SEMPDataResponse[childBrokerResourceKey]) > 0 {
+							//remove blanks
+							if generatorTerraformOutputForChild.TerraformOutput[childBrokerResourceKey].ResourceAttributes != nil {
+								brokerResourcesToAppend[childBrokerResourceKey] = childBrokerResourceValue
+							}
+						}
+					}
+					print("..")
+					brokerResources = append(brokerResources, brokerResourcesToAppend)
+				}
+			}
+		}
+	}
+	return brokerResources, generatedResources
+}
+
+func fixInterObjectDependencies(brokerResources []map[string]command.ResourceConfig) {
+	// this will modify the passed brokerResources object
+
+	//temporal hard coding dependency graph fix not available in SEMP API
+	InterObjectDependencies := map[string][]string{"solacebroker_msg_vpn_authorization_group": {"solacebroker_msg_vpn_client_profile", "solacebroker_msg_vpn_acl_profile"},
+		"solacebroker_msg_vpn_client_username":                            {"solacebroker_msg_vpn_client_profile", "solacebroker_msg_vpn_acl_profile"},
+		"solacebroker_msg_vpn_rest_delivery_point":                        {"solacebroker_msg_vpn_client_profile"},
+		"solacebroker_msg_vpn_acl_profile_client_connect_exception":       {"solacebroker_msg_vpn_acl_profile"},
+		"solacebroker_msg_vpn_acl_profile_publish_topic_exception":        {"solacebroker_msg_vpn_acl_profile"},
+		"solacebroker_msg_vpn_acl_profile_subscribe_share_name_exception": {"solacebroker_msg_vpn_acl_profile"},
+		"solacebroker_msg_vpn_acl_profile_subscribe_topic_exception":      {"solacebroker_msg_vpn_acl_profile"}}
+
+	ObjectNameAttributes := map[string]string{"solacebroker_msg_vpn_client_profile": "client_profile_name", "solacebroker_msg_vpn_acl_profile": "acl_profile_name"}
+
+	// Post-process brokerResources for dependencies
+
+	// For ech resource check if there is any dependency
+	for _, resources := range brokerResources {
+		var resourceType string
+		// var resourceConfig command.ResourceConfig
+		for resourceKey := range resources {
+			resourceType = strings.Split(resourceKey, " ")[0]
+			resourceDependencies, exists := InterObjectDependencies[resourceType]
+			if !exists {
+				continue
+			}
+			// Found a resource that has inter-object relationship
+			// fmt.Print("Found " + resourceKey + " with dependencies ")
+			// fmt.Println(resourceDependencies)
+			for _, dependency := range resourceDependencies {
+				nameAttribute := ObjectNameAttributes[dependency]
+				dependencyName := strings.Trim(resources[resourceKey].ResourceAttributes[nameAttribute].AttributeValue, "\"")
+				if dependencyName != "" {
+					// fmt.Println("   Dependency " + dependency + " name is " + dependencyName)
+					// Look up key for dependency with dependencyName - iterate all brokerResources
+					found := false
+					for _, r := range brokerResources {
+						for k := range r {
+							rName := strings.Split(k, " ")[0]
+							if rName != dependency {
+								continue
+							}
+							// Check the name of the found resource
+							if strings.Trim(r[k].ResourceAttributes[nameAttribute].AttributeValue, "\"") == dependencyName {
+								// fmt.Println("         Found " + k + " as suitable dependency")
+								// Replace hardcoded name by reference
+								newInfo := command.ResourceAttributeInfo{
+									AttributeValue: strings.Replace(k, " ", ".", -1) + "." + nameAttribute,
+									Comment:        resources[resourceKey].ResourceAttributes[nameAttribute].Comment,
+								}
+								resources[resourceKey].ResourceAttributes[nameAttribute] = newInfo
+								found = true
+								break
+							}
+						}
+						if found {
+							break
+						}
+					}
+				}
+			}
+		}
+	}
+}
+
+func init() {
+	rootCmd.AddCommand(generateCmd)
+	generateCmd.PersistentFlags().String("url", "http://localhost:8080", "Broker URL")
+}
diff --git a/cmd/root.go b/cmd/root.go
new file mode 100644
index 00000000..e549e465
--- /dev/null
+++ b/cmd/root.go
@@ -0,0 +1,39 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+	terraform "terraform-provider-solacebroker/cmd/command"
+)
+
+var rootCmd = &cobra.Command{
+	Use:   "terraform-provider-solacebroker",
+	Short: "",
+	Long: `Terraform provider for the Solace PubSubPlus Software Event Broker.
+This binary is both a plugin for Terraform CLI and it also provides command-line options when invoked as standalone.
+The rest of this help describes the command-line use.`,
+}
+
+func Execute() error {
+	terraform.CreateBrokerObjectRelationships()
+	err := rootCmd.Execute()
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/cmd/versioncmd.go b/cmd/versioncmd.go
new file mode 100644
index 00000000..78cd6d90
--- /dev/null
+++ b/cmd/versioncmd.go
@@ -0,0 +1,38 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package cmd
+
+import (
+	"fmt"
+	"terraform-provider-solacebroker/internal/broker"
+	"terraform-provider-solacebroker/internal/broker/generated"
+
+	"github.com/spf13/cobra"
+)
+
+// versionCmd represents the version command
+var versionCmd = &cobra.Command{
+	Use:   "version",
+	Short: "Provides version information about the current binary",
+	Long:  "",
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println(fmt.Sprintf("Provider version: %s, based on Semp version %s", broker.ProviderVersion, generated.SempVersion))
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(versionCmd)
+}
diff --git a/debugRun-windows.go b/debugRun-windows.go
new file mode 100644
index 00000000..69883b71
--- /dev/null
+++ b/debugRun-windows.go
@@ -0,0 +1,23 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build windows
+
+package main
+
+func debugRun(debugRun, address string) {
+	// panic("not implemented")
+}
diff --git a/debugRun.go b/debugRun.go
new file mode 100644
index 00000000..01916f02
--- /dev/null
+++ b/debugRun.go
@@ -0,0 +1,103 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !windows
+
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"syscall"
+	"time"
+)
+
+func findDebugPort() (string, error) {
+	entries, err := os.ReadDir(os.TempDir())
+	if err != nil {
+		return "", err
+	}
+	var sockets []os.DirEntry
+	for _, e := range entries {
+		if strings.HasPrefix(e.Name(), "plugin") && e.Type() == os.ModeSocket {
+			sockets = append(sockets, e)
+		}
+	}
+	if len(sockets) == 0 {
+		return "", errors.New("could not find debug reattach socket")
+	}
+	socket := sockets[0]
+	info, err := socket.Info()
+	if err != nil {
+		return "", err
+	}
+	for _, s := range sockets[1:] {
+		i, err := s.Info()
+		if err != nil {
+			return "", err
+		}
+		if i.ModTime().After(info.ModTime()) {
+			socket, info = s, i
+		}
+	}
+	return filepath.Join(os.TempDir(), socket.Name()), nil
+}
+
+func debugRun(debugRun, address string) {
+	if debugRun == "" {
+		return
+	}
+	time.Sleep(time.Second)
+	socket, err := findDebugPort()
+	if err != nil {
+		fmt.Printf("error finding debug reattach socket: %v\n", err)
+		return
+	}
+	cmdLine := strings.Split(debugRun, " ")
+	cmd := exec.Command(cmdLine[0], cmdLine[1:]...)
+	data, err := json.Marshal(map[string]any{
+		address: map[string]any{
+			"Protocol":        "grpc",
+			"ProtocolVersion": 6,
+			"Pid":             os.Getpid(),
+			"Test":            true,
+			"Addr": map[string]any{
+				"Network": "unix",
+				"String":  socket,
+			},
+		},
+	})
+	cmd.Env = append(
+		[]string{"TF_REATTACH_PROVIDERS=" + string(data)},
+		os.Environ()...)
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	err = cmd.Run()
+	if err != nil {
+		fmt.Printf("error running %v: %v\n", debugRun, err)
+	} else {
+		fmt.Printf("%v successful.\n", debugRun)
+	}
+	// send an interrupt rather than just os.Exit so that proper cleanup will be done
+	syscall.Kill(os.Getpid(), syscall.SIGINT)
+	// close stderr so that we don't get spurious error messages when debugging
+	os.Stderr.Close()
+}
diff --git a/docs/data-sources/about_api.md b/docs/data-sources/about_api.md
new file mode 100644
index 00000000..3cd77fe5
--- /dev/null
+++ b/docs/data-sources/about_api.md
@@ -0,0 +1,30 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_about_api Data Source - solacebroker"
+subcategory: ""
+description: |-
+  The API Description object provides metadata about the SEMP API.
+  A SEMP client authorized with a minimum access scope/level of "global/none" is required to perform this operation.
+  This has been available since SEMP API version 2.2.
+---
+
+# solacebroker_about_api (Data Source)
+
+The API Description object provides metadata about the SEMP API.
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/none" is required to perform this operation.
+
+This has been available since SEMP API version 2.2.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+- `platform` (String) The platform running the SEMP API.
+- `semp_version` (String) The version of the SEMP API.
diff --git a/docs/data-sources/about_user.md b/docs/data-sources/about_user.md
new file mode 100644
index 00000000..0382c7ec
--- /dev/null
+++ b/docs/data-sources/about_user.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_about_user Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Session and access level information about the user accessing the SEMP API.
+  A SEMP client authorized with a minimum access scope/level of "global/none" is required to perform this operation.
+  This has been available since SEMP API version 2.2.
+---
+
+# solacebroker_about_user (Data Source)
+
+Session and access level information about the user accessing the SEMP API.
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/none" is required to perform this operation.
+
+This has been available since SEMP API version 2.2.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `global_access_level` (String) The global access level of the User. The allowed values and their meaning are:
+
+<pre>
+"admin" - Full administrative access.
+"none" - No access.
+"read-only" - Read only access.
+"read-write" - Read and write access.
+</pre>
+- `global_dmr_bridge_access_enabled` (Boolean) Indicates whether global DMR Bridge access is enabled for the User. This is only for Solace internal use. This attribute may not be returned in a GET. Available since (hidden in public API).
+- `id` (String) Identifier attribute, for internal use only.
+- `session_active` (Boolean) Indicates whether a session is active for this request. Available since SEMP API version 2.24.
+- `session_create_time` (Number) The timestamp of when the session was created. This attribute may not be returned in a GET. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since SEMP API version 2.21.
+- `session_current_time` (Number) The current server timestamp. This is provided as a reference point for the other timestamps provided. This attribute may not be returned in a GET. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since SEMP API version 2.21.
+- `session_hard_expiry_time` (Number) The hard expiry time for the session. After this time the session will be invalid, regardless of activity. This attribute may not be returned in a GET. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since SEMP API version 2.21.
+- `session_id` (String) An identifier for the session to differentiate this session from other sessions for the same user. This value is not guaranteed to be unique between active sessions for different users. This attribute may not be returned in a GET. Available since SEMP API version 2.21.
+- `session_idle_expiry_time` (Number) The session idle expiry time. After this time the session will be invalid if there has been no activity. This attribute may not be returned in a GET. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since SEMP API version 2.21.
+- `username` (String) The username of the User. Available since SEMP API version 2.21.
diff --git a/docs/data-sources/about_user_msg_vpn.md b/docs/data-sources/about_user_msg_vpn.md
new file mode 100644
index 00000000..3fa92ac9
--- /dev/null
+++ b/docs/data-sources/about_user_msg_vpn.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_about_user_msg_vpn Data Source - solacebroker"
+subcategory: ""
+description: |-
+  This provides information about the Message VPN access level for the username used to access the SEMP API.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/none" is required to perform this operation.
+  This has been available since SEMP API version 2.2.
+---
+
+# solacebroker_about_user_msg_vpn (Data Source)
+
+This provides information about the Message VPN access level for the username used to access the SEMP API.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/none" is required to perform this operation.
+
+This has been available since SEMP API version 2.2.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `access_level` (String) The Message VPN access level of the User. The allowed values and their meaning are:
+
+<pre>
+"none" - No access.
+"read-only" - Read only access.
+"read-write" - Read and write access.
+</pre>
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/broker.md b/docs/data-sources/broker.md
new file mode 100644
index 00000000..7a45871d
--- /dev/null
+++ b/docs/data-sources/broker.md
@@ -0,0 +1,552 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_broker Data Source - solacebroker"
+subcategory: ""
+description: |-
+  This object contains global configuration for the message broker.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  tlsservercertcontent||x||x
+  tlsservercertpassword||x||
+  A SEMP client authorized with a minimum access scope/level of "global/none" is required to perform this operation. Requests which include the following attributes require greater access scope/level:
+  Attribute|Access Scope/Level
+  :---|:---:
+  authclientcertrevocationcheckmode|global/read-only
+  configsyncauthenticationclientcertmaxchaindepth|global/read-only
+  configsyncauthenticationclientcertvalidatedateenabled|global/read-only
+  configsyncclientprofiletcpinitialcongestionwindow|global/read-only
+  configsyncclientprofiletcpkeepalivecount|global/read-only
+  configsyncclientprofiletcpkeepaliveidle|global/read-only
+  configsyncclientprofiletcpkeepaliveinterval|global/read-only
+  configsyncclientprofiletcpmaxwindow|global/read-only
+  configsyncclientprofiletcpmss|global/read-only
+  configsyncenabled|global/read-only
+  configsyncsynchronizeusernameenabled|global/read-only
+  configsynctlsenabled|global/read-only
+  guaranteedmsgingdefragmentationscheduledaylist|global/read-only
+  guaranteedmsgingdefragmentationscheduleenabled|global/read-only
+  guaranteedmsgingdefragmentationscheduletimelist|global/read-only
+  guaranteedmsgingdefragmentationthresholdenabled|global/read-only
+  guaranteedmsgingdefragmentationthresholdfragmentationpercentage|global/read-only
+  guaranteedmsgingdefragmentationthresholdmininterval|global/read-only
+  guaranteedmsgingdefragmentationthresholdusagepercentage|global/read-only
+  guaranteedmsgingenabled|global/read-only
+  guaranteedmsgingeventcacheusagethreshold.clearpercent|global/read-only
+  guaranteedmsgingeventcacheusagethreshold.clearvalue|global/read-only
+  guaranteedmsgingeventcacheusagethreshold.setpercent|global/read-only
+  guaranteedmsgingeventcacheusagethreshold.setvalue|global/read-only
+  guaranteedmsgingeventdeliveredunackedthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventdeliveredunackedthreshold.setpercent|global/read-only
+  guaranteedmsgingeventdiskusagethreshold.clearpercent|global/read-only
+  guaranteedmsgingeventdiskusagethreshold.setpercent|global/read-only
+  guaranteedmsgingeventegressflowcountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventegressflowcountthreshold.clearvalue|global/read-only
+  guaranteedmsgingeventegressflowcountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventegressflowcountthreshold.setvalue|global/read-only
+  guaranteedmsgingeventendpointcountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventendpointcountthreshold.clearvalue|global/read-only
+  guaranteedmsgingeventendpointcountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventendpointcountthreshold.setvalue|global/read-only
+  guaranteedmsgingeventingressflowcountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventingressflowcountthreshold.clearvalue|global/read-only
+  guaranteedmsgingeventingressflowcountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventingressflowcountthreshold.setvalue|global/read-only
+  guaranteedmsgingeventmsgcountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventmsgcountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventmsgspoolfilecountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventmsgspoolfilecountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventmsgspoolusagethreshold.clearpercent|global/read-only
+  guaranteedmsgingeventmsgspoolusagethreshold.clearvalue|global/read-only
+  guaranteedmsgingeventmsgspoolusagethreshold.setpercent|global/read-only
+  guaranteedmsgingeventmsgspoolusagethreshold.setvalue|global/read-only
+  guaranteedmsgingeventtransactedsessioncountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventtransactedsessioncountthreshold.clearvalue|global/read-only
+  guaranteedmsgingeventtransactedsessioncountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventtransactedsessioncountthreshold.setvalue|global/read-only
+  guaranteedmsgingeventtransactedsessionresourcecountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventtransactedsessionresourcecountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventtransactioncountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventtransactioncountthreshold.clearvalue|global/read-only
+  guaranteedmsgingeventtransactioncountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventtransactioncountthreshold.setvalue|global/read-only
+  guaranteedmsgingmaxcacheusage|global/read-only
+  guaranteedmsgingmaxmsgspoolusage|global/read-only
+  guaranteedmsgingmsgspoolsyncmirroredmsgacktimeout|global/read-only
+  guaranteedmsgingmsgspoolsyncmirroredspoolfileacktimeout|global/read-only
+  guaranteedmsgingtransactionreplicationcompatibilitymode|global/read-only
+  oauthprofiledefault|global/read-only
+  serviceamqpenabled|global/read-only
+  serviceamqptlslistenport|global/read-only
+  serviceeventconnectioncountthreshold.clearpercent|global/read-only
+  serviceeventconnectioncountthreshold.clearvalue|global/read-only
+  serviceeventconnectioncountthreshold.setpercent|global/read-only
+  serviceeventconnectioncountthreshold.setvalue|global/read-only
+  servicehealthcheckenabled|global/read-only
+  servicehealthchecklistenport|global/read-only
+  servicehealthchecktlsenabled|global/read-only
+  servicehealthchecktlslistenport|global/read-only
+  servicematelinkenabled|global/read-only
+  servicematelinklistenport|global/read-only
+  servicemqttenabled|global/read-only
+  servicemsgbackboneenabled|global/read-only
+  serviceredundancyenabled|global/read-only
+  serviceredundancyfirstlistenport|global/read-only
+  serviceresteventoutgoingconnectioncountthreshold.clearpercent|global/read-only
+  serviceresteventoutgoingconnectioncountthreshold.clearvalue|global/read-only
+  serviceresteventoutgoingconnectioncountthreshold.setpercent|global/read-only
+  serviceresteventoutgoingconnectioncountthreshold.setvalue|global/read-only
+  servicerestincomingenabled|global/read-only
+  servicerestoutgoingenabled|global/read-only
+  servicesempcorsallowanyhostenabled|global/read-only
+  servicesemplegacytimeoutenabled|global/read-only
+  servicesempplaintextenabled|global/read-only
+  servicesempplaintextlistenport|global/read-only
+  servicesempsessionidletimeout|global/read-only
+  servicesempsessionmaxlifetime|global/read-only
+  servicesemptlsenabled|global/read-only
+  servicesemptlslistenport|global/read-only
+  servicesmfcompressionlistenport|global/read-only
+  servicesmfenabled|global/read-only
+  servicesmfeventconnectioncountthreshold.clearpercent|global/read-only
+  servicesmfeventconnectioncountthreshold.clearvalue|global/read-only
+  servicesmfeventconnectioncountthreshold.setpercent|global/read-only
+  servicesmfeventconnectioncountthreshold.setvalue|global/read-only
+  servicesmfplaintextlistenport|global/read-only
+  servicesmfroutingcontrollistenport|global/read-only
+  servicesmftlslistenport|global/read-only
+  servicetlseventconnectioncountthreshold.clearpercent|global/read-only
+  servicetlseventconnectioncountthreshold.clearvalue|global/read-only
+  servicetlseventconnectioncountthreshold.setpercent|global/read-only
+  servicetlseventconnectioncountthreshold.setvalue|global/read-only
+  servicewebtransportenabled|global/read-only
+  servicewebtransportplaintextlistenport|global/read-only
+  servicewebtransporttlslistenport|global/read-only
+  servicewebtransportweburlsuffix|global/read-only
+  tlsblockversion11enabled|global/read-only
+  tlsciphersuitemanagementlist|global/read-only
+  tlsciphersuitemsgbackbonelist|global/read-only
+  tlsciphersuitesecureshelllist|global/read-only
+  tlscrimeexploitprotectionenabled|global/read-only
+  tlsservercertcontent|global/read-only
+  tlsstandarddomaincertificateauthoritiesenabled|vpn/read-only
+  tlsticketlifetime|global/read-only
+  webmanagerallowunencryptedwizardsenabled|vpn/read-only
+  webmanagercustomization|vpn/read-only
+  webmanagerredirecthttpenabled|vpn/read-only
+  webmanagerredirecthttpoverridetls_port|vpn/read-only
+  This has been available since SEMP API version 2.13.
+---
+
+# solacebroker_broker (Data Source)
+
+This object contains global configuration for the message broker.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+tls_server_cert_content||x||x
+tls_server_cert_password||x||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/none" is required to perform this operation. Requests which include the following attributes require greater access scope/level:
+
+
+Attribute|Access Scope/Level
+:---|:---:
+auth_client_cert_revocation_check_mode|global/read-only
+config_sync_authentication_client_cert_max_chain_depth|global/read-only
+config_sync_authentication_client_cert_validate_date_enabled|global/read-only
+config_sync_client_profile_tcp_initial_congestion_window|global/read-only
+config_sync_client_profile_tcp_keepalive_count|global/read-only
+config_sync_client_profile_tcp_keepalive_idle|global/read-only
+config_sync_client_profile_tcp_keepalive_interval|global/read-only
+config_sync_client_profile_tcp_max_window|global/read-only
+config_sync_client_profile_tcp_mss|global/read-only
+config_sync_enabled|global/read-only
+config_sync_synchronize_username_enabled|global/read-only
+config_sync_tls_enabled|global/read-only
+guaranteed_msging_defragmentation_schedule_day_list|global/read-only
+guaranteed_msging_defragmentation_schedule_enabled|global/read-only
+guaranteed_msging_defragmentation_schedule_time_list|global/read-only
+guaranteed_msging_defragmentation_threshold_enabled|global/read-only
+guaranteed_msging_defragmentation_threshold_fragmentation_percentage|global/read-only
+guaranteed_msging_defragmentation_threshold_min_interval|global/read-only
+guaranteed_msging_defragmentation_threshold_usage_percentage|global/read-only
+guaranteed_msging_enabled|global/read-only
+guaranteed_msging_event_cache_usage_threshold.clear_percent|global/read-only
+guaranteed_msging_event_cache_usage_threshold.clear_value|global/read-only
+guaranteed_msging_event_cache_usage_threshold.set_percent|global/read-only
+guaranteed_msging_event_cache_usage_threshold.set_value|global/read-only
+guaranteed_msging_event_delivered_unacked_threshold.clear_percent|global/read-only
+guaranteed_msging_event_delivered_unacked_threshold.set_percent|global/read-only
+guaranteed_msging_event_disk_usage_threshold.clear_percent|global/read-only
+guaranteed_msging_event_disk_usage_threshold.set_percent|global/read-only
+guaranteed_msging_event_egress_flow_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_egress_flow_count_threshold.clear_value|global/read-only
+guaranteed_msging_event_egress_flow_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_egress_flow_count_threshold.set_value|global/read-only
+guaranteed_msging_event_endpoint_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_endpoint_count_threshold.clear_value|global/read-only
+guaranteed_msging_event_endpoint_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_endpoint_count_threshold.set_value|global/read-only
+guaranteed_msging_event_ingress_flow_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_ingress_flow_count_threshold.clear_value|global/read-only
+guaranteed_msging_event_ingress_flow_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_ingress_flow_count_threshold.set_value|global/read-only
+guaranteed_msging_event_msg_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_msg_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_msg_spool_file_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_msg_spool_file_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_msg_spool_usage_threshold.clear_percent|global/read-only
+guaranteed_msging_event_msg_spool_usage_threshold.clear_value|global/read-only
+guaranteed_msging_event_msg_spool_usage_threshold.set_percent|global/read-only
+guaranteed_msging_event_msg_spool_usage_threshold.set_value|global/read-only
+guaranteed_msging_event_transacted_session_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_transacted_session_count_threshold.clear_value|global/read-only
+guaranteed_msging_event_transacted_session_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_transacted_session_count_threshold.set_value|global/read-only
+guaranteed_msging_event_transacted_session_resource_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_transacted_session_resource_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_transaction_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_transaction_count_threshold.clear_value|global/read-only
+guaranteed_msging_event_transaction_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_transaction_count_threshold.set_value|global/read-only
+guaranteed_msging_max_cache_usage|global/read-only
+guaranteed_msging_max_msg_spool_usage|global/read-only
+guaranteed_msging_msg_spool_sync_mirrored_msg_ack_timeout|global/read-only
+guaranteed_msging_msg_spool_sync_mirrored_spool_file_ack_timeout|global/read-only
+guaranteed_msging_transaction_replication_compatibility_mode|global/read-only
+oauth_profile_default|global/read-only
+service_amqp_enabled|global/read-only
+service_amqp_tls_listen_port|global/read-only
+service_event_connection_count_threshold.clear_percent|global/read-only
+service_event_connection_count_threshold.clear_value|global/read-only
+service_event_connection_count_threshold.set_percent|global/read-only
+service_event_connection_count_threshold.set_value|global/read-only
+service_health_check_enabled|global/read-only
+service_health_check_listen_port|global/read-only
+service_health_check_tls_enabled|global/read-only
+service_health_check_tls_listen_port|global/read-only
+service_mate_link_enabled|global/read-only
+service_mate_link_listen_port|global/read-only
+service_mqtt_enabled|global/read-only
+service_msg_backbone_enabled|global/read-only
+service_redundancy_enabled|global/read-only
+service_redundancy_first_listen_port|global/read-only
+service_rest_event_outgoing_connection_count_threshold.clear_percent|global/read-only
+service_rest_event_outgoing_connection_count_threshold.clear_value|global/read-only
+service_rest_event_outgoing_connection_count_threshold.set_percent|global/read-only
+service_rest_event_outgoing_connection_count_threshold.set_value|global/read-only
+service_rest_incoming_enabled|global/read-only
+service_rest_outgoing_enabled|global/read-only
+service_semp_cors_allow_any_host_enabled|global/read-only
+service_semp_legacy_timeout_enabled|global/read-only
+service_semp_plain_text_enabled|global/read-only
+service_semp_plain_text_listen_port|global/read-only
+service_semp_session_idle_timeout|global/read-only
+service_semp_session_max_lifetime|global/read-only
+service_semp_tls_enabled|global/read-only
+service_semp_tls_listen_port|global/read-only
+service_smf_compression_listen_port|global/read-only
+service_smf_enabled|global/read-only
+service_smf_event_connection_count_threshold.clear_percent|global/read-only
+service_smf_event_connection_count_threshold.clear_value|global/read-only
+service_smf_event_connection_count_threshold.set_percent|global/read-only
+service_smf_event_connection_count_threshold.set_value|global/read-only
+service_smf_plain_text_listen_port|global/read-only
+service_smf_routing_control_listen_port|global/read-only
+service_smf_tls_listen_port|global/read-only
+service_tls_event_connection_count_threshold.clear_percent|global/read-only
+service_tls_event_connection_count_threshold.clear_value|global/read-only
+service_tls_event_connection_count_threshold.set_percent|global/read-only
+service_tls_event_connection_count_threshold.set_value|global/read-only
+service_web_transport_enabled|global/read-only
+service_web_transport_plain_text_listen_port|global/read-only
+service_web_transport_tls_listen_port|global/read-only
+service_web_transport_web_url_suffix|global/read-only
+tls_block_version11_enabled|global/read-only
+tls_cipher_suite_management_list|global/read-only
+tls_cipher_suite_msg_backbone_list|global/read-only
+tls_cipher_suite_secure_shell_list|global/read-only
+tls_crime_exploit_protection_enabled|global/read-only
+tls_server_cert_content|global/read-only
+tls_standard_domain_certificate_authorities_enabled|vpn/read-only
+tls_ticket_lifetime|global/read-only
+web_manager_allow_unencrypted_wizards_enabled|vpn/read-only
+web_manager_customization|vpn/read-only
+web_manager_redirect_http_enabled|vpn/read-only
+web_manager_redirect_http_override_tls_port|vpn/read-only
+
+
+
+This has been available since SEMP API version 2.13.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Read-Only
+
+- `auth_client_cert_revocation_check_mode` (String) The client certificate revocation checking mode used when a client authenticates with a client certificate. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - Do not perform any certificate revocation checking.
+"ocsp" - Use the Open Certificate Status Protcol (OCSP) for certificate revocation checking.
+"crl" - Use Certificate Revocation Lists (CRL) for certificate revocation checking.
+"ocsp-crl" - Use OCSP first, but if OCSP fails to return an unambiguous result, then check via CRL.
+</pre>
+- `config_sync_authentication_client_cert_max_chain_depth` (Number) The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The default value is `3`. Available since SEMP API version 2.22.
+- `config_sync_authentication_client_cert_validate_date_enabled` (Boolean) Enable or disable validation of the "Not Before" and "Not After" validity dates in the authentication certificate(s). The default value is `true`. Available since SEMP API version 2.22.
+- `config_sync_client_profile_tcp_initial_congestion_window` (Number) The TCP initial congestion window size for Config Sync clients, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. The default value is `2`. Available since SEMP API version 2.22.
+- `config_sync_client_profile_tcp_keepalive_count` (Number) The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. The default value is `5`. Available since SEMP API version 2.22.
+- `config_sync_client_profile_tcp_keepalive_idle` (Number) The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. The default value is `3`. Available since SEMP API version 2.22.
+- `config_sync_client_profile_tcp_keepalive_interval` (Number) The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. The default value is `1`. Available since SEMP API version 2.22.
+- `config_sync_client_profile_tcp_max_window` (Number) The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. The default value is `256`. Available since SEMP API version 2.22.
+- `config_sync_client_profile_tcp_mss` (Number) The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. The default value is `1460`. Available since SEMP API version 2.22.
+- `config_sync_enabled` (Boolean) Enable or disable configuration synchronization for High Availability or Disaster Recovery. The default value is `false`. Available since SEMP API version 2.22.
+- `config_sync_synchronize_username_enabled` (Boolean) Enable or disable the synchronizing of usernames within High Availability groups. The transition from not synchronizing to synchronizing will cause the High Availability mate to fall out of sync. Recommendation: leave this as enabled. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.22.
+- `config_sync_tls_enabled` (Boolean) Enable or disable the use of TLS encryption of the configuration synchronization communications between brokers in High Availability groups and/or Disaster Recovery sites. The default value is `false`. Available since SEMP API version 2.22.
+- `guaranteed_msging_defragmentation_schedule_day_list` (String) The days of the week to schedule defragmentation runs, specified as "daily" or as a comma-separated list of days. Days must be specified as "Sun", "Mon", "Tue", "Wed", "Thu", "Fri, or "Sat", with no spaces, and in sorted order from Sunday to Saturday. Please note "Sun,Mon,Tue,Wed,Thu,Fri,Sat" is not allowed, use "daily" instead. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"daily"`. Available since SEMP API version 2.25.
+- `guaranteed_msging_defragmentation_schedule_enabled` (Boolean) Enable or disable schedule-based defragmentation of Guaranteed Messaging spool files. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.25.
+- `guaranteed_msging_defragmentation_schedule_time_list` (String) The times of the day to schedule defragmentation runs, specified as "hourly" or as a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"0:00"`. Available since SEMP API version 2.25.
+- `guaranteed_msging_defragmentation_threshold_enabled` (Boolean) Enable or disable threshold-based defragmentation of Guaranteed Messaging spool files. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.25.
+- `guaranteed_msging_defragmentation_threshold_fragmentation_percentage` (Number) Percentage of spool fragmentation needed to trigger defragmentation run. The minimum value allowed is 30%. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `50`. Available since SEMP API version 2.25.
+- `guaranteed_msging_defragmentation_threshold_min_interval` (Number) Minimum interval of time (in minutes) between defragmentation runs triggered by thresholds. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `15`. Available since SEMP API version 2.25.
+- `guaranteed_msging_defragmentation_threshold_usage_percentage` (Number) Percentage of spool usage needed to trigger defragmentation run. The minimum value allowed is 30%. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `50`. Available since SEMP API version 2.25.
+- `guaranteed_msging_enabled` (Boolean) Enable or disable Guaranteed Messaging. The default value is `false`. Available since SEMP API version 2.18.
+- `guaranteed_msging_event_cache_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_cache_usage_threshold))
+- `guaranteed_msging_event_delivered_unacked_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_delivered_unacked_threshold))
+- `guaranteed_msging_event_disk_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_disk_usage_threshold))
+- `guaranteed_msging_event_egress_flow_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_egress_flow_count_threshold))
+- `guaranteed_msging_event_endpoint_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_endpoint_count_threshold))
+- `guaranteed_msging_event_ingress_flow_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_ingress_flow_count_threshold))
+- `guaranteed_msging_event_msg_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_msg_count_threshold))
+- `guaranteed_msging_event_msg_spool_file_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_msg_spool_file_count_threshold))
+- `guaranteed_msging_event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_msg_spool_usage_threshold))
+- `guaranteed_msging_event_transacted_session_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_transacted_session_count_threshold))
+- `guaranteed_msging_event_transacted_session_resource_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_transacted_session_resource_count_threshold))
+- `guaranteed_msging_event_transaction_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_transaction_count_threshold))
+- `guaranteed_msging_max_cache_usage` (Number) Guaranteed messaging cache usage limit. Expressed as a maximum percentage of the NAB's egress queueing. resources that the guaranteed message cache is allowed to use. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `10`. Available since SEMP API version 2.18.
+- `guaranteed_msging_max_msg_spool_usage` (Number) The maximum total message spool usage allowed across all VPNs on this broker, in megabytes. Recommendation: the maximum value should be less than 90% of the disk space allocated for the guaranteed message spool. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1500`. Available since SEMP API version 2.18.
+- `guaranteed_msging_msg_spool_sync_mirrored_msg_ack_timeout` (Number) The maximum time, in milliseconds, that can be tolerated for remote acknowledgment of synchronization messages before which the remote system will be considered out of sync. The default value is `10000`. Available since SEMP API version 2.18.
+- `guaranteed_msging_msg_spool_sync_mirrored_spool_file_ack_timeout` (Number) The maximum time, in milliseconds, that can be tolerated for remote disk writes before which the remote system will be considered out of sync. The default value is `10000`. Available since SEMP API version 2.18.
+- `guaranteed_msging_transaction_replication_compatibility_mode` (String) The replication compatibility mode for the broker. The default value is `"legacy"`. The allowed values and their meaning are:"legacy" - All transactions originated by clients are replicated to the standby site without using transactions."transacted" - All transactions originated by clients are replicated to the standby site using transactions. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"legacy"`. The allowed values and their meaning are:
+
+<pre>
+"legacy" - All transactions originated by clients are replicated to the standby site without using transactions.
+"transacted" - All transactions originated by clients are replicated to the standby site using transactions.
+</pre>
+ Available since SEMP API version 2.18.
+- `id` (String) Identifier attribute, for internal use only.
+- `oauth_profile_default` (String) The default OAuth profile for OAuth authenticated SEMP requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`. Available since SEMP API version 2.24.
+- `service_amqp_enabled` (Boolean) Enable or disable the AMQP service. When disabled new AMQP Clients may not connect through the global or per-VPN AMQP listen-ports, and all currently connected AMQP Clients are immediately disconnected. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.
+- `service_amqp_tls_listen_port` (Number) TCP port number that AMQP clients can use to connect to the broker using raw TCP over TLS. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_amqp_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since SEMP API version 2.17.
+- `service_event_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--service_event_connection_count_threshold))
+- `service_health_check_enabled` (Boolean) Enable or disable the plain-text health-check service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.
+- `service_health_check_listen_port` (Number) The port number for the plain-text health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_health_check_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5550`. Available since SEMP API version 2.17.
+- `service_health_check_tls_enabled` (Boolean) Enable or disable the TLS health-check service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.34.
+- `service_health_check_tls_listen_port` (Number) The port number for the TLS health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_health_check_tls_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since SEMP API version 2.34.
+- `service_mate_link_enabled` (Boolean) Enable or disable the mate-link service. The default value is `true`. Available since SEMP API version 2.17.
+- `service_mate_link_listen_port` (Number) The port number for the mate-link service. The port must be unique across the message backbone. The mate-link service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mate_link_enabled will be temporarily set to false to apply the change. The default value is `8741`. Available since SEMP API version 2.17.
+- `service_mqtt_enabled` (Boolean) Enable or disable the MQTT service. When disabled new MQTT Clients may not connect through the per-VPN MQTT listen-ports, and all currently connected MQTT Clients are immediately disconnected. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.
+- `service_msg_backbone_enabled` (Boolean) Enable or disable the msg-backbone service. When disabled new Clients may not connect through global or per-VPN listen-ports, and all currently connected Clients are immediately disconnected. The default value is `true`. Available since SEMP API version 2.17.
+- `service_redundancy_enabled` (Boolean) Enable or disable the redundancy service. The default value is `true`. Available since SEMP API version 2.17.
+- `service_redundancy_first_listen_port` (Number) The first listen-port used for the redundancy service. Redundancy uses this port and the subsequent 2 ports. These port must be unique across the message backbone. The redundancy service must be disabled to change this port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_redundancy_enabled will be temporarily set to false to apply the change. The default value is `8300`. Available since SEMP API version 2.17.
+- `service_rest_event_outgoing_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--service_rest_event_outgoing_connection_count_threshold))
+- `service_rest_incoming_enabled` (Boolean) Enable or disable the REST service incoming connections on the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.
+- `service_rest_outgoing_enabled` (Boolean) Enable or disable the REST service outgoing connections on the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.
+- `service_semp_cors_allow_any_host_enabled` (Boolean) Enable or disable cross origin resource requests for the SEMP service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.24.
+- `service_semp_legacy_timeout_enabled` (Boolean) Enable or disable extended SEMP timeouts for paged responses. When a request times out, it returns the current page of content, even if the page is not full.  When enabled, the timeout is 60 seconds. When disabled, the timeout is 5 seconds.  The recommended setting is disabled (no legacy-timeout).  This parameter is intended as a temporary workaround to be used until SEMP clients can handle short pages.  This setting will be removed in a future release. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.18.
+- `service_semp_plain_text_enabled` (Boolean) Enable or disable plain-text SEMP service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.17.
+- `service_semp_session_idle_timeout` (Number) The session idle timeout, in minutes. Sessions will be invalidated if there is no activity in this period of time. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `15`. Available since SEMP API version 2.21.
+- `service_semp_session_max_lifetime` (Number) The maximum lifetime of a session, in minutes. Sessions will be invalidated after this period of time, regardless of activity. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `43200`. Available since SEMP API version 2.21.
+- `service_semp_tls_enabled` (Boolean) Enable or disable TLS SEMP service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.17.
+- `service_smf_compression_listen_port` (Number) TCP port number that SMF clients can use to connect to the broker using raw compression TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_smf_enabled will be temporarily set to false to apply the change. The default value is `55003`. Available since SEMP API version 2.17.
+- `service_smf_enabled` (Boolean) Enable or disable the SMF service. When disabled new SMF Clients may not connect through the global listen-ports, and all currently connected SMF Clients are immediately disconnected. The default value is `true`. Available since SEMP API version 2.17.
+- `service_smf_event_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--service_smf_event_connection_count_threshold))
+- `service_smf_plain_text_listen_port` (Number) TCP port number that SMF clients can use to connect to the broker using raw TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_smf_enabled will be temporarily set to false to apply the change. The default value is `55555`. Available since SEMP API version 2.17.
+- `service_smf_routing_control_listen_port` (Number) TCP port number that SMF clients can use to connect to the broker using raw routing control TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_smf_enabled will be temporarily set to false to apply the change. The default value is `55556`. Available since SEMP API version 2.17.
+- `service_smf_tls_listen_port` (Number) TCP port number that SMF clients can use to connect to the broker using raw TCP over TLS. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_smf_enabled will be temporarily set to false to apply the change. The default value is `55443`. Available since SEMP API version 2.17.
+- `service_tls_event_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--service_tls_event_connection_count_threshold))
+- `service_web_transport_enabled` (Boolean) Enable or disable the web-transport service. When disabled new web-transport Clients may not connect through the global listen-ports, and all currently connected web-transport Clients are immediately disconnected. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.
+- `service_web_transport_plain_text_listen_port` (Number) The TCP port for plain-text WEB client connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_web_transport_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `8008`. Available since SEMP API version 2.17.
+- `service_web_transport_tls_listen_port` (Number) The TCP port for TLS WEB client connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_web_transport_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1443`. Available since SEMP API version 2.17.
+- `service_web_transport_web_url_suffix` (String) Used to specify the Web URL suffix that will be used by Web clients when communicating with the broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_web_transport_enabled will be temporarily set to false to apply the change. The default value is `""`. Available since SEMP API version 2.17.
+- `tls_block_version11_enabled` (Boolean) Enable or disable the blocking of TLS version 1.1 connections. When blocked, all existing incoming and outgoing TLS 1.1 connections with Clients, SEMP users, and LDAP servers remain connected while new connections are blocked. Note that support for TLS 1.1 will eventually be discontinued, at which time TLS 1.1 connections will be blocked regardless of this setting. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `tls_cipher_suite_management_list` (String) The colon-separated list of cipher suites used for TLS management connections (e.g. SEMP, LDAP). The value "default" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"default"`.
+- `tls_cipher_suite_msg_backbone_list` (String) The colon-separated list of cipher suites used for TLS data connections (e.g. client pub/sub). The value "default" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"default"`.
+- `tls_cipher_suite_secure_shell_list` (String) The colon-separated list of cipher suites used for TLS secure shell connections (e.g. SSH, SFTP, SCP). The value "default" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"default"`.
+- `tls_crime_exploit_protection_enabled` (Boolean) Enable or disable protection against the CRIME exploit. When enabled, TLS+compressed messaging performance is degraded. This protection should only be disabled if sufficient ACL and authentication features are being employed such that a potential attacker does not have sufficient access to trigger the exploit. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `tls_standard_domain_certificate_authorities_enabled` (Boolean) Enable or disable the standard domain certificate authority list. The default value is `true`. Available since SEMP API version 2.19.
+- `tls_ticket_lifetime` (Number) The TLS ticket lifetime in seconds. When a client connects with TLS, a session with a session ticket is created using the TLS ticket lifetime which determines how long the client has to resume the session. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.
+- `web_manager_allow_unencrypted_wizards_enabled` (Boolean) Enable or disable the use of unencrypted wizards in the Web-based Manager UI. This setting should be left at its default on all production systems or other systems that need to be secure.  Enabling this option will permit the broker to forward plain-text data to other brokers, making important information or credentials available for snooping. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.28.
+- `web_manager_customization` (String) Reserved for internal use by Solace. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`. Available since SEMP API version 2.25.
+- `web_manager_redirect_http_enabled` (Boolean) Enable or disable redirection of HTTP requests for the broker manager to HTTPS. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.24.
+- `web_manager_redirect_http_override_tls_port` (Number) The HTTPS port that HTTP requests will be redirected towards in a HTTP 301 redirect response. Zero is a special value that means use the value specified for the SEMP TLS port value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since SEMP API version 2.24.
+
+<a id="nestedatt--guaranteed_msging_event_cache_usage_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_cache_usage_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--guaranteed_msging_event_delivered_unacked_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_delivered_unacked_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--guaranteed_msging_event_disk_usage_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_disk_usage_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--guaranteed_msging_event_egress_flow_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_egress_flow_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--guaranteed_msging_event_endpoint_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_endpoint_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--guaranteed_msging_event_ingress_flow_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_ingress_flow_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--guaranteed_msging_event_msg_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_msg_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--guaranteed_msging_event_msg_spool_file_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_msg_spool_file_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--guaranteed_msging_event_msg_spool_usage_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_msg_spool_usage_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--guaranteed_msging_event_transacted_session_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_transacted_session_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--guaranteed_msging_event_transacted_session_resource_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_transacted_session_resource_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--guaranteed_msging_event_transaction_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_transaction_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--service_event_connection_count_threshold"></a>
+### Nested Schema for `service_event_connection_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--service_rest_event_outgoing_connection_count_threshold"></a>
+### Nested Schema for `service_rest_event_outgoing_connection_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--service_smf_event_connection_count_threshold"></a>
+### Nested Schema for `service_smf_event_connection_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--service_tls_event_connection_count_threshold"></a>
+### Nested Schema for `service_tls_event_connection_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/data-sources/client_cert_authority.md b/docs/data-sources/client_cert_authority.md
new file mode 100644
index 00000000..ebe3c22d
--- /dev/null
+++ b/docs/data-sources/client_cert_authority.md
@@ -0,0 +1,48 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_client_cert_authority Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Clients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  certauthorityname|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.19.
+---
+
+# solacebroker_client_cert_authority (Data Source)
+
+Clients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cert_authority_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.19.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cert_authority_name` (String) The name of the Certificate Authority.
+
+### Read-Only
+
+- `cert_content` (String) The PEM formatted content for the trusted root certificate of a client Certificate Authority. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `crl_day_list` (String) The scheduled CRL refresh day(s), specified as "daily" or a comma-separated list of days. Days must be specified as "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", or "Sat", with no spaces, and in sorted order from Sunday to Saturday. The empty-string ("") can also be specified, indicating no schedule is configured ("crl_time_list" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"daily"`.
+- `crl_time_list` (String) The scheduled CRL refresh time(s), specified as "hourly" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. The empty-string ("") can also be specified, indicating no schedule is configured ("crl_day_list" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"3:00"`.
+- `crl_url` (String) The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as revocation_check_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `id` (String) Identifier attribute, for internal use only.
+- `ocsp_non_responder_cert_enabled` (Boolean) Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `ocsp_override_url` (String) The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `ocsp_timeout` (Number) The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5`.
+- `revocation_check_enabled` (Boolean) Enable or disable Certificate Authority revocation checking. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
diff --git a/docs/data-sources/client_cert_authority_ocsp_tls_trusted_common_name.md b/docs/data-sources/client_cert_authority_ocsp_tls_trusted_common_name.md
new file mode 100644
index 00000000..4f2399d7
--- /dev/null
+++ b/docs/data-sources/client_cert_authority_ocsp_tls_trusted_common_name.md
@@ -0,0 +1,43 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_client_cert_authority_ocsp_tls_trusted_common_name Data Source - solacebroker"
+subcategory: ""
+description: |-
+  When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  certauthorityname|x|||
+  ocsptlstrustedcommonname|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.19.
+---
+
+# solacebroker_client_cert_authority_ocsp_tls_trusted_common_name (Data Source)
+
+When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cert_authority_name|x|||
+ocsp_tls_trusted_common_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.19.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cert_authority_name` (String) The name of the Certificate Authority.
+- `ocsp_tls_trusted_common_name` (String) The expected Trusted Common Name of the OCSP responder remote certificate.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/dmr_cluster.md b/docs/data-sources/dmr_cluster.md
new file mode 100644
index 00000000..1c672641
--- /dev/null
+++ b/docs/data-sources/dmr_cluster.md
@@ -0,0 +1,62 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationbasicpassword||x||x
+  authenticationclientcertcontent||x||x
+  authenticationclientcertpassword||x||
+  dmrclustername|x|||
+  tlsservercertenforcetrustedcommonname_enabled|||x|
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_dmr_cluster (Data Source)
+
+A Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_basic_password||x||x
+authentication_client_cert_content||x||x
+authentication_client_cert_password||x||
+dmr_cluster_name|x|||
+tls_server_cert_enforce_trusted_common_name_enabled|||x|
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `dmr_cluster_name` (String) The name of the Cluster.
+
+### Read-Only
+
+- `authentication_basic_enabled` (Boolean) Enable or disable basic authentication for Cluster Links. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `authentication_basic_type` (String) The type of basic authentication to use for Cluster Links. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"internal"`. The allowed values and their meaning are:
+
+<pre>
+"internal" - Use locally configured password.
+"none" - No authentication.
+</pre>
+- `authentication_client_cert_enabled` (Boolean) Enable or disable client certificate authentication for Cluster Links. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `direct_only_enabled` (Boolean) Enable or disable direct messaging only. Guaranteed messages will not be transmitted through the cluster. The default value is `false`.
+- `enabled` (Boolean) Enable or disable the Cluster. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `node_name` (String) The name of this node in the Cluster. This is the name that this broker (or redundant group of brokers) is know by to other nodes in the Cluster. The name is chosen automatically to be either this broker's Router Name or Mate Router Name, depending on which Active Standby Role (primary or backup) this broker plays in its redundancy group.
+- `tls_server_cert_max_chain_depth` (Number) The maximum allowed depth of a certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `3`.
+- `tls_server_cert_validate_date_enabled` (Boolean) Enable or disable the validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, the certificate is accepted even if the certificate is not valid based on these dates. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `tls_server_cert_validate_name_enabled` (Boolean) Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.18.
diff --git a/docs/data-sources/dmr_cluster_cert_matching_rule.md b/docs/data-sources/dmr_cluster_cert_matching_rule.md
new file mode 100644
index 00000000..7025e7f7
--- /dev/null
+++ b/docs/data-sources/dmr_cluster_cert_matching_rule.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster_cert_matching_rule Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  dmrclustername|x|||
+  rule_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.28.
+---
+
+# solacebroker_dmr_cluster_cert_matching_rule (Data Source)
+
+A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+dmr_cluster_name|x|||
+rule_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.28.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `dmr_cluster_name` (String) The name of the Cluster.
+- `rule_name` (String) The name of the rule.
+
+### Read-Only
+
+- `enabled` (Boolean) Enable or disable a certificate matching rule. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/dmr_cluster_cert_matching_rule_attribute_filter.md b/docs/data-sources/dmr_cluster_cert_matching_rule_attribute_filter.md
new file mode 100644
index 00000000..8c2271e2
--- /dev/null
+++ b/docs/data-sources/dmr_cluster_cert_matching_rule_attribute_filter.md
@@ -0,0 +1,48 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster_cert_matching_rule_attribute_filter Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Cert Matching Rule Attribute Filter compares a link attribute to a string.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  dmrclustername|x|||
+  filtername|x|||
+  rulename|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.28.
+---
+
+# solacebroker_dmr_cluster_cert_matching_rule_attribute_filter (Data Source)
+
+A Cert Matching Rule Attribute Filter compares a link attribute to a string.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+dmr_cluster_name|x|||
+filter_name|x|||
+rule_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.28.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `dmr_cluster_name` (String) The name of the Cluster.
+- `filter_name` (String) The name of the filter.
+- `rule_name` (String) The name of the rule.
+
+### Read-Only
+
+- `attribute_name` (String) Link Attribute to be tested. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `attribute_value` (String) Expected attribute value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/dmr_cluster_cert_matching_rule_condition.md b/docs/data-sources/dmr_cluster_cert_matching_rule_condition.md
new file mode 100644
index 00000000..a1c11244
--- /dev/null
+++ b/docs/data-sources/dmr_cluster_cert_matching_rule_condition.md
@@ -0,0 +1,64 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster_cert_matching_rule_condition Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  dmrclustername|x|||
+  rule_name|x|||
+  source|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.28.
+---
+
+# solacebroker_dmr_cluster_cert_matching_rule_condition (Data Source)
+
+A Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+dmr_cluster_name|x|||
+rule_name|x|||
+source|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.28.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `dmr_cluster_name` (String) The name of the Cluster.
+- `rule_name` (String) The name of the rule.
+- `source` (String) Certificate field to be compared with the Attribute. The allowed values and their meaning are:
+
+<pre>
+"certificate-thumbprint" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.
+"common-name" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.
+"common-name-last" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.
+"subject-alternate-name-msupn" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.
+"uid" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.
+"uid-last" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.
+"org-unit" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.
+"org-unit-last" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.
+"issuer" - The attribute is extracted from the certificate's Issuer DN.
+"subject" - The attribute is extracted from the certificate's Subject DN.
+"serial-number" - The attribute is extracted from the certificate's Serial Number.
+"dns-name" - The attribute is extracted from the certificate's Subject Alt Name DNS Name.
+"ip-address" - The attribute is extracted from the certificate's Subject Alt Name IP Address.
+</pre>
+
+### Read-Only
+
+- `attribute` (String) Link Attribute to be compared with certificate content. Either an attribute or an expression must be provided on creation, but not both. The default value is `""`.
+- `expression` (String) Glob expression to be matched with certificate content. Either an expression or an attribute must be provided on creation, but not both. The default value is `""`.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/dmr_cluster_link.md b/docs/data-sources/dmr_cluster_link.md
new file mode 100644
index 00000000..efebc866
--- /dev/null
+++ b/docs/data-sources/dmr_cluster_link.md
@@ -0,0 +1,108 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster_link Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationbasicpassword||x||x
+  dmrclustername|x|||
+  remotenodename|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_dmr_cluster_link (Data Source)
+
+A Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_basic_password||x||x
+dmr_cluster_name|x|||
+remote_node_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `dmr_cluster_name` (String) The name of the Cluster.
+- `remote_node_name` (String) The name of the node at the remote end of the Link.
+
+### Read-Only
+
+- `authentication_scheme` (String) The authentication scheme to be used by the Link which initiates connections to the remote node. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"basic"`. The allowed values and their meaning are:
+
+<pre>
+"basic" - Basic Authentication Scheme (via username and password).
+"client-certificate" - Client Certificate Authentication Scheme (via certificate file or content).
+</pre>
+- `client_profile_queue_control1_max_depth` (Number) The maximum depth of the "Control 1" (C-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.
+- `client_profile_queue_control1_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Control 1" (C-1) priority queue, regardless of the `client_profile_queue_control1_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.
+- `client_profile_queue_direct1_max_depth` (Number) The maximum depth of the "Direct 1" (D-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.
+- `client_profile_queue_direct1_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Direct 1" (D-1) priority queue, regardless of the `client_profile_queue_direct1_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.
+- `client_profile_queue_direct2_max_depth` (Number) The maximum depth of the "Direct 2" (D-2) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.
+- `client_profile_queue_direct2_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Direct 2" (D-2) priority queue, regardless of the `client_profile_queue_direct2_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.
+- `client_profile_queue_direct3_max_depth` (Number) The maximum depth of the "Direct 3" (D-3) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.
+- `client_profile_queue_direct3_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Direct 3" (D-3) priority queue, regardless of the `client_profile_queue_direct3_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.
+- `client_profile_queue_guaranteed1_max_depth` (Number) The maximum depth of the "Guaranteed 1" (G-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.
+- `client_profile_queue_guaranteed1_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Guaranteed 1" (G-3) priority queue, regardless of the `client_profile_queue_guaranteed1_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.
+- `client_profile_tcp_congestion_window_size` (Number) The TCP initial congestion window size, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `2`.
+- `client_profile_tcp_keepalive_count` (Number) The number of TCP keepalive retransmissions to be carried out before declaring that the remote end is not available. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5`.
+- `client_profile_tcp_keepalive_idle_time` (Number) The amount of time a connection must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `3`.
+- `client_profile_tcp_keepalive_interval` (Number) The amount of time between TCP keepalive retransmissions when no acknowledgment is received, in seconds. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.
+- `client_profile_tcp_max_segment_size` (Number) The TCP maximum segment size, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1460`.
+- `client_profile_tcp_max_window_size` (Number) The TCP maximum window size, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `256`.
+- `egress_flow_window_size` (Number) The number of outstanding guaranteed messages that can be sent over the Link before acknowledgment is received by the sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.
+- `enabled` (Boolean) Enable or disable the Link. When disabled, subscription sets of this and the remote node are not kept up-to-date, and messages are not exchanged with the remote node. Published guaranteed messages will be queued up for future delivery based on current subscription sets. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `initiator` (String) The initiator of the Link's TCP connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"lexical"`. The allowed values and their meaning are:
+
+<pre>
+"lexical" - The "higher" node-name initiates.
+"local" - The local node initiates.
+"remote" - The remote node initiates.
+</pre>
+- `queue_dead_msg_queue` (String) The name of the Dead Message Queue (DMQ) used by the Queue for discarded messages. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"#DEAD_MSG_QUEUE"`.
+- `queue_event_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--queue_event_spool_usage_threshold))
+- `queue_max_delivered_unacked_msgs_per_flow` (Number) The maximum number of messages delivered but not acknowledged per flow for the Queue. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1000000`.
+- `queue_max_msg_spool_usage` (Number) The maximum message spool usage by the Queue (quota), in megabytes (MB). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `800000`.
+- `queue_max_redelivery_count` (Number) The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`.
+- `queue_max_ttl` (Number) The maximum time in seconds a message can stay in the Queue when `queue_respect_ttl_enabled` is `true`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `queue_max_ttl` configured for the Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`.
+- `queue_reject_msg_to_sender_on_discard_behavior` (String) Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"always"`. The allowed values and their meaning are:
+
+<pre>
+"never" - Silently discard messages.
+"when-queue-enabled" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.
+"always" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.
+</pre>
+- `queue_respect_ttl_enabled` (Boolean) Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `span` (String) The span of the Link, either internal or external. Internal Links connect nodes within the same Cluster. External Links connect nodes within different Clusters. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"external"`. The allowed values and their meaning are:
+
+<pre>
+"internal" - Link to same cluster.
+"external" - Link to other cluster.
+</pre>
+- `transport_compressed_enabled` (Boolean) Enable or disable compression on the Link. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `transport_tls_enabled` (Boolean) Enable or disable encryption (TLS) on the Link. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+
+<a id="nestedatt--queue_event_spool_usage_threshold"></a>
+### Nested Schema for `queue_event_spool_usage_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/data-sources/dmr_cluster_link_attribute.md b/docs/data-sources/dmr_cluster_link_attribute.md
new file mode 100644
index 00000000..7f5aebc8
--- /dev/null
+++ b/docs/data-sources/dmr_cluster_link_attribute.md
@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster_link_attribute Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  attributename|x|||
+  attributevalue|x|||
+  dmrclustername|x|||
+  remotenodename|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.28.
+---
+
+# solacebroker_dmr_cluster_link_attribute (Data Source)
+
+A Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+attribute_name|x|||
+attribute_value|x|||
+dmr_cluster_name|x|||
+remote_node_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.28.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `attribute_name` (String) The name of the Attribute.
+- `attribute_value` (String) The value of the Attribute.
+- `dmr_cluster_name` (String) The name of the Cluster.
+- `remote_node_name` (String) The name of the node at the remote end of the Link.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/dmr_cluster_link_remote_address.md b/docs/data-sources/dmr_cluster_link_remote_address.md
new file mode 100644
index 00000000..645fa855
--- /dev/null
+++ b/docs/data-sources/dmr_cluster_link_remote_address.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster_link_remote_address Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Each Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  dmrclustername|x|||
+  remoteaddress|x|||
+  remotenode_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_dmr_cluster_link_remote_address (Data Source)
+
+Each Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+dmr_cluster_name|x|||
+remote_address|x|||
+remote_node_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `dmr_cluster_name` (String) The name of the Cluster.
+- `remote_address` (String) The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).
+- `remote_node_name` (String) The name of the node at the remote end of the Link.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/domain_cert_authority.md b/docs/data-sources/domain_cert_authority.md
new file mode 100644
index 00000000..02c1d611
--- /dev/null
+++ b/docs/data-sources/domain_cert_authority.md
@@ -0,0 +1,41 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_domain_cert_authority Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Certificate Authorities trusted for domain verification.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  certauthorityname|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.19.
+---
+
+# solacebroker_domain_cert_authority (Data Source)
+
+Certificate Authorities trusted for domain verification.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cert_authority_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.19.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cert_authority_name` (String) The name of the Certificate Authority.
+
+### Read-Only
+
+- `cert_content` (String) The PEM formatted content for the trusted root certificate of a domain Certificate Authority. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn.md b/docs/data-sources/msg_vpn.md
new file mode 100644
index 00000000..c4e948e7
--- /dev/null
+++ b/docs/data-sources/msg_vpn.md
@@ -0,0 +1,416 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Message VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationoauthdefaultprovidername|||x|
+  bridgingtlsservercertenforcetrustedcommonnameenabled|||x|
+  distributedcachemanagementenabled|||x|
+  msgvpnname|x|||
+  replicationbridgeauthenticationbasicpassword||x||x
+  replicationbridgeauthenticationclientcertcontent||x||x
+  replicationbridgeauthenticationclientcertpassword||x||
+  replicationenabledqueuebehavior||x||
+  resttlsservercertenforcetrustedcommonnameenabled|||x|
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn (Data Source)
+
+Message VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_oauth_default_provider_name|||x|
+bridging_tls_server_cert_enforce_trusted_common_name_enabled|||x|
+distributed_cache_management_enabled|||x|
+msg_vpn_name|x|||
+replication_bridge_authentication_basic_password||x||x
+replication_bridge_authentication_client_cert_content||x||x
+replication_bridge_authentication_client_cert_password||x||
+replication_enabled_queue_behavior||x||
+rest_tls_server_cert_enforce_trusted_common_name_enabled|||x|
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `alias` (String) The name of another Message VPN which this Message VPN is an alias for. When this Message VPN is enabled, the alias has no effect. When this Message VPN is disabled, Clients (but not Bridges and routing Links) logging into this Message VPN are automatically logged in to the other Message VPN, and authentication and authorization take place in the context of the other Message VPN.
+
+Aliases may form a non-circular chain, cascading one to the next. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.14.
+- `authentication_basic_enabled` (Boolean) Enable or disable basic authentication for clients connecting to the Message VPN. Basic authentication is authentication that involves the use of a username and password to prove identity. If a user provides credentials for a different authentication scheme, this setting is not applicable. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `authentication_basic_profile_name` (String) The name of the RADIUS or LDAP Profile to use for basic authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `authentication_basic_radius_domain` (String) The RADIUS domain to use for basic authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_basic_type` (String) The type of basic authentication to use for clients connecting to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"radius"`. The allowed values and their meaning are:
+
+<pre>
+"internal" - Internal database. Authentication is against Client Usernames.
+"ldap" - LDAP authentication. An LDAP profile name must be provided.
+"radius" - RADIUS authentication. A RADIUS profile name must be provided.
+"none" - No authentication. Anonymous login allowed.
+</pre>
+- `authentication_client_cert_allow_api_provided_username_enabled` (Boolean) Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the certificate CN (Common Name) is always used. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `authentication_client_cert_certificate_matching_rules_enabled` (Boolean) Enable or disable certificate matching rules. When disabled, any valid certificate is accepted. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.27.
+- `authentication_client_cert_enabled` (Boolean) Enable or disable client certificate authentication in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `authentication_client_cert_max_chain_depth` (Number) The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `authentication_client_cert_revocation_check_mode` (String) The desired behavior for client certificate revocation checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"allow-valid"`. The allowed values and their meaning are:
+
+<pre>
+"allow-all" - Allow the client to authenticate, the result of client certificate revocation check is ignored.
+"allow-unknown" - Allow the client to authenticate even if the revocation status of his certificate cannot be determined.
+"allow-valid" - Allow the client to authenticate only when the revocation check returned an explicit positive response.
+</pre>
+ Available since SEMP API version 2.6.
+- `authentication_client_cert_username_source` (String) The field from the client certificate to use as the client username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"common-name"`. The allowed values and their meaning are:
+
+<pre>
+"certificate-thumbprint" - The username is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.
+"common-name" - The username is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.
+"common-name-last" - The username is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.
+"subject-alternate-name-msupn" - The username is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.
+"uid" - The username is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.
+"uid-last" - The username is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.
+</pre>
+ Available since SEMP API version 2.6.
+- `authentication_client_cert_validate_date_enabled` (Boolean) Enable or disable validation of the "Not Before" and "Not After" validity dates in the client certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `authentication_kerberos_allow_api_provided_username_enabled` (Boolean) Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the Kerberos Principal name is always used. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `authentication_kerberos_enabled` (Boolean) Enable or disable Kerberos authentication in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `authentication_oauth_default_profile_name` (String) The name of the profile to use when the client does not supply a profile name. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.25.
+- `authentication_oauth_enabled` (Boolean) Enable or disable OAuth authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.13.
+- `authorization_ldap_group_membership_attribute_name` (String) The name of the attribute that is retrieved from the LDAP server as part of the LDAP search when authorizing a client connecting to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"memberOf"`.
+- `authorization_ldap_trim_client_username_domain_enabled` (Boolean) Enable or disable client-username domain trimming for LDAP lookups of client connections. When enabled, the value of $CLIENT_USERNAME (when used for searching) will be truncated at the first occurrence of the @ character. For example, if the client-username is in the form of an email address, then the domain portion will be removed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.13.
+- `authorization_profile_name` (String) The name of the LDAP Profile to use for client authorization. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authorization_type` (String) The type of authorization to use for clients connecting to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"internal"`. The allowed values and their meaning are:
+
+<pre>
+"ldap" - LDAP authorization.
+"internal" - Internal authorization.
+</pre>
+- `bridging_tls_server_cert_max_chain_depth` (Number) The maximum depth for a server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `bridging_tls_server_cert_validate_date_enabled` (Boolean) Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid based on these dates. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `bridging_tls_server_cert_validate_name_enabled` (Boolean) Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.
+- `dmr_enabled` (Boolean) Enable or disable Dynamic Message Routing (DMR) for the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.11.
+- `enabled` (Boolean) Enable or disable the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_connection_count_threshold))
+- `event_egress_flow_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_egress_flow_count_threshold))
+- `event_egress_msg_rate_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_egress_msg_rate_threshold))
+- `event_endpoint_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_endpoint_count_threshold))
+- `event_ingress_flow_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_ingress_flow_count_threshold))
+- `event_ingress_msg_rate_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_ingress_msg_rate_threshold))
+- `event_large_msg_threshold` (Number) The threshold, in kilobytes, after which a message is considered to be large for the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1024`.
+- `event_log_tag` (String) A prefix applied to all published Events in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_msg_spool_usage_threshold))
+- `event_publish_client_enabled` (Boolean) Enable or disable Client level Event message publishing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_publish_msg_vpn_enabled` (Boolean) Enable or disable Message VPN level Event message publishing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_publish_subscription_mode` (String) Subscription level Event message publishing mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"off"`. The allowed values and their meaning are:
+
+<pre>
+"off" - Disable client level event message publishing.
+"on-with-format-v1" - Enable client level event message publishing with format v1.
+"on-with-no-unsubscribe-events-on-disconnect-format-v1" - As "on-with-format-v1", but unsubscribe events are not generated when a client disconnects. Unsubscribe events are still raised when a client explicitly unsubscribes from its subscriptions.
+"on-with-format-v2" - Enable client level event message publishing with format v2.
+"on-with-no-unsubscribe-events-on-disconnect-format-v2" - As "on-with-format-v2", but unsubscribe events are not generated when a client disconnects. Unsubscribe events are still raised when a client explicitly unsubscribes from its subscriptions.
+</pre>
+- `event_publish_topic_format_mqtt_enabled` (Boolean) Enable or disable Event publish topics in MQTT format. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_publish_topic_format_smf_enabled` (Boolean) Enable or disable Event publish topics in SMF format. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `event_service_amqp_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_amqp_connection_count_threshold))
+- `event_service_mqtt_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_mqtt_connection_count_threshold))
+- `event_service_rest_incoming_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_rest_incoming_connection_count_threshold))
+- `event_service_smf_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_smf_connection_count_threshold))
+- `event_service_web_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_web_connection_count_threshold))
+- `event_subscription_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_subscription_count_threshold))
+- `event_transacted_session_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_transacted_session_count_threshold))
+- `event_transaction_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_transaction_count_threshold))
+- `export_subscriptions_enabled` (Boolean) Enable or disable the export of subscriptions in the Message VPN to other routers in the network over Neighbor links. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `jndi_enabled` (Boolean) Enable or disable JNDI access for clients in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.2.
+- `max_connection_count` (Number) The maximum number of client connections to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `max_egress_flow_count` (Number) The maximum number of transmit flows that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_endpoint_count` (Number) The maximum number of Queues and Topic Endpoints that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_ingress_flow_count` (Number) The maximum number of receive flows that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_msg_spool_usage` (Number) The maximum message spool usage by the Message VPN, in megabytes. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `max_subscription_count` (Number) The maximum number of local client subscriptions that can be added to the Message VPN. This limit is not enforced when a subscription is added using a management interface, such as CLI or SEMP. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `max_transacted_session_count` (Number) The maximum number of transacted sessions that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `max_transaction_count` (Number) The maximum number of transactions that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `mqtt_retain_max_memory` (Number) The maximum total memory usage of the MQTT Retain feature for this Message VPN, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded. A value of -1 indicates that the memory is bounded only by the global max memory limit. A value of 0 prevents MQTT Retain from becoming operational. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`. Available since SEMP API version 2.11.
+- `replication_ack_propagation_interval_msg_count` (Number) The acknowledgment (ACK) propagation interval for the replication Bridge, in number of replicated messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20`.
+- `replication_bridge_authentication_basic_client_username` (String) The Client Username the replication Bridge uses to login to the remote Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `replication_bridge_authentication_scheme` (String) The authentication scheme for the replication Bridge in the Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"basic"`. The allowed values and their meaning are:
+
+<pre>
+"basic" - Basic Authentication Scheme (via username and password).
+"client-certificate" - Client Certificate Authentication Scheme (via certificate file or content).
+</pre>
+- `replication_bridge_compressed_data_enabled` (Boolean) Enable or disable use of compression for the replication Bridge. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `replication_bridge_egress_flow_window_size` (Number) The size of the window used for guaranteed messages published to the replication Bridge, in messages. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.
+- `replication_bridge_retry_delay` (Number) The number of seconds that must pass before retrying the replication Bridge connection. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `3`.
+- `replication_bridge_tls_enabled` (Boolean) Enable or disable use of encryption (TLS) for the replication Bridge connection. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `replication_bridge_unidirectional_client_profile_name` (String) The Client Profile for the unidirectional replication Bridge in the Message VPN. It is used only for the TCP parameters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#client-profile"`.
+- `replication_enabled` (Boolean) Enable or disable replication for the Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `replication_queue_max_msg_spool_usage` (Number) The maximum message spool usage by the replication Bridge local Queue (quota), in megabytes. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `60000`.
+- `replication_queue_reject_msg_to_sender_on_discard_enabled` (Boolean) Enable or disable whether messages discarded on the replication Bridge local Queue are rejected back to the sender. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `replication_reject_msg_when_sync_ineligible_enabled` (Boolean) Enable or disable whether guaranteed messages published to synchronously replicated Topics are rejected back to the sender when synchronous replication becomes ineligible. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `replication_role` (String) The replication role for the Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"standby"`. The allowed values and their meaning are:
+
+<pre>
+"active" - Assume the Active role in replication for the Message VPN.
+"standby" - Assume the Standby role in replication for the Message VPN.
+</pre>
+- `replication_transaction_mode` (String) The transaction replication mode for all transactions within the Message VPN. Changing this value during operation will not affect existing transactions; it is only used upon starting a transaction. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"async"`. The allowed values and their meaning are:
+
+<pre>
+"sync" - Messages are acknowledged when replicated (spooled remotely).
+"async" - Messages are acknowledged when pending replication (spooled locally).
+</pre>
+- `rest_tls_server_cert_max_chain_depth` (Number) The maximum depth for a REST Consumer server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `rest_tls_server_cert_validate_date_enabled` (Boolean) Enable or disable validation of the "Not Before" and "Not After" validity dates in the REST Consumer server certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `rest_tls_server_cert_validate_name_enabled` (Boolean) Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the remote REST Consumer. If enabled, the name used to connect to the remote REST Consumer is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.17.
+- `semp_over_msg_bus_admin_client_enabled` (Boolean) Enable or disable "admin client" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `semp_over_msg_bus_admin_distributed_cache_enabled` (Boolean) Enable or disable "admin distributed-cache" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `semp_over_msg_bus_admin_enabled` (Boolean) Enable or disable "admin" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `semp_over_msg_bus_enabled` (Boolean) Enable or disable SEMP over the message bus for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `semp_over_msg_bus_show_enabled` (Boolean) Enable or disable "show" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `service_amqp_max_connection_count` (Number) The maximum number of AMQP client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform. Available since SEMP API version 2.7.
+- `service_amqp_plain_text_enabled` (Boolean) Enable or disable the plain-text AMQP service in the Message VPN. Disabling causes clients connected to the corresponding listen-port to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.7.
+- `service_amqp_plain_text_listen_port` (Number) The port number for plain-text AMQP clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_amqp_plain_text_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.7.
+- `service_amqp_tls_enabled` (Boolean) Enable or disable the use of encryption (TLS) for the AMQP service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.7.
+- `service_amqp_tls_listen_port` (Number) The port number for AMQP clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_amqp_tls_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.7.
+- `service_mqtt_authentication_client_cert_request` (String) Determines when to request a client certificate from an incoming MQTT client connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"when-enabled-in-message-vpn"`. The allowed values and their meaning are:
+
+<pre>
+"always" - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
+"never" - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
+"when-enabled-in-message-vpn" - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn >  authentication > client-certificate > shutdown".
+</pre>
+ Available since SEMP API version 2.21.
+- `service_mqtt_max_connection_count` (Number) The maximum number of MQTT client connections that can be simultaneously connected to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform. Available since SEMP API version 2.1.
+- `service_mqtt_plain_text_enabled` (Boolean) Enable or disable the plain-text MQTT service in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.1.
+- `service_mqtt_plain_text_listen_port` (Number) The port number for plain-text MQTT clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mqtt_plain_text_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.1.
+- `service_mqtt_tls_enabled` (Boolean) Enable or disable the use of encryption (TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.1.
+- `service_mqtt_tls_listen_port` (Number) The port number for MQTT clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mqtt_tls_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.1.
+- `service_mqtt_tls_web_socket_enabled` (Boolean) Enable or disable the use of encrypted WebSocket (WebSocket over TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected by encrypted WebSocket to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.1.
+- `service_mqtt_tls_web_socket_listen_port` (Number) The port number for MQTT clients that connect to the Message VPN using WebSocket over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mqtt_tls_web_socket_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.1.
+- `service_mqtt_web_socket_enabled` (Boolean) Enable or disable the use of WebSocket for the MQTT service in the Message VPN. Disabling causes clients currently connected by WebSocket to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.1.
+- `service_mqtt_web_socket_listen_port` (Number) The port number for plain-text MQTT clients that connect to the Message VPN using WebSocket. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mqtt_web_socket_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.1.
+- `service_rest_incoming_authentication_client_cert_request` (String) Determines when to request a client certificate from an incoming REST Producer connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"when-enabled-in-message-vpn"`. The allowed values and their meaning are:
+
+<pre>
+"always" - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
+"never" - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
+"when-enabled-in-message-vpn" - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn >  authentication > client-certificate > shutdown".
+</pre>
+ Available since SEMP API version 2.21.
+- `service_rest_incoming_authorization_header_handling` (String) The handling of Authorization headers for incoming REST connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"drop"`. The allowed values and their meaning are:
+
+<pre>
+"drop" - Do not attach the Authorization header to the message as a user property. This configuration is most secure.
+"forward" - Forward the Authorization header, attaching it to the message as a user property in the same way as other headers. For best security, use the drop setting.
+"legacy" - If the Authorization header was used for authentication to the broker, do not attach it to the message. If the Authorization header was not used for authentication to the broker, attach it to the message as a user property in the same way as other headers. For best security, use the drop setting.
+</pre>
+ Available since SEMP API version 2.19.
+- `service_rest_incoming_max_connection_count` (Number) The maximum number of REST incoming client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `service_rest_incoming_plain_text_enabled` (Boolean) Enable or disable the plain-text REST service for incoming clients in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `service_rest_incoming_plain_text_listen_port` (Number) The port number for incoming plain-text REST clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_rest_incoming_plain_text_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `service_rest_incoming_tls_enabled` (Boolean) Enable or disable the use of encryption (TLS) for the REST service for incoming clients in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `service_rest_incoming_tls_listen_port` (Number) The port number for incoming REST clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_rest_incoming_tls_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `service_rest_mode` (String) The REST service mode for incoming REST clients that connect to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"messaging"`. The allowed values and their meaning are:
+
+<pre>
+"gateway" - Act as a message gateway through which REST messages are propagated.
+"messaging" - Act as a message broker on which REST messages are queued.
+</pre>
+ Available since SEMP API version 2.6.
+- `service_rest_outgoing_max_connection_count` (Number) The maximum number of REST Consumer (outgoing) client connections that can be simultaneously connected to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `service_smf_max_connection_count` (Number) The maximum number of SMF client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `service_smf_plain_text_enabled` (Boolean) Enable or disable the plain-text SMF service in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `service_smf_tls_enabled` (Boolean) Enable or disable the use of encryption (TLS) for the SMF service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `service_web_authentication_client_cert_request` (String) Determines when to request a client certificate from a Web Transport client connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"when-enabled-in-message-vpn"`. The allowed values and their meaning are:
+
+<pre>
+"always" - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
+"never" - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
+"when-enabled-in-message-vpn" - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn >  authentication > client-certificate > shutdown".
+</pre>
+ Available since SEMP API version 2.21.
+- `service_web_max_connection_count` (Number) The maximum number of Web Transport client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `service_web_plain_text_enabled` (Boolean) Enable or disable the plain-text Web Transport service in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `service_web_tls_enabled` (Boolean) Enable or disable the use of TLS for the Web Transport service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `tls_allow_downgrade_to_plain_text_enabled` (Boolean) Enable or disable the allowing of TLS SMF clients to downgrade their connections to plain-text connections. Changing this will not affect existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+<a id="nestedatt--event_connection_count_threshold"></a>
+### Nested Schema for `event_connection_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_egress_flow_count_threshold"></a>
+### Nested Schema for `event_egress_flow_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_egress_msg_rate_threshold"></a>
+### Nested Schema for `event_egress_msg_rate_threshold`
+
+Read-Only:
+
+- `clear_value` (Number) The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
+- `set_value` (Number) The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_endpoint_count_threshold"></a>
+### Nested Schema for `event_endpoint_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_ingress_flow_count_threshold"></a>
+### Nested Schema for `event_ingress_flow_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_ingress_msg_rate_threshold"></a>
+### Nested Schema for `event_ingress_msg_rate_threshold`
+
+Read-Only:
+
+- `clear_value` (Number) The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
+- `set_value` (Number) The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_msg_spool_usage_threshold"></a>
+### Nested Schema for `event_msg_spool_usage_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_amqp_connection_count_threshold"></a>
+### Nested Schema for `event_service_amqp_connection_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_mqtt_connection_count_threshold"></a>
+### Nested Schema for `event_service_mqtt_connection_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_rest_incoming_connection_count_threshold"></a>
+### Nested Schema for `event_service_rest_incoming_connection_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_smf_connection_count_threshold"></a>
+### Nested Schema for `event_service_smf_connection_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_web_connection_count_threshold"></a>
+### Nested Schema for `event_service_web_connection_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_subscription_count_threshold"></a>
+### Nested Schema for `event_subscription_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_transacted_session_count_threshold"></a>
+### Nested Schema for `event_transacted_session_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_transaction_count_threshold"></a>
+### Nested Schema for `event_transaction_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/data-sources/msg_vpn_acl_profile.md b/docs/data-sources/msg_vpn_acl_profile.md
new file mode 100644
index 00000000..80e22bf7
--- /dev/null
+++ b/docs/data-sources/msg_vpn_acl_profile.md
@@ -0,0 +1,68 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_acl_profile Data Source - solacebroker"
+subcategory: ""
+description: |-
+  An ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  aclprofilename|x|||
+  msgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_acl_profile (Data Source)
+
+An ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+acl_profile_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `acl_profile_name` (String) The name of the ACL Profile.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `client_connect_default_action` (String) The default action to take when a client using the ACL Profile connects to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"disallow"`. The allowed values and their meaning are:
+
+<pre>
+"allow" - Allow client connection unless an exception is found for it.
+"disallow" - Disallow client connection unless an exception is found for it.
+</pre>
+- `id` (String) Identifier attribute, for internal use only.
+- `publish_topic_default_action` (String) The default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"disallow"`. The allowed values and their meaning are:
+
+<pre>
+"allow" - Allow topic unless an exception is found for it.
+"disallow" - Disallow topic unless an exception is found for it.
+</pre>
+- `subscribe_share_name_default_action` (String) The default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"allow"`. The allowed values and their meaning are:
+
+<pre>
+"allow" - Allow topic unless an exception is found for it.
+"disallow" - Disallow topic unless an exception is found for it.
+</pre>
+ Available since SEMP API version 2.14.
+- `subscribe_topic_default_action` (String) The default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"disallow"`. The allowed values and their meaning are:
+
+<pre>
+"allow" - Allow topic unless an exception is found for it.
+"disallow" - Disallow topic unless an exception is found for it.
+</pre>
diff --git a/docs/data-sources/msg_vpn_acl_profile_client_connect_exception.md b/docs/data-sources/msg_vpn_acl_profile_client_connect_exception.md
new file mode 100644
index 00000000..64a96636
--- /dev/null
+++ b/docs/data-sources/msg_vpn_acl_profile_client_connect_exception.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_acl_profile_client_connect_exception Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  aclprofilename|x|||
+  clientconnectexceptionaddress|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_acl_profile_client_connect_exception (Data Source)
+
+A Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+acl_profile_name|x|||
+client_connect_exception_address|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `acl_profile_name` (String) The name of the ACL Profile.
+- `client_connect_exception_address` (String) The IP address/netmask of the client connect exception in canonical CIDR form.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_acl_profile_publish_topic_exception.md b/docs/data-sources/msg_vpn_acl_profile_publish_topic_exception.md
new file mode 100644
index 00000000..6c49896c
--- /dev/null
+++ b/docs/data-sources/msg_vpn_acl_profile_publish_topic_exception.md
@@ -0,0 +1,54 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_acl_profile_publish_topic_exception Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  aclprofilename|x|||
+  msgvpnname|x|||
+  publishtopicexception|x|||
+  publishtopicexception_syntax|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.14.
+---
+
+# solacebroker_msg_vpn_acl_profile_publish_topic_exception (Data Source)
+
+A Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+acl_profile_name|x|||
+msg_vpn_name|x|||
+publish_topic_exception|x|||
+publish_topic_exception_syntax|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.14.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `acl_profile_name` (String) The name of the ACL Profile.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `publish_topic_exception` (String) The topic for the exception to the default action taken. May include wildcard characters.
+- `publish_topic_exception_syntax` (String) The syntax of the topic for the exception to the default action taken. The allowed values and their meaning are:
+
+<pre>
+"smf" - Topic uses SMF syntax.
+"mqtt" - Topic uses MQTT syntax.
+</pre>
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_acl_profile_subscribe_share_name_exception.md b/docs/data-sources/msg_vpn_acl_profile_subscribe_share_name_exception.md
new file mode 100644
index 00000000..6dd67261
--- /dev/null
+++ b/docs/data-sources/msg_vpn_acl_profile_subscribe_share_name_exception.md
@@ -0,0 +1,54 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_acl_profile_subscribe_share_name_exception Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  aclprofilename|x|||
+  msgvpnname|x|||
+  subscribesharenameexception|x|||
+  subscribesharenameexception_syntax|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.14.
+---
+
+# solacebroker_msg_vpn_acl_profile_subscribe_share_name_exception (Data Source)
+
+A Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+acl_profile_name|x|||
+msg_vpn_name|x|||
+subscribe_share_name_exception|x|||
+subscribe_share_name_exception_syntax|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.14.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `acl_profile_name` (String) The name of the ACL Profile.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `subscribe_share_name_exception` (String) The subscribe share name exception to the default action taken. May include wildcard characters.
+- `subscribe_share_name_exception_syntax` (String) The syntax of the subscribe share name for the exception to the default action taken. The allowed values and their meaning are:
+
+<pre>
+"smf" - Topic uses SMF syntax.
+"mqtt" - Topic uses MQTT syntax.
+</pre>
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_acl_profile_subscribe_topic_exception.md b/docs/data-sources/msg_vpn_acl_profile_subscribe_topic_exception.md
new file mode 100644
index 00000000..8e7ff1f6
--- /dev/null
+++ b/docs/data-sources/msg_vpn_acl_profile_subscribe_topic_exception.md
@@ -0,0 +1,54 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_acl_profile_subscribe_topic_exception Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  aclprofilename|x|||
+  msgvpnname|x|||
+  subscribetopicexception|x|||
+  subscribetopicexception_syntax|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.14.
+---
+
+# solacebroker_msg_vpn_acl_profile_subscribe_topic_exception (Data Source)
+
+A Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+acl_profile_name|x|||
+msg_vpn_name|x|||
+subscribe_topic_exception|x|||
+subscribe_topic_exception_syntax|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.14.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `acl_profile_name` (String) The name of the ACL Profile.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `subscribe_topic_exception` (String) The topic for the exception to the default action taken. May include wildcard characters.
+- `subscribe_topic_exception_syntax` (String) The syntax of the topic for the exception to the default action taken. The allowed values and their meaning are:
+
+<pre>
+"smf" - Topic uses SMF syntax.
+"mqtt" - Topic uses MQTT syntax.
+</pre>
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_authentication_oauth_profile.md b/docs/data-sources/msg_vpn_authentication_oauth_profile.md
new file mode 100644
index 00000000..8366d7ec
--- /dev/null
+++ b/docs/data-sources/msg_vpn_authentication_oauth_profile.md
@@ -0,0 +1,84 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_authentication_oauth_profile Data Source - solacebroker"
+subcategory: ""
+description: |-
+  OAuth profiles specify how to securely authenticate to an OAuth provider.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  clientsecret||x||x
+  msgvpnname|x|||
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.25.
+---
+
+# solacebroker_msg_vpn_authentication_oauth_profile (Data Source)
+
+OAuth profiles specify how to securely authenticate to an OAuth provider.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+client_secret||x||x
+msg_vpn_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.25.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Read-Only
+
+- `authorization_groups_claim_name` (String) The name of the groups claim. If non-empty, the specified claim will be used to determine groups for authorization. If empty, the authorization_type attribute of the Message VPN will be used to determine authorization. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"groups"`.
+- `authorization_groups_claim_string_format` (String) The format of the authorization groups claim value when it is a string. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"single"`. The allowed values and their meaning are:
+
+<pre>
+"single" - When the claim is a string, it is interpreted as as single group.
+"space-delimited" - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the "scope" claim.
+</pre>
+ Available since SEMP API version 2.32.
+- `client_id` (String) The OAuth client id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `client_required_type` (String) The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"JWT"`.
+- `client_validate_type_enabled` (Boolean) Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `disconnect_on_token_expiration_enabled` (Boolean) Enable or disable the disconnection of clients when their tokens expire. Changing this value does not affect existing clients, only new client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `enabled` (Boolean) Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `endpoint_discovery` (String) The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `endpoint_discovery_refresh_interval` (Number) The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `86400`.
+- `endpoint_introspection` (String) The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `endpoint_introspection_timeout` (Number) The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `endpoint_jwks` (String) The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `endpoint_jwks_refresh_interval` (Number) The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `86400`.
+- `endpoint_userinfo` (String) The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `endpoint_userinfo_timeout` (Number) The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `id` (String) Identifier attribute, for internal use only.
+- `issuer` (String) The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `mqtt_username_validate_enabled` (Boolean) Enable or disable whether the API provided MQTT client username will be validated against the username calculated from the token(s). When enabled, connection attempts by MQTT clients are rejected if they differ. Note that this value only applies to MQTT clients; SMF client usernames will not be validated. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `oauth_role` (String) The OAuth role of the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"client"`. The allowed values and their meaning are:
+
+<pre>
+"client" - The broker is in the OAuth client role.
+"resource-server" - The broker is in the OAuth resource server role.
+</pre>
+- `resource_server_parse_access_token_enabled` (Boolean) Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `resource_server_required_audience` (String) The required audience value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `resource_server_required_issuer` (String) The required issuer value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `resource_server_required_scope` (String) A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `resource_server_required_type` (String) The required TYP value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"at+jwt"`.
+- `resource_server_validate_audience_enabled` (Boolean) Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `resource_server_validate_issuer_enabled` (Boolean) Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `resource_server_validate_scope_enabled` (Boolean) Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `resource_server_validate_type_enabled` (Boolean) Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `username_claim_name` (String) The name of the username claim. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"sub"`.
diff --git a/docs/data-sources/msg_vpn_authentication_oauth_profile_client_required_claim.md b/docs/data-sources/msg_vpn_authentication_oauth_profile_client_required_claim.md
new file mode 100644
index 00000000..34db7b66
--- /dev/null
+++ b/docs/data-sources/msg_vpn_authentication_oauth_profile_client_required_claim.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_authentication_oauth_profile_client_required_claim Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Additional claims to be verified in the ID token.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  clientrequiredclaimname|x|||
+  msgvpnname|x|||
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.25.
+---
+
+# solacebroker_msg_vpn_authentication_oauth_profile_client_required_claim (Data Source)
+
+Additional claims to be verified in the ID token.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+client_required_claim_name|x|||
+msg_vpn_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.25.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `client_required_claim_name` (String) The name of the ID token claim to verify.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Read-Only
+
+- `client_required_claim_value` (String) The required claim value.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_authentication_oauth_profile_resource_server_required_claim.md b/docs/data-sources/msg_vpn_authentication_oauth_profile_resource_server_required_claim.md
new file mode 100644
index 00000000..d61e338d
--- /dev/null
+++ b/docs/data-sources/msg_vpn_authentication_oauth_profile_resource_server_required_claim.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_authentication_oauth_profile_resource_server_required_claim Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Additional claims to be verified in the access token.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  oauthprofilename|x|||
+  resourceserverrequiredclaimname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.25.
+---
+
+# solacebroker_msg_vpn_authentication_oauth_profile_resource_server_required_claim (Data Source)
+
+Additional claims to be verified in the access token.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+oauth_profile_name|x|||
+resource_server_required_claim_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.25.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+- `resource_server_required_claim_name` (String) The name of the access token claim to verify.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+- `resource_server_required_claim_value` (String) The required claim value.
diff --git a/docs/data-sources/msg_vpn_authorization_group.md b/docs/data-sources/msg_vpn_authorization_group.md
new file mode 100644
index 00000000..80762627
--- /dev/null
+++ b/docs/data-sources/msg_vpn_authorization_group.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_authorization_group Data Source - solacebroker"
+subcategory: ""
+description: |-
+  To use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authorizationgroupname|x|||
+  msgvpnname|x|||
+  orderafterauthorizationgroupname||x||
+  orderbeforeauthorizationgroupname||x||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_authorization_group (Data Source)
+
+To use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authorization_group_name|x|||
+msg_vpn_name|x|||
+order_after_authorization_group_name||x||
+order_before_authorization_group_name||x||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `authorization_group_name` (String) The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `acl_profile_name` (String) The ACL Profile of the Authorization Group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `client_profile_name` (String) The Client Profile of the Authorization Group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `enabled` (Boolean) Enable or disable the Authorization Group in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_bridge.md b/docs/data-sources/msg_vpn_bridge.md
new file mode 100644
index 00000000..396e8ec6
--- /dev/null
+++ b/docs/data-sources/msg_vpn_bridge.md
@@ -0,0 +1,79 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_bridge Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Bridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  bridgename|x|||
+  bridgevirtualrouter|x|||
+  msgvpnname|x|||
+  remoteauthenticationbasicpassword||x||x
+  remoteauthenticationclientcertcontent||x||x
+  remoteauthenticationclientcertpassword||x||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_bridge (Data Source)
+
+Bridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+bridge_name|x|||
+bridge_virtual_router|x|||
+msg_vpn_name|x|||
+remote_authentication_basic_password||x||x
+remote_authentication_client_cert_content||x||x
+remote_authentication_client_cert_password||x||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `bridge_name` (String) The name of the Bridge.
+- `bridge_virtual_router` (String) The virtual router of the Bridge. The allowed values and their meaning are:
+
+<pre>
+"primary" - The Bridge is used for the primary virtual router.
+"backup" - The Bridge is used for the backup virtual router.
+"auto" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
+</pre>
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `enabled` (Boolean) Enable or disable the Bridge. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `max_ttl` (Number) The maximum time-to-live (TTL) in hops. Messages are discarded if their TTL exceeds this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `8`.
+- `remote_authentication_basic_client_username` (String) The Client Username the Bridge uses to login to the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `remote_authentication_scheme` (String) The authentication scheme for the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"basic"`. The allowed values and their meaning are:
+
+<pre>
+"basic" - Basic Authentication Scheme (via username and password).
+"client-certificate" - Client Certificate Authentication Scheme (via certificate file or content).
+</pre>
+- `remote_connection_retry_count` (Number) The maximum number of retry attempts to establish a connection to the remote Message VPN. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `remote_connection_retry_delay` (Number) The number of seconds the broker waits for the bridge connection to be established before attempting a new connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `remote_deliver_to_one_priority` (String) The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"p1"`. The allowed values and their meaning are:
+
+<pre>
+"p1" - The 1st or highest priority.
+"p2" - The 2nd highest priority.
+"p3" - The 3rd highest priority.
+"p4" - The 4th highest priority.
+"da" - Ignore priority and deliver always.
+</pre>
+- `tls_cipher_suite_list` (String) The colon-separated list of cipher suites supported for TLS connections to the remote Message VPN. The value "default" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
diff --git a/docs/data-sources/msg_vpn_bridge_remote_msg_vpn.md b/docs/data-sources/msg_vpn_bridge_remote_msg_vpn.md
new file mode 100644
index 00000000..9e69a806
--- /dev/null
+++ b/docs/data-sources/msg_vpn_bridge_remote_msg_vpn.md
@@ -0,0 +1,71 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_bridge_remote_msg_vpn Data Source - solacebroker"
+subcategory: ""
+description: |-
+  The Remote Message VPN is the Message VPN that the Bridge connects to.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  bridgename|x|||
+  bridgevirtualrouter|x|||
+  msgvpnname|x|||
+  password||x||x
+  remotemsgvpninterface|x|||
+  remotemsgvpnlocation|x|||
+  remotemsgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_bridge_remote_msg_vpn (Data Source)
+
+The Remote Message VPN is the Message VPN that the Bridge connects to.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+bridge_name|x|||
+bridge_virtual_router|x|||
+msg_vpn_name|x|||
+password||x||x
+remote_msg_vpn_interface|x|||
+remote_msg_vpn_location|x|||
+remote_msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `bridge_name` (String) The name of the Bridge.
+- `bridge_virtual_router` (String) The virtual router of the Bridge. The allowed values and their meaning are:
+
+<pre>
+"primary" - The Bridge is used for the primary virtual router.
+"backup" - The Bridge is used for the backup virtual router.
+"auto" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
+</pre>
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `remote_msg_vpn_interface` (String) The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remote_msg_vpn_location` must not be a virtual router name.
+- `remote_msg_vpn_location` (String) The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with "v:").
+- `remote_msg_vpn_name` (String) The name of the remote Message VPN.
+
+### Read-Only
+
+- `client_username` (String) The Client Username the Bridge uses to login to the remote Message VPN. This per remote Message VPN value overrides the value provided for the Bridge overall. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `compressed_data_enabled` (Boolean) Enable or disable data compression for the remote Message VPN connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `connect_order` (Number) The preference given to incoming connections from remote Message VPN hosts, from 1 (highest priority) to 4 (lowest priority). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.
+- `egress_flow_window_size` (Number) The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgment is received. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.
+- `enabled` (Boolean) Enable or disable the remote Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `queue_binding` (String) The queue binding of the Bridge in the remote Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `tls_enabled` (Boolean) Enable or disable encryption (TLS) for the remote Message VPN connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `unidirectional_client_profile` (String) The Client Profile for the unidirectional Bridge of the remote Message VPN. The Client Profile must exist in the local Message VPN, and it is used only for the TCP parameters. Note that the default client profile has a TCP maximum window size of 2 MB. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#client-profile"`.
diff --git a/docs/data-sources/msg_vpn_bridge_remote_subscription.md b/docs/data-sources/msg_vpn_bridge_remote_subscription.md
new file mode 100644
index 00000000..35bf993a
--- /dev/null
+++ b/docs/data-sources/msg_vpn_bridge_remote_subscription.md
@@ -0,0 +1,56 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_bridge_remote_subscription Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  bridgename|x|||
+  bridgevirtualrouter|x|||
+  msgvpnname|x|||
+  remotesubscription_topic|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_bridge_remote_subscription (Data Source)
+
+A Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+bridge_name|x|||
+bridge_virtual_router|x|||
+msg_vpn_name|x|||
+remote_subscription_topic|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `bridge_name` (String) The name of the Bridge.
+- `bridge_virtual_router` (String) The virtual router of the Bridge. The allowed values and their meaning are:
+
+<pre>
+"primary" - The Bridge is used for the primary virtual router.
+"backup" - The Bridge is used for the backup virtual router.
+"auto" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
+</pre>
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `remote_subscription_topic` (String) The topic of the Bridge remote subscription.
+
+### Read-Only
+
+- `deliver_always_enabled` (Boolean) Enable or disable deliver-always for the Bridge remote subscription topic instead of a deliver-to-one remote priority. A given topic for the Bridge may be deliver-to-one or deliver-always but not both.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_cert_matching_rule.md b/docs/data-sources/msg_vpn_cert_matching_rule.md
new file mode 100644
index 00000000..d1cc3423
--- /dev/null
+++ b/docs/data-sources/msg_vpn_cert_matching_rule.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_cert_matching_rule Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  rule_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.27.
+---
+
+# solacebroker_msg_vpn_cert_matching_rule (Data Source)
+
+A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+rule_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.27.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `rule_name` (String) The name of the rule.
+
+### Read-Only
+
+- `enabled` (Boolean) Enable or disable a certificate matching rule. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_cert_matching_rule_attribute_filter.md b/docs/data-sources/msg_vpn_cert_matching_rule_attribute_filter.md
new file mode 100644
index 00000000..3ec06853
--- /dev/null
+++ b/docs/data-sources/msg_vpn_cert_matching_rule_attribute_filter.md
@@ -0,0 +1,48 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_cert_matching_rule_attribute_filter Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Cert Matching Rule Attribute Filter compares a username attribute to a string.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  filtername|x|||
+  msgvpnname|x|||
+  rulename|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.28.
+---
+
+# solacebroker_msg_vpn_cert_matching_rule_attribute_filter (Data Source)
+
+A Cert Matching Rule Attribute Filter compares a username attribute to a string.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+filter_name|x|||
+msg_vpn_name|x|||
+rule_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.28.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `filter_name` (String) The name of the filter.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `rule_name` (String) The name of the rule.
+
+### Read-Only
+
+- `attribute_name` (String) Client Username Attribute to be tested. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `attribute_value` (String) Expected attribute value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_cert_matching_rule_condition.md b/docs/data-sources/msg_vpn_cert_matching_rule_condition.md
new file mode 100644
index 00000000..87d0081b
--- /dev/null
+++ b/docs/data-sources/msg_vpn_cert_matching_rule_condition.md
@@ -0,0 +1,64 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_cert_matching_rule_condition Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  rule_name|x|||
+  source|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.27.
+---
+
+# solacebroker_msg_vpn_cert_matching_rule_condition (Data Source)
+
+A Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+rule_name|x|||
+source|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.27.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `rule_name` (String) The name of the rule.
+- `source` (String) Certificate field to be compared with the Attribute. The allowed values and their meaning are:
+
+<pre>
+"certificate-thumbprint" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.
+"common-name" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.
+"common-name-last" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.
+"subject-alternate-name-msupn" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.
+"uid" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.
+"uid-last" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.
+"org-unit" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.
+"org-unit-last" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.
+"issuer" - The attribute is extracted from the certificate's Issuer DN.
+"subject" - The attribute is extracted from the certificate's Subject DN.
+"serial-number" - The attribute is extracted from the certificate's Serial Number.
+"dns-name" - The attribute is extracted from the certificate's Subject Alt Name DNS Name.
+"ip-address" - The attribute is extracted from the certificate's Subject Alt Name IP Address.
+</pre>
+
+### Read-Only
+
+- `attribute` (String) Client Username Attribute to be compared with certificate content. Either an attribute or an expression must be provided on creation, but not both. The default value is `""`.
+- `expression` (String) Glob expression to be matched with certificate content. Either an expression or an attribute must be provided on creation, but not both. The default value is `""`.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_client_profile.md b/docs/data-sources/msg_vpn_client_profile.md
new file mode 100644
index 00000000..7f7474c3
--- /dev/null
+++ b/docs/data-sources/msg_vpn_client_profile.md
@@ -0,0 +1,219 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_client_profile Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Client Profiles are used to assign common configuration properties to clients that have been successfully authorized.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  allowcutthroughforwardingenabled|||x|
+  apiqueuemanagementcopyfromoncreatename|||x|
+  apitopicendpointmanagementcopyfromoncreatename|||x|
+  clientprofilename|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_client_profile (Data Source)
+
+Client Profiles are used to assign common configuration properties to clients that have been successfully authorized.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+allow_cut_through_forwarding_enabled|||x|
+api_queue_management_copy_from_on_create_name|||x|
+api_topic_endpoint_management_copy_from_on_create_name|||x|
+client_profile_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `client_profile_name` (String) The name of the Client Profile.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `allow_bridge_connections_enabled` (Boolean) Enable or disable allowing Bridge clients using the Client Profile to connect. Changing this setting does not affect existing Bridge client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `allow_guaranteed_endpoint_create_durability` (String) The types of Queues and Topic Endpoints that clients using the client-profile can create. Changing this value does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"all"`. The allowed values and their meaning are:
+
+<pre>
+"all" - Client can create any type of endpoint.
+"durable" - Client can create only durable endpoints.
+"non-durable" - Client can create only non-durable endpoints.
+</pre>
+ Available since SEMP API version 2.14.
+- `allow_guaranteed_endpoint_create_enabled` (Boolean) Enable or disable allowing clients using the Client Profile to create topic endpoints or queues. Changing this value does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `allow_guaranteed_msg_receive_enabled` (Boolean) Enable or disable allowing clients using the Client Profile to receive guaranteed messages. Changing this setting does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `allow_guaranteed_msg_send_enabled` (Boolean) Enable or disable allowing clients using the Client Profile to send guaranteed messages. Changing this setting does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `allow_shared_subscriptions_enabled` (Boolean) Enable or disable allowing shared subscriptions. Changing this setting does not affect existing subscriptions. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.11.
+- `allow_transacted_sessions_enabled` (Boolean) Enable or disable allowing clients using the Client Profile to establish transacted sessions. Changing this setting does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `api_queue_management_copy_from_on_create_template_name` (String) The name of a queue template to copy settings from when a new queue is created by a client using the Client Profile. If the referenced queue template does not exist, queue creation will fail when it tries to resolve this template. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.14.
+- `api_topic_endpoint_management_copy_from_on_create_template_name` (String) The name of a topic endpoint template to copy settings from when a new topic endpoint is created by a client using the Client Profile. If the referenced topic endpoint template does not exist, topic endpoint creation will fail when it tries to resolve this template. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.14.
+- `compression_enabled` (Boolean) Enable or disable allowing clients using the Client Profile to use compression. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.10.
+- `eliding_delay` (Number) The amount of time to delay the delivery of messages to clients using the Client Profile after the initial message has been delivered (the eliding delay interval), in milliseconds. A value of 0 means there is no delay in delivering messages to clients. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `eliding_enabled` (Boolean) Enable or disable message eliding for clients using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `eliding_max_topic_count` (Number) The maximum number of topics tracked for message eliding per client connection using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.
+- `event_client_provisioned_endpoint_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_client_provisioned_endpoint_spool_usage_threshold))
+- `event_connection_count_per_client_username_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_connection_count_per_client_username_threshold))
+- `event_egress_flow_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_egress_flow_count_threshold))
+- `event_endpoint_count_per_client_username_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_endpoint_count_per_client_username_threshold))
+- `event_ingress_flow_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_ingress_flow_count_threshold))
+- `event_service_smf_connection_count_per_client_username_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_smf_connection_count_per_client_username_threshold))
+- `event_service_web_connection_count_per_client_username_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_web_connection_count_per_client_username_threshold))
+- `event_subscription_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_subscription_count_threshold))
+- `event_transacted_session_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_transacted_session_count_threshold))
+- `event_transaction_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_transaction_count_threshold))
+- `id` (String) Identifier attribute, for internal use only.
+- `max_connection_count_per_client_username` (Number) The maximum number of client connections per Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `max_egress_flow_count` (Number) The maximum number of transmit flows that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_endpoint_count_per_client_username` (Number) The maximum number of queues and topic endpoints that can be created by clients with the same Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_ingress_flow_count` (Number) The maximum number of receive flows that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_msgs_per_transaction` (Number) The maximum number of publisher and consumer messages combined that is allowed within a transaction for each client associated with this client-profile. Exceeding this limit will result in a transaction prepare or commit failure. Changing this value during operation will not affect existing sessions. It is only validated at transaction creation time. Large transactions consume more resources and are more likely to require retrieving messages from the ADB or from disk to process the transaction prepare or commit requests. The transaction processing rate may diminish if a large number of messages must be retrieved from the ADB or from disk. Care should be taken to not use excessively large transactions needlessly to avoid exceeding resource limits and to avoid reducing the overall broker performance. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`. Available since SEMP API version 2.20.
+- `max_subscription_count` (Number) The maximum number of subscriptions per client using the Client Profile. This limit is not enforced when a client adds a subscription to an endpoint, except for MQTT QoS 1 subscriptions. In addition, this limit is not enforced when a subscription is added using a management interface, such as CLI or SEMP. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `max_transacted_session_count` (Number) The maximum number of transacted sessions that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10`.
+- `max_transaction_count` (Number) The maximum number of transactions that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `queue_control1_max_depth` (Number) The maximum depth of the "Control 1" (C-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.
+- `queue_control1_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Control 1" (C-1) priority queue, regardless of the `queue_control1_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.
+- `queue_direct1_max_depth` (Number) The maximum depth of the "Direct 1" (D-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.
+- `queue_direct1_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Direct 1" (D-1) priority queue, regardless of the `queue_direct1_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.
+- `queue_direct2_max_depth` (Number) The maximum depth of the "Direct 2" (D-2) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.
+- `queue_direct2_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Direct 2" (D-2) priority queue, regardless of the `queue_direct2_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.
+- `queue_direct3_max_depth` (Number) The maximum depth of the "Direct 3" (D-3) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.
+- `queue_direct3_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Direct 3" (D-3) priority queue, regardless of the `queue_direct3_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.
+- `queue_guaranteed1_max_depth` (Number) The maximum depth of the "Guaranteed 1" (G-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.
+- `queue_guaranteed1_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Guaranteed 1" (G-3) priority queue, regardless of the `queue_guaranteed1_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.
+- `reject_msg_to_sender_on_no_subscription_match_enabled` (Boolean) Enable or disable the sending of a negative acknowledgment (NACK) to a client using the Client Profile when discarding a guaranteed message due to no matching subscription found. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.2.
+- `replication_allow_client_connect_when_standby_enabled` (Boolean) Enable or disable allowing clients using the Client Profile to connect to the Message VPN when its replication state is standby. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `service_min_keepalive_timeout` (Number) The minimum client keepalive timeout which will be enforced for client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30`. Available since SEMP API version 2.19.
+- `service_smf_max_connection_count_per_client_username` (Number) The maximum number of SMF client connections per Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `service_smf_min_keepalive_enabled` (Boolean) Enable or disable the enforcement of a minimum keepalive timeout for SMF clients. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.19.
+- `service_web_inactive_timeout` (Number) The timeout for inactive Web Transport client sessions using the Client Profile, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30`.
+- `service_web_max_connection_count_per_client_username` (Number) The maximum number of Web Transport client connections per Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `service_web_max_payload` (Number) The maximum Web Transport payload size before fragmentation occurs for clients using the Client Profile, in bytes. The size of the header is not included. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000000`.
+- `tcp_congestion_window_size` (Number) The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2`.
+- `tcp_keepalive_count` (Number) The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.
+- `tcp_keepalive_idle_time` (Number) The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `tcp_keepalive_interval` (Number) The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `tcp_max_segment_size` (Number) The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1460`.
+- `tcp_max_window_size` (Number) The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.
+- `tls_allow_downgrade_to_plain_text_enabled` (Boolean) Enable or disable allowing a client using the Client Profile to downgrade an encrypted connection to plain text. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.8.
+
+<a id="nestedatt--event_client_provisioned_endpoint_spool_usage_threshold"></a>
+### Nested Schema for `event_client_provisioned_endpoint_spool_usage_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_connection_count_per_client_username_threshold"></a>
+### Nested Schema for `event_connection_count_per_client_username_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_egress_flow_count_threshold"></a>
+### Nested Schema for `event_egress_flow_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_endpoint_count_per_client_username_threshold"></a>
+### Nested Schema for `event_endpoint_count_per_client_username_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_ingress_flow_count_threshold"></a>
+### Nested Schema for `event_ingress_flow_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_smf_connection_count_per_client_username_threshold"></a>
+### Nested Schema for `event_service_smf_connection_count_per_client_username_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_web_connection_count_per_client_username_threshold"></a>
+### Nested Schema for `event_service_web_connection_count_per_client_username_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_subscription_count_threshold"></a>
+### Nested Schema for `event_subscription_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_transacted_session_count_threshold"></a>
+### Nested Schema for `event_transacted_session_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_transaction_count_threshold"></a>
+### Nested Schema for `event_transaction_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/data-sources/msg_vpn_client_username.md b/docs/data-sources/msg_vpn_client_username.md
new file mode 100644
index 00000000..3d52ac7f
--- /dev/null
+++ b/docs/data-sources/msg_vpn_client_username.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_client_username Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  clientusername|x|||
+  msgvpn_name|x|||
+  password||x||x
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_client_username (Data Source)
+
+A client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+client_username|x|||
+msg_vpn_name|x|||
+password||x||x
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `client_username` (String) The name of the Client Username.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `acl_profile_name` (String) The ACL Profile of the Client Username. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `client_profile_name` (String) The Client Profile of the Client Username. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `enabled` (Boolean) Enable or disable the Client Username. When disabled, all clients currently connected as the Client Username are disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `guaranteed_endpoint_permission_override_enabled` (Boolean) Enable or disable guaranteed endpoint permission override for the Client Username. When enabled all guaranteed endpoints may be accessed, modified or deleted with the same permission as the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `subscription_manager_enabled` (Boolean) Enable or disable the subscription management capability of the Client Username. This is the ability to manage subscriptions on behalf of other Client Usernames. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
diff --git a/docs/data-sources/msg_vpn_client_username_attribute.md b/docs/data-sources/msg_vpn_client_username_attribute.md
new file mode 100644
index 00000000..cc246760
--- /dev/null
+++ b/docs/data-sources/msg_vpn_client_username_attribute.md
@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_client_username_attribute Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  attributename|x|||
+  attributevalue|x|||
+  clientusername|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.27.
+---
+
+# solacebroker_msg_vpn_client_username_attribute (Data Source)
+
+A ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+attribute_name|x|||
+attribute_value|x|||
+client_username|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.27.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `attribute_name` (String) The name of the Attribute.
+- `attribute_value` (String) The value of the Attribute.
+- `client_username` (String) The name of the Client Username.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_distributed_cache.md b/docs/data-sources/msg_vpn_distributed_cache.md
new file mode 100644
index 00000000..fdbc7a4a
--- /dev/null
+++ b/docs/data-sources/msg_vpn_distributed_cache.md
@@ -0,0 +1,53 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_distributed_cache Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_distributed_cache (Data Source)
+
+A Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the Distributed Cache.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `cache_virtual_router` (String) The virtual router of the Distributed Cache. The default value is `"auto"`. The allowed values and their meaning are:
+
+<pre>
+"auto" - The Distributed Cache is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
+</pre>
+ Available since SEMP API version 2.28.
+- `enabled` (Boolean) Enable or disable the Distributed Cache. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `heartbeat` (Number) The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the message broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10`.
+- `id` (String) Identifier attribute, for internal use only.
+- `scheduled_delete_msg_day_list` (String) The scheduled delete message day(s), specified as "daily" or a comma-separated list of days. Days must be specified as "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", or "Sat", with no spaces, and in sorted order from Sunday to Saturday. The empty-string ("") can also be specified, indicating no schedule is configured ("scheduled_delete_msg_time_list" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `scheduled_delete_msg_time_list` (String) The scheduled delete message time(s), specified as "hourly" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. The empty-string ("") can also be specified, indicating no schedule is configured ("scheduled_delete_msg_day_list" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
diff --git a/docs/data-sources/msg_vpn_distributed_cache_cluster.md b/docs/data-sources/msg_vpn_distributed_cache_cluster.md
new file mode 100644
index 00000000..b1136695
--- /dev/null
+++ b/docs/data-sources/msg_vpn_distributed_cache_cluster.md
@@ -0,0 +1,126 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_distributed_cache_cluster Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  clustername|x|||
+  msgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_distributed_cache_cluster (Data Source)
+
+A Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+cluster_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the Distributed Cache.
+- `cluster_name` (String) The name of the Cache Cluster.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `deliver_to_one_override_enabled` (Boolean) Enable or disable deliver-to-one override for the Cache Cluster. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `enabled` (Boolean) Enable or disable the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_data_byte_rate_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_data_byte_rate_threshold))
+- `event_data_msg_rate_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_data_msg_rate_threshold))
+- `event_max_memory_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_max_memory_threshold))
+- `event_max_topics_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_max_topics_threshold))
+- `event_request_queue_depth_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_request_queue_depth_threshold))
+- `event_request_rate_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_request_rate_threshold))
+- `event_response_rate_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_response_rate_threshold))
+- `global_caching_enabled` (Boolean) Enable or disable global caching for the Cache Cluster. When enabled, the Cache Instances will fetch topics from remote Home Cache Clusters when requested, and subscribe to those topics to cache them locally. When disabled, the Cache Instances will remove all subscriptions and cached messages for topics from remote Home Cache Clusters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `global_caching_heartbeat` (Number) The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the remote Home Cache Clusters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `global_caching_topic_lifetime` (Number) The topic lifetime, in seconds. If no client requests are received for a given global topic over the duration of the topic lifetime, then the Cache Instance will remove the subscription and cached messages for that topic. A value of 0 disables aging. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3600`.
+- `id` (String) Identifier attribute, for internal use only.
+- `max_memory` (Number) The maximum memory usage, in megabytes (MB), for each Cache Instance in the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2048`.
+- `max_msgs_per_topic` (Number) The maximum number of messages per topic for each Cache Instance in the Cache Cluster. When at the maximum, old messages are removed as new messages arrive. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `max_request_queue_depth` (Number) The maximum queue depth for cache requests received by the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `100000`.
+- `max_topic_count` (Number) The maximum number of topics for each Cache Instance in the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2000000`.
+- `msg_lifetime` (Number) The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the Cache Instance will remove the message. A lifetime of 0 results in the message being retained indefinitely. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `new_topic_advertisement_enabled` (Boolean) Enable or disable the advertising, onto the message bus, of new topics learned by each Cache Instance in the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+<a id="nestedatt--event_data_byte_rate_threshold"></a>
+### Nested Schema for `event_data_byte_rate_threshold`
+
+Read-Only:
+
+- `clear_value` (Number) The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
+- `set_value` (Number) The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_data_msg_rate_threshold"></a>
+### Nested Schema for `event_data_msg_rate_threshold`
+
+Read-Only:
+
+- `clear_value` (Number) The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
+- `set_value` (Number) The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_max_memory_threshold"></a>
+### Nested Schema for `event_max_memory_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_max_topics_threshold"></a>
+### Nested Schema for `event_max_topics_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_request_queue_depth_threshold"></a>
+### Nested Schema for `event_request_queue_depth_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_request_rate_threshold"></a>
+### Nested Schema for `event_request_rate_threshold`
+
+Read-Only:
+
+- `clear_value` (Number) The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
+- `set_value` (Number) The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_response_rate_threshold"></a>
+### Nested Schema for `event_response_rate_threshold`
+
+Read-Only:
+
+- `clear_value` (Number) The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
+- `set_value` (Number) The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.
diff --git a/docs/data-sources/msg_vpn_distributed_cache_cluster_global_caching_home_cluster.md b/docs/data-sources/msg_vpn_distributed_cache_cluster_global_caching_home_cluster.md
new file mode 100644
index 00000000..c93cd8d9
--- /dev/null
+++ b/docs/data-sources/msg_vpn_distributed_cache_cluster_global_caching_home_cluster.md
@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_distributed_cache_cluster_global_caching_home_cluster Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Home Cache Cluster is a Cache Cluster that is the "definitive" Cache Cluster for a given topic in the context of the Global Caching feature.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  clustername|x|||
+  homeclustername|x|||
+  msgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_distributed_cache_cluster_global_caching_home_cluster (Data Source)
+
+A Home Cache Cluster is a Cache Cluster that is the "definitive" Cache Cluster for a given topic in the context of the Global Caching feature.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+cluster_name|x|||
+home_cluster_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the Distributed Cache.
+- `cluster_name` (String) The name of the Cache Cluster.
+- `home_cluster_name` (String) The name of the remote Home Cache Cluster.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix.md b/docs/data-sources/msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix.md
new file mode 100644
index 00000000..b595cf5c
--- /dev/null
+++ b/docs/data-sources/msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix.md
@@ -0,0 +1,52 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  clustername|x|||
+  homeclustername|x|||
+  msgvpnname|x|||
+  topic_prefix|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix (Data Source)
+
+A Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+cluster_name|x|||
+home_cluster_name|x|||
+msg_vpn_name|x|||
+topic_prefix|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the Distributed Cache.
+- `cluster_name` (String) The name of the Cache Cluster.
+- `home_cluster_name` (String) The name of the remote Home Cache Cluster.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `topic_prefix` (String) A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_distributed_cache_cluster_instance.md b/docs/data-sources/msg_vpn_distributed_cache_cluster_instance.md
new file mode 100644
index 00000000..9510fa30
--- /dev/null
+++ b/docs/data-sources/msg_vpn_distributed_cache_cluster_instance.md
@@ -0,0 +1,52 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_distributed_cache_cluster_instance Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  clustername|x|||
+  instancename|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_distributed_cache_cluster_instance (Data Source)
+
+A Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+cluster_name|x|||
+instance_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the Distributed Cache.
+- `cluster_name` (String) The name of the Cache Cluster.
+- `instance_name` (String) The name of the Cache Instance.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `auto_start_enabled` (Boolean) Enable or disable auto-start for the Cache Instance. When enabled, the Cache Instance will automatically attempt to transition from the Stopped operational state to Up whenever it restarts or reconnects to the message broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `enabled` (Boolean) Enable or disable the Cache Instance. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `stop_on_lost_msg_enabled` (Boolean) Enable or disable stop-on-lost-message for the Cache Instance. When enabled, the Cache Instance will transition to the stopped operational state upon losing a message. When stopped, it cannot accept or respond to cache requests, but continues to cache messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
diff --git a/docs/data-sources/msg_vpn_distributed_cache_cluster_topic.md b/docs/data-sources/msg_vpn_distributed_cache_cluster_topic.md
new file mode 100644
index 00000000..0d999211
--- /dev/null
+++ b/docs/data-sources/msg_vpn_distributed_cache_cluster_topic.md
@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_distributed_cache_cluster_topic Data Source - solacebroker"
+subcategory: ""
+description: |-
+  The Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  clustername|x|||
+  msgvpnname|x|||
+  topic|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_distributed_cache_cluster_topic (Data Source)
+
+The Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+cluster_name|x|||
+msg_vpn_name|x|||
+topic|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the Distributed Cache.
+- `cluster_name` (String) The name of the Cache Cluster.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `topic` (String) The value of the Topic in the form a/b/c.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_dmr_bridge.md b/docs/data-sources/msg_vpn_dmr_bridge.md
new file mode 100644
index 00000000..b9b3e5ce
--- /dev/null
+++ b/docs/data-sources/msg_vpn_dmr_bridge.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_dmr_bridge Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  remotenodename|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_dmr_bridge (Data Source)
+
+A DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+remote_node_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `remote_node_name` (String) The name of the node at the remote end of the DMR Bridge.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+- `remote_msg_vpn_name` (String) The remote Message VPN of the DMR Bridge. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
diff --git a/docs/data-sources/msg_vpn_jndi_connection_factory.md b/docs/data-sources/msg_vpn_jndi_connection_factory.md
new file mode 100644
index 00000000..c3bea014
--- /dev/null
+++ b/docs/data-sources/msg_vpn_jndi_connection_factory.md
@@ -0,0 +1,87 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_jndi_connection_factory Data Source - solacebroker"
+subcategory: ""
+description: |-
+  The message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  connectionfactoryname|x|||
+  msgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.2.
+---
+
+# solacebroker_msg_vpn_jndi_connection_factory (Data Source)
+
+The message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+connection_factory_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.2.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `connection_factory_name` (String) The name of the JMS Connection Factory.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `allow_duplicate_client_id_enabled` (Boolean) Enable or disable whether new JMS connections can use the same Client identifier (ID) as an existing connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.3.
+- `client_description` (String) The description of the Client. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `client_id` (String) The Client identifier (ID). If not specified, a unique value for it will be generated. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `dto_receive_override_enabled` (Boolean) Enable or disable overriding by the Subscriber (Consumer) of the deliver-to-one (DTO) property on messages. When enabled, the Subscriber can receive all DTO tagged messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `dto_receive_subscriber_local_priority` (Number) The priority for receiving deliver-to-one (DTO) messages by the Subscriber (Consumer) if the messages are published on the local broker that the Subscriber is directly connected to. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `dto_receive_subscriber_network_priority` (Number) The priority for receiving deliver-to-one (DTO) messages by the Subscriber (Consumer) if the messages are published on a remote broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `dto_send_enabled` (Boolean) Enable or disable the deliver-to-one (DTO) property on messages sent by the Publisher (Producer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `dynamic_endpoint_create_durable_enabled` (Boolean) Enable or disable whether a durable endpoint will be dynamically created on the broker when the client calls "Session.createDurableSubscriber()" or "Session.createQueue()". The created endpoint respects the message time-to-live (TTL) according to the "dynamic_endpoint_respect_ttl_enabled" property. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `dynamic_endpoint_respect_ttl_enabled` (Boolean) Enable or disable whether dynamically created durable and non-durable endpoints respect the message time-to-live (TTL) property. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `guaranteed_receive_ack_timeout` (Number) The timeout for sending the acknowledgment (ACK) for guaranteed messages received by the Subscriber (Consumer), in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `guaranteed_receive_reconnect_retry_count` (Number) The maximum number of attempts to reconnect to the host or list of hosts after the guaranteed  messaging connection has been lost. The value "-1" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`. Available since SEMP API version 2.14.
+- `guaranteed_receive_reconnect_retry_wait` (Number) The amount of time to wait before making another attempt to connect or reconnect to the host after the guaranteed messaging connection has been lost, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`. Available since SEMP API version 2.14.
+- `guaranteed_receive_window_size` (Number) The size of the window for guaranteed messages received by the Subscriber (Consumer), in messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `18`.
+- `guaranteed_receive_window_size_ack_threshold` (Number) The threshold for sending the acknowledgment (ACK) for guaranteed messages received by the Subscriber (Consumer) as a percentage of `guaranteed_receive_window_size`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `60`.
+- `guaranteed_send_ack_timeout` (Number) The timeout for receiving the acknowledgment (ACK) for guaranteed messages sent by the Publisher (Producer), in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2000`.
+- `guaranteed_send_window_size` (Number) The size of the window for non-persistent guaranteed messages sent by the Publisher (Producer), in messages. For persistent messages the window size is fixed at 1. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.
+- `id` (String) Identifier attribute, for internal use only.
+- `messaging_default_delivery_mode` (String) The default delivery mode for messages sent by the Publisher (Producer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"persistent"`. The allowed values and their meaning are:
+
+<pre>
+"persistent" - The broker spools messages (persists in the Message Spool) as part of the send operation.
+"non-persistent" - The broker does not spool messages (does not persist in the Message Spool) as part of the send operation.
+</pre>
+- `messaging_default_dmq_eligible_enabled` (Boolean) Enable or disable whether messages sent by the Publisher (Producer) are Dead Message Queue (DMQ) eligible by default. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `messaging_default_eliding_eligible_enabled` (Boolean) Enable or disable whether messages sent by the Publisher (Producer) are Eliding eligible by default. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `messaging_jmsx_user_id_enabled` (Boolean) Enable or disable inclusion (adding or replacing) of the JMSXUserID property in messages sent by the Publisher (Producer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `messaging_text_in_xml_payload_enabled` (Boolean) Enable or disable encoding of JMS text messages in Publisher (Producer) messages as XML payload. When disabled, JMS text messages are encoded as a binary attachment. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `transport_compression_level` (Number) The ZLIB compression level for the connection to the broker. The value "0" means no compression, and the value "-1" means the compression level is specified in the JNDI Properties file. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`.
+- `transport_connect_retry_count` (Number) The maximum number of retry attempts to establish an initial connection to the host or list of hosts. The value "0" means a single attempt (no retries), and the value "-1" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `transport_connect_retry_per_host_count` (Number) The maximum number of retry attempts to establish an initial connection to each host on the list of hosts. The value "0" means a single attempt (no retries), and the value "-1" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `transport_connect_timeout` (Number) The timeout for establishing an initial connection to the broker, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30000`.
+- `transport_direct_transport_enabled` (Boolean) Enable or disable usage of Direct Transport mode. When enabled, NON-PERSISTENT messages are sent as direct messages and non-durable topic consumers and temporary queue consumers consume using direct subscriptions rather than from guaranteed endpoints. If disabled all messaging uses guaranteed transport. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `transport_keepalive_count` (Number) The maximum number of consecutive application-level keepalive messages sent without the broker response before the connection to the broker is closed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `transport_keepalive_enabled` (Boolean) Enable or disable usage of application-level keepalive messages to maintain a connection with the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `transport_keepalive_interval` (Number) The interval between application-level keepalive messages, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`.
+- `transport_msg_callback_on_io_thread_enabled` (Boolean) Enable or disable delivery of asynchronous messages directly from the I/O thread. Contact support before enabling this property. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `transport_optimize_direct_enabled` (Boolean) Enable or disable optimization for the Direct Transport delivery mode. If enabled, the client application is limited to one Publisher (Producer) and one non-durable Subscriber (Consumer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `transport_port` (Number) The connection port number on the broker for SMF clients. The value "-1" means the port is specified in the JNDI Properties file. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`.
+- `transport_read_timeout` (Number) The timeout for reading a reply from the broker, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.
+- `transport_receive_buffer_size` (Number) The size of the receive socket buffer, in bytes. It corresponds to the SO_RCVBUF socket option. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `65536`.
+- `transport_reconnect_retry_count` (Number) The maximum number of attempts to reconnect to the host or list of hosts after the connection has been lost. The value "-1" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `transport_reconnect_retry_wait` (Number) The amount of time before making another attempt to connect or reconnect to the host after the connection has been lost, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`.
+- `transport_send_buffer_size` (Number) The size of the send socket buffer, in bytes. It corresponds to the SO_SNDBUF socket option. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `65536`.
+- `transport_tcp_no_delay_enabled` (Boolean) Enable or disable the TCP_NODELAY option. When enabled, Nagle's algorithm for TCP/IP congestion control (RFC 896) is disabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `xa_enabled` (Boolean) Enable or disable this as an XA Connection Factory. When enabled, the Connection Factory can be cast to "XAConnectionFactory", "XAQueueConnectionFactory" or "XATopicConnectionFactory". Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
diff --git a/docs/data-sources/msg_vpn_jndi_queue.md b/docs/data-sources/msg_vpn_jndi_queue.md
new file mode 100644
index 00000000..be0a0b84
--- /dev/null
+++ b/docs/data-sources/msg_vpn_jndi_queue.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_jndi_queue Data Source - solacebroker"
+subcategory: ""
+description: |-
+  The message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  queue_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.2.
+---
+
+# solacebroker_msg_vpn_jndi_queue (Data Source)
+
+The message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+queue_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.2.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_name` (String) The JNDI name of the JMS Queue.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+- `physical_name` (String) The physical name of the JMS Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
diff --git a/docs/data-sources/msg_vpn_jndi_topic.md b/docs/data-sources/msg_vpn_jndi_topic.md
new file mode 100644
index 00000000..3a32182d
--- /dev/null
+++ b/docs/data-sources/msg_vpn_jndi_topic.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_jndi_topic Data Source - solacebroker"
+subcategory: ""
+description: |-
+  The message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  topic_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.2.
+---
+
+# solacebroker_msg_vpn_jndi_topic (Data Source)
+
+The message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+topic_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.2.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `topic_name` (String) The JNDI name of the JMS Topic.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+- `physical_name` (String) The physical name of the JMS Topic. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
diff --git a/docs/data-sources/msg_vpn_kafka_receiver.md b/docs/data-sources/msg_vpn_kafka_receiver.md
new file mode 100644
index 00000000..4acc9d60
--- /dev/null
+++ b/docs/data-sources/msg_vpn_kafka_receiver.md
@@ -0,0 +1,93 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_kafka_receiver Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Kafka Receiver receives messages from a Kafka Cluster.
+  WARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationbasicpassword||x||x
+  authenticationclientcertcontent||x||x
+  authenticationclientcertpassword||x||
+  authenticationoauthclientsecret||x||x
+  authenticationscrampassword||x||x
+  kafkareceivername|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.36.
+---
+
+# solacebroker_msg_vpn_kafka_receiver (Data Source)
+
+A Kafka Receiver receives messages from a Kafka Cluster.
+
+WARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_basic_password||x||x
+authentication_client_cert_content||x||x
+authentication_client_cert_password||x||
+authentication_oauth_client_secret||x||x
+authentication_scram_password||x||x
+kafka_receiver_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.36.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `kafka_receiver_name` (String) The name of the Kafka Receiver.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `authentication_basic_username` (String) The username the Kafka Receiver uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_oauth_client_id` (String) The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_oauth_client_scope` (String) The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_oauth_client_token_endpoint` (String) The OAuth token endpoint URL that the Kafka Receiver will use to request a token for login to the Kafka broker. Must begin with "https". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_scheme` (String) The authentication scheme for the Kafka Receiver. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - Anonymous Authentication.
+"basic" - Basic Authentication.
+"scram" - Salted Challenge Response Authentication.
+"client-certificate" - Client Certificate Authentication.
+"oauth-client" - Oauth Authentication.
+</pre>
+- `authentication_scram_hash` (String) The hash used for SCRAM authentication. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"sha-512"`. The allowed values and their meaning are:
+
+<pre>
+"sha-256" - SHA-2 256 bits.
+"sha-512" - SHA-2 512 bits.
+</pre>
+- `authentication_scram_username` (String) The username the Kafka Receiver uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `batch_delay` (Number) Delay (in ms) to wait to accumulate a batch of messages to receive. Batching is done on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `500`.
+- `batch_max_size` (Number) Maximum size of a message batch, in bytes (B). Batching is done on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `bootstrap_address_list` (String) Comma separated list of addresses (and optional ports) of brokers in the Kafka Cluster from which the state of the entire Kafka Cluster can be learned. If a port is not provided with an address it will default to 9092. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `enabled` (Boolean) Enable or disable the Kafka Receiver. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `group_id` (String) The id of the Kafka consumer group for the Receiver. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `group_keepalive_interval` (Number) The time between sending keepalives to the group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`.
+- `group_keepalive_timeout` (Number) The time until unresponsive group members are removed, triggering a partition rebalance across other members of the group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `45000`.
+- `group_membership_type` (String) The membership type of the Kafka consumer group for the Receiver. Static members can leave and rejoin the group (within group_keepalive_timeout) without prompting a group rebalance. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"dynamic"`. The allowed values and their meaning are:
+
+<pre>
+"dynamic" - Dynamic Membership.
+"static" - Static Membership.
+</pre>
+- `group_partition_scheme_list` (String) The ordered, comma-separated list of schemes used for partition assignment of the consumer group for this Receiver. Both Eager ("range", "roundrobin") and Cooperative ("cooperative-sticky") schemes are supported. The elected group leader will choose the first common strategy provided by all members of the group. Eager and Cooperative schemes must not be mixed. For more information on these schemes, see Kafka documentation. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"range,roundrobin"`.
+- `id` (String) Identifier attribute, for internal use only.
+- `metadata_topic_exclude_list` (String) A comma-separated list of regular expressions. Any matching topic names will be ignored in broker metadata. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `metadata_topic_refresh_interval` (Number) The time between refreshes of topic metadata from the Kafka Cluster. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30000`.
+- `transport_tls_enabled` (Boolean) Enable or disable encryption (TLS) for the Kafka Receiver. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
diff --git a/docs/data-sources/msg_vpn_kafka_receiver_topic_binding.md b/docs/data-sources/msg_vpn_kafka_receiver_topic_binding.md
new file mode 100644
index 00000000..d740e546
--- /dev/null
+++ b/docs/data-sources/msg_vpn_kafka_receiver_topic_binding.md
@@ -0,0 +1,59 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_kafka_receiver_topic_binding Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Topic Binding receives messages from a remote Kafka Topic.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  kafkareceivername|x|||
+  msgvpnname|x|||
+  topic_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.36.
+---
+
+# solacebroker_msg_vpn_kafka_receiver_topic_binding (Data Source)
+
+A Topic Binding receives messages from a remote Kafka Topic.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+kafka_receiver_name|x|||
+msg_vpn_name|x|||
+topic_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.36.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `kafka_receiver_name` (String) The name of the Kafka Receiver.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `topic_name` (String) The name of the Topic.
+
+### Read-Only
+
+- `enabled` (Boolean) Enable or disable this topic binding of the Kafka Receiver. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `initial_offset` (String) The initial offset to consume from the Kafka Topic if no member of the group has consumed and committed any offset already, or if the last committed offset has been deleted. Offsets are unique per partition. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"end"`. The allowed values and their meaning are:
+
+<pre>
+"beginning" - Start with the earliest offset available.
+"end" - Start with new offsets only.
+</pre>
+- `local_key` (String) The Substitution Expression used to generate the key for each message received from Kafka. This expression can include fields extracted from the metadata of each individual Kafka message as it is received from the Kafka Topic.
+
+If empty, no key is included for each message as it is published into Solace. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `local_topic` (String) The Substitution Expression used to generate the Solace Topic for each message received from Kafka. This expression can include data extracted from the metadata of each individual Kafka message as it is received from the Kafka Topic.
+
+If empty, the Topic Binding will not be operational. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
diff --git a/docs/data-sources/msg_vpn_kafka_sender.md b/docs/data-sources/msg_vpn_kafka_sender.md
new file mode 100644
index 00000000..a910fe94
--- /dev/null
+++ b/docs/data-sources/msg_vpn_kafka_sender.md
@@ -0,0 +1,93 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_kafka_sender Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Kafka Sender sends messages to a Kafka Cluster.
+  WARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationbasicpassword||x||x
+  authenticationclientcertcontent||x||x
+  authenticationclientcertpassword||x||
+  authenticationoauthclientsecret||x||x
+  authenticationscrampassword||x||x
+  kafkasendername|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.36.
+---
+
+# solacebroker_msg_vpn_kafka_sender (Data Source)
+
+A Kafka Sender sends messages to a Kafka Cluster.
+
+WARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_basic_password||x||x
+authentication_client_cert_content||x||x
+authentication_client_cert_password||x||
+authentication_oauth_client_secret||x||x
+authentication_scram_password||x||x
+kafka_sender_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.36.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `kafka_sender_name` (String) The name of the Kafka Sender.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `authentication_basic_username` (String) The username the Kafka Sender uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_oauth_client_id` (String) The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_oauth_client_scope` (String) The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_oauth_client_token_endpoint` (String) The OAuth token endpoint URL that the Kafka Sender will use to request a token for login to the Kafka broker. Must begin with "https". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_scheme` (String) The authentication scheme for the Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - Anonymous Authentication.
+"basic" - Basic Authentication.
+"scram" - Salted Challenge Response Authentication.
+"client-certificate" - Client Certificate Authentication.
+"oauth-client" - Oauth Authentication.
+</pre>
+- `authentication_scram_hash` (String) The hash used for SCRAM authentication. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"sha-512"`. The allowed values and their meaning are:
+
+<pre>
+"sha-256" - SHA-2 256 bits.
+"sha-512" - SHA-2 512 bits.
+</pre>
+- `authentication_scram_username` (String) The username the Kafka Sender uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `batch_delay` (Number) Delay (in ms) to wait to accumulate a batch of messages to send. Batching is done for all Senders on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.
+- `batch_max_msg_count` (Number) Maximum number of messages sent in a single batch. Batching is done for all Senders on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.
+- `batch_max_size` (Number) Maximum size of a message batch, in bytes (B). Batching is done for all Senders on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000000`.
+- `bootstrap_address_list` (String) Comma separated list of addresses (and optional ports) of brokers in the Kafka Cluster from which the state of the entire Kafka Cluster can be learned. If a port is not provided with an address it will default to 9092. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `enabled` (Boolean) Enable or disable the Kafka Sender. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `idempotence_enabled` (Boolean) Enable or disable idempotence for the Kafka Sender. Idempotence guarantees in order at-least-once message delivery to the remote Kafka Topic, at the expense of performance. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `transport_compression_enabled` (Boolean) Enable or disable compression for the Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `transport_compression_level` (Number) Compression level. The valid range is dependent on the compression type. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`.
+- `transport_compression_type` (String) Compression type. Only relevant if compression is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"gzip"`. The allowed values and their meaning are:
+
+<pre>
+"gzip" - GZIP Compression.
+"snappy" - Snappy Compression.
+"lz4" - LZ4 Compression.
+"zstd" - Zstandard Compression.
+</pre>
+- `transport_tls_enabled` (Boolean) Enable or disable encryption (TLS) for the Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
diff --git a/docs/data-sources/msg_vpn_kafka_sender_queue_binding.md b/docs/data-sources/msg_vpn_kafka_sender_queue_binding.md
new file mode 100644
index 00000000..92c667a1
--- /dev/null
+++ b/docs/data-sources/msg_vpn_kafka_sender_queue_binding.md
@@ -0,0 +1,76 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_kafka_sender_queue_binding Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Queue Binding sends messages from a local Solace Queue to a remote Kafka topic.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  kafkasendername|x|||
+  msgvpnname|x|||
+  queue_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.36.
+---
+
+# solacebroker_msg_vpn_kafka_sender_queue_binding (Data Source)
+
+A Queue Binding sends messages from a local Solace Queue to a remote Kafka topic.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+kafka_sender_name|x|||
+msg_vpn_name|x|||
+queue_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.36.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `kafka_sender_name` (String) The name of the Kafka Sender.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_name` (String) The name of the Queue.
+
+### Read-Only
+
+- `ack_mode` (String) The number of acks required from the remote Kafka broker. When "none" messages are delivered at-most-once. When "one" or "all" messages are delivered at-least-once but may be reordered. This is overridden to "all" for an idempotent Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"all"`. The allowed values and their meaning are:
+
+<pre>
+"none" - No Acks.
+"one" - Leader Ack Only.
+"all" - All Replica Acks.
+</pre>
+- `enabled` (Boolean) Enable or disable this queue binding of the Kafka Sender. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `partition_consistent_hash` (String) The hash algorithm to use for consistent partition selection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"crc"`. The allowed values and their meaning are:
+
+<pre>
+"crc" - CRC Hash.
+"murmur2" - Murmer2 Hash.
+"fnv1a" - Fowler-Noll-Vo 1a Hash.
+</pre>
+- `partition_explicit_number` (Number) The partition number to use for explicit partition selection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `partition_random_fallback_enabled` (Boolean) Enable or disable fallback to the random partition selection scheme when the consistent partition scheme is being used but no partition key is available for the message. When enabled a random partition will be selected for each unkeyed messages, otherwise some partition will be selected for groups of unkeyed messages. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `partition_scheme` (String) The partitioning scheme used to select a partition of the topic on the Kafka cluster to send messages to. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"consistent"`. The allowed values and their meaning are:
+
+<pre>
+"consistent" - Select a consistent partition for each key value. A hash of the key will be used to select the partition number.
+"explicit" - Select an explicit partition independent of key value.
+"random" - Select a random partition independent of key value.
+</pre>
+- `remote_key` (String) The Substitution Expression used to generate the key for each message sent to Kafka. This expression can include fields extracted from the metadata of each individual Solace message as it is taken from the Solace Queue.
+
+If empty, no key is included for each message as it is published into Kafka. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `remote_topic` (String) The Kafka Topic on the Kafka Cluster to send each message taken from the Solace Queue to.
+
+If empty, the Queue Binding will not be operational. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
diff --git a/docs/data-sources/msg_vpn_mqtt_retain_cache.md b/docs/data-sources/msg_vpn_mqtt_retain_cache.md
new file mode 100644
index 00000000..080e3246
--- /dev/null
+++ b/docs/data-sources/msg_vpn_mqtt_retain_cache.md
@@ -0,0 +1,45 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_mqtt_retain_cache Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Using MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_mqtt_retain_cache (Data Source)
+
+Using MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the MQTT Retain Cache.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `enabled` (Boolean) Enable or disable this MQTT Retain Cache. When the cache is disabled, neither retain messages nor retain requests will be delivered by the cache. However, live retain messages will continue to be delivered to currently connected MQTT clients. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `msg_lifetime` (Number) The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the cache will remove the message. A lifetime of 0 results in the message being retained indefinitely, otherwise it must be 3 seconds or more. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
diff --git a/docs/data-sources/msg_vpn_mqtt_session.md b/docs/data-sources/msg_vpn_mqtt_session.md
new file mode 100644
index 00000000..07fb6138
--- /dev/null
+++ b/docs/data-sources/msg_vpn_mqtt_session.md
@@ -0,0 +1,108 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_mqtt_session Data Source - solacebroker"
+subcategory: ""
+description: |-
+  An MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  mqttsessionclientid|x|||
+  mqttsessionvirtualrouter|x|||
+  msgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.1.
+---
+
+# solacebroker_msg_vpn_mqtt_session (Data Source)
+
+An MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+mqtt_session_client_id|x|||
+mqtt_session_virtual_router|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.1.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `mqtt_session_client_id` (String) The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.
+- `mqtt_session_virtual_router` (String) The virtual router of the MQTT Session. The allowed values and their meaning are:
+
+<pre>
+"primary" - The MQTT Session belongs to the primary virtual router.
+"backup" - The MQTT Session belongs to the backup virtual router.
+"auto" - The MQTT Session is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
+</pre>
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `enabled` (Boolean) Enable or disable the MQTT Session. When disabled, the client is disconnected, new messages matching QoS 0 subscriptions are discarded, and new messages matching QoS 1 subscriptions are stored for future delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `owner` (String) The owner of the MQTT Session. For externally-created sessions this defaults to the Client Username of the connecting client. For management-created sessions this defaults to empty. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `queue_consumer_ack_propagation_enabled` (Boolean) Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.14.
+- `queue_dead_msg_queue` (String) The name of the Dead Message Queue (DMQ) used by the MQTT Session Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#DEAD_MSG_QUEUE"`. Available since SEMP API version 2.14.
+- `queue_event_bind_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--queue_event_bind_count_threshold))
+- `queue_event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--queue_event_msg_spool_usage_threshold))
+- `queue_event_reject_low_priority_msg_limit_threshold` (Attributes) (see [below for nested schema](#nestedatt--queue_event_reject_low_priority_msg_limit_threshold))
+- `queue_max_bind_count` (Number) The maximum number of consumer flows that can bind to the MQTT Session Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.14.
+- `queue_max_delivered_unacked_msgs_per_flow` (Number) The maximum number of messages delivered but not acknowledged per flow for the MQTT Session Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`. Available since SEMP API version 2.14.
+- `queue_max_msg_size` (Number) The maximum message size allowed in the MQTT Session Queue, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`. Available since SEMP API version 2.14.
+- `queue_max_msg_spool_usage` (Number) The maximum message spool usage allowed by the MQTT Session Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`. Available since SEMP API version 2.14.
+- `queue_max_redelivery_count` (Number) The maximum number of times the MQTT Session Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.14.
+- `queue_max_ttl` (Number) The maximum time in seconds a message can stay in the MQTT Session Queue when `queue_respect_ttl_enabled` is `"true"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `queue_max_ttl` configured for the MQTT Session Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.14.
+- `queue_reject_low_priority_msg_enabled` (Boolean) Enable or disable the checking of low priority messages against the `queue_reject_low_priority_msg_limit`. This may only be enabled if `queue_reject_msg_to_sender_on_discard_behavior` does not have a value of `"never"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.14.
+- `queue_reject_low_priority_msg_limit` (Number) The number of messages of any priority in the MQTT Session Queue above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.14.
+- `queue_reject_msg_to_sender_on_discard_behavior` (String) Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as queue_reject_low_priority_msg_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"when-queue-enabled"`. The allowed values and their meaning are:
+
+<pre>
+"never" - Silently discard messages.
+"when-queue-enabled" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.
+"always" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.
+</pre>
+ Available since SEMP API version 2.14.
+- `queue_respect_ttl_enabled` (Boolean) Enable or disable the respecting of the time-to-live (TTL) for messages in the MQTT Session Queue. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.14.
+
+<a id="nestedatt--queue_event_bind_count_threshold"></a>
+### Nested Schema for `queue_event_bind_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--queue_event_msg_spool_usage_threshold"></a>
+### Nested Schema for `queue_event_msg_spool_usage_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--queue_event_reject_low_priority_msg_limit_threshold"></a>
+### Nested Schema for `queue_event_reject_low_priority_msg_limit_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/data-sources/msg_vpn_mqtt_session_subscription.md b/docs/data-sources/msg_vpn_mqtt_session_subscription.md
new file mode 100644
index 00000000..995a547a
--- /dev/null
+++ b/docs/data-sources/msg_vpn_mqtt_session_subscription.md
@@ -0,0 +1,56 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_mqtt_session_subscription Data Source - solacebroker"
+subcategory: ""
+description: |-
+  An MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  mqttsessionclientid|x|||
+  mqttsessionvirtualrouter|x|||
+  msgvpnname|x|||
+  subscription_topic|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.1.
+---
+
+# solacebroker_msg_vpn_mqtt_session_subscription (Data Source)
+
+An MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+mqtt_session_client_id|x|||
+mqtt_session_virtual_router|x|||
+msg_vpn_name|x|||
+subscription_topic|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.1.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `mqtt_session_client_id` (String) The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.
+- `mqtt_session_virtual_router` (String) The virtual router of the MQTT Session. The allowed values and their meaning are:
+
+<pre>
+"primary" - The MQTT Session belongs to the primary virtual router.
+"backup" - The MQTT Session belongs to the backup virtual router.
+"auto" - The MQTT Session is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
+</pre>
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `subscription_topic` (String) The MQTT subscription topic.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+- `subscription_qos` (Number) The quality of service (QoS) for the subscription as either 0 (deliver at most once) or 1 (deliver at least once). QoS 2 is not supported, but QoS 2 messages attracted by QoS 0 or QoS 1 subscriptions are accepted and delivered accordingly. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
diff --git a/docs/data-sources/msg_vpn_proxy.md b/docs/data-sources/msg_vpn_proxy.md
new file mode 100644
index 00000000..2a66acaf
--- /dev/null
+++ b/docs/data-sources/msg_vpn_proxy.md
@@ -0,0 +1,61 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_proxy Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Proxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationbasicpassword||x||x
+  msgvpnname|x|||
+  proxy_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.36.
+---
+
+# solacebroker_msg_vpn_proxy (Data Source)
+
+Proxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_basic_password||x||x
+msg_vpn_name|x|||
+proxy_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.36.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `proxy_name` (String) The name of the proxy.
+
+### Read-Only
+
+- `authentication_basic_username` (String) The username to use with basic authentication. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `authentication_scheme` (String) The authentication scheme used to connect to the proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - No authentication.
+"basic" - Username/password authentication.
+</pre>
+- `enabled` (Boolean) Enable or disable the proxy. When disabled, no connections are initiated to this particular Proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `host` (String) The IP address or host name of the proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `id` (String) Identifier attribute, for internal use only.
+- `port` (Number) The port to connect to on the proxy host. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`.
+- `proxy_type` (String) The type of proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"direct"`. The allowed values and their meaning are:
+
+<pre>
+"direct" - Direct connection (no proxy).
+"http" - HTTP proxy.
+</pre>
diff --git a/docs/data-sources/msg_vpn_queue.md b/docs/data-sources/msg_vpn_queue.md
new file mode 100644
index 00000000..d437c3ee
--- /dev/null
+++ b/docs/data-sources/msg_vpn_queue.md
@@ -0,0 +1,126 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_queue Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  queue_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_queue (Data Source)
+
+A Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+queue_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_name` (String) The name of the Queue.
+
+### Read-Only
+
+- `access_type` (String) The access type for delivering messages to consumer flows bound to the Queue. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"exclusive"`. The allowed values and their meaning are:
+
+<pre>
+"exclusive" - Exclusive delivery of messages to the first bound consumer flow.
+"non-exclusive" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.
+</pre>
+- `consumer_ack_propagation_enabled` (Boolean) Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `dead_msg_queue` (String) The name of the Dead Message Queue (DMQ) used by the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#DEAD_MSG_QUEUE"`. Available since SEMP API version 2.2.
+- `delivery_count_enabled` (Boolean) Enable or disable the ability for client applications to query the message delivery count of messages received from the Queue. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.19.
+- `delivery_delay` (Number) The delay, in seconds, to apply to messages arriving on the Queue before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.22.
+- `egress_enabled` (Boolean) Enable or disable the transmission of messages from the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_bind_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_bind_count_threshold))
+- `event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_msg_spool_usage_threshold))
+- `event_reject_low_priority_msg_limit_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_reject_low_priority_msg_limit_threshold))
+- `id` (String) Identifier attribute, for internal use only.
+- `ingress_enabled` (Boolean) Enable or disable the reception of messages to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `max_bind_count` (Number) The maximum number of consumer flows that can bind to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_delivered_unacked_msgs_per_flow` (Number) The maximum number of messages delivered but not acknowledged per flow for the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.
+- `max_msg_size` (Number) The maximum message size allowed in the Queue, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.
+- `max_msg_spool_usage` (Number) The maximum message spool usage allowed by the Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.
+- `max_redelivery_count` (Number) The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `max_ttl` (Number) The maximum time in seconds a message can stay in the Queue when `respect_ttl_enabled` is `"true"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `max_ttl` configured for the Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `owner` (String) The Client Username that owns the Queue and has permission equivalent to `"delete"`. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `partition_count` (Number) The count of partitions of the queue. Only relevant for queues with an access type of non-exclusive. When zero, bound clients receive messages round-robin. Otherwise, bound clients receive messages from individually assigned partitions. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.35.
+- `partition_rebalance_delay` (Number) The delay (in seconds) before a partition rebalance is started once needed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`. Available since SEMP API version 2.35.
+- `partition_rebalance_max_handoff_time` (Number) The maximum time (in seconds) to wait before handing off a partition while rebalancing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`. Available since SEMP API version 2.35.
+- `permission` (String) The permission level for all consumers of the Queue, excluding the owner. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"no-access"`. The allowed values and their meaning are:
+
+<pre>
+"no-access" - Disallows all access.
+"read-only" - Read-only access to the messages.
+"consume" - Consume (read and remove) messages.
+"modify-topic" - Consume messages or modify the topic/selector.
+"delete" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
+</pre>
+- `redelivery_delay_enabled` (Boolean) Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.33.
+- `redelivery_delay_initial_interval` (Number) The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.33.
+- `redelivery_delay_max_interval` (Number) The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since SEMP API version 2.33.
+- `redelivery_delay_multiplier` (Number) The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since SEMP API version 2.33.
+- `redelivery_enabled` (Boolean) Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max_redelivery_count. When disabled, the message will never be delivered from the queue more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.
+- `reject_low_priority_msg_enabled` (Boolean) Enable or disable the checking of low priority messages against the `reject_low_priority_msg_limit`. This may only be enabled if `reject_msg_to_sender_on_discard_behavior` does not have a value of `"never"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `reject_low_priority_msg_limit` (Number) The number of messages of any priority in the Queue above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `reject_msg_to_sender_on_discard_behavior` (String) Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as reject_low_priority_msg_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"when-queue-enabled"`. The allowed values and their meaning are:
+
+<pre>
+"never" - Silently discard messages.
+"when-queue-enabled" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.
+"always" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.
+</pre>
+ Available since SEMP API version 2.1.
+- `respect_msg_priority_enabled` (Boolean) Enable or disable the respecting of message priority. When enabled, messages contained in the Queue are delivered in priority order, from 9 (highest) to 0 (lowest). Regardless of this setting, message priority is not respected when browsing the queue, when the queue is used by a bridge, or if the queue is partitioned. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled and ingress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.8.
+- `respect_ttl_enabled` (Boolean) Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+<a id="nestedatt--event_bind_count_threshold"></a>
+### Nested Schema for `event_bind_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_msg_spool_usage_threshold"></a>
+### Nested Schema for `event_msg_spool_usage_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_reject_low_priority_msg_limit_threshold"></a>
+### Nested Schema for `event_reject_low_priority_msg_limit_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/data-sources/msg_vpn_queue_subscription.md b/docs/data-sources/msg_vpn_queue_subscription.md
new file mode 100644
index 00000000..189511e8
--- /dev/null
+++ b/docs/data-sources/msg_vpn_queue_subscription.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_queue_subscription Data Source - solacebroker"
+subcategory: ""
+description: |-
+  One or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  queuename|x|||
+  subscriptiontopic|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_queue_subscription (Data Source)
+
+One or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+queue_name|x|||
+subscription_topic|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_name` (String) The name of the Queue.
+- `subscription_topic` (String) The topic of the Subscription.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_queue_template.md b/docs/data-sources/msg_vpn_queue_template.md
new file mode 100644
index 00000000..48181245
--- /dev/null
+++ b/docs/data-sources/msg_vpn_queue_template.md
@@ -0,0 +1,125 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_queue_template Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Queue Template provides a mechanism for specifying the initial state for client created queues.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  queuetemplatename|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.14.
+---
+
+# solacebroker_msg_vpn_queue_template (Data Source)
+
+A Queue Template provides a mechanism for specifying the initial state for client created queues.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+queue_template_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.14.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_template_name` (String) The name of the Queue Template.
+
+### Read-Only
+
+- `access_type` (String) The access type for delivering messages to consumer flows. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"exclusive"`. The allowed values and their meaning are:
+
+<pre>
+"exclusive" - Exclusive delivery of messages to the first bound consumer flow.
+"non-exclusive" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.
+</pre>
+- `consumer_ack_propagation_enabled` (Boolean) Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `dead_msg_queue` (String) The name of the Dead Message Queue (DMQ). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#DEAD_MSG_QUEUE"`.
+- `delivery_delay` (Number) The delay, in seconds, to apply to messages arriving on the Queue before the messages are eligible for delivery. This attribute does not apply to MQTT queues created from this template, but it may apply in future releases. Therefore, to maintain forward compatibility, do not set this value on templates that might be used for MQTT queues. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.22.
+- `durability_override` (String) Controls the durability of queues created from this template. If non-durable, the created queue will be non-durable, regardless of the specified durability. If none, the created queue will have the requested durability. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - The durability of the endpoint will be as requested on create.
+"non-durable" - The durability of the created queue will be non-durable, regardless of what was requested.
+</pre>
+- `event_bind_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_bind_count_threshold))
+- `event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_msg_spool_usage_threshold))
+- `event_reject_low_priority_msg_limit_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_reject_low_priority_msg_limit_threshold))
+- `id` (String) Identifier attribute, for internal use only.
+- `max_bind_count` (Number) The maximum number of consumer flows that can bind. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_delivered_unacked_msgs_per_flow` (Number) The maximum number of messages delivered but not acknowledged per flow. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.
+- `max_msg_size` (Number) The maximum message size allowed, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.
+- `max_msg_spool_usage` (Number) The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.
+- `max_redelivery_count` (Number) The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `max_ttl` (Number) The maximum time in seconds a message can stay in a Queue when `respect_ttl_enabled` is `"true"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `max_ttl` configured for the Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `permission` (String) The permission level for all consumers, excluding the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"no-access"`. The allowed values and their meaning are:
+
+<pre>
+"no-access" - Disallows all access.
+"read-only" - Read-only access to the messages.
+"consume" - Consume (read and remove) messages.
+"modify-topic" - Consume messages or modify the topic/selector.
+"delete" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
+</pre>
+- `queue_name_filter` (String) A pattern used to determine which Queues use settings from this Template. Two different wildcards can be used in the pattern: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when used at the end, after a /. A * is only allowed at the end, after a slash (/). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `redelivery_delay_enabled` (Boolean) Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.33.
+- `redelivery_delay_initial_interval` (Number) The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.33.
+- `redelivery_delay_max_interval` (Number) The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since SEMP API version 2.33.
+- `redelivery_delay_multiplier` (Number) The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since SEMP API version 2.33.
+- `redelivery_enabled` (Boolean) Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max_redelivery_count. When disabled, the message will never be delivered from the queue more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.
+- `reject_low_priority_msg_enabled` (Boolean) Enable or disable the checking of low priority messages against the `reject_low_priority_msg_limit`. This may only be enabled if `reject_msg_to_sender_on_discard_behavior` does not have a value of `"never"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `reject_low_priority_msg_limit` (Number) The number of messages of any priority above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `reject_msg_to_sender_on_discard_behavior` (String) Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs prevent the message from being delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"when-queue-enabled"`. The allowed values and their meaning are:
+
+<pre>
+"never" - Silently discard messages.
+"when-queue-enabled" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.
+"always" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.
+</pre>
+- `respect_msg_priority_enabled` (Boolean) Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `respect_ttl_enabled` (Boolean) Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+<a id="nestedatt--event_bind_count_threshold"></a>
+### Nested Schema for `event_bind_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_msg_spool_usage_threshold"></a>
+### Nested Schema for `event_msg_spool_usage_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_reject_low_priority_msg_limit_threshold"></a>
+### Nested Schema for `event_reject_low_priority_msg_limit_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/data-sources/msg_vpn_replay_log.md b/docs/data-sources/msg_vpn_replay_log.md
new file mode 100644
index 00000000..b07cb628
--- /dev/null
+++ b/docs/data-sources/msg_vpn_replay_log.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_replay_log Data Source - solacebroker"
+subcategory: ""
+description: |-
+  When the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  replaylogname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.10.
+---
+
+# solacebroker_msg_vpn_replay_log (Data Source)
+
+When the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+replay_log_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.10.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `replay_log_name` (String) The name of the Replay Log.
+
+### Read-Only
+
+- `egress_enabled` (Boolean) Enable or disable the transmission of messages from the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `ingress_enabled` (Boolean) Enable or disable the reception of messages to the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `max_spool_usage` (Number) The maximum spool usage allowed by the Replay Log, in megabytes (MB). If this limit is exceeded, old messages will be trimmed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `topic_filter_enabled` (Boolean) Enable or disable topic filtering for the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.27.
diff --git a/docs/data-sources/msg_vpn_replay_log_topic_filter_subscription.md b/docs/data-sources/msg_vpn_replay_log_topic_filter_subscription.md
new file mode 100644
index 00000000..d01dfcb1
--- /dev/null
+++ b/docs/data-sources/msg_vpn_replay_log_topic_filter_subscription.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_replay_log_topic_filter_subscription Data Source - solacebroker"
+subcategory: ""
+description: |-
+  One or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  replaylogname|x|||
+  topicfiltersubscription|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.27.
+---
+
+# solacebroker_msg_vpn_replay_log_topic_filter_subscription (Data Source)
+
+One or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+replay_log_name|x|||
+topic_filter_subscription|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.27.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `replay_log_name` (String) The name of the Replay Log.
+- `topic_filter_subscription` (String) The topic of the Subscription.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_replicated_topic.md b/docs/data-sources/msg_vpn_replicated_topic.md
new file mode 100644
index 00000000..754e4e33
--- /dev/null
+++ b/docs/data-sources/msg_vpn_replicated_topic.md
@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_replicated_topic Data Source - solacebroker"
+subcategory: ""
+description: |-
+  To indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  replicated_topic|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.1.
+---
+
+# solacebroker_msg_vpn_replicated_topic (Data Source)
+
+To indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+replicated_topic|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.1.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `replicated_topic` (String) The topic for applying replication. Published messages matching this topic will be replicated to the standby site.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+- `replication_mode` (String) The replication mode for the Replicated Topic. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"async"`. The allowed values and their meaning are:
+
+<pre>
+"sync" - Messages are acknowledged when replicated (spooled remotely).
+"async" - Messages are acknowledged when pending replication (spooled locally).
+</pre>
diff --git a/docs/data-sources/msg_vpn_rest_delivery_point.md b/docs/data-sources/msg_vpn_rest_delivery_point.md
new file mode 100644
index 00000000..9fdcd3d8
--- /dev/null
+++ b/docs/data-sources/msg_vpn_rest_delivery_point.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_rest_delivery_point Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  restdeliverypoint_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_rest_delivery_point (Data Source)
+
+A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+rest_delivery_point_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `rest_delivery_point_name` (String) The name of the REST Delivery Point.
+
+### Read-Only
+
+- `client_profile_name` (String) The Client Profile of the REST Delivery Point. It must exist in the local Message VPN. Its TCP parameters are used for all REST Consumers in this RDP. Its queue properties are used by the RDP client. The Client Profile is used inside the auto-generated Client Username for this RDP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `enabled` (Boolean) Enable or disable the REST Delivery Point. When disabled, no connections are initiated or messages delivered to any of the contained REST Consumers. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `service` (String) The name of the service that this REST Delivery Point connects to. Internally the broker does not use this value; it is informational only. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.19.
+- `vendor` (String) The name of the vendor that this REST Delivery Point connects to. Internally the broker does not use this value; it is informational only. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.19.
diff --git a/docs/data-sources/msg_vpn_rest_delivery_point_queue_binding.md b/docs/data-sources/msg_vpn_rest_delivery_point_queue_binding.md
new file mode 100644
index 00000000..5fad84e9
--- /dev/null
+++ b/docs/data-sources/msg_vpn_rest_delivery_point_queue_binding.md
@@ -0,0 +1,55 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_rest_delivery_point_queue_binding Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  queuebindingname|x|||
+  restdeliverypoint_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_rest_delivery_point_queue_binding (Data Source)
+
+A Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+queue_binding_name|x|||
+rest_delivery_point_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_binding_name` (String) The name of a queue in the Message VPN.
+- `rest_delivery_point_name` (String) The name of the REST Delivery Point.
+
+### Read-Only
+
+- `gateway_replace_target_authority_enabled` (Boolean) Enable or disable whether the authority for the request-target is replaced with that configured for the REST Consumer remote. When enabled, the broker sends HTTP requests in absolute-form, with the request-target's authority taken from the REST Consumer's remote host and port configuration. When disabled, the broker sends HTTP requests whose request-target matches that of the original request message, including whether to use absolute-form or origin-form. This configuration is applicable only when the Message VPN is in REST gateway mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.6.
+- `id` (String) Identifier attribute, for internal use only.
+- `post_request_target` (String) The request-target string to use when sending requests. It identifies the target resource on the far-end REST Consumer upon which to apply the request. There are generally two common forms for the request-target. The origin-form is most often used in practice and contains the path and query components of the target URI. If the path component is empty then the client must generally send a "/" as the path. When making a request to a proxy, most often the absolute-form is required. This configuration is only applicable when the Message VPN is in REST messaging mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `request_target_evaluation` (String) The type of evaluation to perform on the request target. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - Do not evaluate substitution expressions on the request target.
+"substitution-expressions" - Evaluate substitution expressions on the request target.
+</pre>
+ Available since SEMP API version 2.23.
diff --git a/docs/data-sources/msg_vpn_rest_delivery_point_queue_binding_protected_request_header.md b/docs/data-sources/msg_vpn_rest_delivery_point_queue_binding_protected_request_header.md
new file mode 100644
index 00000000..f36db7f5
--- /dev/null
+++ b/docs/data-sources/msg_vpn_rest_delivery_point_queue_binding_protected_request_header.md
@@ -0,0 +1,51 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_request_header Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  headername|x|||
+  headervalue||x||x
+  msgvpnname|x|||
+  queuebindingname|x|||
+  restdeliverypoint_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.30.
+---
+
+# solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_request_header (Data Source)
+
+A protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+header_name|x|||
+header_value||x||x
+msg_vpn_name|x|||
+queue_binding_name|x|||
+rest_delivery_point_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.30.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `header_name` (String) The name of the protected HTTP request header.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_binding_name` (String) The name of a queue in the Message VPN.
+- `rest_delivery_point_name` (String) The name of the REST Delivery Point.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_rest_delivery_point_queue_binding_request_header.md b/docs/data-sources/msg_vpn_rest_delivery_point_queue_binding_request_header.md
new file mode 100644
index 00000000..f88e28ed
--- /dev/null
+++ b/docs/data-sources/msg_vpn_rest_delivery_point_queue_binding_request_header.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_rest_delivery_point_queue_binding_request_header Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A request header to be added to the HTTP request.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  headername|x|||
+  msgvpnname|x|||
+  queuebindingname|x|||
+  restdeliverypointname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.23.
+---
+
+# solacebroker_msg_vpn_rest_delivery_point_queue_binding_request_header (Data Source)
+
+A request header to be added to the HTTP request.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+header_name|x|||
+msg_vpn_name|x|||
+queue_binding_name|x|||
+rest_delivery_point_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.23.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `header_name` (String) The name of the HTTP request header.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_binding_name` (String) The name of a queue in the Message VPN.
+- `rest_delivery_point_name` (String) The name of the REST Delivery Point.
+
+### Read-Only
+
+- `header_value` (String) A substitution expression for the value of the HTTP request header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_rest_delivery_point_rest_consumer.md b/docs/data-sources/msg_vpn_rest_delivery_point_rest_consumer.md
new file mode 100644
index 00000000..9b91f71e
--- /dev/null
+++ b/docs/data-sources/msg_vpn_rest_delivery_point_rest_consumer.md
@@ -0,0 +1,100 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_rest_delivery_point_rest_consumer Data Source - solacebroker"
+subcategory: ""
+description: |-
+  REST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationawssecretaccesskey||x||x
+  authenticationclientcertcontent||x||x
+  authenticationclientcertpassword||x||
+  authenticationhttpbasicpassword||x||x
+  authenticationhttpheadervalue||x||x
+  authenticationoauthclientsecret||x||x
+  authenticationoauthjwtsecretkey||x||x
+  msgvpnname|x|||
+  restconsumername|x|||
+  restdeliverypointname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_rest_delivery_point_rest_consumer (Data Source)
+
+REST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_aws_secret_access_key||x||x
+authentication_client_cert_content||x||x
+authentication_client_cert_password||x||
+authentication_http_basic_password||x||x
+authentication_http_header_value||x||x
+authentication_oauth_client_secret||x||x
+authentication_oauth_jwt_secret_key||x||x
+msg_vpn_name|x|||
+rest_consumer_name|x|||
+rest_delivery_point_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `rest_consumer_name` (String) The name of the REST Consumer.
+- `rest_delivery_point_name` (String) The name of the REST Delivery Point.
+
+### Read-Only
+
+- `authentication_aws_access_key_id` (String) The AWS access key id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.26.
+- `authentication_aws_region` (String) The AWS region id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.26.
+- `authentication_aws_service` (String) The AWS service id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.26.
+- `authentication_http_basic_username` (String) The username that the REST Consumer will use to login to the REST host. Normally a username is only configured when basic authentication is selected for the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_http_header_name` (String) The authentication header name. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.15.
+- `authentication_oauth_client_id` (String) The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.19.
+- `authentication_oauth_client_scope` (String) The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.19.
+- `authentication_oauth_client_token_endpoint` (String) The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Must begin with "https". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.19.
+- `authentication_oauth_client_token_expiry_default` (Number) The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `900`. Available since SEMP API version 2.30.
+- `authentication_oauth_jwt_token_endpoint` (String) The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.21.
+- `authentication_oauth_jwt_token_expiry_default` (Number) The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `900`. Available since SEMP API version 2.30.
+- `authentication_scheme` (String) The authentication scheme used by the REST Consumer to login to the REST host. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - Login with no authentication. This may be useful for anonymous connections or when a REST Consumer does not require authentication.
+"http-basic" - Login with a username and optional password according to HTTP Basic authentication as per RFC 2616.
+"client-certificate" - Login with a client TLS certificate as per RFC 5246. Client certificate authentication is only available on TLS connections.
+"http-header" - Login with a specified HTTP header.
+"oauth-client" - Login with OAuth 2.0 client credentials.
+"oauth-jwt" - Login with OAuth (RFC 7523 JWT Profile).
+"transparent" - Login using the Authorization header from the message properties, if present. Transparent authentication passes along existing Authorization header metadata instead of discarding it. Note that if the message is coming from a REST producer, the REST service must be configured to forward the Authorization header.
+"aws" - Login using AWS Signature Version 4 authentication (AWS4-HMAC-SHA256).
+</pre>
+- `enabled` (Boolean) Enable or disable the REST Consumer. When disabled, no connections are initiated or messages delivered to this particular REST Consumer. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `http_method` (String) The HTTP method to use (POST or PUT). This is used only when operating in the REST service "messaging" mode and is ignored in "gateway" mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"post"`. The allowed values and their meaning are:
+
+<pre>
+"post" - Use the POST HTTP method.
+"put" - Use the PUT HTTP method.
+</pre>
+ Available since SEMP API version 2.17.
+- `id` (String) Identifier attribute, for internal use only.
+- `local_interface` (String) The interface that will be used for all outgoing connections associated with the REST Consumer. When unspecified, an interface is automatically chosen. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `max_post_wait_time` (Number) The maximum amount of time (in seconds) to wait for an HTTP POST response from the REST Consumer. Once this time is exceeded, the TCP connection is reset. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30`.
+- `outgoing_connection_count` (Number) The number of concurrent TCP connections open to the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `proxy_name` (String) The name of the proxy to use. Leave empty for no proxy. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.36.
+- `remote_host` (String) The IP address or DNS name to which the broker is to connect to deliver messages for the REST Consumer. A host value must be configured for the REST Consumer to be operationally up. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `remote_port` (Number) The port associated with the host of the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `8080`.
+- `retry_delay` (Number) The number of seconds that must pass before retrying the remote REST Consumer connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `tls_cipher_suite_list` (String) The colon-separated list of cipher suites the REST Consumer uses in its encrypted connection. The value `"default"` implies all supported suites ordered from most secure to least secure. The list of default cipher suites is available in the `tlsCipherSuiteMsgBackboneDefaultList` attribute of the broker object in the Monitoring API. The REST Consumer should choose the first suite from this list that it supports. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `tls_enabled` (Boolean) Enable or disable encryption (TLS) for the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
diff --git a/docs/data-sources/msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim.md b/docs/data-sources/msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim.md
new file mode 100644
index 00000000..423e1fff
--- /dev/null
+++ b/docs/data-sources/msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Claim is added to the JWT sent to the OAuth token request endpoint.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  oauthjwtclaimname|x|||
+  restconsumername|x|||
+  restdeliverypointname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.21.
+---
+
+# solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim (Data Source)
+
+A Claim is added to the JWT sent to the OAuth token request endpoint.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+oauth_jwt_claim_name|x|||
+rest_consumer_name|x|||
+rest_delivery_point_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.21.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `oauth_jwt_claim_name` (String) The name of the additional claim. Cannot be "exp", "iat", or "jti".
+- `rest_consumer_name` (String) The name of the REST Consumer.
+- `rest_delivery_point_name` (String) The name of the REST Delivery Point.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+- `oauth_jwt_claim_value` (String) The value of the additional claim, which must be a string containing a valid JSON value.
diff --git a/docs/data-sources/msg_vpn_sequenced_topic.md b/docs/data-sources/msg_vpn_sequenced_topic.md
new file mode 100644
index 00000000..9fe4a013
--- /dev/null
+++ b/docs/data-sources/msg_vpn_sequenced_topic.md
@@ -0,0 +1,43 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_sequenced_topic Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  sequenced_topic|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_sequenced_topic (Data Source)
+
+A Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+sequenced_topic|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `sequenced_topic` (String) Topic for applying sequence numbers.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_telemetry_profile.md b/docs/data-sources/msg_vpn_telemetry_profile.md
new file mode 100644
index 00000000..7e8395fd
--- /dev/null
+++ b/docs/data-sources/msg_vpn_telemetry_profile.md
@@ -0,0 +1,96 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_telemetry_profile Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Using the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  telemetryprofilename|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.31.
+---
+
+# solacebroker_msg_vpn_telemetry_profile (Data Source)
+
+Using the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+telemetry_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.31.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `telemetry_profile_name` (String) The name of the Telemetry Profile.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+- `queue_event_bind_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--queue_event_bind_count_threshold))
+- `queue_event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--queue_event_msg_spool_usage_threshold))
+- `queue_max_bind_count` (Number) The maximum number of consumer flows that can bind to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `queue_max_msg_spool_usage` (Number) The maximum message spool usage allowed by the Queue, in megabytes (MB). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `800000`.
+- `receiver_acl_connect_default_action` (String) The default action to take when a receiver client connects to the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"disallow"`. The allowed values and their meaning are:
+
+<pre>
+"allow" - Allow client connection unless an exception is found for it.
+"disallow" - Disallow client connection unless an exception is found for it.
+</pre>
+- `receiver_enabled` (Boolean) Enable or disable the ability for receiver clients to consume from the #telemetry queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `receiver_event_connection_count_per_client_username_threshold` (Attributes) (see [below for nested schema](#nestedatt--receiver_event_connection_count_per_client_username_threshold))
+- `receiver_max_connection_count_per_client_username` (Number) The maximum number of receiver connections per Client Username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `receiver_tcp_congestion_window_size` (Number) The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2`.
+- `receiver_tcp_keepalive_count` (Number) The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.
+- `receiver_tcp_keepalive_idle_time` (Number) The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `receiver_tcp_keepalive_interval` (Number) The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `receiver_tcp_max_segment_size` (Number) The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1460`.
+- `receiver_tcp_max_window_size` (Number) The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.
+- `trace_enabled` (Boolean) Enable or disable generation of all trace span data messages. When enabled, the state of configured trace filters control which messages get traced. When disabled, trace span data messages are never generated, regardless of the state of trace filters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `trace_send_span_generation_enabled` (Boolean) Enable or disable generation of send spans. For the most complete view of broker message processing, this should be enabled. If the information provided by send spans are not needed, send spans can be disabled to reduce the performance impact of tracing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.36.
+
+<a id="nestedatt--queue_event_bind_count_threshold"></a>
+### Nested Schema for `queue_event_bind_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--queue_event_msg_spool_usage_threshold"></a>
+### Nested Schema for `queue_event_msg_spool_usage_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--receiver_event_connection_count_per_client_username_threshold"></a>
+### Nested Schema for `receiver_event_connection_count_per_client_username_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/data-sources/msg_vpn_telemetry_profile_receiver_acl_connect_exception.md b/docs/data-sources/msg_vpn_telemetry_profile_receiver_acl_connect_exception.md
new file mode 100644
index 00000000..ab31be79
--- /dev/null
+++ b/docs/data-sources/msg_vpn_telemetry_profile_receiver_acl_connect_exception.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_telemetry_profile_receiver_acl_connect_exception Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  receiveraclconnectexceptionaddress|x|||
+  telemetryprofilename|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.31.
+---
+
+# solacebroker_msg_vpn_telemetry_profile_receiver_acl_connect_exception (Data Source)
+
+A Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+receiver_acl_connect_exception_address|x|||
+telemetry_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.31.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `receiver_acl_connect_exception_address` (String) The IP address/netmask of the receiver connect exception in CIDR form.
+- `telemetry_profile_name` (String) The name of the Telemetry Profile.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_telemetry_profile_trace_filter.md b/docs/data-sources/msg_vpn_telemetry_profile_trace_filter.md
new file mode 100644
index 00000000..3e20c436
--- /dev/null
+++ b/docs/data-sources/msg_vpn_telemetry_profile_trace_filter.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_telemetry_profile_trace_filter Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  telemetryprofilename|x|||
+  tracefiltername|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.31.
+---
+
+# solacebroker_msg_vpn_telemetry_profile_trace_filter (Data Source)
+
+A Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+telemetry_profile_name|x|||
+trace_filter_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.31.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `telemetry_profile_name` (String) The name of the Telemetry Profile.
+- `trace_filter_name` (String) A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as "appNameDebug".
+
+### Read-Only
+
+- `enabled` (Boolean) Enable or disable the trace filter. When the filter is disabled, the filter's subscriptions will not trigger a message to be traced. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_telemetry_profile_trace_filter_subscription.md b/docs/data-sources/msg_vpn_telemetry_profile_trace_filter_subscription.md
new file mode 100644
index 00000000..eae2675f
--- /dev/null
+++ b/docs/data-sources/msg_vpn_telemetry_profile_trace_filter_subscription.md
@@ -0,0 +1,57 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_telemetry_profile_trace_filter_subscription Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Trace filter subscriptions control which messages will be attracted by the tracing filter.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  subscription|x|||
+  subscriptionsyntax|x|||
+  telemetryprofilename|x|||
+  tracefilter_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.31.
+---
+
+# solacebroker_msg_vpn_telemetry_profile_trace_filter_subscription (Data Source)
+
+Trace filter subscriptions control which messages will be attracted by the tracing filter.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+subscription|x|||
+subscription_syntax|x|||
+telemetry_profile_name|x|||
+trace_filter_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.31.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `subscription` (String) Messages matching this subscription will follow this filter's configuration.
+- `subscription_syntax` (String) The syntax of the trace filter subscription. The allowed values and their meaning are:
+
+<pre>
+"smf" - Subscription uses SMF syntax.
+"mqtt" - Subscription uses MQTT syntax.
+</pre>
+- `telemetry_profile_name` (String) The name of the Telemetry Profile.
+- `trace_filter_name` (String) A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as "appNameDebug".
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/msg_vpn_topic_endpoint.md b/docs/data-sources/msg_vpn_topic_endpoint.md
new file mode 100644
index 00000000..318ef0da
--- /dev/null
+++ b/docs/data-sources/msg_vpn_topic_endpoint.md
@@ -0,0 +1,123 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_topic_endpoint Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  topicendpointname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.1.
+---
+
+# solacebroker_msg_vpn_topic_endpoint (Data Source)
+
+A Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+topic_endpoint_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.1.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `topic_endpoint_name` (String) The name of the Topic Endpoint.
+
+### Read-Only
+
+- `access_type` (String) The access type for delivering messages to consumer flows bound to the Topic Endpoint. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"exclusive"`. The allowed values and their meaning are:
+
+<pre>
+"exclusive" - Exclusive delivery of messages to the first bound consumer flow.
+"non-exclusive" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.
+</pre>
+ Available since SEMP API version 2.4.
+- `consumer_ack_propagation_enabled` (Boolean) Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `dead_msg_queue` (String) The name of the Dead Message Queue (DMQ) used by the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#DEAD_MSG_QUEUE"`. Available since SEMP API version 2.2.
+- `delivery_count_enabled` (Boolean) Enable or disable the ability for client applications to query the message delivery count of messages received from the Topic Endpoint. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.19.
+- `delivery_delay` (Number) The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.22.
+- `egress_enabled` (Boolean) Enable or disable the transmission of messages from the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_bind_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_bind_count_threshold))
+- `event_reject_low_priority_msg_limit_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_reject_low_priority_msg_limit_threshold))
+- `event_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_spool_usage_threshold))
+- `id` (String) Identifier attribute, for internal use only.
+- `ingress_enabled` (Boolean) Enable or disable the reception of messages to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `max_bind_count` (Number) The maximum number of consumer flows that can bind to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`. Available since SEMP API version 2.4.
+- `max_delivered_unacked_msgs_per_flow` (Number) The maximum number of messages delivered but not acknowledged per flow for the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.
+- `max_msg_size` (Number) The maximum message size allowed in the Topic Endpoint, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.
+- `max_redelivery_count` (Number) The maximum number of times the Topic Endpoint will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `max_spool_usage` (Number) The maximum message spool usage allowed by the Topic Endpoint, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.
+- `max_ttl` (Number) The maximum time in seconds a message can stay in the Topic Endpoint when `respect_ttl_enabled` is `"true"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `max_ttl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `owner` (String) The Client Username that owns the Topic Endpoint and has permission equivalent to `"delete"`. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `permission` (String) The permission level for all consumers of the Topic Endpoint, excluding the owner. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"no-access"`. The allowed values and their meaning are:
+
+<pre>
+"no-access" - Disallows all access.
+"read-only" - Read-only access to the messages.
+"consume" - Consume (read and remove) messages.
+"modify-topic" - Consume messages or modify the topic/selector.
+"delete" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
+</pre>
+- `redelivery_delay_enabled` (Boolean) Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.33.
+- `redelivery_delay_initial_interval` (Number) The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.33.
+- `redelivery_delay_max_interval` (Number) The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since SEMP API version 2.33.
+- `redelivery_delay_multiplier` (Number) The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since SEMP API version 2.33.
+- `redelivery_enabled` (Boolean) Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max_redelivery_count. When disabled, the message will never be delivered from the topic-endpoint more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.
+- `reject_low_priority_msg_enabled` (Boolean) Enable or disable the checking of low priority messages against the `reject_low_priority_msg_limit`. This may only be enabled if `reject_msg_to_sender_on_discard_behavior` does not have a value of `"never"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `reject_low_priority_msg_limit` (Number) The number of messages of any priority in the Topic Endpoint above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `reject_msg_to_sender_on_discard_behavior` (String) Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as reject_low_priority_msg_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"never"`. The allowed values and their meaning are:
+
+<pre>
+"never" - Silently discard messages.
+"when-topic-endpoint-enabled" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.
+"always" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.
+</pre>
+- `respect_msg_priority_enabled` (Boolean) Enable or disable the respecting of message priority. When enabled, messages contained in the Topic Endpoint are delivered in priority order, from 9 (highest) to 0 (lowest). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled and ingress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.8.
+- `respect_ttl_enabled` (Boolean) Enable or disable the respecting of the time-to-live (TTL) for messages in the Topic Endpoint. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+<a id="nestedatt--event_bind_count_threshold"></a>
+### Nested Schema for `event_bind_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_reject_low_priority_msg_limit_threshold"></a>
+### Nested Schema for `event_reject_low_priority_msg_limit_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_spool_usage_threshold"></a>
+### Nested Schema for `event_spool_usage_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/data-sources/msg_vpn_topic_endpoint_template.md b/docs/data-sources/msg_vpn_topic_endpoint_template.md
new file mode 100644
index 00000000..f3c64d60
--- /dev/null
+++ b/docs/data-sources/msg_vpn_topic_endpoint_template.md
@@ -0,0 +1,119 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_topic_endpoint_template Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  topicendpointtemplate_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.14.
+---
+
+# solacebroker_msg_vpn_topic_endpoint_template (Data Source)
+
+A Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+topic_endpoint_template_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.14.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `topic_endpoint_template_name` (String) The name of the Topic Endpoint Template.
+
+### Read-Only
+
+- `access_type` (String) The access type for delivering messages to consumer flows. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"exclusive"`. The allowed values and their meaning are:
+
+<pre>
+"exclusive" - Exclusive delivery of messages to the first bound consumer flow.
+"non-exclusive" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.
+</pre>
+- `consumer_ack_propagation_enabled` (Boolean) Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `dead_msg_queue` (String) The name of the Dead Message Queue (DMQ). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#DEAD_MSG_QUEUE"`.
+- `delivery_delay` (Number) The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.22.
+- `event_bind_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_bind_count_threshold))
+- `event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_msg_spool_usage_threshold))
+- `event_reject_low_priority_msg_limit_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_reject_low_priority_msg_limit_threshold))
+- `id` (String) Identifier attribute, for internal use only.
+- `max_bind_count` (Number) The maximum number of consumer flows that can bind. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `max_delivered_unacked_msgs_per_flow` (Number) The maximum number of messages delivered but not acknowledged per flow. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.
+- `max_msg_size` (Number) The maximum message size allowed, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.
+- `max_msg_spool_usage` (Number) The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.
+- `max_redelivery_count` (Number) The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `max_ttl` (Number) The maximum time in seconds a message can stay in the Topic Endpoint when `respect_ttl_enabled` is `"true"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `max_ttl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `permission` (String) The permission level for all consumers, excluding the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"no-access"`. The allowed values and their meaning are:
+
+<pre>
+"no-access" - Disallows all access.
+"read-only" - Read-only access to the messages.
+"consume" - Consume (read and remove) messages.
+"modify-topic" - Consume messages or modify the topic/selector.
+"delete" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
+</pre>
+- `redelivery_delay_enabled` (Boolean) Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.33.
+- `redelivery_delay_initial_interval` (Number) The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.33.
+- `redelivery_delay_max_interval` (Number) The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since SEMP API version 2.33.
+- `redelivery_delay_multiplier` (Number) The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since SEMP API version 2.33.
+- `redelivery_enabled` (Boolean) Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max_redelivery_count. When disabled, the message will never be delivered from the topic-endpoint more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.
+- `reject_low_priority_msg_enabled` (Boolean) Enable or disable the checking of low priority messages against the `reject_low_priority_msg_limit`. This may only be enabled if `reject_msg_to_sender_on_discard_behavior` does not have a value of `"never"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `reject_low_priority_msg_limit` (Number) The number of messages that are permitted before low priority messages are rejected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `reject_msg_to_sender_on_discard_behavior` (String) Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"never"`. The allowed values and their meaning are:
+
+<pre>
+"never" - Silently discard messages.
+"when-topic-endpoint-enabled" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.
+"always" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.
+</pre>
+- `respect_msg_priority_enabled` (Boolean) Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `respect_ttl_enabled` (Boolean) Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `topic_endpoint_name_filter` (String) A pattern used to determine which Topic Endpoints use settings from this Template. Two different wildcards can be used in the pattern: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when  used at the end, after a /. A * is only allowed at the end, after a slash (/). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+
+<a id="nestedatt--event_bind_count_threshold"></a>
+### Nested Schema for `event_bind_count_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_msg_spool_usage_threshold"></a>
+### Nested Schema for `event_msg_spool_usage_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_reject_low_priority_msg_limit_threshold"></a>
+### Nested Schema for `event_reject_low_priority_msg_limit_threshold`
+
+Read-Only:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/data-sources/oauth_profile.md b/docs/data-sources/oauth_profile.md
new file mode 100644
index 00000000..66fa1c2e
--- /dev/null
+++ b/docs/data-sources/oauth_profile.md
@@ -0,0 +1,104 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile Data Source - solacebroker"
+subcategory: ""
+description: |-
+  OAuth profiles specify how to securely authenticate to an OAuth provider.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  clientsecret||x||x
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile (Data Source)
+
+OAuth profiles specify how to securely authenticate to an OAuth provider.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+client_secret||x||x
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Read-Only
+
+- `access_level_groups_claim_name` (String) The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"groups"`.
+- `access_level_groups_claim_string_format` (String) The format of the access level groups claim value when it is a string. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"single"`. The allowed values and their meaning are:
+
+<pre>
+"single" - When the claim is a string, it is interpreted as as single group.
+"space-delimited" - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the "scope" claim.
+</pre>
+ Available since SEMP API version 2.32.
+- `client_id` (String) The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `client_redirect_uri` (String) The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `client_required_type` (String) The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"JWT"`.
+- `client_scope` (String) The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"openid email"`.
+- `client_validate_type_enabled` (Boolean) Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `default_global_access_level` (String) The default global access level for this OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - User has no access to global data.
+"read-only" - User has read-only access to global data.
+"read-write" - User has read-write access to most global data.
+"admin" - User has read-write access to all global data.
+</pre>
+- `default_msg_vpn_access_level` (String) The default message VPN access level for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - User has no access to a Message VPN.
+"read-only" - User has read-only access to a Message VPN.
+"read-write" - User has read-write access to most Message VPN settings.
+</pre>
+- `display_name` (String) The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `enabled` (Boolean) Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `endpoint_authorization` (String) The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `endpoint_discovery` (String) The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `endpoint_discovery_refresh_interval` (Number) The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.
+- `endpoint_introspection` (String) The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `endpoint_introspection_timeout` (Number) The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.
+- `endpoint_jwks` (String) The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `endpoint_jwks_refresh_interval` (Number) The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.
+- `endpoint_token` (String) The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `endpoint_token_timeout` (Number) The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.
+- `endpoint_userinfo` (String) The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `endpoint_userinfo_timeout` (Number) The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.
+- `id` (String) Identifier attribute, for internal use only.
+- `interactive_enabled` (Boolean) Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `interactive_prompt_for_expired_session` (String) The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `interactive_prompt_for_new_session` (String) The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"select_account"`.
+- `issuer` (String) The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `oauth_role` (String) The OAuth role of the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"client"`. The allowed values and their meaning are:
+
+<pre>
+"client" - The broker is in the OAuth client role.
+"resource-server" - The broker is in the OAuth resource server role.
+</pre>
+- `resource_server_parse_access_token_enabled` (Boolean) Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `resource_server_required_audience` (String) The required audience value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `resource_server_required_issuer` (String) The required issuer value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `resource_server_required_scope` (String) A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `resource_server_required_type` (String) The required TYP value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"at+jwt"`.
+- `resource_server_validate_audience_enabled` (Boolean) Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `resource_server_validate_issuer_enabled` (Boolean) Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `resource_server_validate_scope_enabled` (Boolean) Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `resource_server_validate_type_enabled` (Boolean) Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `semp_enabled` (Boolean) Enable or disable authentication of SEMP requests with OAuth tokens. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `username_claim_name` (String) The name of the username claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"sub"`.
diff --git a/docs/data-sources/oauth_profile_access_level_group.md b/docs/data-sources/oauth_profile_access_level_group.md
new file mode 100644
index 00000000..2d6622a3
--- /dev/null
+++ b/docs/data-sources/oauth_profile_access_level_group.md
@@ -0,0 +1,59 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_access_level_group Data Source - solacebroker"
+subcategory: ""
+description: |-
+  The name of a group as it exists on the OAuth server being used to authenticate SEMP users.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  groupname|x|||
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_access_level_group (Data Source)
+
+The name of a group as it exists on the OAuth server being used to authenticate SEMP users.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+group_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `group_name` (String) The name of the group.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Read-Only
+
+- `description` (String) A description for the group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `global_access_level` (String) The global access level for this group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - User has no access to global data.
+"read-only" - User has read-only access to global data.
+"read-write" - User has read-write access to most global data.
+"admin" - User has read-write access to all global data.
+</pre>
+- `id` (String) Identifier attribute, for internal use only.
+- `msg_vpn_access_level` (String) The default message VPN access level for this group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - User has no access to a Message VPN.
+"read-only" - User has read-only access to a Message VPN.
+"read-write" - User has read-write access to most Message VPN settings.
+</pre>
diff --git a/docs/data-sources/oauth_profile_access_level_group_msg_vpn_access_level_exception.md b/docs/data-sources/oauth_profile_access_level_group_msg_vpn_access_level_exception.md
new file mode 100644
index 00000000..db5370b2
--- /dev/null
+++ b/docs/data-sources/oauth_profile_access_level_group_msg_vpn_access_level_exception.md
@@ -0,0 +1,53 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_access_level_group_msg_vpn_access_level_exception Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Message VPN access-level exceptions for members of this group.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  groupname|x|||
+  msgvpnname|x|||
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_access_level_group_msg_vpn_access_level_exception (Data Source)
+
+Message VPN access-level exceptions for members of this group.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+group_name|x|||
+msg_vpn_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `group_name` (String) The name of the group.
+- `msg_vpn_name` (String) The name of the message VPN.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Read-Only
+
+- `access_level` (String) The message VPN access level. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - User has no access to a Message VPN.
+"read-only" - User has read-only access to a Message VPN.
+"read-write" - User has read-write access to most Message VPN settings.
+</pre>
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/oauth_profile_client_allowed_host.md b/docs/data-sources/oauth_profile_client_allowed_host.md
new file mode 100644
index 00000000..44939ff2
--- /dev/null
+++ b/docs/data-sources/oauth_profile_client_allowed_host.md
@@ -0,0 +1,43 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_client_allowed_host Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A valid hostname for this broker in OAuth redirects.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  allowedhost|x|||
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_client_allowed_host (Data Source)
+
+A valid hostname for this broker in OAuth redirects.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+allowed_host|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `allowed_host` (String) An allowed value for the Host header.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/oauth_profile_client_authorization_parameter.md b/docs/data-sources/oauth_profile_client_authorization_parameter.md
new file mode 100644
index 00000000..f08ccf30
--- /dev/null
+++ b/docs/data-sources/oauth_profile_client_authorization_parameter.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_client_authorization_parameter Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Additional parameters to be passed to the OAuth authorization endpoint.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authorizationparametername|x|||
+  oauthprofilename|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_client_authorization_parameter (Data Source)
+
+Additional parameters to be passed to the OAuth authorization endpoint.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authorization_parameter_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `authorization_parameter_name` (String) The name of the authorization parameter.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Read-Only
+
+- `authorization_parameter_value` (String) The authorization parameter value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/oauth_profile_client_required_claim.md b/docs/data-sources/oauth_profile_client_required_claim.md
new file mode 100644
index 00000000..36a21d77
--- /dev/null
+++ b/docs/data-sources/oauth_profile_client_required_claim.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_client_required_claim Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Additional claims to be verified in the ID token.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  clientrequiredclaimname|x|||
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_client_required_claim (Data Source)
+
+Additional claims to be verified in the ID token.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+client_required_claim_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `client_required_claim_name` (String) The name of the ID token claim to verify.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Read-Only
+
+- `client_required_claim_value` (String) The required claim value, which must be a string containing a valid JSON value.
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/oauth_profile_default_msg_vpn_access_level_exception.md b/docs/data-sources/oauth_profile_default_msg_vpn_access_level_exception.md
new file mode 100644
index 00000000..0d1f43ec
--- /dev/null
+++ b/docs/data-sources/oauth_profile_default_msg_vpn_access_level_exception.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_default_msg_vpn_access_level_exception Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Default message VPN access-level exceptions.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  oauthprofilename|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_default_msg_vpn_access_level_exception (Data Source)
+
+Default message VPN access-level exceptions.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the message VPN.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Read-Only
+
+- `access_level` (String) The message VPN access level. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - User has no access to a Message VPN.
+"read-only" - User has read-only access to a Message VPN.
+"read-write" - User has read-write access to most Message VPN settings.
+</pre>
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/data-sources/oauth_profile_resource_server_required_claim.md b/docs/data-sources/oauth_profile_resource_server_required_claim.md
new file mode 100644
index 00000000..0a60bc79
--- /dev/null
+++ b/docs/data-sources/oauth_profile_resource_server_required_claim.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_resource_server_required_claim Data Source - solacebroker"
+subcategory: ""
+description: |-
+  Additional claims to be verified in the access token.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  oauthprofilename|x|||
+  resourceserverrequiredclaimname|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_resource_server_required_claim (Data Source)
+
+Additional claims to be verified in the access token.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+oauth_profile_name|x|||
+resource_server_required_claim_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `oauth_profile_name` (String) The name of the OAuth profile.
+- `resource_server_required_claim_name` (String) The name of the access token claim to verify.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+- `resource_server_required_claim_value` (String) The required claim value, which must be a string containing a valid JSON value.
diff --git a/docs/data-sources/virtual_hostname.md b/docs/data-sources/virtual_hostname.md
new file mode 100644
index 00000000..522d039e
--- /dev/null
+++ b/docs/data-sources/virtual_hostname.md
@@ -0,0 +1,48 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_virtual_hostname Data Source - solacebroker"
+subcategory: ""
+description: |-
+  A Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.
+  Clients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.
+  This mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  virtual_hostname|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.17.
+---
+
+# solacebroker_virtual_hostname (Data Source)
+
+A Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.
+
+Clients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.
+
+This mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+virtual_hostname|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.17.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `virtual_hostname` (String) The virtual hostname.
+
+### Read-Only
+
+- `enabled` (Boolean) Enable or disable Virtual Hostname to Message VPN mapping. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `id` (String) Identifier attribute, for internal use only.
+- `msg_vpn_name` (String) The message VPN to which this virtual hostname is mapped. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
diff --git a/docs/guides/config-generator.md b/docs/guides/config-generator.md
new file mode 100644
index 00000000..7dec49be
--- /dev/null
+++ b/docs/guides/config-generator.md
@@ -0,0 +1,110 @@
+---
+page_title: "Command-line Terraform Configuration Generator Guide"
+---
+
+# Command-Line Terraform Configuration Generator
+
+Normally, provider binaries are not run standalone, they are started and their services are used by Terraform CLI.
+
+The `solacebroker` provider, however, includes an additional feature where you can run its binary outside of Terraform CLI. In this case, you can use the "generate" command on the provider binary to generate a Terraform HLC configuration file for a specified object and all child objects known to the provider.
+
+You can [locate](https://terra-farm.github.io/main/installation.html) the provider binary in the `.terraform/providers` directory of an existing Terraform configuration directory that uses the `solacebroker` provider.
+
+You can run the provider binary directly with the `generate` command to generate a Terraform configuration file from the current configuration of a PubSub+ broker.
+
+`<binary> generate <broker URL> <provider-specific identifier> <filename>`
+
+- `<binary>` is the broker provider binary.
+- `<broker URL>` is the broker address, for example `https://mybroker.example.org:1943/`.
+- `<provider-specific identifier>` are the similar to the Terraform Import command. This is the resource name and possible values to find a specific resource.
+- `<filename>` is the desirable name of the generated filename.
+- There are also supported options, which mirror the configuration options for the provider object. These can be found [here](#supported-options).
+
+## Important notes
+
+The generated configuration shoud be reviewed for followings:
+
+* Provider configuration values (url, username, etc.) may need to be updated.
+* Write-only attributes, such as passwords, are omitted from the config as they cannot be read from the broker configuration. They need to be added manually.
+* Default resources may be present that may be omitted.
+* The generator uses a naming scheme for the resources. This may be updated by manually replacing the generated names.
+
+## Usage
+
+```shell
+terraform-provider-solacebroker -h
+
+Usage:
+    terraform-provider-solacebroker [command]
+
+Available Commands:
+generate    Generates a Terraform configuration file for a specified PubSub+ Broker object and all child objects known to the provider
+help        Help about any command
+version     Provides version information about the current binary
+```
+
+To `generate` the configuration, make sure all ENVIRONMENT VARIABLES, which mirrors the configuration options for the
+provider object are set. The list of variables
+are listed [here](#supported-options).
+
+For example:
+`SOLACEBROKER_USERNAME=admin SOLACEBROKER_PASSWORD=admin terraform-provider-solacebroker generate --url=https://localhost:8080 solacebroker_msg_vpn.mq default my-messagevpn.tf`
+
+This command would create a file `my-messagevpn.tf` that contains a resource definition for the default Message VPN resource and
+any child objects, assuming the appropriate broker credentials were set in environment variables.
+
+Note: For objects with no child object, the file will only contain a resource definition for that object.
+
+For example:
+`SOLACEBROKER_USERNAME=admin SOLACEBROKER_PASSWORD=admin terraform-provider-solacebroker generate --url=https://localhost:8080 solacebroker_msg_vpn_queue.q default/test my-message-vpn-queue.tf`
+
+This command would create a file `my-message-vpn-queue.tf` that contains the msg_vpn_queue resource , `test`  for the
+Message VPN, `default`, assuming a msg_vpn_queue resource called `test` exists for the Message VPN, `default`.
+
+### Supported Options
+
+The following parameters can be set as ENVIRONMENT VARIABLES. When used as environment variables
+each parameter must be preceded with _SOLACEBROKER__. For example for a PubSub+ broker using username and password
+_**admin/password**_
+would be:
+
+`SOLACEBROKER_USERNAME=admin SOLACEBROKER_PASSWORD=password`
+
+- `bearer_token`, (String, Sensitive, Mandatory if `password` will not be provided)
+- `insecure_skip_verify` (Boolean) Disable validation of server SSL certificates, accept/ignore self-signed.
+- `password` (String, Sensitive, Mandatory is `bearer_token` will not be provided)
+- `request_min_interval` (String)
+- `request_timeout_duration` (String)
+- `retries` (Number)
+- `retry_max_interval` (String)
+- `retry_min_interval` (String)
+- `username` (String, Mandatory) The username for the broker request.
+
+## Troubleshooting
+
+The following issues may arise while using the generator.
+
+| Error           | SEMP call failed. unexpected status 401 (401 Unauthorized)                 |
+|-----------------|----------------------------------------------------------------------------|
+| Explanation     | Configurations to connect to the PubSub+ Broker not accurate.              |
+| Possible Action | Check and confirm, configuration details to PubSub+ Broker are accurate.   |
+
+| Error           | SOLACEBROKER_xxx is mandatory but not available                                    |
+|-----------------|------------------------------------------------------------------------------------|
+| Explanation     | A mandatory parameter which is required to connect to PubSub+ broker is missing.   |
+| Possible Action | Confirm if all [mandatory parameters](#supported-options) are correctly set.       |
+
+| Error           | Error: Too many provider specific identifiers. Required identifiers: [{xxx}] |
+|-----------------|------------------------------------------------------------------------------|
+| Explanation     | This indicates that identifiers specific to the provider are set in an ambiguous manner. |
+| Possible Action | Ensure all identifiers are available and separated by `/` where needed. For example a msgVpnName will require `msgVpnName`, however a specific queueName under a specific msgVpnName will be `msgVpnName/queueName`. |
+
+| Error           | SEMP called failed. resource not found on path /xxx/xxx                                  |
+|-----------------|------------------------------------------------------------------------------------------|
+| Explanation     | This indicates the resource attributes attempted to be fetch could not be read.          |
+| Possible Action | Ensure identifiers values are consistent as set on the PubSub+ broker configured with.   |
+
+| Error           | Error: Broker resource not found by terraform name xxx                                                     |
+|-----------------|------------------------------------------------------------------------------------------------------------|
+| Explanation     | This indicates the resource by name _xxx_ is not recognized by the generator.                              |
+| Possible Action | Ensure the resource name used is available as a Terraform resource for the version of the provider in use. |
diff --git a/docs/guides/provider.md b/docs/guides/provider.md
new file mode 100644
index 00000000..49d6411b
--- /dev/null
+++ b/docs/guides/provider.md
@@ -0,0 +1,91 @@
+---
+page_title: "Solacebroker Provider Guide"
+---
+
+# Solace PubSub+ Software Event Broker (solacebroker) Provider
+
+The `solacebroker` provider supports Terraform CLI operations including basic CRUD (create, read, update, and delete) and import.
+
+The provider leverages the [SEMP (Solace Element Management Protocol)](https://docs.solace.com/Admin/SEMP/Using-SEMP.htm) REST API to configure the PubSub+ event broker. The API reference is available from the [Solace PubSub+ Documentation](https://docs.solace.com/API-Developer-Online-Ref-Documentation/swagger-ui/software-broker/config/index.html).
+
+## Mapping of SEMP API and Provider Names
+
+Terraform uses the [snake case](https://en.wikipedia.org/wiki/Snake_case) naming scheme, while SEMP uses camel case. Resources and datasource are also prefixed with the provider local name, `solacebroker_`.  For example, `solacebroker_msg_vpn` is the message-vpn resource name and `max_subscription_count` is the attribute for the maximum subscription count, since `MsgVpn` is the SEMP API object name and `maxSubscriptionCount` is the name of the SEMP attribute.
+
+## Broker SEMP API Access
+
+The broker SEMP service, by default at port 8080 for HTTP and TLS port 1943 for HTTPS, must be accessible to the console running Terraform CLI.
+
+The supported access credentials are basic authentication using username and password, and OAuth using a token. The two options are mutually exclusive and the provider will fail if both are configured.
+
+-> The [user access levels](https://docs.solace.com/Admin/CLI-User-Access-Levels.htm) associated with the credentials used must be properly configured on the broker so that the desired actions are authorized.
+
+## SEMP API Versioning and Provider Broker Compatibility
+
+The SEMP API minor version reflects the supported set of objects, attributes, their properties and possible deprecations.
+
+New versions of the PubSub+ event broker with new features typically require a newer SEMP API version that supports the new or updated objects, attributes, etc. The SEMP API version of a broker version can be determined from the [Solace PubSub+ documentation](https://docs.solace.com/Admin/SEMP/SEMP-API-Versions.htm#SEMP_v2_to_SolOS_Version_Mapping).
+
+A given version of the provider is built to support a specific version of the SEMP API. For the SEMP API version of the provider and corresponding broker version, refer to the [Version Compatibility section](https://docs.solace.com/Admin/SEMP/Declarative-SEMP.htm#Version) of the Solace PubSub+ documentation.
+
+* Broker versions at the same SEMP API version level as the provider can be fully configured.
+* Broker versions at a lower SEMP API version level than the provider can be configured, except for objects or attributes that have been deprecated and removed in the provider's SEMP version. However, configuration will fail when attempting to configure objects or attributes that have been introduced in a later SEMP version than the broker supports.
+* Broker versions at a higher SEMP API version level than the provider can be configured for objects or attributes that are included in the provider's SEMP version. Objects or attributes that have been introduced in a later SEMP version will be unknown to the provider. Objects or attributes that have been deprecated in the broker SEMP version may result in configuration failure.
+
+## Object Relationships
+
+Broker inter-object references must be correctly encoded in Terraform configuration to have the apply operation work. This requires an understanding of the PubSub+ event broker objects. For more information about each object consult the [SEMP API reference](https://docs.solace.com/API-Developer-Online-Ref-Documentation/swagger-ui/software-broker/config/index.htm) and especially look for "Identifying" attributes that give a hint to required already configured objects.
+For example:
+
+```terraform
+resource "solacebroker_msg_vpn" "test" {
+  # on the resource itself, specify the value
+  msg_vpn_name        = "new"
+  # ... other attributes
+}
+
+resource "solacebroker_msg_vpn_queue" "q" {
+  # on dependent resources, specify as a reference so
+  # that Terraform creates the referenced object first
+  msg_vpn_name    = solacebroker_msg_vpn.test.msg_vpn_name
+  # ... other attributes
+}
+```
+
+## The Broker Object
+
+The Broker object is the `solacebroker_broker` resource. This object contains global configuration for the PubSub+ event broker.
+
+The Broker object differs from all other objects as it always exists for a given broker and can only be updated.
+
+-> Important: only attributes that are specified will be set to their configured value. Unspecified attributes will not be set to their default-attribute value. This may result in `terraform plan` indicating a change to set attributes to default even after an `apply`, for example after removing an attribute from the configuration.
+
+## Default Objects
+
+There are objects that are preexisting defaults and cannot be created or destroyed, only updated. The default Message VPN and the default client profile are examples of this. Any attempt to remove these resources will fail.
+
+## Broker-Defined Attributes
+
+Some attributes don't have a default value. In this case their value will be determined by the broker. Typically, these defaults depend on the broker scaling settings. While Terraform plan and apply operations function the same way as with other attributes, import will set the Terraform state of the attribute to the broker value (instead of null), even if they were set at default. You can use subsequent plan and apply operations to fix this. 
+
+## Importing Resources
+
+When [importing resources to Terraform](https://developer.hashicorp.com/terraform/language/import#syntax) an `id` is required. Note that this `id` is not the same as the internal `id` attribute of resources.
+
+The `id` to be used shall be constructed as a path from the highest parent object down to the resource.
+
+For example, when importing a `solacebroker_msg_vpn_queue_subscription`, the parent relationship is `msg_vpn` > `msg_vpn_queue` > `msg_vpn_queue_subscription`. To construct the `id`, concatenate the identifications of parents and the particular resource identification, separated by `/` (slash). Also note that elements containing `/` must be URL-encoded.
+
+For this example:
+```
+id = <msg-vpn-name>/<queue-name>/<url-encoded subscription-name>
+# using my-vpn, my-queue, a/b/c
+id = my-vpn/my-queue/a%2Fb%2Fc
+```
+
+## Notes
+
+* Terraform `apply` is not atomic.  If interrupted by a user, failure, reboot, or switchover the configuration changes may be partly applied.  Terraform does not perform rollbacks.
+* Terraform must be the authoritative source of configuration.  If there is any overlap between Terraform controlled configuration and either pre-existing configuration or modifications from other management interfaces the behaviour will be undefined.
+* Apply operations may impact broker AD performance, especially large changes.  The `request_min_interval` attribute on the provider limits the request rate and can be adjusted to control the impact.
+* Application of configuration may cause brief service interruptions to the resources affected.  These can include a queue missing a published message or clients being briefly disconnected.  These outages are no different from a current administrator manually making an equivalent change to a broker.
\ No newline at end of file
diff --git a/docs/index.md b/docs/index.md
new file mode 100644
index 00000000..c505f290
--- /dev/null
+++ b/docs/index.md
@@ -0,0 +1,87 @@
+---
+page_title: "Provider: solacebroker"
+description: |-
+  A provider for a Solace PubSub+ Software Event Broker.  
+---
+
+# Solace PubSub+ Software Event Broker (solacebroker) Provider
+
+The [Solace PubSub+ Platform](https://solace.com/products/platform/)'s [PubSub+ Software Event Broker](https://solace.com/products/event-broker/software/) 
+efficiently streams event-driven information between applications, IoT devices and user interfaces running in cloud, on-premises, and hybrid environments 
+using open APIs and protocols like AMQP, JMS, MQTT, REST and WebSocket.
+
+It can be installed into a variety of public and private clouds, PaaS, and on-premises environments, 
+and brokers in multiple locations can be linked together in an [Event Mesh](https://solace.com/what-is-an-event-mesh/) 
+to dynamically share events across the distributed enterprise.
+
+## Overview
+
+The _solacebroker_ provider enables you to configure a PubSub+ Software Event Broker using Terraform.
+
+This provider also offers the possibility to generate an [HCL configuration](https://developer.hashicorp.com/terraform/language) file from a preconfigured event broker.
+
+Use the navigation to the left for more information in the guides and for the available provider resources and data sources.
+
+## Minimum broker version
+
+The minimum required PubSub+ Software Event Broker version is 10.4.
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    solacebroker = {
+      source = "registry.terraform.io/solaceproducts/solacebroker"
+    }
+  }
+}
+
+# Configure the   provider
+provider "solacebroker" {
+  username = "admin"
+  password = "admin"
+  url      = "http://localhost:8080"
+}
+
+# Create a message-vpn on the event broker
+resource "solacebroker_msg_vpn" "test" {
+  msg_vpn_name        = "new"
+  enabled             = true
+  max_msg_spool_usage = 10
+}
+
+# Create a messaging queue
+resource "solacebroker_msg_vpn_queue" "q" {
+  msg_vpn_name    = solacebroker_msg_vpn.test.msg_vpn_name
+  queue_name      = "green"
+  ingress_enabled = true
+  egress_enabled  = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `url` (String) The base URL of the event broker, for example `https://mybroker.example.org:1943/`. The trailing / can be omitted.
+
+### Optional
+
+- `bearer_token` (String, Sensitive) A bearer token that will be sent in the Authorization header of SEMP requests. Requires TLS transport enabled. Conflicts with username and password.
+- `insecure_skip_verify` (Boolean) Disable validation of server SSL certificates, accept/ignore self-signed. The default value is false.
+- `password` (String, Sensitive) The password to connect to the broker with. Requires username and conflicts with bearer_token.
+- `request_min_interval` (String) A [duration](https://pkg.go.dev/maze.io/x/duration#ParseDuration) string indicating the minimum interval between requests; this serves as a rate limit. This setting does not apply to retries. Set to 0 for no rate limit. The default value is 100ms (which equates to a rate limit of 10 calls per second).
+- `request_timeout_duration` (String) A [duration](https://pkg.go.dev/maze.io/x/duration#ParseDuration) string indicating the maximum time to wait for a SEMP request.  The default value is 1m.
+- `retries` (Number) The number of retries for a SEMP call. The default value is 10.
+- `retry_max_interval` (String) A [duration](https://pkg.go.dev/maze.io/x/duration#ParseDuration) string indicating the maximum retry interval. The default value is 30s.
+- `retry_min_interval` (String) A [duration](https://pkg.go.dev/maze.io/x/duration#ParseDuration) string indicating how long to wait after an initial failed request before the first retry.  Exponential backoff is used, up to the limit set by retry_max_interval. The default value is 3s.
+- `username` (String) The username to connect to the broker with.  Requires password and conflicts with bearer_token.
+
+-> All provider configuration values can also be set as environment variables with the same name but uppercase and with the `SOLACEBROKER_` prefix.
+For example, the password attribute can be set via the `SOLACEBROKER_PASSWORD` environment variable.  Values in the configuration take precedence over environment variables.
+
+# Release Notes and History
+
+For detailed Release Notes and release history, refer to the Releases section in the [Provider GitHub repository](https://github.com/SolaceProducts/terraform-provider-solacebroker/releases).
diff --git a/docs/resources/broker.md b/docs/resources/broker.md
new file mode 100644
index 00000000..48e562e3
--- /dev/null
+++ b/docs/resources/broker.md
@@ -0,0 +1,557 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_broker Resource - solacebroker"
+subcategory: ""
+description: |-
+  This object contains global configuration for the message broker.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  tlsservercertcontent||x||x
+  tlsservercertpassword||x||
+  A SEMP client authorized with a minimum access scope/level of "global/none" is required to perform this operation. Requests which include the following attributes require greater access scope/level:
+  Attribute|Access Scope/Level
+  :---|:---:
+  authclientcertrevocationcheckmode|global/read-only
+  configsyncauthenticationclientcertmaxchaindepth|global/read-only
+  configsyncauthenticationclientcertvalidatedateenabled|global/read-only
+  configsyncclientprofiletcpinitialcongestionwindow|global/read-only
+  configsyncclientprofiletcpkeepalivecount|global/read-only
+  configsyncclientprofiletcpkeepaliveidle|global/read-only
+  configsyncclientprofiletcpkeepaliveinterval|global/read-only
+  configsyncclientprofiletcpmaxwindow|global/read-only
+  configsyncclientprofiletcpmss|global/read-only
+  configsyncenabled|global/read-only
+  configsyncsynchronizeusernameenabled|global/read-only
+  configsynctlsenabled|global/read-only
+  guaranteedmsgingdefragmentationscheduledaylist|global/read-only
+  guaranteedmsgingdefragmentationscheduleenabled|global/read-only
+  guaranteedmsgingdefragmentationscheduletimelist|global/read-only
+  guaranteedmsgingdefragmentationthresholdenabled|global/read-only
+  guaranteedmsgingdefragmentationthresholdfragmentationpercentage|global/read-only
+  guaranteedmsgingdefragmentationthresholdmininterval|global/read-only
+  guaranteedmsgingdefragmentationthresholdusagepercentage|global/read-only
+  guaranteedmsgingenabled|global/read-only
+  guaranteedmsgingeventcacheusagethreshold.clearpercent|global/read-only
+  guaranteedmsgingeventcacheusagethreshold.clearvalue|global/read-only
+  guaranteedmsgingeventcacheusagethreshold.setpercent|global/read-only
+  guaranteedmsgingeventcacheusagethreshold.setvalue|global/read-only
+  guaranteedmsgingeventdeliveredunackedthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventdeliveredunackedthreshold.setpercent|global/read-only
+  guaranteedmsgingeventdiskusagethreshold.clearpercent|global/read-only
+  guaranteedmsgingeventdiskusagethreshold.setpercent|global/read-only
+  guaranteedmsgingeventegressflowcountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventegressflowcountthreshold.clearvalue|global/read-only
+  guaranteedmsgingeventegressflowcountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventegressflowcountthreshold.setvalue|global/read-only
+  guaranteedmsgingeventendpointcountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventendpointcountthreshold.clearvalue|global/read-only
+  guaranteedmsgingeventendpointcountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventendpointcountthreshold.setvalue|global/read-only
+  guaranteedmsgingeventingressflowcountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventingressflowcountthreshold.clearvalue|global/read-only
+  guaranteedmsgingeventingressflowcountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventingressflowcountthreshold.setvalue|global/read-only
+  guaranteedmsgingeventmsgcountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventmsgcountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventmsgspoolfilecountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventmsgspoolfilecountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventmsgspoolusagethreshold.clearpercent|global/read-only
+  guaranteedmsgingeventmsgspoolusagethreshold.clearvalue|global/read-only
+  guaranteedmsgingeventmsgspoolusagethreshold.setpercent|global/read-only
+  guaranteedmsgingeventmsgspoolusagethreshold.setvalue|global/read-only
+  guaranteedmsgingeventtransactedsessioncountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventtransactedsessioncountthreshold.clearvalue|global/read-only
+  guaranteedmsgingeventtransactedsessioncountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventtransactedsessioncountthreshold.setvalue|global/read-only
+  guaranteedmsgingeventtransactedsessionresourcecountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventtransactedsessionresourcecountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventtransactioncountthreshold.clearpercent|global/read-only
+  guaranteedmsgingeventtransactioncountthreshold.clearvalue|global/read-only
+  guaranteedmsgingeventtransactioncountthreshold.setpercent|global/read-only
+  guaranteedmsgingeventtransactioncountthreshold.setvalue|global/read-only
+  guaranteedmsgingmaxcacheusage|global/read-only
+  guaranteedmsgingmaxmsgspoolusage|global/read-only
+  guaranteedmsgingmsgspoolsyncmirroredmsgacktimeout|global/read-only
+  guaranteedmsgingmsgspoolsyncmirroredspoolfileacktimeout|global/read-only
+  guaranteedmsgingtransactionreplicationcompatibilitymode|global/read-only
+  oauthprofiledefault|global/read-only
+  serviceamqpenabled|global/read-only
+  serviceamqptlslistenport|global/read-only
+  serviceeventconnectioncountthreshold.clearpercent|global/read-only
+  serviceeventconnectioncountthreshold.clearvalue|global/read-only
+  serviceeventconnectioncountthreshold.setpercent|global/read-only
+  serviceeventconnectioncountthreshold.setvalue|global/read-only
+  servicehealthcheckenabled|global/read-only
+  servicehealthchecklistenport|global/read-only
+  servicehealthchecktlsenabled|global/read-only
+  servicehealthchecktlslistenport|global/read-only
+  servicematelinkenabled|global/read-only
+  servicematelinklistenport|global/read-only
+  servicemqttenabled|global/read-only
+  servicemsgbackboneenabled|global/read-only
+  serviceredundancyenabled|global/read-only
+  serviceredundancyfirstlistenport|global/read-only
+  serviceresteventoutgoingconnectioncountthreshold.clearpercent|global/read-only
+  serviceresteventoutgoingconnectioncountthreshold.clearvalue|global/read-only
+  serviceresteventoutgoingconnectioncountthreshold.setpercent|global/read-only
+  serviceresteventoutgoingconnectioncountthreshold.setvalue|global/read-only
+  servicerestincomingenabled|global/read-only
+  servicerestoutgoingenabled|global/read-only
+  servicesempcorsallowanyhostenabled|global/read-only
+  servicesemplegacytimeoutenabled|global/read-only
+  servicesempplaintextenabled|global/read-only
+  servicesempplaintextlistenport|global/read-only
+  servicesempsessionidletimeout|global/read-only
+  servicesempsessionmaxlifetime|global/read-only
+  servicesemptlsenabled|global/read-only
+  servicesemptlslistenport|global/read-only
+  servicesmfcompressionlistenport|global/read-only
+  servicesmfenabled|global/read-only
+  servicesmfeventconnectioncountthreshold.clearpercent|global/read-only
+  servicesmfeventconnectioncountthreshold.clearvalue|global/read-only
+  servicesmfeventconnectioncountthreshold.setpercent|global/read-only
+  servicesmfeventconnectioncountthreshold.setvalue|global/read-only
+  servicesmfplaintextlistenport|global/read-only
+  servicesmfroutingcontrollistenport|global/read-only
+  servicesmftlslistenport|global/read-only
+  servicetlseventconnectioncountthreshold.clearpercent|global/read-only
+  servicetlseventconnectioncountthreshold.clearvalue|global/read-only
+  servicetlseventconnectioncountthreshold.setpercent|global/read-only
+  servicetlseventconnectioncountthreshold.setvalue|global/read-only
+  servicewebtransportenabled|global/read-only
+  servicewebtransportplaintextlistenport|global/read-only
+  servicewebtransporttlslistenport|global/read-only
+  servicewebtransportweburlsuffix|global/read-only
+  tlsblockversion11enabled|global/read-only
+  tlsciphersuitemanagementlist|global/read-only
+  tlsciphersuitemsgbackbonelist|global/read-only
+  tlsciphersuitesecureshelllist|global/read-only
+  tlscrimeexploitprotectionenabled|global/read-only
+  tlsservercertcontent|global/read-only
+  tlsstandarddomaincertificateauthoritiesenabled|vpn/read-only
+  tlsticketlifetime|global/read-only
+  webmanagerallowunencryptedwizardsenabled|vpn/read-only
+  webmanagercustomization|vpn/read-only
+  webmanagerredirecthttpenabled|vpn/read-only
+  webmanagerredirecthttpoverridetls_port|vpn/read-only
+  This has been available since SEMP API version 2.13.
+---
+
+# solacebroker_broker (Resource)
+
+This object contains global configuration for the message broker.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+tls_server_cert_content||x||x
+tls_server_cert_password||x||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/none" is required to perform this operation. Requests which include the following attributes require greater access scope/level:
+
+
+Attribute|Access Scope/Level
+:---|:---:
+auth_client_cert_revocation_check_mode|global/read-only
+config_sync_authentication_client_cert_max_chain_depth|global/read-only
+config_sync_authentication_client_cert_validate_date_enabled|global/read-only
+config_sync_client_profile_tcp_initial_congestion_window|global/read-only
+config_sync_client_profile_tcp_keepalive_count|global/read-only
+config_sync_client_profile_tcp_keepalive_idle|global/read-only
+config_sync_client_profile_tcp_keepalive_interval|global/read-only
+config_sync_client_profile_tcp_max_window|global/read-only
+config_sync_client_profile_tcp_mss|global/read-only
+config_sync_enabled|global/read-only
+config_sync_synchronize_username_enabled|global/read-only
+config_sync_tls_enabled|global/read-only
+guaranteed_msging_defragmentation_schedule_day_list|global/read-only
+guaranteed_msging_defragmentation_schedule_enabled|global/read-only
+guaranteed_msging_defragmentation_schedule_time_list|global/read-only
+guaranteed_msging_defragmentation_threshold_enabled|global/read-only
+guaranteed_msging_defragmentation_threshold_fragmentation_percentage|global/read-only
+guaranteed_msging_defragmentation_threshold_min_interval|global/read-only
+guaranteed_msging_defragmentation_threshold_usage_percentage|global/read-only
+guaranteed_msging_enabled|global/read-only
+guaranteed_msging_event_cache_usage_threshold.clear_percent|global/read-only
+guaranteed_msging_event_cache_usage_threshold.clear_value|global/read-only
+guaranteed_msging_event_cache_usage_threshold.set_percent|global/read-only
+guaranteed_msging_event_cache_usage_threshold.set_value|global/read-only
+guaranteed_msging_event_delivered_unacked_threshold.clear_percent|global/read-only
+guaranteed_msging_event_delivered_unacked_threshold.set_percent|global/read-only
+guaranteed_msging_event_disk_usage_threshold.clear_percent|global/read-only
+guaranteed_msging_event_disk_usage_threshold.set_percent|global/read-only
+guaranteed_msging_event_egress_flow_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_egress_flow_count_threshold.clear_value|global/read-only
+guaranteed_msging_event_egress_flow_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_egress_flow_count_threshold.set_value|global/read-only
+guaranteed_msging_event_endpoint_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_endpoint_count_threshold.clear_value|global/read-only
+guaranteed_msging_event_endpoint_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_endpoint_count_threshold.set_value|global/read-only
+guaranteed_msging_event_ingress_flow_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_ingress_flow_count_threshold.clear_value|global/read-only
+guaranteed_msging_event_ingress_flow_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_ingress_flow_count_threshold.set_value|global/read-only
+guaranteed_msging_event_msg_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_msg_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_msg_spool_file_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_msg_spool_file_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_msg_spool_usage_threshold.clear_percent|global/read-only
+guaranteed_msging_event_msg_spool_usage_threshold.clear_value|global/read-only
+guaranteed_msging_event_msg_spool_usage_threshold.set_percent|global/read-only
+guaranteed_msging_event_msg_spool_usage_threshold.set_value|global/read-only
+guaranteed_msging_event_transacted_session_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_transacted_session_count_threshold.clear_value|global/read-only
+guaranteed_msging_event_transacted_session_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_transacted_session_count_threshold.set_value|global/read-only
+guaranteed_msging_event_transacted_session_resource_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_transacted_session_resource_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_transaction_count_threshold.clear_percent|global/read-only
+guaranteed_msging_event_transaction_count_threshold.clear_value|global/read-only
+guaranteed_msging_event_transaction_count_threshold.set_percent|global/read-only
+guaranteed_msging_event_transaction_count_threshold.set_value|global/read-only
+guaranteed_msging_max_cache_usage|global/read-only
+guaranteed_msging_max_msg_spool_usage|global/read-only
+guaranteed_msging_msg_spool_sync_mirrored_msg_ack_timeout|global/read-only
+guaranteed_msging_msg_spool_sync_mirrored_spool_file_ack_timeout|global/read-only
+guaranteed_msging_transaction_replication_compatibility_mode|global/read-only
+oauth_profile_default|global/read-only
+service_amqp_enabled|global/read-only
+service_amqp_tls_listen_port|global/read-only
+service_event_connection_count_threshold.clear_percent|global/read-only
+service_event_connection_count_threshold.clear_value|global/read-only
+service_event_connection_count_threshold.set_percent|global/read-only
+service_event_connection_count_threshold.set_value|global/read-only
+service_health_check_enabled|global/read-only
+service_health_check_listen_port|global/read-only
+service_health_check_tls_enabled|global/read-only
+service_health_check_tls_listen_port|global/read-only
+service_mate_link_enabled|global/read-only
+service_mate_link_listen_port|global/read-only
+service_mqtt_enabled|global/read-only
+service_msg_backbone_enabled|global/read-only
+service_redundancy_enabled|global/read-only
+service_redundancy_first_listen_port|global/read-only
+service_rest_event_outgoing_connection_count_threshold.clear_percent|global/read-only
+service_rest_event_outgoing_connection_count_threshold.clear_value|global/read-only
+service_rest_event_outgoing_connection_count_threshold.set_percent|global/read-only
+service_rest_event_outgoing_connection_count_threshold.set_value|global/read-only
+service_rest_incoming_enabled|global/read-only
+service_rest_outgoing_enabled|global/read-only
+service_semp_cors_allow_any_host_enabled|global/read-only
+service_semp_legacy_timeout_enabled|global/read-only
+service_semp_plain_text_enabled|global/read-only
+service_semp_plain_text_listen_port|global/read-only
+service_semp_session_idle_timeout|global/read-only
+service_semp_session_max_lifetime|global/read-only
+service_semp_tls_enabled|global/read-only
+service_semp_tls_listen_port|global/read-only
+service_smf_compression_listen_port|global/read-only
+service_smf_enabled|global/read-only
+service_smf_event_connection_count_threshold.clear_percent|global/read-only
+service_smf_event_connection_count_threshold.clear_value|global/read-only
+service_smf_event_connection_count_threshold.set_percent|global/read-only
+service_smf_event_connection_count_threshold.set_value|global/read-only
+service_smf_plain_text_listen_port|global/read-only
+service_smf_routing_control_listen_port|global/read-only
+service_smf_tls_listen_port|global/read-only
+service_tls_event_connection_count_threshold.clear_percent|global/read-only
+service_tls_event_connection_count_threshold.clear_value|global/read-only
+service_tls_event_connection_count_threshold.set_percent|global/read-only
+service_tls_event_connection_count_threshold.set_value|global/read-only
+service_web_transport_enabled|global/read-only
+service_web_transport_plain_text_listen_port|global/read-only
+service_web_transport_tls_listen_port|global/read-only
+service_web_transport_web_url_suffix|global/read-only
+tls_block_version11_enabled|global/read-only
+tls_cipher_suite_management_list|global/read-only
+tls_cipher_suite_msg_backbone_list|global/read-only
+tls_cipher_suite_secure_shell_list|global/read-only
+tls_crime_exploit_protection_enabled|global/read-only
+tls_server_cert_content|global/read-only
+tls_standard_domain_certificate_authorities_enabled|vpn/read-only
+tls_ticket_lifetime|global/read-only
+web_manager_allow_unencrypted_wizards_enabled|vpn/read-only
+web_manager_customization|vpn/read-only
+web_manager_redirect_http_enabled|vpn/read-only
+web_manager_redirect_http_override_tls_port|vpn/read-only
+
+
+
+This has been available since SEMP API version 2.13.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `auth_client_cert_revocation_check_mode` (String) The client certificate revocation checking mode used when a client authenticates with a client certificate. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - Do not perform any certificate revocation checking.
+"ocsp" - Use the Open Certificate Status Protcol (OCSP) for certificate revocation checking.
+"crl" - Use Certificate Revocation Lists (CRL) for certificate revocation checking.
+"ocsp-crl" - Use OCSP first, but if OCSP fails to return an unambiguous result, then check via CRL.
+</pre>
+- `config_sync_authentication_client_cert_max_chain_depth` (Number) The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The default value is `3`. Available since SEMP API version 2.22.
+- `config_sync_authentication_client_cert_validate_date_enabled` (Boolean) Enable or disable validation of the "Not Before" and "Not After" validity dates in the authentication certificate(s). The default value is `true`. Available since SEMP API version 2.22.
+- `config_sync_client_profile_tcp_initial_congestion_window` (Number) The TCP initial congestion window size for Config Sync clients, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. The default value is `2`. Available since SEMP API version 2.22.
+- `config_sync_client_profile_tcp_keepalive_count` (Number) The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. The default value is `5`. Available since SEMP API version 2.22.
+- `config_sync_client_profile_tcp_keepalive_idle` (Number) The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. The default value is `3`. Available since SEMP API version 2.22.
+- `config_sync_client_profile_tcp_keepalive_interval` (Number) The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. The default value is `1`. Available since SEMP API version 2.22.
+- `config_sync_client_profile_tcp_max_window` (Number) The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. The default value is `256`. Available since SEMP API version 2.22.
+- `config_sync_client_profile_tcp_mss` (Number) The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. The default value is `1460`. Available since SEMP API version 2.22.
+- `config_sync_enabled` (Boolean) Enable or disable configuration synchronization for High Availability or Disaster Recovery. The default value is `false`. Available since SEMP API version 2.22.
+- `config_sync_synchronize_username_enabled` (Boolean) Enable or disable the synchronizing of usernames within High Availability groups. The transition from not synchronizing to synchronizing will cause the High Availability mate to fall out of sync. Recommendation: leave this as enabled. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.22.
+- `config_sync_tls_enabled` (Boolean) Enable or disable the use of TLS encryption of the configuration synchronization communications between brokers in High Availability groups and/or Disaster Recovery sites. The default value is `false`. Available since SEMP API version 2.22.
+- `guaranteed_msging_defragmentation_schedule_day_list` (String) The days of the week to schedule defragmentation runs, specified as "daily" or as a comma-separated list of days. Days must be specified as "Sun", "Mon", "Tue", "Wed", "Thu", "Fri, or "Sat", with no spaces, and in sorted order from Sunday to Saturday. Please note "Sun,Mon,Tue,Wed,Thu,Fri,Sat" is not allowed, use "daily" instead. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"daily"`. Available since SEMP API version 2.25.
+- `guaranteed_msging_defragmentation_schedule_enabled` (Boolean) Enable or disable schedule-based defragmentation of Guaranteed Messaging spool files. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.25.
+- `guaranteed_msging_defragmentation_schedule_time_list` (String) The times of the day to schedule defragmentation runs, specified as "hourly" or as a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"0:00"`. Available since SEMP API version 2.25.
+- `guaranteed_msging_defragmentation_threshold_enabled` (Boolean) Enable or disable threshold-based defragmentation of Guaranteed Messaging spool files. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.25.
+- `guaranteed_msging_defragmentation_threshold_fragmentation_percentage` (Number) Percentage of spool fragmentation needed to trigger defragmentation run. The minimum value allowed is 30%. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `50`. Available since SEMP API version 2.25.
+- `guaranteed_msging_defragmentation_threshold_min_interval` (Number) Minimum interval of time (in minutes) between defragmentation runs triggered by thresholds. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `15`. Available since SEMP API version 2.25.
+- `guaranteed_msging_defragmentation_threshold_usage_percentage` (Number) Percentage of spool usage needed to trigger defragmentation run. The minimum value allowed is 30%. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `50`. Available since SEMP API version 2.25.
+- `guaranteed_msging_enabled` (Boolean) Enable or disable Guaranteed Messaging. The default value is `false`. Available since SEMP API version 2.18.
+- `guaranteed_msging_event_cache_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_cache_usage_threshold))
+- `guaranteed_msging_event_delivered_unacked_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_delivered_unacked_threshold))
+- `guaranteed_msging_event_disk_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_disk_usage_threshold))
+- `guaranteed_msging_event_egress_flow_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_egress_flow_count_threshold))
+- `guaranteed_msging_event_endpoint_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_endpoint_count_threshold))
+- `guaranteed_msging_event_ingress_flow_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_ingress_flow_count_threshold))
+- `guaranteed_msging_event_msg_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_msg_count_threshold))
+- `guaranteed_msging_event_msg_spool_file_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_msg_spool_file_count_threshold))
+- `guaranteed_msging_event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_msg_spool_usage_threshold))
+- `guaranteed_msging_event_transacted_session_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_transacted_session_count_threshold))
+- `guaranteed_msging_event_transacted_session_resource_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_transacted_session_resource_count_threshold))
+- `guaranteed_msging_event_transaction_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--guaranteed_msging_event_transaction_count_threshold))
+- `guaranteed_msging_max_cache_usage` (Number) Guaranteed messaging cache usage limit. Expressed as a maximum percentage of the NAB's egress queueing. resources that the guaranteed message cache is allowed to use. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `10`. Available since SEMP API version 2.18.
+- `guaranteed_msging_max_msg_spool_usage` (Number) The maximum total message spool usage allowed across all VPNs on this broker, in megabytes. Recommendation: the maximum value should be less than 90% of the disk space allocated for the guaranteed message spool. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1500`. Available since SEMP API version 2.18.
+- `guaranteed_msging_msg_spool_sync_mirrored_msg_ack_timeout` (Number) The maximum time, in milliseconds, that can be tolerated for remote acknowledgment of synchronization messages before which the remote system will be considered out of sync. The default value is `10000`. Available since SEMP API version 2.18.
+- `guaranteed_msging_msg_spool_sync_mirrored_spool_file_ack_timeout` (Number) The maximum time, in milliseconds, that can be tolerated for remote disk writes before which the remote system will be considered out of sync. The default value is `10000`. Available since SEMP API version 2.18.
+- `guaranteed_msging_transaction_replication_compatibility_mode` (String) The replication compatibility mode for the broker. The default value is `"legacy"`. The allowed values and their meaning are:"legacy" - All transactions originated by clients are replicated to the standby site without using transactions."transacted" - All transactions originated by clients are replicated to the standby site using transactions. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"legacy"`. The allowed values and their meaning are:
+
+<pre>
+"legacy" - All transactions originated by clients are replicated to the standby site without using transactions.
+"transacted" - All transactions originated by clients are replicated to the standby site using transactions.
+</pre>
+ Available since SEMP API version 2.18.
+- `oauth_profile_default` (String) The default OAuth profile for OAuth authenticated SEMP requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`. Available since SEMP API version 2.24.
+- `service_amqp_enabled` (Boolean) Enable or disable the AMQP service. When disabled new AMQP Clients may not connect through the global or per-VPN AMQP listen-ports, and all currently connected AMQP Clients are immediately disconnected. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.
+- `service_amqp_tls_listen_port` (Number) TCP port number that AMQP clients can use to connect to the broker using raw TCP over TLS. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_amqp_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since SEMP API version 2.17.
+- `service_event_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--service_event_connection_count_threshold))
+- `service_health_check_enabled` (Boolean) Enable or disable the plain-text health-check service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.
+- `service_health_check_listen_port` (Number) The port number for the plain-text health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_health_check_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5550`. Available since SEMP API version 2.17.
+- `service_health_check_tls_enabled` (Boolean) Enable or disable the TLS health-check service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.34.
+- `service_health_check_tls_listen_port` (Number) The port number for the TLS health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_health_check_tls_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since SEMP API version 2.34.
+- `service_mate_link_enabled` (Boolean) Enable or disable the mate-link service. The default value is `true`. Available since SEMP API version 2.17.
+- `service_mate_link_listen_port` (Number) The port number for the mate-link service. The port must be unique across the message backbone. The mate-link service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mate_link_enabled will be temporarily set to false to apply the change. The default value is `8741`. Available since SEMP API version 2.17.
+- `service_mqtt_enabled` (Boolean) Enable or disable the MQTT service. When disabled new MQTT Clients may not connect through the per-VPN MQTT listen-ports, and all currently connected MQTT Clients are immediately disconnected. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.
+- `service_msg_backbone_enabled` (Boolean) Enable or disable the msg-backbone service. When disabled new Clients may not connect through global or per-VPN listen-ports, and all currently connected Clients are immediately disconnected. The default value is `true`. Available since SEMP API version 2.17.
+- `service_redundancy_enabled` (Boolean) Enable or disable the redundancy service. The default value is `true`. Available since SEMP API version 2.17.
+- `service_redundancy_first_listen_port` (Number) The first listen-port used for the redundancy service. Redundancy uses this port and the subsequent 2 ports. These port must be unique across the message backbone. The redundancy service must be disabled to change this port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_redundancy_enabled will be temporarily set to false to apply the change. The default value is `8300`. Available since SEMP API version 2.17.
+- `service_rest_event_outgoing_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--service_rest_event_outgoing_connection_count_threshold))
+- `service_rest_incoming_enabled` (Boolean) Enable or disable the REST service incoming connections on the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.
+- `service_rest_outgoing_enabled` (Boolean) Enable or disable the REST service outgoing connections on the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.
+- `service_semp_cors_allow_any_host_enabled` (Boolean) Enable or disable cross origin resource requests for the SEMP service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.24.
+- `service_semp_legacy_timeout_enabled` (Boolean) Enable or disable extended SEMP timeouts for paged responses. When a request times out, it returns the current page of content, even if the page is not full.  When enabled, the timeout is 60 seconds. When disabled, the timeout is 5 seconds.  The recommended setting is disabled (no legacy-timeout).  This parameter is intended as a temporary workaround to be used until SEMP clients can handle short pages.  This setting will be removed in a future release. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.18.
+- `service_semp_plain_text_enabled` (Boolean) Enable or disable plain-text SEMP service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.17.
+- `service_semp_session_idle_timeout` (Number) The session idle timeout, in minutes. Sessions will be invalidated if there is no activity in this period of time. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `15`. Available since SEMP API version 2.21.
+- `service_semp_session_max_lifetime` (Number) The maximum lifetime of a session, in minutes. Sessions will be invalidated after this period of time, regardless of activity. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `43200`. Available since SEMP API version 2.21.
+- `service_semp_tls_enabled` (Boolean) Enable or disable TLS SEMP service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.17.
+- `service_smf_compression_listen_port` (Number) TCP port number that SMF clients can use to connect to the broker using raw compression TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_smf_enabled will be temporarily set to false to apply the change. The default value is `55003`. Available since SEMP API version 2.17.
+- `service_smf_enabled` (Boolean) Enable or disable the SMF service. When disabled new SMF Clients may not connect through the global listen-ports, and all currently connected SMF Clients are immediately disconnected. The default value is `true`. Available since SEMP API version 2.17.
+- `service_smf_event_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--service_smf_event_connection_count_threshold))
+- `service_smf_plain_text_listen_port` (Number) TCP port number that SMF clients can use to connect to the broker using raw TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_smf_enabled will be temporarily set to false to apply the change. The default value is `55555`. Available since SEMP API version 2.17.
+- `service_smf_routing_control_listen_port` (Number) TCP port number that SMF clients can use to connect to the broker using raw routing control TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_smf_enabled will be temporarily set to false to apply the change. The default value is `55556`. Available since SEMP API version 2.17.
+- `service_smf_tls_listen_port` (Number) TCP port number that SMF clients can use to connect to the broker using raw TCP over TLS. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_smf_enabled will be temporarily set to false to apply the change. The default value is `55443`. Available since SEMP API version 2.17.
+- `service_tls_event_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--service_tls_event_connection_count_threshold))
+- `service_web_transport_enabled` (Boolean) Enable or disable the web-transport service. When disabled new web-transport Clients may not connect through the global listen-ports, and all currently connected web-transport Clients are immediately disconnected. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.
+- `service_web_transport_plain_text_listen_port` (Number) The TCP port for plain-text WEB client connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_web_transport_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `8008`. Available since SEMP API version 2.17.
+- `service_web_transport_tls_listen_port` (Number) The TCP port for TLS WEB client connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_web_transport_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1443`. Available since SEMP API version 2.17.
+- `service_web_transport_web_url_suffix` (String) Used to specify the Web URL suffix that will be used by Web clients when communicating with the broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_web_transport_enabled will be temporarily set to false to apply the change. The default value is `""`. Available since SEMP API version 2.17.
+- `tls_block_version11_enabled` (Boolean) Enable or disable the blocking of TLS version 1.1 connections. When blocked, all existing incoming and outgoing TLS 1.1 connections with Clients, SEMP users, and LDAP servers remain connected while new connections are blocked. Note that support for TLS 1.1 will eventually be discontinued, at which time TLS 1.1 connections will be blocked regardless of this setting. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `tls_cipher_suite_management_list` (String) The colon-separated list of cipher suites used for TLS management connections (e.g. SEMP, LDAP). The value "default" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"default"`.
+- `tls_cipher_suite_msg_backbone_list` (String) The colon-separated list of cipher suites used for TLS data connections (e.g. client pub/sub). The value "default" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"default"`.
+- `tls_cipher_suite_secure_shell_list` (String) The colon-separated list of cipher suites used for TLS secure shell connections (e.g. SSH, SFTP, SCP). The value "default" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"default"`.
+- `tls_crime_exploit_protection_enabled` (Boolean) Enable or disable protection against the CRIME exploit. When enabled, TLS+compressed messaging performance is degraded. This protection should only be disabled if sufficient ACL and authentication features are being employed such that a potential attacker does not have sufficient access to trigger the exploit. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `tls_server_cert_content` (String, Sensitive) The PEM formatted content for the server certificate used for TLS connections. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). The default value is `""`.
+- `tls_server_cert_password` (String, Sensitive) The password for the server certificate used for TLS connections. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). The default value is `""`.
+- `tls_standard_domain_certificate_authorities_enabled` (Boolean) Enable or disable the standard domain certificate authority list. The default value is `true`. Available since SEMP API version 2.19.
+- `tls_ticket_lifetime` (Number) The TLS ticket lifetime in seconds. When a client connects with TLS, a session with a session ticket is created using the TLS ticket lifetime which determines how long the client has to resume the session. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.
+- `web_manager_allow_unencrypted_wizards_enabled` (Boolean) Enable or disable the use of unencrypted wizards in the Web-based Manager UI. This setting should be left at its default on all production systems or other systems that need to be secure.  Enabling this option will permit the broker to forward plain-text data to other brokers, making important information or credentials available for snooping. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.28.
+- `web_manager_customization` (String) Reserved for internal use by Solace. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`. Available since SEMP API version 2.25.
+- `web_manager_redirect_http_enabled` (Boolean) Enable or disable redirection of HTTP requests for the broker manager to HTTPS. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.24.
+- `web_manager_redirect_http_override_tls_port` (Number) The HTTPS port that HTTP requests will be redirected towards in a HTTP 301 redirect response. Zero is a special value that means use the value specified for the SEMP TLS port value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since SEMP API version 2.24.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+
+<a id="nestedatt--guaranteed_msging_event_cache_usage_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_cache_usage_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--guaranteed_msging_event_delivered_unacked_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_delivered_unacked_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--guaranteed_msging_event_disk_usage_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_disk_usage_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--guaranteed_msging_event_egress_flow_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_egress_flow_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--guaranteed_msging_event_endpoint_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_endpoint_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--guaranteed_msging_event_ingress_flow_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_ingress_flow_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--guaranteed_msging_event_msg_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_msg_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--guaranteed_msging_event_msg_spool_file_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_msg_spool_file_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--guaranteed_msging_event_msg_spool_usage_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_msg_spool_usage_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--guaranteed_msging_event_transacted_session_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_transacted_session_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--guaranteed_msging_event_transacted_session_resource_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_transacted_session_resource_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--guaranteed_msging_event_transaction_count_threshold"></a>
+### Nested Schema for `guaranteed_msging_event_transaction_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--service_event_connection_count_threshold"></a>
+### Nested Schema for `service_event_connection_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--service_rest_event_outgoing_connection_count_threshold"></a>
+### Nested Schema for `service_rest_event_outgoing_connection_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--service_smf_event_connection_count_threshold"></a>
+### Nested Schema for `service_smf_event_connection_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--service_tls_event_connection_count_threshold"></a>
+### Nested Schema for `service_tls_event_connection_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/resources/client_cert_authority.md b/docs/resources/client_cert_authority.md
new file mode 100644
index 00000000..783f44a9
--- /dev/null
+++ b/docs/resources/client_cert_authority.md
@@ -0,0 +1,51 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_client_cert_authority Resource - solacebroker"
+subcategory: ""
+description: |-
+  Clients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  certauthorityname|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.19.
+---
+
+# solacebroker_client_cert_authority (Resource)
+
+Clients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cert_authority_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.19.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cert_authority_name` (String) The name of the Certificate Authority.
+
+### Optional
+
+- `cert_content` (String) The PEM formatted content for the trusted root certificate of a client Certificate Authority. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `crl_day_list` (String) The scheduled CRL refresh day(s), specified as "daily" or a comma-separated list of days. Days must be specified as "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", or "Sat", with no spaces, and in sorted order from Sunday to Saturday. The empty-string ("") can also be specified, indicating no schedule is configured ("crl_time_list" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"daily"`.
+- `crl_time_list` (String) The scheduled CRL refresh time(s), specified as "hourly" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. The empty-string ("") can also be specified, indicating no schedule is configured ("crl_day_list" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"3:00"`.
+- `crl_url` (String) The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as revocation_check_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `ocsp_non_responder_cert_enabled` (Boolean) Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `ocsp_override_url` (String) The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `ocsp_timeout` (Number) The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5`.
+- `revocation_check_enabled` (Boolean) Enable or disable Certificate Authority revocation checking. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/client_cert_authority_ocsp_tls_trusted_common_name.md b/docs/resources/client_cert_authority_ocsp_tls_trusted_common_name.md
new file mode 100644
index 00000000..d07819eb
--- /dev/null
+++ b/docs/resources/client_cert_authority_ocsp_tls_trusted_common_name.md
@@ -0,0 +1,43 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_client_cert_authority_ocsp_tls_trusted_common_name Resource - solacebroker"
+subcategory: ""
+description: |-
+  When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  certauthorityname|x|||
+  ocsptlstrustedcommonname|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.19.
+---
+
+# solacebroker_client_cert_authority_ocsp_tls_trusted_common_name (Resource)
+
+When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cert_authority_name|x|||
+ocsp_tls_trusted_common_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.19.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cert_authority_name` (String) The name of the Certificate Authority.
+- `ocsp_tls_trusted_common_name` (String) The expected Trusted Common Name of the OCSP responder remote certificate.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/dmr_cluster.md b/docs/resources/dmr_cluster.md
new file mode 100644
index 00000000..3e589fb0
--- /dev/null
+++ b/docs/resources/dmr_cluster.md
@@ -0,0 +1,67 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationbasicpassword||x||x
+  authenticationclientcertcontent||x||x
+  authenticationclientcertpassword||x||
+  dmrclustername|x|||
+  tlsservercertenforcetrustedcommonname_enabled|||x|
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_dmr_cluster (Resource)
+
+A Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_basic_password||x||x
+authentication_client_cert_content||x||x
+authentication_client_cert_password||x||
+dmr_cluster_name|x|||
+tls_server_cert_enforce_trusted_common_name_enabled|||x|
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `dmr_cluster_name` (String) The name of the Cluster.
+
+### Optional
+
+- `authentication_basic_enabled` (Boolean) Enable or disable basic authentication for Cluster Links. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `authentication_basic_password` (String, Sensitive) The password used to authenticate incoming Cluster Links when using basic internal authentication. The same password is also used by outgoing Cluster Links if a per-Link password is not configured. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `authentication_basic_type` (String) The type of basic authentication to use for Cluster Links. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"internal"`. The allowed values and their meaning are:
+
+<pre>
+"internal" - Use locally configured password.
+"none" - No authentication.
+</pre>
+- `authentication_client_cert_content` (String, Sensitive) The PEM formatted content for the client certificate used to login to the remote node. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `""`.
+- `authentication_client_cert_enabled` (Boolean) Enable or disable client certificate authentication for Cluster Links. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `authentication_client_cert_password` (String, Sensitive) The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `""`.
+- `direct_only_enabled` (Boolean) Enable or disable direct messaging only. Guaranteed messages will not be transmitted through the cluster. The default value is `false`.
+- `enabled` (Boolean) Enable or disable the Cluster. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `tls_server_cert_max_chain_depth` (Number) The maximum allowed depth of a certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `3`.
+- `tls_server_cert_validate_date_enabled` (Boolean) Enable or disable the validation of the "Not Before" and "Not After" validity dates in the certificate. When disabled, the certificate is accepted even if the certificate is not valid based on these dates. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `tls_server_cert_validate_name_enabled` (Boolean) Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.18.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/dmr_cluster_cert_matching_rule.md b/docs/resources/dmr_cluster_cert_matching_rule.md
new file mode 100644
index 00000000..a0bb05e6
--- /dev/null
+++ b/docs/resources/dmr_cluster_cert_matching_rule.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster_cert_matching_rule Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  dmrclustername|x|||
+  rule_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.28.
+---
+
+# solacebroker_dmr_cluster_cert_matching_rule (Resource)
+
+A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+dmr_cluster_name|x|||
+rule_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.28.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `dmr_cluster_name` (String) The name of the Cluster.
+- `rule_name` (String) The name of the rule.
+
+### Optional
+
+- `enabled` (Boolean) Enable or disable a certificate matching rule. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/dmr_cluster_cert_matching_rule_attribute_filter.md b/docs/resources/dmr_cluster_cert_matching_rule_attribute_filter.md
new file mode 100644
index 00000000..c14a5b74
--- /dev/null
+++ b/docs/resources/dmr_cluster_cert_matching_rule_attribute_filter.md
@@ -0,0 +1,51 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster_cert_matching_rule_attribute_filter Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Cert Matching Rule Attribute Filter compares a link attribute to a string.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  dmrclustername|x|||
+  filtername|x|||
+  rulename|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.28.
+---
+
+# solacebroker_dmr_cluster_cert_matching_rule_attribute_filter (Resource)
+
+A Cert Matching Rule Attribute Filter compares a link attribute to a string.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+dmr_cluster_name|x|||
+filter_name|x|||
+rule_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.28.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `dmr_cluster_name` (String) The name of the Cluster.
+- `filter_name` (String) The name of the filter.
+- `rule_name` (String) The name of the rule.
+
+### Optional
+
+- `attribute_name` (String) Link Attribute to be tested. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `attribute_value` (String) Expected attribute value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/dmr_cluster_cert_matching_rule_condition.md b/docs/resources/dmr_cluster_cert_matching_rule_condition.md
new file mode 100644
index 00000000..cfc9d42b
--- /dev/null
+++ b/docs/resources/dmr_cluster_cert_matching_rule_condition.md
@@ -0,0 +1,67 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster_cert_matching_rule_condition Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  dmrclustername|x|||
+  rule_name|x|||
+  source|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.28.
+---
+
+# solacebroker_dmr_cluster_cert_matching_rule_condition (Resource)
+
+A Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+dmr_cluster_name|x|||
+rule_name|x|||
+source|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.28.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `dmr_cluster_name` (String) The name of the Cluster.
+- `rule_name` (String) The name of the rule.
+- `source` (String) Certificate field to be compared with the Attribute. The allowed values and their meaning are:
+
+<pre>
+"certificate-thumbprint" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.
+"common-name" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.
+"common-name-last" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.
+"subject-alternate-name-msupn" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.
+"uid" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.
+"uid-last" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.
+"org-unit" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.
+"org-unit-last" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.
+"issuer" - The attribute is extracted from the certificate's Issuer DN.
+"subject" - The attribute is extracted from the certificate's Subject DN.
+"serial-number" - The attribute is extracted from the certificate's Serial Number.
+"dns-name" - The attribute is extracted from the certificate's Subject Alt Name DNS Name.
+"ip-address" - The attribute is extracted from the certificate's Subject Alt Name IP Address.
+</pre>
+
+### Optional
+
+- `attribute` (String) Link Attribute to be compared with certificate content. Either an attribute or an expression must be provided on creation, but not both. The default value is `""`.
+- `expression` (String) Glob expression to be matched with certificate content. Either an expression or an attribute must be provided on creation, but not both. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/dmr_cluster_link.md b/docs/resources/dmr_cluster_link.md
new file mode 100644
index 00000000..edb341e4
--- /dev/null
+++ b/docs/resources/dmr_cluster_link.md
@@ -0,0 +1,112 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster_link Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationbasicpassword||x||x
+  dmrclustername|x|||
+  remotenodename|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_dmr_cluster_link (Resource)
+
+A Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_basic_password||x||x
+dmr_cluster_name|x|||
+remote_node_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `dmr_cluster_name` (String) The name of the Cluster.
+- `remote_node_name` (String) The name of the node at the remote end of the Link.
+
+### Optional
+
+- `authentication_basic_password` (String, Sensitive) The password used to authenticate with the remote node when using basic internal authentication. If this per-Link password is not configured, the Cluster's password is used instead. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `authentication_scheme` (String) The authentication scheme to be used by the Link which initiates connections to the remote node. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"basic"`. The allowed values and their meaning are:
+
+<pre>
+"basic" - Basic Authentication Scheme (via username and password).
+"client-certificate" - Client Certificate Authentication Scheme (via certificate file or content).
+</pre>
+- `client_profile_queue_control1_max_depth` (Number) The maximum depth of the "Control 1" (C-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.
+- `client_profile_queue_control1_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Control 1" (C-1) priority queue, regardless of the `client_profile_queue_control1_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.
+- `client_profile_queue_direct1_max_depth` (Number) The maximum depth of the "Direct 1" (D-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.
+- `client_profile_queue_direct1_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Direct 1" (D-1) priority queue, regardless of the `client_profile_queue_direct1_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.
+- `client_profile_queue_direct2_max_depth` (Number) The maximum depth of the "Direct 2" (D-2) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.
+- `client_profile_queue_direct2_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Direct 2" (D-2) priority queue, regardless of the `client_profile_queue_direct2_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.
+- `client_profile_queue_direct3_max_depth` (Number) The maximum depth of the "Direct 3" (D-3) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.
+- `client_profile_queue_direct3_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Direct 3" (D-3) priority queue, regardless of the `client_profile_queue_direct3_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.
+- `client_profile_queue_guaranteed1_max_depth` (Number) The maximum depth of the "Guaranteed 1" (G-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.
+- `client_profile_queue_guaranteed1_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Guaranteed 1" (G-3) priority queue, regardless of the `client_profile_queue_guaranteed1_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.
+- `client_profile_tcp_congestion_window_size` (Number) The TCP initial congestion window size, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `2`.
+- `client_profile_tcp_keepalive_count` (Number) The number of TCP keepalive retransmissions to be carried out before declaring that the remote end is not available. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5`.
+- `client_profile_tcp_keepalive_idle_time` (Number) The amount of time a connection must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `3`.
+- `client_profile_tcp_keepalive_interval` (Number) The amount of time between TCP keepalive retransmissions when no acknowledgment is received, in seconds. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.
+- `client_profile_tcp_max_segment_size` (Number) The TCP maximum segment size, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1460`.
+- `client_profile_tcp_max_window_size` (Number) The TCP maximum window size, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `256`.
+- `egress_flow_window_size` (Number) The number of outstanding guaranteed messages that can be sent over the Link before acknowledgment is received by the sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.
+- `enabled` (Boolean) Enable or disable the Link. When disabled, subscription sets of this and the remote node are not kept up-to-date, and messages are not exchanged with the remote node. Published guaranteed messages will be queued up for future delivery based on current subscription sets. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `initiator` (String) The initiator of the Link's TCP connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"lexical"`. The allowed values and their meaning are:
+
+<pre>
+"lexical" - The "higher" node-name initiates.
+"local" - The local node initiates.
+"remote" - The remote node initiates.
+</pre>
+- `queue_dead_msg_queue` (String) The name of the Dead Message Queue (DMQ) used by the Queue for discarded messages. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"#DEAD_MSG_QUEUE"`.
+- `queue_event_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--queue_event_spool_usage_threshold))
+- `queue_max_delivered_unacked_msgs_per_flow` (Number) The maximum number of messages delivered but not acknowledged per flow for the Queue. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1000000`.
+- `queue_max_msg_spool_usage` (Number) The maximum message spool usage by the Queue (quota), in megabytes (MB). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `800000`.
+- `queue_max_redelivery_count` (Number) The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`.
+- `queue_max_ttl` (Number) The maximum time in seconds a message can stay in the Queue when `queue_respect_ttl_enabled` is `true`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `queue_max_ttl` configured for the Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`.
+- `queue_reject_msg_to_sender_on_discard_behavior` (String) Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"always"`. The allowed values and their meaning are:
+
+<pre>
+"never" - Silently discard messages.
+"when-queue-enabled" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.
+"always" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.
+</pre>
+- `queue_respect_ttl_enabled` (Boolean) Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `span` (String) The span of the Link, either internal or external. Internal Links connect nodes within the same Cluster. External Links connect nodes within different Clusters. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"external"`. The allowed values and their meaning are:
+
+<pre>
+"internal" - Link to same cluster.
+"external" - Link to other cluster.
+</pre>
+- `transport_compressed_enabled` (Boolean) Enable or disable compression on the Link. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `transport_tls_enabled` (Boolean) Enable or disable encryption (TLS) on the Link. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+
+<a id="nestedatt--queue_event_spool_usage_threshold"></a>
+### Nested Schema for `queue_event_spool_usage_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/resources/dmr_cluster_link_attribute.md b/docs/resources/dmr_cluster_link_attribute.md
new file mode 100644
index 00000000..db0dac31
--- /dev/null
+++ b/docs/resources/dmr_cluster_link_attribute.md
@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster_link_attribute Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  attributename|x|||
+  attributevalue|x|||
+  dmrclustername|x|||
+  remotenodename|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.28.
+---
+
+# solacebroker_dmr_cluster_link_attribute (Resource)
+
+A Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+attribute_name|x|||
+attribute_value|x|||
+dmr_cluster_name|x|||
+remote_node_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.28.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `attribute_name` (String) The name of the Attribute.
+- `attribute_value` (String) The value of the Attribute.
+- `dmr_cluster_name` (String) The name of the Cluster.
+- `remote_node_name` (String) The name of the node at the remote end of the Link.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/dmr_cluster_link_remote_address.md b/docs/resources/dmr_cluster_link_remote_address.md
new file mode 100644
index 00000000..350b48b3
--- /dev/null
+++ b/docs/resources/dmr_cluster_link_remote_address.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_dmr_cluster_link_remote_address Resource - solacebroker"
+subcategory: ""
+description: |-
+  Each Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  dmrclustername|x|||
+  remoteaddress|x|||
+  remotenode_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_dmr_cluster_link_remote_address (Resource)
+
+Each Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+dmr_cluster_name|x|||
+remote_address|x|||
+remote_node_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `dmr_cluster_name` (String) The name of the Cluster.
+- `remote_address` (String) The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).
+- `remote_node_name` (String) The name of the node at the remote end of the Link.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/domain_cert_authority.md b/docs/resources/domain_cert_authority.md
new file mode 100644
index 00000000..6e9c3fd6
--- /dev/null
+++ b/docs/resources/domain_cert_authority.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_domain_cert_authority Resource - solacebroker"
+subcategory: ""
+description: |-
+  Certificate Authorities trusted for domain verification.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  certauthorityname|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.19.
+---
+
+# solacebroker_domain_cert_authority (Resource)
+
+Certificate Authorities trusted for domain verification.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cert_authority_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.19.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cert_authority_name` (String) The name of the Certificate Authority.
+
+### Optional
+
+- `cert_content` (String) The PEM formatted content for the trusted root certificate of a domain Certificate Authority. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn.md b/docs/resources/msg_vpn.md
new file mode 100644
index 00000000..cb9b9a77
--- /dev/null
+++ b/docs/resources/msg_vpn.md
@@ -0,0 +1,429 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn Resource - solacebroker"
+subcategory: ""
+description: |-
+  Message VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationoauthdefaultprovidername|||x|
+  bridgingtlsservercertenforcetrustedcommonnameenabled|||x|
+  distributedcachemanagementenabled|||x|
+  msgvpnname|x|||
+  replicationbridgeauthenticationbasicpassword||x||x
+  replicationbridgeauthenticationclientcertcontent||x||x
+  replicationbridgeauthenticationclientcertpassword||x||
+  replicationenabledqueuebehavior||x||
+  resttlsservercertenforcetrustedcommonnameenabled|||x|
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn (Resource)
+
+Message VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_oauth_default_provider_name|||x|
+bridging_tls_server_cert_enforce_trusted_common_name_enabled|||x|
+distributed_cache_management_enabled|||x|
+msg_vpn_name|x|||
+replication_bridge_authentication_basic_password||x||x
+replication_bridge_authentication_client_cert_content||x||x
+replication_bridge_authentication_client_cert_password||x||
+replication_enabled_queue_behavior||x||
+rest_tls_server_cert_enforce_trusted_common_name_enabled|||x|
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `alias` (String) The name of another Message VPN which this Message VPN is an alias for. When this Message VPN is enabled, the alias has no effect. When this Message VPN is disabled, Clients (but not Bridges and routing Links) logging into this Message VPN are automatically logged in to the other Message VPN, and authentication and authorization take place in the context of the other Message VPN.
+
+Aliases may form a non-circular chain, cascading one to the next. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.14.
+- `authentication_basic_enabled` (Boolean) Enable or disable basic authentication for clients connecting to the Message VPN. Basic authentication is authentication that involves the use of a username and password to prove identity. If a user provides credentials for a different authentication scheme, this setting is not applicable. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `authentication_basic_profile_name` (String) The name of the RADIUS or LDAP Profile to use for basic authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `authentication_basic_radius_domain` (String) The RADIUS domain to use for basic authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_basic_type` (String) The type of basic authentication to use for clients connecting to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"radius"`. The allowed values and their meaning are:
+
+<pre>
+"internal" - Internal database. Authentication is against Client Usernames.
+"ldap" - LDAP authentication. An LDAP profile name must be provided.
+"radius" - RADIUS authentication. A RADIUS profile name must be provided.
+"none" - No authentication. Anonymous login allowed.
+</pre>
+- `authentication_client_cert_allow_api_provided_username_enabled` (Boolean) Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the certificate CN (Common Name) is always used. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `authentication_client_cert_certificate_matching_rules_enabled` (Boolean) Enable or disable certificate matching rules. When disabled, any valid certificate is accepted. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.27.
+- `authentication_client_cert_enabled` (Boolean) Enable or disable client certificate authentication in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `authentication_client_cert_max_chain_depth` (Number) The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `authentication_client_cert_revocation_check_mode` (String) The desired behavior for client certificate revocation checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"allow-valid"`. The allowed values and their meaning are:
+
+<pre>
+"allow-all" - Allow the client to authenticate, the result of client certificate revocation check is ignored.
+"allow-unknown" - Allow the client to authenticate even if the revocation status of his certificate cannot be determined.
+"allow-valid" - Allow the client to authenticate only when the revocation check returned an explicit positive response.
+</pre>
+ Available since SEMP API version 2.6.
+- `authentication_client_cert_username_source` (String) The field from the client certificate to use as the client username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"common-name"`. The allowed values and their meaning are:
+
+<pre>
+"certificate-thumbprint" - The username is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.
+"common-name" - The username is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.
+"common-name-last" - The username is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.
+"subject-alternate-name-msupn" - The username is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.
+"uid" - The username is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.
+"uid-last" - The username is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.
+</pre>
+ Available since SEMP API version 2.6.
+- `authentication_client_cert_validate_date_enabled` (Boolean) Enable or disable validation of the "Not Before" and "Not After" validity dates in the client certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `authentication_kerberos_allow_api_provided_username_enabled` (Boolean) Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the Kerberos Principal name is always used. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `authentication_kerberos_enabled` (Boolean) Enable or disable Kerberos authentication in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `authentication_oauth_default_profile_name` (String) The name of the profile to use when the client does not supply a profile name. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.25.
+- `authentication_oauth_enabled` (Boolean) Enable or disable OAuth authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.13.
+- `authorization_ldap_group_membership_attribute_name` (String) The name of the attribute that is retrieved from the LDAP server as part of the LDAP search when authorizing a client connecting to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"memberOf"`.
+- `authorization_ldap_trim_client_username_domain_enabled` (Boolean) Enable or disable client-username domain trimming for LDAP lookups of client connections. When enabled, the value of $CLIENT_USERNAME (when used for searching) will be truncated at the first occurrence of the @ character. For example, if the client-username is in the form of an email address, then the domain portion will be removed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.13.
+- `authorization_profile_name` (String) The name of the LDAP Profile to use for client authorization. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authorization_type` (String) The type of authorization to use for clients connecting to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"internal"`. The allowed values and their meaning are:
+
+<pre>
+"ldap" - LDAP authorization.
+"internal" - Internal authorization.
+</pre>
+- `bridging_tls_server_cert_max_chain_depth` (Number) The maximum depth for a server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `bridging_tls_server_cert_validate_date_enabled` (Boolean) Enable or disable validation of the "Not Before" and "Not After" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid based on these dates. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `bridging_tls_server_cert_validate_name_enabled` (Boolean) Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.
+- `dmr_enabled` (Boolean) Enable or disable Dynamic Message Routing (DMR) for the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.11.
+- `enabled` (Boolean) Enable or disable the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_connection_count_threshold))
+- `event_egress_flow_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_egress_flow_count_threshold))
+- `event_egress_msg_rate_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_egress_msg_rate_threshold))
+- `event_endpoint_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_endpoint_count_threshold))
+- `event_ingress_flow_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_ingress_flow_count_threshold))
+- `event_ingress_msg_rate_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_ingress_msg_rate_threshold))
+- `event_large_msg_threshold` (Number) The threshold, in kilobytes, after which a message is considered to be large for the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1024`.
+- `event_log_tag` (String) A prefix applied to all published Events in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_msg_spool_usage_threshold))
+- `event_publish_client_enabled` (Boolean) Enable or disable Client level Event message publishing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_publish_msg_vpn_enabled` (Boolean) Enable or disable Message VPN level Event message publishing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_publish_subscription_mode` (String) Subscription level Event message publishing mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"off"`. The allowed values and their meaning are:
+
+<pre>
+"off" - Disable client level event message publishing.
+"on-with-format-v1" - Enable client level event message publishing with format v1.
+"on-with-no-unsubscribe-events-on-disconnect-format-v1" - As "on-with-format-v1", but unsubscribe events are not generated when a client disconnects. Unsubscribe events are still raised when a client explicitly unsubscribes from its subscriptions.
+"on-with-format-v2" - Enable client level event message publishing with format v2.
+"on-with-no-unsubscribe-events-on-disconnect-format-v2" - As "on-with-format-v2", but unsubscribe events are not generated when a client disconnects. Unsubscribe events are still raised when a client explicitly unsubscribes from its subscriptions.
+</pre>
+- `event_publish_topic_format_mqtt_enabled` (Boolean) Enable or disable Event publish topics in MQTT format. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_publish_topic_format_smf_enabled` (Boolean) Enable or disable Event publish topics in SMF format. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `event_service_amqp_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_amqp_connection_count_threshold))
+- `event_service_mqtt_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_mqtt_connection_count_threshold))
+- `event_service_rest_incoming_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_rest_incoming_connection_count_threshold))
+- `event_service_smf_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_smf_connection_count_threshold))
+- `event_service_web_connection_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_web_connection_count_threshold))
+- `event_subscription_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_subscription_count_threshold))
+- `event_transacted_session_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_transacted_session_count_threshold))
+- `event_transaction_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_transaction_count_threshold))
+- `export_subscriptions_enabled` (Boolean) Enable or disable the export of subscriptions in the Message VPN to other routers in the network over Neighbor links. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `jndi_enabled` (Boolean) Enable or disable JNDI access for clients in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.2.
+- `max_connection_count` (Number) The maximum number of client connections to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `max_egress_flow_count` (Number) The maximum number of transmit flows that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_endpoint_count` (Number) The maximum number of Queues and Topic Endpoints that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_ingress_flow_count` (Number) The maximum number of receive flows that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_msg_spool_usage` (Number) The maximum message spool usage by the Message VPN, in megabytes. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `max_subscription_count` (Number) The maximum number of local client subscriptions that can be added to the Message VPN. This limit is not enforced when a subscription is added using a management interface, such as CLI or SEMP. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `max_transacted_session_count` (Number) The maximum number of transacted sessions that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `max_transaction_count` (Number) The maximum number of transactions that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `mqtt_retain_max_memory` (Number) The maximum total memory usage of the MQTT Retain feature for this Message VPN, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded. A value of -1 indicates that the memory is bounded only by the global max memory limit. A value of 0 prevents MQTT Retain from becoming operational. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`. Available since SEMP API version 2.11.
+- `replication_ack_propagation_interval_msg_count` (Number) The acknowledgment (ACK) propagation interval for the replication Bridge, in number of replicated messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20`.
+- `replication_bridge_authentication_basic_client_username` (String) The Client Username the replication Bridge uses to login to the remote Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `replication_bridge_authentication_basic_password` (String, Sensitive) The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `replication_bridge_authentication_client_cert_content` (String, Sensitive) The PEM formatted content for the client certificate used by this bridge to login to the Remote Message VPN. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). The default value is `""`. Available since SEMP API version 2.9.
+- `replication_bridge_authentication_client_cert_password` (String, Sensitive) The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). The default value is `""`. Available since SEMP API version 2.9.
+- `replication_bridge_authentication_scheme` (String) The authentication scheme for the replication Bridge in the Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"basic"`. The allowed values and their meaning are:
+
+<pre>
+"basic" - Basic Authentication Scheme (via username and password).
+"client-certificate" - Client Certificate Authentication Scheme (via certificate file or content).
+</pre>
+- `replication_bridge_compressed_data_enabled` (Boolean) Enable or disable use of compression for the replication Bridge. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `replication_bridge_egress_flow_window_size` (Number) The size of the window used for guaranteed messages published to the replication Bridge, in messages. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.
+- `replication_bridge_retry_delay` (Number) The number of seconds that must pass before retrying the replication Bridge connection. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `3`.
+- `replication_bridge_tls_enabled` (Boolean) Enable or disable use of encryption (TLS) for the replication Bridge connection. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `replication_bridge_unidirectional_client_profile_name` (String) The Client Profile for the unidirectional replication Bridge in the Message VPN. It is used only for the TCP parameters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#client-profile"`.
+- `replication_enabled` (Boolean) Enable or disable replication for the Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `replication_enabled_queue_behavior` (String, Sensitive) The behavior to take when enabling replication for the Message VPN, depending on the existence of the replication Queue. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"fail-on-existing-queue"`. The allowed values and their meaning are:
+
+<pre>
+"fail-on-existing-queue" - The data replication queue must not already exist.
+"force-use-existing-queue" - The data replication queue must already exist. Any data messages on the Queue will be forwarded to interested applications. IMPORTANT: Before using this mode be certain that the messages are not stale or otherwise unsuitable to be forwarded. This mode can only be specified when the existing queue is configured the same as is currently specified under replication configuration otherwise the enabling of replication will fail.
+"force-recreate-queue" - The data replication queue must already exist. Any data messages on the Queue will be discarded. IMPORTANT: Before using this mode be certain that the messages on the existing data replication queue are not needed by interested applications.
+</pre>
+- `replication_queue_max_msg_spool_usage` (Number) The maximum message spool usage by the replication Bridge local Queue (quota), in megabytes. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `60000`.
+- `replication_queue_reject_msg_to_sender_on_discard_enabled` (Boolean) Enable or disable whether messages discarded on the replication Bridge local Queue are rejected back to the sender. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `replication_reject_msg_when_sync_ineligible_enabled` (Boolean) Enable or disable whether guaranteed messages published to synchronously replicated Topics are rejected back to the sender when synchronous replication becomes ineligible. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `replication_role` (String) The replication role for the Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"standby"`. The allowed values and their meaning are:
+
+<pre>
+"active" - Assume the Active role in replication for the Message VPN.
+"standby" - Assume the Standby role in replication for the Message VPN.
+</pre>
+- `replication_transaction_mode` (String) The transaction replication mode for all transactions within the Message VPN. Changing this value during operation will not affect existing transactions; it is only used upon starting a transaction. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"async"`. The allowed values and their meaning are:
+
+<pre>
+"sync" - Messages are acknowledged when replicated (spooled remotely).
+"async" - Messages are acknowledged when pending replication (spooled locally).
+</pre>
+- `rest_tls_server_cert_max_chain_depth` (Number) The maximum depth for a REST Consumer server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `rest_tls_server_cert_validate_date_enabled` (Boolean) Enable or disable validation of the "Not Before" and "Not After" validity dates in the REST Consumer server certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `rest_tls_server_cert_validate_name_enabled` (Boolean) Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the remote REST Consumer. If enabled, the name used to connect to the remote REST Consumer is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.17.
+- `semp_over_msg_bus_admin_client_enabled` (Boolean) Enable or disable "admin client" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `semp_over_msg_bus_admin_distributed_cache_enabled` (Boolean) Enable or disable "admin distributed-cache" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `semp_over_msg_bus_admin_enabled` (Boolean) Enable or disable "admin" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `semp_over_msg_bus_enabled` (Boolean) Enable or disable SEMP over the message bus for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `semp_over_msg_bus_show_enabled` (Boolean) Enable or disable "show" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `service_amqp_max_connection_count` (Number) The maximum number of AMQP client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform. Available since SEMP API version 2.7.
+- `service_amqp_plain_text_enabled` (Boolean) Enable or disable the plain-text AMQP service in the Message VPN. Disabling causes clients connected to the corresponding listen-port to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.7.
+- `service_amqp_plain_text_listen_port` (Number) The port number for plain-text AMQP clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_amqp_plain_text_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.7.
+- `service_amqp_tls_enabled` (Boolean) Enable or disable the use of encryption (TLS) for the AMQP service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.7.
+- `service_amqp_tls_listen_port` (Number) The port number for AMQP clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_amqp_tls_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.7.
+- `service_mqtt_authentication_client_cert_request` (String) Determines when to request a client certificate from an incoming MQTT client connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"when-enabled-in-message-vpn"`. The allowed values and their meaning are:
+
+<pre>
+"always" - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
+"never" - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
+"when-enabled-in-message-vpn" - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn >  authentication > client-certificate > shutdown".
+</pre>
+ Available since SEMP API version 2.21.
+- `service_mqtt_max_connection_count` (Number) The maximum number of MQTT client connections that can be simultaneously connected to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform. Available since SEMP API version 2.1.
+- `service_mqtt_plain_text_enabled` (Boolean) Enable or disable the plain-text MQTT service in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.1.
+- `service_mqtt_plain_text_listen_port` (Number) The port number for plain-text MQTT clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mqtt_plain_text_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.1.
+- `service_mqtt_tls_enabled` (Boolean) Enable or disable the use of encryption (TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.1.
+- `service_mqtt_tls_listen_port` (Number) The port number for MQTT clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mqtt_tls_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.1.
+- `service_mqtt_tls_web_socket_enabled` (Boolean) Enable or disable the use of encrypted WebSocket (WebSocket over TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected by encrypted WebSocket to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.1.
+- `service_mqtt_tls_web_socket_listen_port` (Number) The port number for MQTT clients that connect to the Message VPN using WebSocket over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mqtt_tls_web_socket_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.1.
+- `service_mqtt_web_socket_enabled` (Boolean) Enable or disable the use of WebSocket for the MQTT service in the Message VPN. Disabling causes clients currently connected by WebSocket to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.1.
+- `service_mqtt_web_socket_listen_port` (Number) The port number for plain-text MQTT clients that connect to the Message VPN using WebSocket. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mqtt_web_socket_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.1.
+- `service_rest_incoming_authentication_client_cert_request` (String) Determines when to request a client certificate from an incoming REST Producer connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"when-enabled-in-message-vpn"`. The allowed values and their meaning are:
+
+<pre>
+"always" - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
+"never" - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
+"when-enabled-in-message-vpn" - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn >  authentication > client-certificate > shutdown".
+</pre>
+ Available since SEMP API version 2.21.
+- `service_rest_incoming_authorization_header_handling` (String) The handling of Authorization headers for incoming REST connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"drop"`. The allowed values and their meaning are:
+
+<pre>
+"drop" - Do not attach the Authorization header to the message as a user property. This configuration is most secure.
+"forward" - Forward the Authorization header, attaching it to the message as a user property in the same way as other headers. For best security, use the drop setting.
+"legacy" - If the Authorization header was used for authentication to the broker, do not attach it to the message. If the Authorization header was not used for authentication to the broker, attach it to the message as a user property in the same way as other headers. For best security, use the drop setting.
+</pre>
+ Available since SEMP API version 2.19.
+- `service_rest_incoming_max_connection_count` (Number) The maximum number of REST incoming client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `service_rest_incoming_plain_text_enabled` (Boolean) Enable or disable the plain-text REST service for incoming clients in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `service_rest_incoming_plain_text_listen_port` (Number) The port number for incoming plain-text REST clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_rest_incoming_plain_text_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `service_rest_incoming_tls_enabled` (Boolean) Enable or disable the use of encryption (TLS) for the REST service for incoming clients in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `service_rest_incoming_tls_listen_port` (Number) The port number for incoming REST clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_rest_incoming_tls_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `service_rest_mode` (String) The REST service mode for incoming REST clients that connect to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"messaging"`. The allowed values and their meaning are:
+
+<pre>
+"gateway" - Act as a message gateway through which REST messages are propagated.
+"messaging" - Act as a message broker on which REST messages are queued.
+</pre>
+ Available since SEMP API version 2.6.
+- `service_rest_outgoing_max_connection_count` (Number) The maximum number of REST Consumer (outgoing) client connections that can be simultaneously connected to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `service_smf_max_connection_count` (Number) The maximum number of SMF client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `service_smf_plain_text_enabled` (Boolean) Enable or disable the plain-text SMF service in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `service_smf_tls_enabled` (Boolean) Enable or disable the use of encryption (TLS) for the SMF service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `service_web_authentication_client_cert_request` (String) Determines when to request a client certificate from a Web Transport client connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"when-enabled-in-message-vpn"`. The allowed values and their meaning are:
+
+<pre>
+"always" - Always ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
+"never" - Never ask for a client certificate regardless of the "message-vpn > authentication > client-certificate > shutdown" configuration.
+"when-enabled-in-message-vpn" - Only ask for a client-certificate if client certificate authentication is enabled under "message-vpn >  authentication > client-certificate > shutdown".
+</pre>
+ Available since SEMP API version 2.21.
+- `service_web_max_connection_count` (Number) The maximum number of Web Transport client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `service_web_plain_text_enabled` (Boolean) Enable or disable the plain-text Web Transport service in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `service_web_tls_enabled` (Boolean) Enable or disable the use of TLS for the Web Transport service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `tls_allow_downgrade_to_plain_text_enabled` (Boolean) Enable or disable the allowing of TLS SMF clients to downgrade their connections to plain-text connections. Changing this will not affect existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+
+<a id="nestedatt--event_connection_count_threshold"></a>
+### Nested Schema for `event_connection_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_egress_flow_count_threshold"></a>
+### Nested Schema for `event_egress_flow_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_egress_msg_rate_threshold"></a>
+### Nested Schema for `event_egress_msg_rate_threshold`
+
+Optional:
+
+- `clear_value` (Number) The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
+- `set_value` (Number) The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_endpoint_count_threshold"></a>
+### Nested Schema for `event_endpoint_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_ingress_flow_count_threshold"></a>
+### Nested Schema for `event_ingress_flow_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_ingress_msg_rate_threshold"></a>
+### Nested Schema for `event_ingress_msg_rate_threshold`
+
+Optional:
+
+- `clear_value` (Number) The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
+- `set_value` (Number) The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_msg_spool_usage_threshold"></a>
+### Nested Schema for `event_msg_spool_usage_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_amqp_connection_count_threshold"></a>
+### Nested Schema for `event_service_amqp_connection_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_mqtt_connection_count_threshold"></a>
+### Nested Schema for `event_service_mqtt_connection_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_rest_incoming_connection_count_threshold"></a>
+### Nested Schema for `event_service_rest_incoming_connection_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_smf_connection_count_threshold"></a>
+### Nested Schema for `event_service_smf_connection_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_web_connection_count_threshold"></a>
+### Nested Schema for `event_service_web_connection_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_subscription_count_threshold"></a>
+### Nested Schema for `event_subscription_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_transacted_session_count_threshold"></a>
+### Nested Schema for `event_transacted_session_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_transaction_count_threshold"></a>
+### Nested Schema for `event_transaction_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/resources/msg_vpn_acl_profile.md b/docs/resources/msg_vpn_acl_profile.md
new file mode 100644
index 00000000..34c24798
--- /dev/null
+++ b/docs/resources/msg_vpn_acl_profile.md
@@ -0,0 +1,71 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_acl_profile Resource - solacebroker"
+subcategory: ""
+description: |-
+  An ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  aclprofilename|x|||
+  msgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_acl_profile (Resource)
+
+An ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+acl_profile_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `acl_profile_name` (String) The name of the ACL Profile.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `client_connect_default_action` (String) The default action to take when a client using the ACL Profile connects to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"disallow"`. The allowed values and their meaning are:
+
+<pre>
+"allow" - Allow client connection unless an exception is found for it.
+"disallow" - Disallow client connection unless an exception is found for it.
+</pre>
+- `publish_topic_default_action` (String) The default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"disallow"`. The allowed values and their meaning are:
+
+<pre>
+"allow" - Allow topic unless an exception is found for it.
+"disallow" - Disallow topic unless an exception is found for it.
+</pre>
+- `subscribe_share_name_default_action` (String) The default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"allow"`. The allowed values and their meaning are:
+
+<pre>
+"allow" - Allow topic unless an exception is found for it.
+"disallow" - Disallow topic unless an exception is found for it.
+</pre>
+ Available since SEMP API version 2.14.
+- `subscribe_topic_default_action` (String) The default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"disallow"`. The allowed values and their meaning are:
+
+<pre>
+"allow" - Allow topic unless an exception is found for it.
+"disallow" - Disallow topic unless an exception is found for it.
+</pre>
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_acl_profile_client_connect_exception.md b/docs/resources/msg_vpn_acl_profile_client_connect_exception.md
new file mode 100644
index 00000000..6efe6b7b
--- /dev/null
+++ b/docs/resources/msg_vpn_acl_profile_client_connect_exception.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_acl_profile_client_connect_exception Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  aclprofilename|x|||
+  clientconnectexceptionaddress|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_acl_profile_client_connect_exception (Resource)
+
+A Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+acl_profile_name|x|||
+client_connect_exception_address|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `acl_profile_name` (String) The name of the ACL Profile.
+- `client_connect_exception_address` (String) The IP address/netmask of the client connect exception in canonical CIDR form.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_acl_profile_publish_topic_exception.md b/docs/resources/msg_vpn_acl_profile_publish_topic_exception.md
new file mode 100644
index 00000000..a42ed163
--- /dev/null
+++ b/docs/resources/msg_vpn_acl_profile_publish_topic_exception.md
@@ -0,0 +1,54 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_acl_profile_publish_topic_exception Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  aclprofilename|x|||
+  msgvpnname|x|||
+  publishtopicexception|x|||
+  publishtopicexception_syntax|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.14.
+---
+
+# solacebroker_msg_vpn_acl_profile_publish_topic_exception (Resource)
+
+A Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+acl_profile_name|x|||
+msg_vpn_name|x|||
+publish_topic_exception|x|||
+publish_topic_exception_syntax|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.14.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `acl_profile_name` (String) The name of the ACL Profile.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `publish_topic_exception` (String) The topic for the exception to the default action taken. May include wildcard characters.
+- `publish_topic_exception_syntax` (String) The syntax of the topic for the exception to the default action taken. The allowed values and their meaning are:
+
+<pre>
+"smf" - Topic uses SMF syntax.
+"mqtt" - Topic uses MQTT syntax.
+</pre>
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_acl_profile_subscribe_share_name_exception.md b/docs/resources/msg_vpn_acl_profile_subscribe_share_name_exception.md
new file mode 100644
index 00000000..66a60cd5
--- /dev/null
+++ b/docs/resources/msg_vpn_acl_profile_subscribe_share_name_exception.md
@@ -0,0 +1,54 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_acl_profile_subscribe_share_name_exception Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  aclprofilename|x|||
+  msgvpnname|x|||
+  subscribesharenameexception|x|||
+  subscribesharenameexception_syntax|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.14.
+---
+
+# solacebroker_msg_vpn_acl_profile_subscribe_share_name_exception (Resource)
+
+A Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+acl_profile_name|x|||
+msg_vpn_name|x|||
+subscribe_share_name_exception|x|||
+subscribe_share_name_exception_syntax|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.14.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `acl_profile_name` (String) The name of the ACL Profile.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `subscribe_share_name_exception` (String) The subscribe share name exception to the default action taken. May include wildcard characters.
+- `subscribe_share_name_exception_syntax` (String) The syntax of the subscribe share name for the exception to the default action taken. The allowed values and their meaning are:
+
+<pre>
+"smf" - Topic uses SMF syntax.
+"mqtt" - Topic uses MQTT syntax.
+</pre>
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_acl_profile_subscribe_topic_exception.md b/docs/resources/msg_vpn_acl_profile_subscribe_topic_exception.md
new file mode 100644
index 00000000..bdd850de
--- /dev/null
+++ b/docs/resources/msg_vpn_acl_profile_subscribe_topic_exception.md
@@ -0,0 +1,54 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_acl_profile_subscribe_topic_exception Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  aclprofilename|x|||
+  msgvpnname|x|||
+  subscribetopicexception|x|||
+  subscribetopicexception_syntax|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.14.
+---
+
+# solacebroker_msg_vpn_acl_profile_subscribe_topic_exception (Resource)
+
+A Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+acl_profile_name|x|||
+msg_vpn_name|x|||
+subscribe_topic_exception|x|||
+subscribe_topic_exception_syntax|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.14.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `acl_profile_name` (String) The name of the ACL Profile.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `subscribe_topic_exception` (String) The topic for the exception to the default action taken. May include wildcard characters.
+- `subscribe_topic_exception_syntax` (String) The syntax of the topic for the exception to the default action taken. The allowed values and their meaning are:
+
+<pre>
+"smf" - Topic uses SMF syntax.
+"mqtt" - Topic uses MQTT syntax.
+</pre>
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_authentication_oauth_profile.md b/docs/resources/msg_vpn_authentication_oauth_profile.md
new file mode 100644
index 00000000..f216c54b
--- /dev/null
+++ b/docs/resources/msg_vpn_authentication_oauth_profile.md
@@ -0,0 +1,88 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_authentication_oauth_profile Resource - solacebroker"
+subcategory: ""
+description: |-
+  OAuth profiles specify how to securely authenticate to an OAuth provider.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  clientsecret||x||x
+  msgvpnname|x|||
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.25.
+---
+
+# solacebroker_msg_vpn_authentication_oauth_profile (Resource)
+
+OAuth profiles specify how to securely authenticate to an OAuth provider.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+client_secret||x||x
+msg_vpn_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.25.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Optional
+
+- `authorization_groups_claim_name` (String) The name of the groups claim. If non-empty, the specified claim will be used to determine groups for authorization. If empty, the authorization_type attribute of the Message VPN will be used to determine authorization. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"groups"`.
+- `authorization_groups_claim_string_format` (String) The format of the authorization groups claim value when it is a string. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"single"`. The allowed values and their meaning are:
+
+<pre>
+"single" - When the claim is a string, it is interpreted as as single group.
+"space-delimited" - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the "scope" claim.
+</pre>
+ Available since SEMP API version 2.32.
+- `client_id` (String) The OAuth client id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `client_required_type` (String) The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"JWT"`.
+- `client_secret` (String, Sensitive) The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `client_validate_type_enabled` (Boolean) Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `disconnect_on_token_expiration_enabled` (Boolean) Enable or disable the disconnection of clients when their tokens expire. Changing this value does not affect existing clients, only new client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `enabled` (Boolean) Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `endpoint_discovery` (String) The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `endpoint_discovery_refresh_interval` (Number) The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `86400`.
+- `endpoint_introspection` (String) The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `endpoint_introspection_timeout` (Number) The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `endpoint_jwks` (String) The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `endpoint_jwks_refresh_interval` (Number) The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `86400`.
+- `endpoint_userinfo` (String) The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `endpoint_userinfo_timeout` (Number) The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `issuer` (String) The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `mqtt_username_validate_enabled` (Boolean) Enable or disable whether the API provided MQTT client username will be validated against the username calculated from the token(s). When enabled, connection attempts by MQTT clients are rejected if they differ. Note that this value only applies to MQTT clients; SMF client usernames will not be validated. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `oauth_role` (String) The OAuth role of the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"client"`. The allowed values and their meaning are:
+
+<pre>
+"client" - The broker is in the OAuth client role.
+"resource-server" - The broker is in the OAuth resource server role.
+</pre>
+- `resource_server_parse_access_token_enabled` (Boolean) Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `resource_server_required_audience` (String) The required audience value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `resource_server_required_issuer` (String) The required issuer value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `resource_server_required_scope` (String) A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `resource_server_required_type` (String) The required TYP value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"at+jwt"`.
+- `resource_server_validate_audience_enabled` (Boolean) Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `resource_server_validate_issuer_enabled` (Boolean) Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `resource_server_validate_scope_enabled` (Boolean) Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `resource_server_validate_type_enabled` (Boolean) Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `username_claim_name` (String) The name of the username claim. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"sub"`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_authentication_oauth_profile_client_required_claim.md b/docs/resources/msg_vpn_authentication_oauth_profile_client_required_claim.md
new file mode 100644
index 00000000..7d0e9eee
--- /dev/null
+++ b/docs/resources/msg_vpn_authentication_oauth_profile_client_required_claim.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_authentication_oauth_profile_client_required_claim Resource - solacebroker"
+subcategory: ""
+description: |-
+  Additional claims to be verified in the ID token.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  clientrequiredclaimname|x|||
+  msgvpnname|x|||
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.25.
+---
+
+# solacebroker_msg_vpn_authentication_oauth_profile_client_required_claim (Resource)
+
+Additional claims to be verified in the ID token.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+client_required_claim_name|x|||
+msg_vpn_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.25.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `client_required_claim_name` (String) The name of the ID token claim to verify.
+- `client_required_claim_value` (String) The required claim value.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_authentication_oauth_profile_resource_server_required_claim.md b/docs/resources/msg_vpn_authentication_oauth_profile_resource_server_required_claim.md
new file mode 100644
index 00000000..5f5b2082
--- /dev/null
+++ b/docs/resources/msg_vpn_authentication_oauth_profile_resource_server_required_claim.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_authentication_oauth_profile_resource_server_required_claim Resource - solacebroker"
+subcategory: ""
+description: |-
+  Additional claims to be verified in the access token.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  oauthprofilename|x|||
+  resourceserverrequiredclaimname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.25.
+---
+
+# solacebroker_msg_vpn_authentication_oauth_profile_resource_server_required_claim (Resource)
+
+Additional claims to be verified in the access token.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+oauth_profile_name|x|||
+resource_server_required_claim_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.25.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+- `resource_server_required_claim_name` (String) The name of the access token claim to verify.
+- `resource_server_required_claim_value` (String) The required claim value.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_authorization_group.md b/docs/resources/msg_vpn_authorization_group.md
new file mode 100644
index 00000000..36ab7576
--- /dev/null
+++ b/docs/resources/msg_vpn_authorization_group.md
@@ -0,0 +1,55 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_authorization_group Resource - solacebroker"
+subcategory: ""
+description: |-
+  To use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authorizationgroupname|x|||
+  msgvpnname|x|||
+  orderafterauthorizationgroupname||x||
+  orderbeforeauthorizationgroupname||x||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_authorization_group (Resource)
+
+To use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authorization_group_name|x|||
+msg_vpn_name|x|||
+order_after_authorization_group_name||x||
+order_before_authorization_group_name||x||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `authorization_group_name` (String) The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\#,lab,com'.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `acl_profile_name` (String) The ACL Profile of the Authorization Group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `client_profile_name` (String) The Client Profile of the Authorization Group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `enabled` (Boolean) Enable or disable the Authorization Group in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `order_after_authorization_group_name` (String, Sensitive) Lower the priority to be less than this group. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is not applicable.
+- `order_before_authorization_group_name` (String, Sensitive) Raise the priority to be greater than this group. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is not applicable.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_bridge.md b/docs/resources/msg_vpn_bridge.md
new file mode 100644
index 00000000..e95a7482
--- /dev/null
+++ b/docs/resources/msg_vpn_bridge.md
@@ -0,0 +1,85 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_bridge Resource - solacebroker"
+subcategory: ""
+description: |-
+  Bridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  bridgename|x|||
+  bridgevirtualrouter|x|||
+  msgvpnname|x|||
+  remoteauthenticationbasicpassword||x||x
+  remoteauthenticationclientcertcontent||x||x
+  remoteauthenticationclientcertpassword||x||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_bridge (Resource)
+
+Bridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+bridge_name|x|||
+bridge_virtual_router|x|||
+msg_vpn_name|x|||
+remote_authentication_basic_password||x||x
+remote_authentication_client_cert_content||x||x
+remote_authentication_client_cert_password||x||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `bridge_name` (String) The name of the Bridge.
+- `bridge_virtual_router` (String) The virtual router of the Bridge. The allowed values and their meaning are:
+
+<pre>
+"primary" - The Bridge is used for the primary virtual router.
+"backup" - The Bridge is used for the backup virtual router.
+"auto" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
+</pre>
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `enabled` (Boolean) Enable or disable the Bridge. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `max_ttl` (Number) The maximum time-to-live (TTL) in hops. Messages are discarded if their TTL exceeds this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `8`.
+- `remote_authentication_basic_client_username` (String) The Client Username the Bridge uses to login to the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `remote_authentication_basic_password` (String, Sensitive) The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `remote_authentication_client_cert_content` (String, Sensitive) The PEM formatted content for the client certificate used by the Bridge to login to the remote Message VPN. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `""`. Available since SEMP API version 2.9.
+- `remote_authentication_client_cert_password` (String, Sensitive) The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `""`. Available since SEMP API version 2.9.
+- `remote_authentication_scheme` (String) The authentication scheme for the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"basic"`. The allowed values and their meaning are:
+
+<pre>
+"basic" - Basic Authentication Scheme (via username and password).
+"client-certificate" - Client Certificate Authentication Scheme (via certificate file or content).
+</pre>
+- `remote_connection_retry_count` (Number) The maximum number of retry attempts to establish a connection to the remote Message VPN. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `remote_connection_retry_delay` (Number) The number of seconds the broker waits for the bridge connection to be established before attempting a new connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `remote_deliver_to_one_priority` (String) The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"p1"`. The allowed values and their meaning are:
+
+<pre>
+"p1" - The 1st or highest priority.
+"p2" - The 2nd highest priority.
+"p3" - The 3rd highest priority.
+"p4" - The 4th highest priority.
+"da" - Ignore priority and deliver always.
+</pre>
+- `tls_cipher_suite_list` (String) The colon-separated list of cipher suites supported for TLS connections to the remote Message VPN. The value "default" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_bridge_remote_msg_vpn.md b/docs/resources/msg_vpn_bridge_remote_msg_vpn.md
new file mode 100644
index 00000000..b4e013a1
--- /dev/null
+++ b/docs/resources/msg_vpn_bridge_remote_msg_vpn.md
@@ -0,0 +1,75 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_bridge_remote_msg_vpn Resource - solacebroker"
+subcategory: ""
+description: |-
+  The Remote Message VPN is the Message VPN that the Bridge connects to.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  bridgename|x|||
+  bridgevirtualrouter|x|||
+  msgvpnname|x|||
+  password||x||x
+  remotemsgvpninterface|x|||
+  remotemsgvpnlocation|x|||
+  remotemsgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_bridge_remote_msg_vpn (Resource)
+
+The Remote Message VPN is the Message VPN that the Bridge connects to.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+bridge_name|x|||
+bridge_virtual_router|x|||
+msg_vpn_name|x|||
+password||x||x
+remote_msg_vpn_interface|x|||
+remote_msg_vpn_location|x|||
+remote_msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `bridge_name` (String) The name of the Bridge.
+- `bridge_virtual_router` (String) The virtual router of the Bridge. The allowed values and their meaning are:
+
+<pre>
+"primary" - The Bridge is used for the primary virtual router.
+"backup" - The Bridge is used for the backup virtual router.
+"auto" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
+</pre>
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `remote_msg_vpn_interface` (String) The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remote_msg_vpn_location` must not be a virtual router name.
+- `remote_msg_vpn_location` (String) The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with "v:").
+- `remote_msg_vpn_name` (String) The name of the remote Message VPN.
+
+### Optional
+
+- `client_username` (String) The Client Username the Bridge uses to login to the remote Message VPN. This per remote Message VPN value overrides the value provided for the Bridge overall. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `compressed_data_enabled` (Boolean) Enable or disable data compression for the remote Message VPN connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `connect_order` (Number) The preference given to incoming connections from remote Message VPN hosts, from 1 (highest priority) to 4 (lowest priority). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.
+- `egress_flow_window_size` (Number) The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgment is received. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.
+- `enabled` (Boolean) Enable or disable the remote Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `password` (String, Sensitive) The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `queue_binding` (String) The queue binding of the Bridge in the remote Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `tls_enabled` (Boolean) Enable or disable encryption (TLS) for the remote Message VPN connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `unidirectional_client_profile` (String) The Client Profile for the unidirectional Bridge of the remote Message VPN. The Client Profile must exist in the local Message VPN, and it is used only for the TCP parameters. Note that the default client profile has a TCP maximum window size of 2 MB. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#client-profile"`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_bridge_remote_subscription.md b/docs/resources/msg_vpn_bridge_remote_subscription.md
new file mode 100644
index 00000000..65d3eb22
--- /dev/null
+++ b/docs/resources/msg_vpn_bridge_remote_subscription.md
@@ -0,0 +1,56 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_bridge_remote_subscription Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  bridgename|x|||
+  bridgevirtualrouter|x|||
+  msgvpnname|x|||
+  remotesubscription_topic|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_bridge_remote_subscription (Resource)
+
+A Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+bridge_name|x|||
+bridge_virtual_router|x|||
+msg_vpn_name|x|||
+remote_subscription_topic|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `bridge_name` (String) The name of the Bridge.
+- `bridge_virtual_router` (String) The virtual router of the Bridge. The allowed values and their meaning are:
+
+<pre>
+"primary" - The Bridge is used for the primary virtual router.
+"backup" - The Bridge is used for the backup virtual router.
+"auto" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
+</pre>
+- `deliver_always_enabled` (Boolean) Enable or disable deliver-always for the Bridge remote subscription topic instead of a deliver-to-one remote priority. A given topic for the Bridge may be deliver-to-one or deliver-always but not both.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `remote_subscription_topic` (String) The topic of the Bridge remote subscription.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_cert_matching_rule.md b/docs/resources/msg_vpn_cert_matching_rule.md
new file mode 100644
index 00000000..f2f2a90f
--- /dev/null
+++ b/docs/resources/msg_vpn_cert_matching_rule.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_cert_matching_rule Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  rule_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.27.
+---
+
+# solacebroker_msg_vpn_cert_matching_rule (Resource)
+
+A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+rule_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.27.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `rule_name` (String) The name of the rule.
+
+### Optional
+
+- `enabled` (Boolean) Enable or disable a certificate matching rule. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_cert_matching_rule_attribute_filter.md b/docs/resources/msg_vpn_cert_matching_rule_attribute_filter.md
new file mode 100644
index 00000000..4eca2fcb
--- /dev/null
+++ b/docs/resources/msg_vpn_cert_matching_rule_attribute_filter.md
@@ -0,0 +1,51 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_cert_matching_rule_attribute_filter Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Cert Matching Rule Attribute Filter compares a username attribute to a string.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  filtername|x|||
+  msgvpnname|x|||
+  rulename|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.28.
+---
+
+# solacebroker_msg_vpn_cert_matching_rule_attribute_filter (Resource)
+
+A Cert Matching Rule Attribute Filter compares a username attribute to a string.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+filter_name|x|||
+msg_vpn_name|x|||
+rule_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.28.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `filter_name` (String) The name of the filter.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `rule_name` (String) The name of the rule.
+
+### Optional
+
+- `attribute_name` (String) Client Username Attribute to be tested. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `attribute_value` (String) Expected attribute value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_cert_matching_rule_condition.md b/docs/resources/msg_vpn_cert_matching_rule_condition.md
new file mode 100644
index 00000000..5b22018d
--- /dev/null
+++ b/docs/resources/msg_vpn_cert_matching_rule_condition.md
@@ -0,0 +1,67 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_cert_matching_rule_condition Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  rule_name|x|||
+  source|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.27.
+---
+
+# solacebroker_msg_vpn_cert_matching_rule_condition (Resource)
+
+A Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+rule_name|x|||
+source|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.27.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `rule_name` (String) The name of the rule.
+- `source` (String) Certificate field to be compared with the Attribute. The allowed values and their meaning are:
+
+<pre>
+"certificate-thumbprint" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.
+"common-name" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.
+"common-name-last" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.
+"subject-alternate-name-msupn" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.
+"uid" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.
+"uid-last" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.
+"org-unit" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.
+"org-unit-last" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.
+"issuer" - The attribute is extracted from the certificate's Issuer DN.
+"subject" - The attribute is extracted from the certificate's Subject DN.
+"serial-number" - The attribute is extracted from the certificate's Serial Number.
+"dns-name" - The attribute is extracted from the certificate's Subject Alt Name DNS Name.
+"ip-address" - The attribute is extracted from the certificate's Subject Alt Name IP Address.
+</pre>
+
+### Optional
+
+- `attribute` (String) Client Username Attribute to be compared with certificate content. Either an attribute or an expression must be provided on creation, but not both. The default value is `""`.
+- `expression` (String) Glob expression to be matched with certificate content. Either an expression or an attribute must be provided on creation, but not both. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_client_profile.md b/docs/resources/msg_vpn_client_profile.md
new file mode 100644
index 00000000..797c6ccc
--- /dev/null
+++ b/docs/resources/msg_vpn_client_profile.md
@@ -0,0 +1,222 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_client_profile Resource - solacebroker"
+subcategory: ""
+description: |-
+  Client Profiles are used to assign common configuration properties to clients that have been successfully authorized.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  allowcutthroughforwardingenabled|||x|
+  apiqueuemanagementcopyfromoncreatename|||x|
+  apitopicendpointmanagementcopyfromoncreatename|||x|
+  clientprofilename|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_client_profile (Resource)
+
+Client Profiles are used to assign common configuration properties to clients that have been successfully authorized.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+allow_cut_through_forwarding_enabled|||x|
+api_queue_management_copy_from_on_create_name|||x|
+api_topic_endpoint_management_copy_from_on_create_name|||x|
+client_profile_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `client_profile_name` (String) The name of the Client Profile.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `allow_bridge_connections_enabled` (Boolean) Enable or disable allowing Bridge clients using the Client Profile to connect. Changing this setting does not affect existing Bridge client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `allow_guaranteed_endpoint_create_durability` (String) The types of Queues and Topic Endpoints that clients using the client-profile can create. Changing this value does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"all"`. The allowed values and their meaning are:
+
+<pre>
+"all" - Client can create any type of endpoint.
+"durable" - Client can create only durable endpoints.
+"non-durable" - Client can create only non-durable endpoints.
+</pre>
+ Available since SEMP API version 2.14.
+- `allow_guaranteed_endpoint_create_enabled` (Boolean) Enable or disable allowing clients using the Client Profile to create topic endpoints or queues. Changing this value does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `allow_guaranteed_msg_receive_enabled` (Boolean) Enable or disable allowing clients using the Client Profile to receive guaranteed messages. Changing this setting does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `allow_guaranteed_msg_send_enabled` (Boolean) Enable or disable allowing clients using the Client Profile to send guaranteed messages. Changing this setting does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `allow_shared_subscriptions_enabled` (Boolean) Enable or disable allowing shared subscriptions. Changing this setting does not affect existing subscriptions. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.11.
+- `allow_transacted_sessions_enabled` (Boolean) Enable or disable allowing clients using the Client Profile to establish transacted sessions. Changing this setting does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `api_queue_management_copy_from_on_create_template_name` (String) The name of a queue template to copy settings from when a new queue is created by a client using the Client Profile. If the referenced queue template does not exist, queue creation will fail when it tries to resolve this template. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.14.
+- `api_topic_endpoint_management_copy_from_on_create_template_name` (String) The name of a topic endpoint template to copy settings from when a new topic endpoint is created by a client using the Client Profile. If the referenced topic endpoint template does not exist, topic endpoint creation will fail when it tries to resolve this template. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.14.
+- `compression_enabled` (Boolean) Enable or disable allowing clients using the Client Profile to use compression. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.10.
+- `eliding_delay` (Number) The amount of time to delay the delivery of messages to clients using the Client Profile after the initial message has been delivered (the eliding delay interval), in milliseconds. A value of 0 means there is no delay in delivering messages to clients. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `eliding_enabled` (Boolean) Enable or disable message eliding for clients using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `eliding_max_topic_count` (Number) The maximum number of topics tracked for message eliding per client connection using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.
+- `event_client_provisioned_endpoint_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_client_provisioned_endpoint_spool_usage_threshold))
+- `event_connection_count_per_client_username_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_connection_count_per_client_username_threshold))
+- `event_egress_flow_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_egress_flow_count_threshold))
+- `event_endpoint_count_per_client_username_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_endpoint_count_per_client_username_threshold))
+- `event_ingress_flow_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_ingress_flow_count_threshold))
+- `event_service_smf_connection_count_per_client_username_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_smf_connection_count_per_client_username_threshold))
+- `event_service_web_connection_count_per_client_username_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_service_web_connection_count_per_client_username_threshold))
+- `event_subscription_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_subscription_count_threshold))
+- `event_transacted_session_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_transacted_session_count_threshold))
+- `event_transaction_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_transaction_count_threshold))
+- `max_connection_count_per_client_username` (Number) The maximum number of client connections per Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `max_egress_flow_count` (Number) The maximum number of transmit flows that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_endpoint_count_per_client_username` (Number) The maximum number of queues and topic endpoints that can be created by clients with the same Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_ingress_flow_count` (Number) The maximum number of receive flows that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_msgs_per_transaction` (Number) The maximum number of publisher and consumer messages combined that is allowed within a transaction for each client associated with this client-profile. Exceeding this limit will result in a transaction prepare or commit failure. Changing this value during operation will not affect existing sessions. It is only validated at transaction creation time. Large transactions consume more resources and are more likely to require retrieving messages from the ADB or from disk to process the transaction prepare or commit requests. The transaction processing rate may diminish if a large number of messages must be retrieved from the ADB or from disk. Care should be taken to not use excessively large transactions needlessly to avoid exceeding resource limits and to avoid reducing the overall broker performance. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`. Available since SEMP API version 2.20.
+- `max_subscription_count` (Number) The maximum number of subscriptions per client using the Client Profile. This limit is not enforced when a client adds a subscription to an endpoint, except for MQTT QoS 1 subscriptions. In addition, this limit is not enforced when a subscription is added using a management interface, such as CLI or SEMP. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `max_transacted_session_count` (Number) The maximum number of transacted sessions that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10`.
+- `max_transaction_count` (Number) The maximum number of transactions that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.
+- `queue_control1_max_depth` (Number) The maximum depth of the "Control 1" (C-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.
+- `queue_control1_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Control 1" (C-1) priority queue, regardless of the `queue_control1_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.
+- `queue_direct1_max_depth` (Number) The maximum depth of the "Direct 1" (D-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.
+- `queue_direct1_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Direct 1" (D-1) priority queue, regardless of the `queue_direct1_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.
+- `queue_direct2_max_depth` (Number) The maximum depth of the "Direct 2" (D-2) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.
+- `queue_direct2_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Direct 2" (D-2) priority queue, regardless of the `queue_direct2_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.
+- `queue_direct3_max_depth` (Number) The maximum depth of the "Direct 3" (D-3) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.
+- `queue_direct3_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Direct 3" (D-3) priority queue, regardless of the `queue_direct3_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.
+- `queue_guaranteed1_max_depth` (Number) The maximum depth of the "Guaranteed 1" (G-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.
+- `queue_guaranteed1_min_msg_burst` (Number) The number of messages that are always allowed entry into the "Guaranteed 1" (G-3) priority queue, regardless of the `queue_guaranteed1_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.
+- `reject_msg_to_sender_on_no_subscription_match_enabled` (Boolean) Enable or disable the sending of a negative acknowledgment (NACK) to a client using the Client Profile when discarding a guaranteed message due to no matching subscription found. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.2.
+- `replication_allow_client_connect_when_standby_enabled` (Boolean) Enable or disable allowing clients using the Client Profile to connect to the Message VPN when its replication state is standby. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `service_min_keepalive_timeout` (Number) The minimum client keepalive timeout which will be enforced for client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30`. Available since SEMP API version 2.19.
+- `service_smf_max_connection_count_per_client_username` (Number) The maximum number of SMF client connections per Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `service_smf_min_keepalive_enabled` (Boolean) Enable or disable the enforcement of a minimum keepalive timeout for SMF clients. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.19.
+- `service_web_inactive_timeout` (Number) The timeout for inactive Web Transport client sessions using the Client Profile, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30`.
+- `service_web_max_connection_count_per_client_username` (Number) The maximum number of Web Transport client connections per Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `service_web_max_payload` (Number) The maximum Web Transport payload size before fragmentation occurs for clients using the Client Profile, in bytes. The size of the header is not included. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000000`.
+- `tcp_congestion_window_size` (Number) The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2`.
+- `tcp_keepalive_count` (Number) The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.
+- `tcp_keepalive_idle_time` (Number) The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `tcp_keepalive_interval` (Number) The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `tcp_max_segment_size` (Number) The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1460`.
+- `tcp_max_window_size` (Number) The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.
+- `tls_allow_downgrade_to_plain_text_enabled` (Boolean) Enable or disable allowing a client using the Client Profile to downgrade an encrypted connection to plain text. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.8.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+
+<a id="nestedatt--event_client_provisioned_endpoint_spool_usage_threshold"></a>
+### Nested Schema for `event_client_provisioned_endpoint_spool_usage_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_connection_count_per_client_username_threshold"></a>
+### Nested Schema for `event_connection_count_per_client_username_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_egress_flow_count_threshold"></a>
+### Nested Schema for `event_egress_flow_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_endpoint_count_per_client_username_threshold"></a>
+### Nested Schema for `event_endpoint_count_per_client_username_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_ingress_flow_count_threshold"></a>
+### Nested Schema for `event_ingress_flow_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_smf_connection_count_per_client_username_threshold"></a>
+### Nested Schema for `event_service_smf_connection_count_per_client_username_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_service_web_connection_count_per_client_username_threshold"></a>
+### Nested Schema for `event_service_web_connection_count_per_client_username_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_subscription_count_threshold"></a>
+### Nested Schema for `event_subscription_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_transacted_session_count_threshold"></a>
+### Nested Schema for `event_transacted_session_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_transaction_count_threshold"></a>
+### Nested Schema for `event_transaction_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/resources/msg_vpn_client_username.md b/docs/resources/msg_vpn_client_username.md
new file mode 100644
index 00000000..bc858bef
--- /dev/null
+++ b/docs/resources/msg_vpn_client_username.md
@@ -0,0 +1,54 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_client_username Resource - solacebroker"
+subcategory: ""
+description: |-
+  A client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  clientusername|x|||
+  msgvpn_name|x|||
+  password||x||x
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_client_username (Resource)
+
+A client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+client_username|x|||
+msg_vpn_name|x|||
+password||x||x
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `client_username` (String) The name of the Client Username.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `acl_profile_name` (String) The ACL Profile of the Client Username. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `client_profile_name` (String) The Client Profile of the Client Username. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `enabled` (Boolean) Enable or disable the Client Username. When disabled, all clients currently connected as the Client Username are disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `guaranteed_endpoint_permission_override_enabled` (Boolean) Enable or disable guaranteed endpoint permission override for the Client Username. When enabled all guaranteed endpoints may be accessed, modified or deleted with the same permission as the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `password` (String, Sensitive) The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `subscription_manager_enabled` (Boolean) Enable or disable the subscription management capability of the Client Username. This is the ability to manage subscriptions on behalf of other Client Usernames. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_client_username_attribute.md b/docs/resources/msg_vpn_client_username_attribute.md
new file mode 100644
index 00000000..5d4987ba
--- /dev/null
+++ b/docs/resources/msg_vpn_client_username_attribute.md
@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_client_username_attribute Resource - solacebroker"
+subcategory: ""
+description: |-
+  A ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  attributename|x|||
+  attributevalue|x|||
+  clientusername|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.27.
+---
+
+# solacebroker_msg_vpn_client_username_attribute (Resource)
+
+A ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+attribute_name|x|||
+attribute_value|x|||
+client_username|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.27.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `attribute_name` (String) The name of the Attribute.
+- `attribute_value` (String) The value of the Attribute.
+- `client_username` (String) The name of the Client Username.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_distributed_cache.md b/docs/resources/msg_vpn_distributed_cache.md
new file mode 100644
index 00000000..01d87e8c
--- /dev/null
+++ b/docs/resources/msg_vpn_distributed_cache.md
@@ -0,0 +1,56 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_distributed_cache Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_distributed_cache (Resource)
+
+A Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the Distributed Cache.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `cache_virtual_router` (String) The virtual router of the Distributed Cache. The default value is `"auto"`. The allowed values and their meaning are:
+
+<pre>
+"auto" - The Distributed Cache is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
+</pre>
+ Available since SEMP API version 2.28.
+- `enabled` (Boolean) Enable or disable the Distributed Cache. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `heartbeat` (Number) The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the message broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10`.
+- `scheduled_delete_msg_day_list` (String) The scheduled delete message day(s), specified as "daily" or a comma-separated list of days. Days must be specified as "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", or "Sat", with no spaces, and in sorted order from Sunday to Saturday. The empty-string ("") can also be specified, indicating no schedule is configured ("scheduled_delete_msg_time_list" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `scheduled_delete_msg_time_list` (String) The scheduled delete message time(s), specified as "hourly" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. The empty-string ("") can also be specified, indicating no schedule is configured ("scheduled_delete_msg_day_list" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_distributed_cache_cluster.md b/docs/resources/msg_vpn_distributed_cache_cluster.md
new file mode 100644
index 00000000..236ecc08
--- /dev/null
+++ b/docs/resources/msg_vpn_distributed_cache_cluster.md
@@ -0,0 +1,129 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_distributed_cache_cluster Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  clustername|x|||
+  msgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_distributed_cache_cluster (Resource)
+
+A Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+cluster_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the Distributed Cache.
+- `cluster_name` (String) The name of the Cache Cluster.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `deliver_to_one_override_enabled` (Boolean) Enable or disable deliver-to-one override for the Cache Cluster. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `enabled` (Boolean) Enable or disable the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_data_byte_rate_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_data_byte_rate_threshold))
+- `event_data_msg_rate_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_data_msg_rate_threshold))
+- `event_max_memory_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_max_memory_threshold))
+- `event_max_topics_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_max_topics_threshold))
+- `event_request_queue_depth_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_request_queue_depth_threshold))
+- `event_request_rate_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_request_rate_threshold))
+- `event_response_rate_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_response_rate_threshold))
+- `global_caching_enabled` (Boolean) Enable or disable global caching for the Cache Cluster. When enabled, the Cache Instances will fetch topics from remote Home Cache Clusters when requested, and subscribe to those topics to cache them locally. When disabled, the Cache Instances will remove all subscriptions and cached messages for topics from remote Home Cache Clusters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `global_caching_heartbeat` (Number) The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the remote Home Cache Clusters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `global_caching_topic_lifetime` (Number) The topic lifetime, in seconds. If no client requests are received for a given global topic over the duration of the topic lifetime, then the Cache Instance will remove the subscription and cached messages for that topic. A value of 0 disables aging. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3600`.
+- `max_memory` (Number) The maximum memory usage, in megabytes (MB), for each Cache Instance in the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2048`.
+- `max_msgs_per_topic` (Number) The maximum number of messages per topic for each Cache Instance in the Cache Cluster. When at the maximum, old messages are removed as new messages arrive. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `max_request_queue_depth` (Number) The maximum queue depth for cache requests received by the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `100000`.
+- `max_topic_count` (Number) The maximum number of topics for each Cache Instance in the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2000000`.
+- `msg_lifetime` (Number) The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the Cache Instance will remove the message. A lifetime of 0 results in the message being retained indefinitely. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `new_topic_advertisement_enabled` (Boolean) Enable or disable the advertising, onto the message bus, of new topics learned by each Cache Instance in the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+
+<a id="nestedatt--event_data_byte_rate_threshold"></a>
+### Nested Schema for `event_data_byte_rate_threshold`
+
+Optional:
+
+- `clear_value` (Number) The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
+- `set_value` (Number) The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_data_msg_rate_threshold"></a>
+### Nested Schema for `event_data_msg_rate_threshold`
+
+Optional:
+
+- `clear_value` (Number) The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
+- `set_value` (Number) The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_max_memory_threshold"></a>
+### Nested Schema for `event_max_memory_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_max_topics_threshold"></a>
+### Nested Schema for `event_max_topics_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_request_queue_depth_threshold"></a>
+### Nested Schema for `event_request_queue_depth_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_request_rate_threshold"></a>
+### Nested Schema for `event_request_rate_threshold`
+
+Optional:
+
+- `clear_value` (Number) The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
+- `set_value` (Number) The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.
+
+
+<a id="nestedatt--event_response_rate_threshold"></a>
+### Nested Schema for `event_response_rate_threshold`
+
+Optional:
+
+- `clear_value` (Number) The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.
+- `set_value` (Number) The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.
diff --git a/docs/resources/msg_vpn_distributed_cache_cluster_global_caching_home_cluster.md b/docs/resources/msg_vpn_distributed_cache_cluster_global_caching_home_cluster.md
new file mode 100644
index 00000000..a98c7b9e
--- /dev/null
+++ b/docs/resources/msg_vpn_distributed_cache_cluster_global_caching_home_cluster.md
@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_distributed_cache_cluster_global_caching_home_cluster Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Home Cache Cluster is a Cache Cluster that is the "definitive" Cache Cluster for a given topic in the context of the Global Caching feature.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  clustername|x|||
+  homeclustername|x|||
+  msgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_distributed_cache_cluster_global_caching_home_cluster (Resource)
+
+A Home Cache Cluster is a Cache Cluster that is the "definitive" Cache Cluster for a given topic in the context of the Global Caching feature.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+cluster_name|x|||
+home_cluster_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the Distributed Cache.
+- `cluster_name` (String) The name of the Cache Cluster.
+- `home_cluster_name` (String) The name of the remote Home Cache Cluster.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix.md b/docs/resources/msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix.md
new file mode 100644
index 00000000..7658e2e4
--- /dev/null
+++ b/docs/resources/msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix.md
@@ -0,0 +1,52 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  clustername|x|||
+  homeclustername|x|||
+  msgvpnname|x|||
+  topic_prefix|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix (Resource)
+
+A Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+cluster_name|x|||
+home_cluster_name|x|||
+msg_vpn_name|x|||
+topic_prefix|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the Distributed Cache.
+- `cluster_name` (String) The name of the Cache Cluster.
+- `home_cluster_name` (String) The name of the remote Home Cache Cluster.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `topic_prefix` (String) A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_distributed_cache_cluster_instance.md b/docs/resources/msg_vpn_distributed_cache_cluster_instance.md
new file mode 100644
index 00000000..0229a0a0
--- /dev/null
+++ b/docs/resources/msg_vpn_distributed_cache_cluster_instance.md
@@ -0,0 +1,55 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_distributed_cache_cluster_instance Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  clustername|x|||
+  instancename|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_distributed_cache_cluster_instance (Resource)
+
+A Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+cluster_name|x|||
+instance_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the Distributed Cache.
+- `cluster_name` (String) The name of the Cache Cluster.
+- `instance_name` (String) The name of the Cache Instance.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `auto_start_enabled` (Boolean) Enable or disable auto-start for the Cache Instance. When enabled, the Cache Instance will automatically attempt to transition from the Stopped operational state to Up whenever it restarts or reconnects to the message broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `enabled` (Boolean) Enable or disable the Cache Instance. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `stop_on_lost_msg_enabled` (Boolean) Enable or disable stop-on-lost-message for the Cache Instance. When enabled, the Cache Instance will transition to the stopped operational state upon losing a message. When stopped, it cannot accept or respond to cache requests, but continues to cache messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_distributed_cache_cluster_topic.md b/docs/resources/msg_vpn_distributed_cache_cluster_topic.md
new file mode 100644
index 00000000..6113181d
--- /dev/null
+++ b/docs/resources/msg_vpn_distributed_cache_cluster_topic.md
@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_distributed_cache_cluster_topic Resource - solacebroker"
+subcategory: ""
+description: |-
+  The Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  clustername|x|||
+  msgvpnname|x|||
+  topic|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_distributed_cache_cluster_topic (Resource)
+
+The Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+cluster_name|x|||
+msg_vpn_name|x|||
+topic|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the Distributed Cache.
+- `cluster_name` (String) The name of the Cache Cluster.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `topic` (String) The value of the Topic in the form a/b/c.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_dmr_bridge.md b/docs/resources/msg_vpn_dmr_bridge.md
new file mode 100644
index 00000000..57a7017d
--- /dev/null
+++ b/docs/resources/msg_vpn_dmr_bridge.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_dmr_bridge Resource - solacebroker"
+subcategory: ""
+description: |-
+  A DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  remotenodename|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_dmr_bridge (Resource)
+
+A DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+remote_node_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `remote_node_name` (String) The name of the node at the remote end of the DMR Bridge.
+
+### Optional
+
+- `remote_msg_vpn_name` (String) The remote Message VPN of the DMR Bridge. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_jndi_connection_factory.md b/docs/resources/msg_vpn_jndi_connection_factory.md
new file mode 100644
index 00000000..7d1feb7f
--- /dev/null
+++ b/docs/resources/msg_vpn_jndi_connection_factory.md
@@ -0,0 +1,90 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_jndi_connection_factory Resource - solacebroker"
+subcategory: ""
+description: |-
+  The message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  connectionfactoryname|x|||
+  msgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.2.
+---
+
+# solacebroker_msg_vpn_jndi_connection_factory (Resource)
+
+The message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+connection_factory_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.2.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `connection_factory_name` (String) The name of the JMS Connection Factory.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `allow_duplicate_client_id_enabled` (Boolean) Enable or disable whether new JMS connections can use the same Client identifier (ID) as an existing connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.3.
+- `client_description` (String) The description of the Client. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `client_id` (String) The Client identifier (ID). If not specified, a unique value for it will be generated. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `dto_receive_override_enabled` (Boolean) Enable or disable overriding by the Subscriber (Consumer) of the deliver-to-one (DTO) property on messages. When enabled, the Subscriber can receive all DTO tagged messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `dto_receive_subscriber_local_priority` (Number) The priority for receiving deliver-to-one (DTO) messages by the Subscriber (Consumer) if the messages are published on the local broker that the Subscriber is directly connected to. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `dto_receive_subscriber_network_priority` (Number) The priority for receiving deliver-to-one (DTO) messages by the Subscriber (Consumer) if the messages are published on a remote broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `dto_send_enabled` (Boolean) Enable or disable the deliver-to-one (DTO) property on messages sent by the Publisher (Producer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `dynamic_endpoint_create_durable_enabled` (Boolean) Enable or disable whether a durable endpoint will be dynamically created on the broker when the client calls "Session.createDurableSubscriber()" or "Session.createQueue()". The created endpoint respects the message time-to-live (TTL) according to the "dynamic_endpoint_respect_ttl_enabled" property. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `dynamic_endpoint_respect_ttl_enabled` (Boolean) Enable or disable whether dynamically created durable and non-durable endpoints respect the message time-to-live (TTL) property. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `guaranteed_receive_ack_timeout` (Number) The timeout for sending the acknowledgment (ACK) for guaranteed messages received by the Subscriber (Consumer), in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `guaranteed_receive_reconnect_retry_count` (Number) The maximum number of attempts to reconnect to the host or list of hosts after the guaranteed  messaging connection has been lost. The value "-1" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`. Available since SEMP API version 2.14.
+- `guaranteed_receive_reconnect_retry_wait` (Number) The amount of time to wait before making another attempt to connect or reconnect to the host after the guaranteed messaging connection has been lost, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`. Available since SEMP API version 2.14.
+- `guaranteed_receive_window_size` (Number) The size of the window for guaranteed messages received by the Subscriber (Consumer), in messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `18`.
+- `guaranteed_receive_window_size_ack_threshold` (Number) The threshold for sending the acknowledgment (ACK) for guaranteed messages received by the Subscriber (Consumer) as a percentage of `guaranteed_receive_window_size`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `60`.
+- `guaranteed_send_ack_timeout` (Number) The timeout for receiving the acknowledgment (ACK) for guaranteed messages sent by the Publisher (Producer), in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2000`.
+- `guaranteed_send_window_size` (Number) The size of the window for non-persistent guaranteed messages sent by the Publisher (Producer), in messages. For persistent messages the window size is fixed at 1. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.
+- `messaging_default_delivery_mode` (String) The default delivery mode for messages sent by the Publisher (Producer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"persistent"`. The allowed values and their meaning are:
+
+<pre>
+"persistent" - The broker spools messages (persists in the Message Spool) as part of the send operation.
+"non-persistent" - The broker does not spool messages (does not persist in the Message Spool) as part of the send operation.
+</pre>
+- `messaging_default_dmq_eligible_enabled` (Boolean) Enable or disable whether messages sent by the Publisher (Producer) are Dead Message Queue (DMQ) eligible by default. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `messaging_default_eliding_eligible_enabled` (Boolean) Enable or disable whether messages sent by the Publisher (Producer) are Eliding eligible by default. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `messaging_jmsx_user_id_enabled` (Boolean) Enable or disable inclusion (adding or replacing) of the JMSXUserID property in messages sent by the Publisher (Producer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `messaging_text_in_xml_payload_enabled` (Boolean) Enable or disable encoding of JMS text messages in Publisher (Producer) messages as XML payload. When disabled, JMS text messages are encoded as a binary attachment. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `transport_compression_level` (Number) The ZLIB compression level for the connection to the broker. The value "0" means no compression, and the value "-1" means the compression level is specified in the JNDI Properties file. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`.
+- `transport_connect_retry_count` (Number) The maximum number of retry attempts to establish an initial connection to the host or list of hosts. The value "0" means a single attempt (no retries), and the value "-1" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `transport_connect_retry_per_host_count` (Number) The maximum number of retry attempts to establish an initial connection to each host on the list of hosts. The value "0" means a single attempt (no retries), and the value "-1" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `transport_connect_timeout` (Number) The timeout for establishing an initial connection to the broker, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30000`.
+- `transport_direct_transport_enabled` (Boolean) Enable or disable usage of Direct Transport mode. When enabled, NON-PERSISTENT messages are sent as direct messages and non-durable topic consumers and temporary queue consumers consume using direct subscriptions rather than from guaranteed endpoints. If disabled all messaging uses guaranteed transport. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `transport_keepalive_count` (Number) The maximum number of consecutive application-level keepalive messages sent without the broker response before the connection to the broker is closed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `transport_keepalive_enabled` (Boolean) Enable or disable usage of application-level keepalive messages to maintain a connection with the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `transport_keepalive_interval` (Number) The interval between application-level keepalive messages, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`.
+- `transport_msg_callback_on_io_thread_enabled` (Boolean) Enable or disable delivery of asynchronous messages directly from the I/O thread. Contact support before enabling this property. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `transport_optimize_direct_enabled` (Boolean) Enable or disable optimization for the Direct Transport delivery mode. If enabled, the client application is limited to one Publisher (Producer) and one non-durable Subscriber (Consumer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `transport_port` (Number) The connection port number on the broker for SMF clients. The value "-1" means the port is specified in the JNDI Properties file. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`.
+- `transport_read_timeout` (Number) The timeout for reading a reply from the broker, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.
+- `transport_receive_buffer_size` (Number) The size of the receive socket buffer, in bytes. It corresponds to the SO_RCVBUF socket option. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `65536`.
+- `transport_reconnect_retry_count` (Number) The maximum number of attempts to reconnect to the host or list of hosts after the connection has been lost. The value "-1" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `transport_reconnect_retry_wait` (Number) The amount of time before making another attempt to connect or reconnect to the host after the connection has been lost, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`.
+- `transport_send_buffer_size` (Number) The size of the send socket buffer, in bytes. It corresponds to the SO_SNDBUF socket option. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `65536`.
+- `transport_tcp_no_delay_enabled` (Boolean) Enable or disable the TCP_NODELAY option. When enabled, Nagle's algorithm for TCP/IP congestion control (RFC 896) is disabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `xa_enabled` (Boolean) Enable or disable this as an XA Connection Factory. When enabled, the Connection Factory can be cast to "XAConnectionFactory", "XAQueueConnectionFactory" or "XATopicConnectionFactory". Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_jndi_queue.md b/docs/resources/msg_vpn_jndi_queue.md
new file mode 100644
index 00000000..6e951326
--- /dev/null
+++ b/docs/resources/msg_vpn_jndi_queue.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_jndi_queue Resource - solacebroker"
+subcategory: ""
+description: |-
+  The message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  queue_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.2.
+---
+
+# solacebroker_msg_vpn_jndi_queue (Resource)
+
+The message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+queue_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.2.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_name` (String) The JNDI name of the JMS Queue.
+
+### Optional
+
+- `physical_name` (String) The physical name of the JMS Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_jndi_topic.md b/docs/resources/msg_vpn_jndi_topic.md
new file mode 100644
index 00000000..12923215
--- /dev/null
+++ b/docs/resources/msg_vpn_jndi_topic.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_jndi_topic Resource - solacebroker"
+subcategory: ""
+description: |-
+  The message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  topic_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.2.
+---
+
+# solacebroker_msg_vpn_jndi_topic (Resource)
+
+The message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+topic_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.2.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `topic_name` (String) The JNDI name of the JMS Topic.
+
+### Optional
+
+- `physical_name` (String) The physical name of the JMS Topic. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_kafka_receiver.md b/docs/resources/msg_vpn_kafka_receiver.md
new file mode 100644
index 00000000..5c9bfbb8
--- /dev/null
+++ b/docs/resources/msg_vpn_kafka_receiver.md
@@ -0,0 +1,101 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_kafka_receiver Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Kafka Receiver receives messages from a Kafka Cluster.
+  WARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationbasicpassword||x||x
+  authenticationclientcertcontent||x||x
+  authenticationclientcertpassword||x||
+  authenticationoauthclientsecret||x||x
+  authenticationscrampassword||x||x
+  kafkareceivername|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.36.
+---
+
+# solacebroker_msg_vpn_kafka_receiver (Resource)
+
+A Kafka Receiver receives messages from a Kafka Cluster.
+
+WARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_basic_password||x||x
+authentication_client_cert_content||x||x
+authentication_client_cert_password||x||
+authentication_oauth_client_secret||x||x
+authentication_scram_password||x||x
+kafka_receiver_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.36.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `kafka_receiver_name` (String) The name of the Kafka Receiver.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `authentication_basic_password` (String, Sensitive) The password for the Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_basic_username` (String) The username the Kafka Receiver uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_client_cert_content` (String, Sensitive) The PEM formatted content for the client certificate used by the Kafka Receiver to login to the remote Kafka broker. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `""`.
+- `authentication_client_cert_password` (String, Sensitive) The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `""`.
+- `authentication_oauth_client_id` (String) The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_oauth_client_scope` (String) The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_oauth_client_secret` (String, Sensitive) The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_oauth_client_token_endpoint` (String) The OAuth token endpoint URL that the Kafka Receiver will use to request a token for login to the Kafka broker. Must begin with "https". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_scheme` (String) The authentication scheme for the Kafka Receiver. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - Anonymous Authentication.
+"basic" - Basic Authentication.
+"scram" - Salted Challenge Response Authentication.
+"client-certificate" - Client Certificate Authentication.
+"oauth-client" - Oauth Authentication.
+</pre>
+- `authentication_scram_hash` (String) The hash used for SCRAM authentication. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"sha-512"`. The allowed values and their meaning are:
+
+<pre>
+"sha-256" - SHA-2 256 bits.
+"sha-512" - SHA-2 512 bits.
+</pre>
+- `authentication_scram_password` (String, Sensitive) The password for the Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_scram_username` (String) The username the Kafka Receiver uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `batch_delay` (Number) Delay (in ms) to wait to accumulate a batch of messages to receive. Batching is done on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `500`.
+- `batch_max_size` (Number) Maximum size of a message batch, in bytes (B). Batching is done on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `bootstrap_address_list` (String) Comma separated list of addresses (and optional ports) of brokers in the Kafka Cluster from which the state of the entire Kafka Cluster can be learned. If a port is not provided with an address it will default to 9092. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `enabled` (Boolean) Enable or disable the Kafka Receiver. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `group_id` (String) The id of the Kafka consumer group for the Receiver. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `group_keepalive_interval` (Number) The time between sending keepalives to the group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`.
+- `group_keepalive_timeout` (Number) The time until unresponsive group members are removed, triggering a partition rebalance across other members of the group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `45000`.
+- `group_membership_type` (String) The membership type of the Kafka consumer group for the Receiver. Static members can leave and rejoin the group (within group_keepalive_timeout) without prompting a group rebalance. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"dynamic"`. The allowed values and their meaning are:
+
+<pre>
+"dynamic" - Dynamic Membership.
+"static" - Static Membership.
+</pre>
+- `group_partition_scheme_list` (String) The ordered, comma-separated list of schemes used for partition assignment of the consumer group for this Receiver. Both Eager ("range", "roundrobin") and Cooperative ("cooperative-sticky") schemes are supported. The elected group leader will choose the first common strategy provided by all members of the group. Eager and Cooperative schemes must not be mixed. For more information on these schemes, see Kafka documentation. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"range,roundrobin"`.
+- `metadata_topic_exclude_list` (String) A comma-separated list of regular expressions. Any matching topic names will be ignored in broker metadata. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `metadata_topic_refresh_interval` (Number) The time between refreshes of topic metadata from the Kafka Cluster. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30000`.
+- `transport_tls_enabled` (Boolean) Enable or disable encryption (TLS) for the Kafka Receiver. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_kafka_receiver_topic_binding.md b/docs/resources/msg_vpn_kafka_receiver_topic_binding.md
new file mode 100644
index 00000000..f5e7dd1b
--- /dev/null
+++ b/docs/resources/msg_vpn_kafka_receiver_topic_binding.md
@@ -0,0 +1,62 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_kafka_receiver_topic_binding Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Topic Binding receives messages from a remote Kafka Topic.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  kafkareceivername|x|||
+  msgvpnname|x|||
+  topic_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.36.
+---
+
+# solacebroker_msg_vpn_kafka_receiver_topic_binding (Resource)
+
+A Topic Binding receives messages from a remote Kafka Topic.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+kafka_receiver_name|x|||
+msg_vpn_name|x|||
+topic_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.36.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `kafka_receiver_name` (String) The name of the Kafka Receiver.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `topic_name` (String) The name of the Topic.
+
+### Optional
+
+- `enabled` (Boolean) Enable or disable this topic binding of the Kafka Receiver. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `initial_offset` (String) The initial offset to consume from the Kafka Topic if no member of the group has consumed and committed any offset already, or if the last committed offset has been deleted. Offsets are unique per partition. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"end"`. The allowed values and their meaning are:
+
+<pre>
+"beginning" - Start with the earliest offset available.
+"end" - Start with new offsets only.
+</pre>
+- `local_key` (String) The Substitution Expression used to generate the key for each message received from Kafka. This expression can include fields extracted from the metadata of each individual Kafka message as it is received from the Kafka Topic.
+
+If empty, no key is included for each message as it is published into Solace. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `local_topic` (String) The Substitution Expression used to generate the Solace Topic for each message received from Kafka. This expression can include data extracted from the metadata of each individual Kafka message as it is received from the Kafka Topic.
+
+If empty, the Topic Binding will not be operational. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_kafka_sender.md b/docs/resources/msg_vpn_kafka_sender.md
new file mode 100644
index 00000000..8240d05e
--- /dev/null
+++ b/docs/resources/msg_vpn_kafka_sender.md
@@ -0,0 +1,101 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_kafka_sender Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Kafka Sender sends messages to a Kafka Cluster.
+  WARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationbasicpassword||x||x
+  authenticationclientcertcontent||x||x
+  authenticationclientcertpassword||x||
+  authenticationoauthclientsecret||x||x
+  authenticationscrampassword||x||x
+  kafkasendername|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.36.
+---
+
+# solacebroker_msg_vpn_kafka_sender (Resource)
+
+A Kafka Sender sends messages to a Kafka Cluster.
+
+WARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_basic_password||x||x
+authentication_client_cert_content||x||x
+authentication_client_cert_password||x||
+authentication_oauth_client_secret||x||x
+authentication_scram_password||x||x
+kafka_sender_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.36.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `kafka_sender_name` (String) The name of the Kafka Sender.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `authentication_basic_password` (String, Sensitive) The password for the Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_basic_username` (String) The username the Kafka Sender uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_client_cert_content` (String, Sensitive) The PEM formatted content for the client certificate used by the Kafka Sender to login to the remote Kafka broker. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `""`.
+- `authentication_client_cert_password` (String, Sensitive) The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `""`.
+- `authentication_oauth_client_id` (String) The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_oauth_client_scope` (String) The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_oauth_client_secret` (String, Sensitive) The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_oauth_client_token_endpoint` (String) The OAuth token endpoint URL that the Kafka Sender will use to request a token for login to the Kafka broker. Must begin with "https". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_scheme` (String) The authentication scheme for the Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - Anonymous Authentication.
+"basic" - Basic Authentication.
+"scram" - Salted Challenge Response Authentication.
+"client-certificate" - Client Certificate Authentication.
+"oauth-client" - Oauth Authentication.
+</pre>
+- `authentication_scram_hash` (String) The hash used for SCRAM authentication. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"sha-512"`. The allowed values and their meaning are:
+
+<pre>
+"sha-256" - SHA-2 256 bits.
+"sha-512" - SHA-2 512 bits.
+</pre>
+- `authentication_scram_password` (String, Sensitive) The password for the Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_scram_username` (String) The username the Kafka Sender uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `batch_delay` (Number) Delay (in ms) to wait to accumulate a batch of messages to send. Batching is done for all Senders on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.
+- `batch_max_msg_count` (Number) Maximum number of messages sent in a single batch. Batching is done for all Senders on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.
+- `batch_max_size` (Number) Maximum size of a message batch, in bytes (B). Batching is done for all Senders on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000000`.
+- `bootstrap_address_list` (String) Comma separated list of addresses (and optional ports) of brokers in the Kafka Cluster from which the state of the entire Kafka Cluster can be learned. If a port is not provided with an address it will default to 9092. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `enabled` (Boolean) Enable or disable the Kafka Sender. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `idempotence_enabled` (Boolean) Enable or disable idempotence for the Kafka Sender. Idempotence guarantees in order at-least-once message delivery to the remote Kafka Topic, at the expense of performance. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `transport_compression_enabled` (Boolean) Enable or disable compression for the Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `transport_compression_level` (Number) Compression level. The valid range is dependent on the compression type. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`.
+- `transport_compression_type` (String) Compression type. Only relevant if compression is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"gzip"`. The allowed values and their meaning are:
+
+<pre>
+"gzip" - GZIP Compression.
+"snappy" - Snappy Compression.
+"lz4" - LZ4 Compression.
+"zstd" - Zstandard Compression.
+</pre>
+- `transport_tls_enabled` (Boolean) Enable or disable encryption (TLS) for the Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_kafka_sender_queue_binding.md b/docs/resources/msg_vpn_kafka_sender_queue_binding.md
new file mode 100644
index 00000000..0fb1c34f
--- /dev/null
+++ b/docs/resources/msg_vpn_kafka_sender_queue_binding.md
@@ -0,0 +1,79 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_kafka_sender_queue_binding Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Queue Binding sends messages from a local Solace Queue to a remote Kafka topic.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  kafkasendername|x|||
+  msgvpnname|x|||
+  queue_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.36.
+---
+
+# solacebroker_msg_vpn_kafka_sender_queue_binding (Resource)
+
+A Queue Binding sends messages from a local Solace Queue to a remote Kafka topic.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+kafka_sender_name|x|||
+msg_vpn_name|x|||
+queue_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.36.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `kafka_sender_name` (String) The name of the Kafka Sender.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_name` (String) The name of the Queue.
+
+### Optional
+
+- `ack_mode` (String) The number of acks required from the remote Kafka broker. When "none" messages are delivered at-most-once. When "one" or "all" messages are delivered at-least-once but may be reordered. This is overridden to "all" for an idempotent Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"all"`. The allowed values and their meaning are:
+
+<pre>
+"none" - No Acks.
+"one" - Leader Ack Only.
+"all" - All Replica Acks.
+</pre>
+- `enabled` (Boolean) Enable or disable this queue binding of the Kafka Sender. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `partition_consistent_hash` (String) The hash algorithm to use for consistent partition selection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"crc"`. The allowed values and their meaning are:
+
+<pre>
+"crc" - CRC Hash.
+"murmur2" - Murmer2 Hash.
+"fnv1a" - Fowler-Noll-Vo 1a Hash.
+</pre>
+- `partition_explicit_number` (Number) The partition number to use for explicit partition selection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `partition_random_fallback_enabled` (Boolean) Enable or disable fallback to the random partition selection scheme when the consistent partition scheme is being used but no partition key is available for the message. When enabled a random partition will be selected for each unkeyed messages, otherwise some partition will be selected for groups of unkeyed messages. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `partition_scheme` (String) The partitioning scheme used to select a partition of the topic on the Kafka cluster to send messages to. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"consistent"`. The allowed values and their meaning are:
+
+<pre>
+"consistent" - Select a consistent partition for each key value. A hash of the key will be used to select the partition number.
+"explicit" - Select an explicit partition independent of key value.
+"random" - Select a random partition independent of key value.
+</pre>
+- `remote_key` (String) The Substitution Expression used to generate the key for each message sent to Kafka. This expression can include fields extracted from the metadata of each individual Solace message as it is taken from the Solace Queue.
+
+If empty, no key is included for each message as it is published into Kafka. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `remote_topic` (String) The Kafka Topic on the Kafka Cluster to send each message taken from the Solace Queue to.
+
+If empty, the Queue Binding will not be operational. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_mqtt_retain_cache.md b/docs/resources/msg_vpn_mqtt_retain_cache.md
new file mode 100644
index 00000000..c3c389a3
--- /dev/null
+++ b/docs/resources/msg_vpn_mqtt_retain_cache.md
@@ -0,0 +1,48 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_mqtt_retain_cache Resource - solacebroker"
+subcategory: ""
+description: |-
+  Using MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  cachename|x|||
+  msgvpn_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.11.
+---
+
+# solacebroker_msg_vpn_mqtt_retain_cache (Resource)
+
+Using MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+cache_name|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.11.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cache_name` (String) The name of the MQTT Retain Cache.
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `enabled` (Boolean) Enable or disable this MQTT Retain Cache. When the cache is disabled, neither retain messages nor retain requests will be delivered by the cache. However, live retain messages will continue to be delivered to currently connected MQTT clients. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `msg_lifetime` (Number) The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the cache will remove the message. A lifetime of 0 results in the message being retained indefinitely, otherwise it must be 3 seconds or more. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_mqtt_session.md b/docs/resources/msg_vpn_mqtt_session.md
new file mode 100644
index 00000000..c9b404ee
--- /dev/null
+++ b/docs/resources/msg_vpn_mqtt_session.md
@@ -0,0 +1,111 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_mqtt_session Resource - solacebroker"
+subcategory: ""
+description: |-
+  An MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  mqttsessionclientid|x|||
+  mqttsessionvirtualrouter|x|||
+  msgvpnname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.1.
+---
+
+# solacebroker_msg_vpn_mqtt_session (Resource)
+
+An MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+mqtt_session_client_id|x|||
+mqtt_session_virtual_router|x|||
+msg_vpn_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.1.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `mqtt_session_client_id` (String) The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.
+- `mqtt_session_virtual_router` (String) The virtual router of the MQTT Session. The allowed values and their meaning are:
+
+<pre>
+"primary" - The MQTT Session belongs to the primary virtual router.
+"backup" - The MQTT Session belongs to the backup virtual router.
+"auto" - The MQTT Session is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
+</pre>
+- `msg_vpn_name` (String) The name of the Message VPN.
+
+### Optional
+
+- `enabled` (Boolean) Enable or disable the MQTT Session. When disabled, the client is disconnected, new messages matching QoS 0 subscriptions are discarded, and new messages matching QoS 1 subscriptions are stored for future delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `owner` (String) The owner of the MQTT Session. For externally-created sessions this defaults to the Client Username of the connecting client. For management-created sessions this defaults to empty. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `queue_consumer_ack_propagation_enabled` (Boolean) Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.14.
+- `queue_dead_msg_queue` (String) The name of the Dead Message Queue (DMQ) used by the MQTT Session Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#DEAD_MSG_QUEUE"`. Available since SEMP API version 2.14.
+- `queue_event_bind_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--queue_event_bind_count_threshold))
+- `queue_event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--queue_event_msg_spool_usage_threshold))
+- `queue_event_reject_low_priority_msg_limit_threshold` (Attributes) (see [below for nested schema](#nestedatt--queue_event_reject_low_priority_msg_limit_threshold))
+- `queue_max_bind_count` (Number) The maximum number of consumer flows that can bind to the MQTT Session Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.14.
+- `queue_max_delivered_unacked_msgs_per_flow` (Number) The maximum number of messages delivered but not acknowledged per flow for the MQTT Session Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`. Available since SEMP API version 2.14.
+- `queue_max_msg_size` (Number) The maximum message size allowed in the MQTT Session Queue, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`. Available since SEMP API version 2.14.
+- `queue_max_msg_spool_usage` (Number) The maximum message spool usage allowed by the MQTT Session Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`. Available since SEMP API version 2.14.
+- `queue_max_redelivery_count` (Number) The maximum number of times the MQTT Session Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.14.
+- `queue_max_ttl` (Number) The maximum time in seconds a message can stay in the MQTT Session Queue when `queue_respect_ttl_enabled` is `"true"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `queue_max_ttl` configured for the MQTT Session Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.14.
+- `queue_reject_low_priority_msg_enabled` (Boolean) Enable or disable the checking of low priority messages against the `queue_reject_low_priority_msg_limit`. This may only be enabled if `queue_reject_msg_to_sender_on_discard_behavior` does not have a value of `"never"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.14.
+- `queue_reject_low_priority_msg_limit` (Number) The number of messages of any priority in the MQTT Session Queue above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.14.
+- `queue_reject_msg_to_sender_on_discard_behavior` (String) Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as queue_reject_low_priority_msg_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"when-queue-enabled"`. The allowed values and their meaning are:
+
+<pre>
+"never" - Silently discard messages.
+"when-queue-enabled" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.
+"always" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.
+</pre>
+ Available since SEMP API version 2.14.
+- `queue_respect_ttl_enabled` (Boolean) Enable or disable the respecting of the time-to-live (TTL) for messages in the MQTT Session Queue. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.14.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+
+<a id="nestedatt--queue_event_bind_count_threshold"></a>
+### Nested Schema for `queue_event_bind_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--queue_event_msg_spool_usage_threshold"></a>
+### Nested Schema for `queue_event_msg_spool_usage_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--queue_event_reject_low_priority_msg_limit_threshold"></a>
+### Nested Schema for `queue_event_reject_low_priority_msg_limit_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/resources/msg_vpn_mqtt_session_subscription.md b/docs/resources/msg_vpn_mqtt_session_subscription.md
new file mode 100644
index 00000000..bfb4c374
--- /dev/null
+++ b/docs/resources/msg_vpn_mqtt_session_subscription.md
@@ -0,0 +1,59 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_mqtt_session_subscription Resource - solacebroker"
+subcategory: ""
+description: |-
+  An MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  mqttsessionclientid|x|||
+  mqttsessionvirtualrouter|x|||
+  msgvpnname|x|||
+  subscription_topic|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.1.
+---
+
+# solacebroker_msg_vpn_mqtt_session_subscription (Resource)
+
+An MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+mqtt_session_client_id|x|||
+mqtt_session_virtual_router|x|||
+msg_vpn_name|x|||
+subscription_topic|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.1.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `mqtt_session_client_id` (String) The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.
+- `mqtt_session_virtual_router` (String) The virtual router of the MQTT Session. The allowed values and their meaning are:
+
+<pre>
+"primary" - The MQTT Session belongs to the primary virtual router.
+"backup" - The MQTT Session belongs to the backup virtual router.
+"auto" - The MQTT Session is automatically assigned a virtual router at creation, depending on the broker's active-standby role.
+</pre>
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `subscription_topic` (String) The MQTT subscription topic.
+
+### Optional
+
+- `subscription_qos` (Number) The quality of service (QoS) for the subscription as either 0 (deliver at most once) or 1 (deliver at least once). QoS 2 is not supported, but QoS 2 messages attracted by QoS 0 or QoS 1 subscriptions are accepted and delivered accordingly. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_proxy.md b/docs/resources/msg_vpn_proxy.md
new file mode 100644
index 00000000..8de066ec
--- /dev/null
+++ b/docs/resources/msg_vpn_proxy.md
@@ -0,0 +1,65 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_proxy Resource - solacebroker"
+subcategory: ""
+description: |-
+  Proxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationbasicpassword||x||x
+  msgvpnname|x|||
+  proxy_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.36.
+---
+
+# solacebroker_msg_vpn_proxy (Resource)
+
+Proxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_basic_password||x||x
+msg_vpn_name|x|||
+proxy_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.36.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `proxy_name` (String) The name of the proxy.
+
+### Optional
+
+- `authentication_basic_password` (String, Sensitive) The password to use with basic authentication. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `authentication_basic_username` (String) The username to use with basic authentication. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `authentication_scheme` (String) The authentication scheme used to connect to the proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - No authentication.
+"basic" - Username/password authentication.
+</pre>
+- `enabled` (Boolean) Enable or disable the proxy. When disabled, no connections are initiated to this particular Proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `host` (String) The IP address or host name of the proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `port` (Number) The port to connect to on the proxy host. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`.
+- `proxy_type` (String) The type of proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"direct"`. The allowed values and their meaning are:
+
+<pre>
+"direct" - Direct connection (no proxy).
+"http" - HTTP proxy.
+</pre>
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_queue.md b/docs/resources/msg_vpn_queue.md
new file mode 100644
index 00000000..2061e084
--- /dev/null
+++ b/docs/resources/msg_vpn_queue.md
@@ -0,0 +1,129 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_queue Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  queue_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_queue (Resource)
+
+A Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+queue_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_name` (String) The name of the Queue.
+
+### Optional
+
+- `access_type` (String) The access type for delivering messages to consumer flows bound to the Queue. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"exclusive"`. The allowed values and their meaning are:
+
+<pre>
+"exclusive" - Exclusive delivery of messages to the first bound consumer flow.
+"non-exclusive" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.
+</pre>
+- `consumer_ack_propagation_enabled` (Boolean) Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `dead_msg_queue` (String) The name of the Dead Message Queue (DMQ) used by the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#DEAD_MSG_QUEUE"`. Available since SEMP API version 2.2.
+- `delivery_count_enabled` (Boolean) Enable or disable the ability for client applications to query the message delivery count of messages received from the Queue. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.19.
+- `delivery_delay` (Number) The delay, in seconds, to apply to messages arriving on the Queue before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.22.
+- `egress_enabled` (Boolean) Enable or disable the transmission of messages from the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_bind_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_bind_count_threshold))
+- `event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_msg_spool_usage_threshold))
+- `event_reject_low_priority_msg_limit_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_reject_low_priority_msg_limit_threshold))
+- `ingress_enabled` (Boolean) Enable or disable the reception of messages to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `max_bind_count` (Number) The maximum number of consumer flows that can bind to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_delivered_unacked_msgs_per_flow` (Number) The maximum number of messages delivered but not acknowledged per flow for the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.
+- `max_msg_size` (Number) The maximum message size allowed in the Queue, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.
+- `max_msg_spool_usage` (Number) The maximum message spool usage allowed by the Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.
+- `max_redelivery_count` (Number) The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `max_ttl` (Number) The maximum time in seconds a message can stay in the Queue when `respect_ttl_enabled` is `"true"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `max_ttl` configured for the Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `owner` (String) The Client Username that owns the Queue and has permission equivalent to `"delete"`. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `partition_count` (Number) The count of partitions of the queue. Only relevant for queues with an access type of non-exclusive. When zero, bound clients receive messages round-robin. Otherwise, bound clients receive messages from individually assigned partitions. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.35.
+- `partition_rebalance_delay` (Number) The delay (in seconds) before a partition rebalance is started once needed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`. Available since SEMP API version 2.35.
+- `partition_rebalance_max_handoff_time` (Number) The maximum time (in seconds) to wait before handing off a partition while rebalancing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`. Available since SEMP API version 2.35.
+- `permission` (String) The permission level for all consumers of the Queue, excluding the owner. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"no-access"`. The allowed values and their meaning are:
+
+<pre>
+"no-access" - Disallows all access.
+"read-only" - Read-only access to the messages.
+"consume" - Consume (read and remove) messages.
+"modify-topic" - Consume messages or modify the topic/selector.
+"delete" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
+</pre>
+- `redelivery_delay_enabled` (Boolean) Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.33.
+- `redelivery_delay_initial_interval` (Number) The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.33.
+- `redelivery_delay_max_interval` (Number) The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since SEMP API version 2.33.
+- `redelivery_delay_multiplier` (Number) The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since SEMP API version 2.33.
+- `redelivery_enabled` (Boolean) Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max_redelivery_count. When disabled, the message will never be delivered from the queue more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.
+- `reject_low_priority_msg_enabled` (Boolean) Enable or disable the checking of low priority messages against the `reject_low_priority_msg_limit`. This may only be enabled if `reject_msg_to_sender_on_discard_behavior` does not have a value of `"never"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `reject_low_priority_msg_limit` (Number) The number of messages of any priority in the Queue above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `reject_msg_to_sender_on_discard_behavior` (String) Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as reject_low_priority_msg_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"when-queue-enabled"`. The allowed values and their meaning are:
+
+<pre>
+"never" - Silently discard messages.
+"when-queue-enabled" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.
+"always" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.
+</pre>
+ Available since SEMP API version 2.1.
+- `respect_msg_priority_enabled` (Boolean) Enable or disable the respecting of message priority. When enabled, messages contained in the Queue are delivered in priority order, from 9 (highest) to 0 (lowest). Regardless of this setting, message priority is not respected when browsing the queue, when the queue is used by a bridge, or if the queue is partitioned. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled and ingress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.8.
+- `respect_ttl_enabled` (Boolean) Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+
+<a id="nestedatt--event_bind_count_threshold"></a>
+### Nested Schema for `event_bind_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_msg_spool_usage_threshold"></a>
+### Nested Schema for `event_msg_spool_usage_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_reject_low_priority_msg_limit_threshold"></a>
+### Nested Schema for `event_reject_low_priority_msg_limit_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/resources/msg_vpn_queue_subscription.md b/docs/resources/msg_vpn_queue_subscription.md
new file mode 100644
index 00000000..bc017bf8
--- /dev/null
+++ b/docs/resources/msg_vpn_queue_subscription.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_queue_subscription Resource - solacebroker"
+subcategory: ""
+description: |-
+  One or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  queuename|x|||
+  subscriptiontopic|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_queue_subscription (Resource)
+
+One or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+queue_name|x|||
+subscription_topic|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_name` (String) The name of the Queue.
+- `subscription_topic` (String) The topic of the Subscription.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_queue_template.md b/docs/resources/msg_vpn_queue_template.md
new file mode 100644
index 00000000..ddddf123
--- /dev/null
+++ b/docs/resources/msg_vpn_queue_template.md
@@ -0,0 +1,128 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_queue_template Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Queue Template provides a mechanism for specifying the initial state for client created queues.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  queuetemplatename|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.14.
+---
+
+# solacebroker_msg_vpn_queue_template (Resource)
+
+A Queue Template provides a mechanism for specifying the initial state for client created queues.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+queue_template_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.14.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_template_name` (String) The name of the Queue Template.
+
+### Optional
+
+- `access_type` (String) The access type for delivering messages to consumer flows. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"exclusive"`. The allowed values and their meaning are:
+
+<pre>
+"exclusive" - Exclusive delivery of messages to the first bound consumer flow.
+"non-exclusive" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.
+</pre>
+- `consumer_ack_propagation_enabled` (Boolean) Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `dead_msg_queue` (String) The name of the Dead Message Queue (DMQ). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#DEAD_MSG_QUEUE"`.
+- `delivery_delay` (Number) The delay, in seconds, to apply to messages arriving on the Queue before the messages are eligible for delivery. This attribute does not apply to MQTT queues created from this template, but it may apply in future releases. Therefore, to maintain forward compatibility, do not set this value on templates that might be used for MQTT queues. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.22.
+- `durability_override` (String) Controls the durability of queues created from this template. If non-durable, the created queue will be non-durable, regardless of the specified durability. If none, the created queue will have the requested durability. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - The durability of the endpoint will be as requested on create.
+"non-durable" - The durability of the created queue will be non-durable, regardless of what was requested.
+</pre>
+- `event_bind_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_bind_count_threshold))
+- `event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_msg_spool_usage_threshold))
+- `event_reject_low_priority_msg_limit_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_reject_low_priority_msg_limit_threshold))
+- `max_bind_count` (Number) The maximum number of consumer flows that can bind. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `max_delivered_unacked_msgs_per_flow` (Number) The maximum number of messages delivered but not acknowledged per flow. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.
+- `max_msg_size` (Number) The maximum message size allowed, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.
+- `max_msg_spool_usage` (Number) The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.
+- `max_redelivery_count` (Number) The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `max_ttl` (Number) The maximum time in seconds a message can stay in a Queue when `respect_ttl_enabled` is `"true"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `max_ttl` configured for the Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `permission` (String) The permission level for all consumers, excluding the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"no-access"`. The allowed values and their meaning are:
+
+<pre>
+"no-access" - Disallows all access.
+"read-only" - Read-only access to the messages.
+"consume" - Consume (read and remove) messages.
+"modify-topic" - Consume messages or modify the topic/selector.
+"delete" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
+</pre>
+- `queue_name_filter` (String) A pattern used to determine which Queues use settings from this Template. Two different wildcards can be used in the pattern: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when used at the end, after a /. A * is only allowed at the end, after a slash (/). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `redelivery_delay_enabled` (Boolean) Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.33.
+- `redelivery_delay_initial_interval` (Number) The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.33.
+- `redelivery_delay_max_interval` (Number) The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since SEMP API version 2.33.
+- `redelivery_delay_multiplier` (Number) The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since SEMP API version 2.33.
+- `redelivery_enabled` (Boolean) Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max_redelivery_count. When disabled, the message will never be delivered from the queue more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.
+- `reject_low_priority_msg_enabled` (Boolean) Enable or disable the checking of low priority messages against the `reject_low_priority_msg_limit`. This may only be enabled if `reject_msg_to_sender_on_discard_behavior` does not have a value of `"never"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `reject_low_priority_msg_limit` (Number) The number of messages of any priority above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `reject_msg_to_sender_on_discard_behavior` (String) Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs prevent the message from being delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"when-queue-enabled"`. The allowed values and their meaning are:
+
+<pre>
+"never" - Silently discard messages.
+"when-queue-enabled" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.
+"always" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.
+</pre>
+- `respect_msg_priority_enabled` (Boolean) Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `respect_ttl_enabled` (Boolean) Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+
+<a id="nestedatt--event_bind_count_threshold"></a>
+### Nested Schema for `event_bind_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_msg_spool_usage_threshold"></a>
+### Nested Schema for `event_msg_spool_usage_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_reject_low_priority_msg_limit_threshold"></a>
+### Nested Schema for `event_reject_low_priority_msg_limit_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/resources/msg_vpn_replay_log.md b/docs/resources/msg_vpn_replay_log.md
new file mode 100644
index 00000000..d7c4ef30
--- /dev/null
+++ b/docs/resources/msg_vpn_replay_log.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_replay_log Resource - solacebroker"
+subcategory: ""
+description: |-
+  When the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  replaylogname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.10.
+---
+
+# solacebroker_msg_vpn_replay_log (Resource)
+
+When the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+replay_log_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.10.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `replay_log_name` (String) The name of the Replay Log.
+
+### Optional
+
+- `egress_enabled` (Boolean) Enable or disable the transmission of messages from the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `ingress_enabled` (Boolean) Enable or disable the reception of messages to the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `max_spool_usage` (Number) The maximum spool usage allowed by the Replay Log, in megabytes (MB). If this limit is exceeded, old messages will be trimmed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `topic_filter_enabled` (Boolean) Enable or disable topic filtering for the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.27.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_replay_log_topic_filter_subscription.md b/docs/resources/msg_vpn_replay_log_topic_filter_subscription.md
new file mode 100644
index 00000000..6a886b78
--- /dev/null
+++ b/docs/resources/msg_vpn_replay_log_topic_filter_subscription.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_replay_log_topic_filter_subscription Resource - solacebroker"
+subcategory: ""
+description: |-
+  One or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  replaylogname|x|||
+  topicfiltersubscription|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.27.
+---
+
+# solacebroker_msg_vpn_replay_log_topic_filter_subscription (Resource)
+
+One or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+replay_log_name|x|||
+topic_filter_subscription|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.27.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `replay_log_name` (String) The name of the Replay Log.
+- `topic_filter_subscription` (String) The topic of the Subscription.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_replicated_topic.md b/docs/resources/msg_vpn_replicated_topic.md
new file mode 100644
index 00000000..1dd02cb2
--- /dev/null
+++ b/docs/resources/msg_vpn_replicated_topic.md
@@ -0,0 +1,52 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_replicated_topic Resource - solacebroker"
+subcategory: ""
+description: |-
+  To indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  replicated_topic|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.1.
+---
+
+# solacebroker_msg_vpn_replicated_topic (Resource)
+
+To indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+replicated_topic|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.1.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `replicated_topic` (String) The topic for applying replication. Published messages matching this topic will be replicated to the standby site.
+
+### Optional
+
+- `replication_mode` (String) The replication mode for the Replicated Topic. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"async"`. The allowed values and their meaning are:
+
+<pre>
+"sync" - Messages are acknowledged when replicated (spooled remotely).
+"async" - Messages are acknowledged when pending replication (spooled locally).
+</pre>
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_rest_delivery_point.md b/docs/resources/msg_vpn_rest_delivery_point.md
new file mode 100644
index 00000000..8d55f714
--- /dev/null
+++ b/docs/resources/msg_vpn_rest_delivery_point.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_rest_delivery_point Resource - solacebroker"
+subcategory: ""
+description: |-
+  A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  restdeliverypoint_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_rest_delivery_point (Resource)
+
+A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+rest_delivery_point_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `rest_delivery_point_name` (String) The name of the REST Delivery Point.
+
+### Optional
+
+- `client_profile_name` (String) The Client Profile of the REST Delivery Point. It must exist in the local Message VPN. Its TCP parameters are used for all REST Consumers in this RDP. Its queue properties are used by the RDP client. The Client Profile is used inside the auto-generated Client Username for this RDP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `enabled` (Boolean) Enable or disable the REST Delivery Point. When disabled, no connections are initiated or messages delivered to any of the contained REST Consumers. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `service` (String) The name of the service that this REST Delivery Point connects to. Internally the broker does not use this value; it is informational only. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.19.
+- `vendor` (String) The name of the vendor that this REST Delivery Point connects to. Internally the broker does not use this value; it is informational only. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.19.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_rest_delivery_point_queue_binding.md b/docs/resources/msg_vpn_rest_delivery_point_queue_binding.md
new file mode 100644
index 00000000..b5d38ef1
--- /dev/null
+++ b/docs/resources/msg_vpn_rest_delivery_point_queue_binding.md
@@ -0,0 +1,58 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_rest_delivery_point_queue_binding Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  queuebindingname|x|||
+  restdeliverypoint_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_rest_delivery_point_queue_binding (Resource)
+
+A Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+queue_binding_name|x|||
+rest_delivery_point_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_binding_name` (String) The name of a queue in the Message VPN.
+- `rest_delivery_point_name` (String) The name of the REST Delivery Point.
+
+### Optional
+
+- `gateway_replace_target_authority_enabled` (Boolean) Enable or disable whether the authority for the request-target is replaced with that configured for the REST Consumer remote. When enabled, the broker sends HTTP requests in absolute-form, with the request-target's authority taken from the REST Consumer's remote host and port configuration. When disabled, the broker sends HTTP requests whose request-target matches that of the original request message, including whether to use absolute-form or origin-form. This configuration is applicable only when the Message VPN is in REST gateway mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.6.
+- `post_request_target` (String) The request-target string to use when sending requests. It identifies the target resource on the far-end REST Consumer upon which to apply the request. There are generally two common forms for the request-target. The origin-form is most often used in practice and contains the path and query components of the target URI. If the path component is empty then the client must generally send a "/" as the path. When making a request to a proxy, most often the absolute-form is required. This configuration is only applicable when the Message VPN is in REST messaging mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `request_target_evaluation` (String) The type of evaluation to perform on the request target. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - Do not evaluate substitution expressions on the request target.
+"substitution-expressions" - Evaluate substitution expressions on the request target.
+</pre>
+ Available since SEMP API version 2.23.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_rest_delivery_point_queue_binding_protected_request_header.md b/docs/resources/msg_vpn_rest_delivery_point_queue_binding_protected_request_header.md
new file mode 100644
index 00000000..ee74f341
--- /dev/null
+++ b/docs/resources/msg_vpn_rest_delivery_point_queue_binding_protected_request_header.md
@@ -0,0 +1,55 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_request_header Resource - solacebroker"
+subcategory: ""
+description: |-
+  A protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  headername|x|||
+  headervalue||x||x
+  msgvpnname|x|||
+  queuebindingname|x|||
+  restdeliverypoint_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.30.
+---
+
+# solacebroker_msg_vpn_rest_delivery_point_queue_binding_protected_request_header (Resource)
+
+A protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+header_name|x|||
+header_value||x||x
+msg_vpn_name|x|||
+queue_binding_name|x|||
+rest_delivery_point_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.30.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `header_name` (String) The name of the protected HTTP request header.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_binding_name` (String) The name of a queue in the Message VPN.
+- `rest_delivery_point_name` (String) The name of the REST Delivery Point.
+
+### Optional
+
+- `header_value` (String, Sensitive) The value of the protected HTTP request header. Unlike a non-protected request header, this value cannot be displayed after it is set, and does not support substitution expressions. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_rest_delivery_point_queue_binding_request_header.md b/docs/resources/msg_vpn_rest_delivery_point_queue_binding_request_header.md
new file mode 100644
index 00000000..490b52cc
--- /dev/null
+++ b/docs/resources/msg_vpn_rest_delivery_point_queue_binding_request_header.md
@@ -0,0 +1,53 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_rest_delivery_point_queue_binding_request_header Resource - solacebroker"
+subcategory: ""
+description: |-
+  A request header to be added to the HTTP request.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  headername|x|||
+  msgvpnname|x|||
+  queuebindingname|x|||
+  restdeliverypointname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.23.
+---
+
+# solacebroker_msg_vpn_rest_delivery_point_queue_binding_request_header (Resource)
+
+A request header to be added to the HTTP request.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+header_name|x|||
+msg_vpn_name|x|||
+queue_binding_name|x|||
+rest_delivery_point_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.23.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `header_name` (String) The name of the HTTP request header.
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `queue_binding_name` (String) The name of a queue in the Message VPN.
+- `rest_delivery_point_name` (String) The name of the REST Delivery Point.
+
+### Optional
+
+- `header_value` (String) A substitution expression for the value of the HTTP request header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_rest_delivery_point_rest_consumer.md b/docs/resources/msg_vpn_rest_delivery_point_rest_consumer.md
new file mode 100644
index 00000000..1f34358c
--- /dev/null
+++ b/docs/resources/msg_vpn_rest_delivery_point_rest_consumer.md
@@ -0,0 +1,110 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_rest_delivery_point_rest_consumer Resource - solacebroker"
+subcategory: ""
+description: |-
+  REST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authenticationawssecretaccesskey||x||x
+  authenticationclientcertcontent||x||x
+  authenticationclientcertpassword||x||
+  authenticationhttpbasicpassword||x||x
+  authenticationhttpheadervalue||x||x
+  authenticationoauthclientsecret||x||x
+  authenticationoauthjwtsecretkey||x||x
+  msgvpnname|x|||
+  restconsumername|x|||
+  restdeliverypointname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_rest_delivery_point_rest_consumer (Resource)
+
+REST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authentication_aws_secret_access_key||x||x
+authentication_client_cert_content||x||x
+authentication_client_cert_password||x||
+authentication_http_basic_password||x||x
+authentication_http_header_value||x||x
+authentication_oauth_client_secret||x||x
+authentication_oauth_jwt_secret_key||x||x
+msg_vpn_name|x|||
+rest_consumer_name|x|||
+rest_delivery_point_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `rest_consumer_name` (String) The name of the REST Consumer.
+- `rest_delivery_point_name` (String) The name of the REST Delivery Point.
+
+### Optional
+
+- `authentication_aws_access_key_id` (String) The AWS access key id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.26.
+- `authentication_aws_region` (String) The AWS region id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.26.
+- `authentication_aws_secret_access_key` (String, Sensitive) The AWS secret access key. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.26.
+- `authentication_aws_service` (String) The AWS service id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.26.
+- `authentication_client_cert_content` (String, Sensitive) The PEM formatted content for the client certificate that the REST Consumer will present to the REST host. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `""`. Available since SEMP API version 2.9.
+- `authentication_client_cert_password` (String, Sensitive) The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `""`. Available since SEMP API version 2.9.
+- `authentication_http_basic_password` (String, Sensitive) The password for the username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_http_basic_username` (String) The username that the REST Consumer will use to login to the REST host. Normally a username is only configured when basic authentication is selected for the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `authentication_http_header_name` (String) The authentication header name. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.15.
+- `authentication_http_header_value` (String, Sensitive) The authentication header value. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.15.
+- `authentication_oauth_client_id` (String) The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.19.
+- `authentication_oauth_client_scope` (String) The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.19.
+- `authentication_oauth_client_secret` (String, Sensitive) The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.19.
+- `authentication_oauth_client_token_endpoint` (String) The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Must begin with "https". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.19.
+- `authentication_oauth_client_token_expiry_default` (Number) The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `900`. Available since SEMP API version 2.30.
+- `authentication_oauth_jwt_secret_key` (String, Sensitive) The OAuth secret key used to sign the token request JWT. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.21.
+- `authentication_oauth_jwt_token_endpoint` (String) The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.21.
+- `authentication_oauth_jwt_token_expiry_default` (Number) The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `900`. Available since SEMP API version 2.30.
+- `authentication_scheme` (String) The authentication scheme used by the REST Consumer to login to the REST host. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - Login with no authentication. This may be useful for anonymous connections or when a REST Consumer does not require authentication.
+"http-basic" - Login with a username and optional password according to HTTP Basic authentication as per RFC 2616.
+"client-certificate" - Login with a client TLS certificate as per RFC 5246. Client certificate authentication is only available on TLS connections.
+"http-header" - Login with a specified HTTP header.
+"oauth-client" - Login with OAuth 2.0 client credentials.
+"oauth-jwt" - Login with OAuth (RFC 7523 JWT Profile).
+"transparent" - Login using the Authorization header from the message properties, if present. Transparent authentication passes along existing Authorization header metadata instead of discarding it. Note that if the message is coming from a REST producer, the REST service must be configured to forward the Authorization header.
+"aws" - Login using AWS Signature Version 4 authentication (AWS4-HMAC-SHA256).
+</pre>
+- `enabled` (Boolean) Enable or disable the REST Consumer. When disabled, no connections are initiated or messages delivered to this particular REST Consumer. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `http_method` (String) The HTTP method to use (POST or PUT). This is used only when operating in the REST service "messaging" mode and is ignored in "gateway" mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"post"`. The allowed values and their meaning are:
+
+<pre>
+"post" - Use the POST HTTP method.
+"put" - Use the PUT HTTP method.
+</pre>
+ Available since SEMP API version 2.17.
+- `local_interface` (String) The interface that will be used for all outgoing connections associated with the REST Consumer. When unspecified, an interface is automatically chosen. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `max_post_wait_time` (Number) The maximum amount of time (in seconds) to wait for an HTTP POST response from the REST Consumer. Once this time is exceeded, the TCP connection is reset. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30`.
+- `outgoing_connection_count` (Number) The number of concurrent TCP connections open to the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `proxy_name` (String) The name of the proxy to use. Leave empty for no proxy. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`. Available since SEMP API version 2.36.
+- `remote_host` (String) The IP address or DNS name to which the broker is to connect to deliver messages for the REST Consumer. A host value must be configured for the REST Consumer to be operationally up. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `remote_port` (Number) The port associated with the host of the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `8080`.
+- `retry_delay` (Number) The number of seconds that must pass before retrying the remote REST Consumer connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `tls_cipher_suite_list` (String) The colon-separated list of cipher suites the REST Consumer uses in its encrypted connection. The value `"default"` implies all supported suites ordered from most secure to least secure. The list of default cipher suites is available in the `tlsCipherSuiteMsgBackboneDefaultList` attribute of the broker object in the Monitoring API. The REST Consumer should choose the first suite from this list that it supports. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"default"`.
+- `tls_enabled` (Boolean) Enable or disable encryption (TLS) for the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim.md b/docs/resources/msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim.md
new file mode 100644
index 00000000..7d6c2fad
--- /dev/null
+++ b/docs/resources/msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Claim is added to the JWT sent to the OAuth token request endpoint.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  oauthjwtclaimname|x|||
+  restconsumername|x|||
+  restdeliverypointname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.21.
+---
+
+# solacebroker_msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim (Resource)
+
+A Claim is added to the JWT sent to the OAuth token request endpoint.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+oauth_jwt_claim_name|x|||
+rest_consumer_name|x|||
+rest_delivery_point_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.21.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `oauth_jwt_claim_name` (String) The name of the additional claim. Cannot be "exp", "iat", or "jti".
+- `oauth_jwt_claim_value` (String) The value of the additional claim, which must be a string containing a valid JSON value.
+- `rest_consumer_name` (String) The name of the REST Consumer.
+- `rest_delivery_point_name` (String) The name of the REST Delivery Point.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_sequenced_topic.md b/docs/resources/msg_vpn_sequenced_topic.md
new file mode 100644
index 00000000..955b0204
--- /dev/null
+++ b/docs/resources/msg_vpn_sequenced_topic.md
@@ -0,0 +1,43 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_sequenced_topic Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  sequenced_topic|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.0.
+---
+
+# solacebroker_msg_vpn_sequenced_topic (Resource)
+
+A Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+sequenced_topic|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.0.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `sequenced_topic` (String) Topic for applying sequence numbers.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_telemetry_profile.md b/docs/resources/msg_vpn_telemetry_profile.md
new file mode 100644
index 00000000..f63672b4
--- /dev/null
+++ b/docs/resources/msg_vpn_telemetry_profile.md
@@ -0,0 +1,99 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_telemetry_profile Resource - solacebroker"
+subcategory: ""
+description: |-
+  Using the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  telemetryprofilename|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.31.
+---
+
+# solacebroker_msg_vpn_telemetry_profile (Resource)
+
+Using the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+telemetry_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.31.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `telemetry_profile_name` (String) The name of the Telemetry Profile.
+
+### Optional
+
+- `queue_event_bind_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--queue_event_bind_count_threshold))
+- `queue_event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--queue_event_msg_spool_usage_threshold))
+- `queue_max_bind_count` (Number) The maximum number of consumer flows that can bind to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.
+- `queue_max_msg_spool_usage` (Number) The maximum message spool usage allowed by the Queue, in megabytes (MB). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `800000`.
+- `receiver_acl_connect_default_action` (String) The default action to take when a receiver client connects to the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"disallow"`. The allowed values and their meaning are:
+
+<pre>
+"allow" - Allow client connection unless an exception is found for it.
+"disallow" - Disallow client connection unless an exception is found for it.
+</pre>
+- `receiver_enabled` (Boolean) Enable or disable the ability for receiver clients to consume from the #telemetry queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `receiver_event_connection_count_per_client_username_threshold` (Attributes) (see [below for nested schema](#nestedatt--receiver_event_connection_count_per_client_username_threshold))
+- `receiver_max_connection_count_per_client_username` (Number) The maximum number of receiver connections per Client Username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.
+- `receiver_tcp_congestion_window_size` (Number) The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2`.
+- `receiver_tcp_keepalive_count` (Number) The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.
+- `receiver_tcp_keepalive_idle_time` (Number) The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.
+- `receiver_tcp_keepalive_interval` (Number) The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `receiver_tcp_max_segment_size` (Number) The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1460`.
+- `receiver_tcp_max_window_size` (Number) The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.
+- `trace_enabled` (Boolean) Enable or disable generation of all trace span data messages. When enabled, the state of configured trace filters control which messages get traced. When disabled, trace span data messages are never generated, regardless of the state of trace filters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `trace_send_span_generation_enabled` (Boolean) Enable or disable generation of send spans. For the most complete view of broker message processing, this should be enabled. If the information provided by send spans are not needed, send spans can be disabled to reduce the performance impact of tracing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.36.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+
+<a id="nestedatt--queue_event_bind_count_threshold"></a>
+### Nested Schema for `queue_event_bind_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--queue_event_msg_spool_usage_threshold"></a>
+### Nested Schema for `queue_event_msg_spool_usage_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--receiver_event_connection_count_per_client_username_threshold"></a>
+### Nested Schema for `receiver_event_connection_count_per_client_username_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/resources/msg_vpn_telemetry_profile_receiver_acl_connect_exception.md b/docs/resources/msg_vpn_telemetry_profile_receiver_acl_connect_exception.md
new file mode 100644
index 00000000..1d30fed4
--- /dev/null
+++ b/docs/resources/msg_vpn_telemetry_profile_receiver_acl_connect_exception.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_telemetry_profile_receiver_acl_connect_exception Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  receiveraclconnectexceptionaddress|x|||
+  telemetryprofilename|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.31.
+---
+
+# solacebroker_msg_vpn_telemetry_profile_receiver_acl_connect_exception (Resource)
+
+A Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+receiver_acl_connect_exception_address|x|||
+telemetry_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.31.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `receiver_acl_connect_exception_address` (String) The IP address/netmask of the receiver connect exception in CIDR form.
+- `telemetry_profile_name` (String) The name of the Telemetry Profile.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_telemetry_profile_trace_filter.md b/docs/resources/msg_vpn_telemetry_profile_trace_filter.md
new file mode 100644
index 00000000..98b8b20f
--- /dev/null
+++ b/docs/resources/msg_vpn_telemetry_profile_trace_filter.md
@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_telemetry_profile_trace_filter Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  telemetryprofilename|x|||
+  tracefiltername|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.31.
+---
+
+# solacebroker_msg_vpn_telemetry_profile_trace_filter (Resource)
+
+A Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+telemetry_profile_name|x|||
+trace_filter_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.31.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `telemetry_profile_name` (String) The name of the Telemetry Profile.
+- `trace_filter_name` (String) A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as "appNameDebug".
+
+### Optional
+
+- `enabled` (Boolean) Enable or disable the trace filter. When the filter is disabled, the filter's subscriptions will not trigger a message to be traced. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_telemetry_profile_trace_filter_subscription.md b/docs/resources/msg_vpn_telemetry_profile_trace_filter_subscription.md
new file mode 100644
index 00000000..b7a124d0
--- /dev/null
+++ b/docs/resources/msg_vpn_telemetry_profile_trace_filter_subscription.md
@@ -0,0 +1,57 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_telemetry_profile_trace_filter_subscription Resource - solacebroker"
+subcategory: ""
+description: |-
+  Trace filter subscriptions control which messages will be attracted by the tracing filter.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  subscription|x|||
+  subscriptionsyntax|x|||
+  telemetryprofilename|x|||
+  tracefilter_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.31.
+---
+
+# solacebroker_msg_vpn_telemetry_profile_trace_filter_subscription (Resource)
+
+Trace filter subscriptions control which messages will be attracted by the tracing filter.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+subscription|x|||
+subscription_syntax|x|||
+telemetry_profile_name|x|||
+trace_filter_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.31.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `subscription` (String) Messages matching this subscription will follow this filter's configuration.
+- `subscription_syntax` (String) The syntax of the trace filter subscription. The allowed values and their meaning are:
+
+<pre>
+"smf" - Subscription uses SMF syntax.
+"mqtt" - Subscription uses MQTT syntax.
+</pre>
+- `telemetry_profile_name` (String) The name of the Telemetry Profile.
+- `trace_filter_name` (String) A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as "appNameDebug".
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/msg_vpn_topic_endpoint.md b/docs/resources/msg_vpn_topic_endpoint.md
new file mode 100644
index 00000000..1c32c0bf
--- /dev/null
+++ b/docs/resources/msg_vpn_topic_endpoint.md
@@ -0,0 +1,126 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_topic_endpoint Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  topicendpointname|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.1.
+---
+
+# solacebroker_msg_vpn_topic_endpoint (Resource)
+
+A Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+topic_endpoint_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.1.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `topic_endpoint_name` (String) The name of the Topic Endpoint.
+
+### Optional
+
+- `access_type` (String) The access type for delivering messages to consumer flows bound to the Topic Endpoint. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"exclusive"`. The allowed values and their meaning are:
+
+<pre>
+"exclusive" - Exclusive delivery of messages to the first bound consumer flow.
+"non-exclusive" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.
+</pre>
+ Available since SEMP API version 2.4.
+- `consumer_ack_propagation_enabled` (Boolean) Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `dead_msg_queue` (String) The name of the Dead Message Queue (DMQ) used by the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#DEAD_MSG_QUEUE"`. Available since SEMP API version 2.2.
+- `delivery_count_enabled` (Boolean) Enable or disable the ability for client applications to query the message delivery count of messages received from the Topic Endpoint. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.19.
+- `delivery_delay` (Number) The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.22.
+- `egress_enabled` (Boolean) Enable or disable the transmission of messages from the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `event_bind_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_bind_count_threshold))
+- `event_reject_low_priority_msg_limit_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_reject_low_priority_msg_limit_threshold))
+- `event_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_spool_usage_threshold))
+- `ingress_enabled` (Boolean) Enable or disable the reception of messages to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `max_bind_count` (Number) The maximum number of consumer flows that can bind to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`. Available since SEMP API version 2.4.
+- `max_delivered_unacked_msgs_per_flow` (Number) The maximum number of messages delivered but not acknowledged per flow for the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.
+- `max_msg_size` (Number) The maximum message size allowed in the Topic Endpoint, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.
+- `max_redelivery_count` (Number) The maximum number of times the Topic Endpoint will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `max_spool_usage` (Number) The maximum message spool usage allowed by the Topic Endpoint, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.
+- `max_ttl` (Number) The maximum time in seconds a message can stay in the Topic Endpoint when `respect_ttl_enabled` is `"true"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `max_ttl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `owner` (String) The Client Username that owns the Topic Endpoint and has permission equivalent to `"delete"`. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+- `permission` (String) The permission level for all consumers of the Topic Endpoint, excluding the owner. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"no-access"`. The allowed values and their meaning are:
+
+<pre>
+"no-access" - Disallows all access.
+"read-only" - Read-only access to the messages.
+"consume" - Consume (read and remove) messages.
+"modify-topic" - Consume messages or modify the topic/selector.
+"delete" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
+</pre>
+- `redelivery_delay_enabled` (Boolean) Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.33.
+- `redelivery_delay_initial_interval` (Number) The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.33.
+- `redelivery_delay_max_interval` (Number) The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since SEMP API version 2.33.
+- `redelivery_delay_multiplier` (Number) The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since SEMP API version 2.33.
+- `redelivery_enabled` (Boolean) Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max_redelivery_count. When disabled, the message will never be delivered from the topic-endpoint more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.
+- `reject_low_priority_msg_enabled` (Boolean) Enable or disable the checking of low priority messages against the `reject_low_priority_msg_limit`. This may only be enabled if `reject_msg_to_sender_on_discard_behavior` does not have a value of `"never"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `reject_low_priority_msg_limit` (Number) The number of messages of any priority in the Topic Endpoint above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `reject_msg_to_sender_on_discard_behavior` (String) Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as reject_low_priority_msg_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"never"`. The allowed values and their meaning are:
+
+<pre>
+"never" - Silently discard messages.
+"when-topic-endpoint-enabled" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.
+"always" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.
+</pre>
+- `respect_msg_priority_enabled` (Boolean) Enable or disable the respecting of message priority. When enabled, messages contained in the Topic Endpoint are delivered in priority order, from 9 (highest) to 0 (lowest). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled and ingress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.8.
+- `respect_ttl_enabled` (Boolean) Enable or disable the respecting of the time-to-live (TTL) for messages in the Topic Endpoint. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+
+<a id="nestedatt--event_bind_count_threshold"></a>
+### Nested Schema for `event_bind_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_reject_low_priority_msg_limit_threshold"></a>
+### Nested Schema for `event_reject_low_priority_msg_limit_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_spool_usage_threshold"></a>
+### Nested Schema for `event_spool_usage_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/resources/msg_vpn_topic_endpoint_template.md b/docs/resources/msg_vpn_topic_endpoint_template.md
new file mode 100644
index 00000000..a34bdd81
--- /dev/null
+++ b/docs/resources/msg_vpn_topic_endpoint_template.md
@@ -0,0 +1,122 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_msg_vpn_topic_endpoint_template Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  topicendpointtemplate_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.14.
+---
+
+# solacebroker_msg_vpn_topic_endpoint_template (Resource)
+
+A Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+topic_endpoint_template_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "vpn/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.14.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the Message VPN.
+- `topic_endpoint_template_name` (String) The name of the Topic Endpoint Template.
+
+### Optional
+
+- `access_type` (String) The access type for delivering messages to consumer flows. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"exclusive"`. The allowed values and their meaning are:
+
+<pre>
+"exclusive" - Exclusive delivery of messages to the first bound consumer flow.
+"non-exclusive" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.
+</pre>
+- `consumer_ack_propagation_enabled` (Boolean) Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.
+- `dead_msg_queue` (String) The name of the Dead Message Queue (DMQ). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"#DEAD_MSG_QUEUE"`.
+- `delivery_delay` (Number) The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.22.
+- `event_bind_count_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_bind_count_threshold))
+- `event_msg_spool_usage_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_msg_spool_usage_threshold))
+- `event_reject_low_priority_msg_limit_threshold` (Attributes) (see [below for nested schema](#nestedatt--event_reject_low_priority_msg_limit_threshold))
+- `max_bind_count` (Number) The maximum number of consumer flows that can bind. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.
+- `max_delivered_unacked_msgs_per_flow` (Number) The maximum number of messages delivered but not acknowledged per flow. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.
+- `max_msg_size` (Number) The maximum message size allowed, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.
+- `max_msg_spool_usage` (Number) The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.
+- `max_redelivery_count` (Number) The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `max_ttl` (Number) The maximum time in seconds a message can stay in the Topic Endpoint when `respect_ttl_enabled` is `"true"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `max_ttl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `permission` (String) The permission level for all consumers, excluding the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"no-access"`. The allowed values and their meaning are:
+
+<pre>
+"no-access" - Disallows all access.
+"read-only" - Read-only access to the messages.
+"consume" - Consume (read and remove) messages.
+"modify-topic" - Consume messages or modify the topic/selector.
+"delete" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.
+</pre>
+- `redelivery_delay_enabled` (Boolean) Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.33.
+- `redelivery_delay_initial_interval` (Number) The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.33.
+- `redelivery_delay_max_interval` (Number) The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since SEMP API version 2.33.
+- `redelivery_delay_multiplier` (Number) The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since SEMP API version 2.33.
+- `redelivery_enabled` (Boolean) Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max_redelivery_count. When disabled, the message will never be delivered from the topic-endpoint more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.
+- `reject_low_priority_msg_enabled` (Boolean) Enable or disable the checking of low priority messages against the `reject_low_priority_msg_limit`. This may only be enabled if `reject_msg_to_sender_on_discard_behavior` does not have a value of `"never"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `reject_low_priority_msg_limit` (Number) The number of messages that are permitted before low priority messages are rejected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.
+- `reject_msg_to_sender_on_discard_behavior` (String) Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `"never"`. The allowed values and their meaning are:
+
+<pre>
+"never" - Silently discard messages.
+"when-topic-endpoint-enabled" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.
+"always" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.
+</pre>
+- `respect_msg_priority_enabled` (Boolean) Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `respect_ttl_enabled` (Boolean) Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.
+- `topic_endpoint_name_filter` (String) A pattern used to determine which Topic Endpoints use settings from this Template. Two different wildcards can be used in the pattern: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when  used at the end, after a /. A * is only allowed at the end, after a slash (/). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
+
+<a id="nestedatt--event_bind_count_threshold"></a>
+### Nested Schema for `event_bind_count_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_msg_spool_usage_threshold"></a>
+### Nested Schema for `event_msg_spool_usage_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+
+
+<a id="nestedatt--event_reject_low_priority_msg_limit_threshold"></a>
+### Nested Schema for `event_reject_low_priority_msg_limit_threshold`
+
+Optional:
+
+- `clear_percent` (Number) The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `clear_value` (Number) The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_percent` (Number) The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
+- `set_value` (Number) The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.
diff --git a/docs/resources/oauth_profile.md b/docs/resources/oauth_profile.md
new file mode 100644
index 00000000..5f2aea47
--- /dev/null
+++ b/docs/resources/oauth_profile.md
@@ -0,0 +1,108 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile Resource - solacebroker"
+subcategory: ""
+description: |-
+  OAuth profiles specify how to securely authenticate to an OAuth provider.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  clientsecret||x||x
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile (Resource)
+
+OAuth profiles specify how to securely authenticate to an OAuth provider.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+client_secret||x||x
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Optional
+
+- `access_level_groups_claim_name` (String) The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"groups"`.
+- `access_level_groups_claim_string_format` (String) The format of the access level groups claim value when it is a string. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"single"`. The allowed values and their meaning are:
+
+<pre>
+"single" - When the claim is a string, it is interpreted as as single group.
+"space-delimited" - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the "scope" claim.
+</pre>
+ Available since SEMP API version 2.32.
+- `client_id` (String) The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `client_redirect_uri` (String) The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `client_required_type` (String) The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"JWT"`.
+- `client_scope` (String) The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"openid email"`.
+- `client_secret` (String, Sensitive) The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `client_validate_type_enabled` (Boolean) Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `default_global_access_level` (String) The default global access level for this OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - User has no access to global data.
+"read-only" - User has read-only access to global data.
+"read-write" - User has read-write access to most global data.
+"admin" - User has read-write access to all global data.
+</pre>
+- `default_msg_vpn_access_level` (String) The default message VPN access level for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - User has no access to a Message VPN.
+"read-only" - User has read-only access to a Message VPN.
+"read-write" - User has read-write access to most Message VPN settings.
+</pre>
+- `display_name` (String) The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `enabled` (Boolean) Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `endpoint_authorization` (String) The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `endpoint_discovery` (String) The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `endpoint_discovery_refresh_interval` (Number) The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.
+- `endpoint_introspection` (String) The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `endpoint_introspection_timeout` (Number) The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.
+- `endpoint_jwks` (String) The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `endpoint_jwks_refresh_interval` (Number) The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.
+- `endpoint_token` (String) The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `endpoint_token_timeout` (Number) The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.
+- `endpoint_userinfo` (String) The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `endpoint_userinfo_timeout` (Number) The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.
+- `interactive_enabled` (Boolean) Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `interactive_prompt_for_expired_session` (String) The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `interactive_prompt_for_new_session` (String) The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"select_account"`.
+- `issuer` (String) The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `oauth_role` (String) The OAuth role of the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"client"`. The allowed values and their meaning are:
+
+<pre>
+"client" - The broker is in the OAuth client role.
+"resource-server" - The broker is in the OAuth resource server role.
+</pre>
+- `resource_server_parse_access_token_enabled` (Boolean) Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `resource_server_required_audience` (String) The required audience value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `resource_server_required_issuer` (String) The required issuer value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `resource_server_required_scope` (String) A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `resource_server_required_type` (String) The required TYP value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"at+jwt"`.
+- `resource_server_validate_audience_enabled` (Boolean) Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `resource_server_validate_issuer_enabled` (Boolean) Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `resource_server_validate_scope_enabled` (Boolean) Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `resource_server_validate_type_enabled` (Boolean) Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `semp_enabled` (Boolean) Enable or disable authentication of SEMP requests with OAuth tokens. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.
+- `username_claim_name` (String) The name of the username claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"sub"`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/oauth_profile_access_level_group.md b/docs/resources/oauth_profile_access_level_group.md
new file mode 100644
index 00000000..ba396d3b
--- /dev/null
+++ b/docs/resources/oauth_profile_access_level_group.md
@@ -0,0 +1,62 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_access_level_group Resource - solacebroker"
+subcategory: ""
+description: |-
+  The name of a group as it exists on the OAuth server being used to authenticate SEMP users.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  groupname|x|||
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_access_level_group (Resource)
+
+The name of a group as it exists on the OAuth server being used to authenticate SEMP users.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+group_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `group_name` (String) The name of the group.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Optional
+
+- `description` (String) A description for the group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+- `global_access_level` (String) The global access level for this group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - User has no access to global data.
+"read-only" - User has read-only access to global data.
+"read-write" - User has read-write access to most global data.
+"admin" - User has read-write access to all global data.
+</pre>
+- `msg_vpn_access_level` (String) The default message VPN access level for this group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - User has no access to a Message VPN.
+"read-only" - User has read-only access to a Message VPN.
+"read-write" - User has read-write access to most Message VPN settings.
+</pre>
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/oauth_profile_access_level_group_msg_vpn_access_level_exception.md b/docs/resources/oauth_profile_access_level_group_msg_vpn_access_level_exception.md
new file mode 100644
index 00000000..81cc2974
--- /dev/null
+++ b/docs/resources/oauth_profile_access_level_group_msg_vpn_access_level_exception.md
@@ -0,0 +1,56 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_access_level_group_msg_vpn_access_level_exception Resource - solacebroker"
+subcategory: ""
+description: |-
+  Message VPN access-level exceptions for members of this group.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  groupname|x|||
+  msgvpnname|x|||
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_access_level_group_msg_vpn_access_level_exception (Resource)
+
+Message VPN access-level exceptions for members of this group.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+group_name|x|||
+msg_vpn_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `group_name` (String) The name of the group.
+- `msg_vpn_name` (String) The name of the message VPN.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Optional
+
+- `access_level` (String) The message VPN access level. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - User has no access to a Message VPN.
+"read-only" - User has read-only access to a Message VPN.
+"read-write" - User has read-write access to most Message VPN settings.
+</pre>
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/oauth_profile_client_allowed_host.md b/docs/resources/oauth_profile_client_allowed_host.md
new file mode 100644
index 00000000..ff205aa7
--- /dev/null
+++ b/docs/resources/oauth_profile_client_allowed_host.md
@@ -0,0 +1,43 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_client_allowed_host Resource - solacebroker"
+subcategory: ""
+description: |-
+  A valid hostname for this broker in OAuth redirects.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  allowedhost|x|||
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_client_allowed_host (Resource)
+
+A valid hostname for this broker in OAuth redirects.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+allowed_host|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `allowed_host` (String) An allowed value for the Host header.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/oauth_profile_client_authorization_parameter.md b/docs/resources/oauth_profile_client_authorization_parameter.md
new file mode 100644
index 00000000..a2a39ea1
--- /dev/null
+++ b/docs/resources/oauth_profile_client_authorization_parameter.md
@@ -0,0 +1,47 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_client_authorization_parameter Resource - solacebroker"
+subcategory: ""
+description: |-
+  Additional parameters to be passed to the OAuth authorization endpoint.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  authorizationparametername|x|||
+  oauthprofilename|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_client_authorization_parameter (Resource)
+
+Additional parameters to be passed to the OAuth authorization endpoint.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+authorization_parameter_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `authorization_parameter_name` (String) The name of the authorization parameter.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Optional
+
+- `authorization_parameter_value` (String) The authorization parameter value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/oauth_profile_client_required_claim.md b/docs/resources/oauth_profile_client_required_claim.md
new file mode 100644
index 00000000..6e100967
--- /dev/null
+++ b/docs/resources/oauth_profile_client_required_claim.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_client_required_claim Resource - solacebroker"
+subcategory: ""
+description: |-
+  Additional claims to be verified in the ID token.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  clientrequiredclaimname|x|||
+  oauthprofile_name|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_client_required_claim (Resource)
+
+Additional claims to be verified in the ID token.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+client_required_claim_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `client_required_claim_name` (String) The name of the ID token claim to verify.
+- `client_required_claim_value` (String) The required claim value, which must be a string containing a valid JSON value.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/oauth_profile_default_msg_vpn_access_level_exception.md b/docs/resources/oauth_profile_default_msg_vpn_access_level_exception.md
new file mode 100644
index 00000000..191ae522
--- /dev/null
+++ b/docs/resources/oauth_profile_default_msg_vpn_access_level_exception.md
@@ -0,0 +1,53 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_default_msg_vpn_access_level_exception Resource - solacebroker"
+subcategory: ""
+description: |-
+  Default message VPN access-level exceptions.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  msgvpnname|x|||
+  oauthprofilename|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_default_msg_vpn_access_level_exception (Resource)
+
+Default message VPN access-level exceptions.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+msg_vpn_name|x|||
+oauth_profile_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `msg_vpn_name` (String) The name of the message VPN.
+- `oauth_profile_name` (String) The name of the OAuth profile.
+
+### Optional
+
+- `access_level` (String) The message VPN access level. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `"none"`. The allowed values and their meaning are:
+
+<pre>
+"none" - User has no access to a Message VPN.
+"read-only" - User has read-only access to a Message VPN.
+"read-write" - User has read-write access to most Message VPN settings.
+</pre>
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/oauth_profile_resource_server_required_claim.md b/docs/resources/oauth_profile_resource_server_required_claim.md
new file mode 100644
index 00000000..874b79ff
--- /dev/null
+++ b/docs/resources/oauth_profile_resource_server_required_claim.md
@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_oauth_profile_resource_server_required_claim Resource - solacebroker"
+subcategory: ""
+description: |-
+  Additional claims to be verified in the access token.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  oauthprofilename|x|||
+  resourceserverrequiredclaimname|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.24.
+---
+
+# solacebroker_oauth_profile_resource_server_required_claim (Resource)
+
+Additional claims to be verified in the access token.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+oauth_profile_name|x|||
+resource_server_required_claim_name|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.24.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `oauth_profile_name` (String) The name of the OAuth profile.
+- `resource_server_required_claim_name` (String) The name of the access token claim to verify.
+- `resource_server_required_claim_value` (String) The required claim value, which must be a string containing a valid JSON value.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/docs/resources/virtual_hostname.md b/docs/resources/virtual_hostname.md
new file mode 100644
index 00000000..048526eb
--- /dev/null
+++ b/docs/resources/virtual_hostname.md
@@ -0,0 +1,51 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "solacebroker_virtual_hostname Resource - solacebroker"
+subcategory: ""
+description: |-
+  A Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.
+  Clients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.
+  This mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.
+  Attribute|Identifying|Write-Only|Deprecated|Opaque
+  :---|:---:|:---:|:---:|:---:
+  virtual_hostname|x|||
+  A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+  This has been available since SEMP API version 2.17.
+---
+
+# solacebroker_virtual_hostname (Resource)
+
+A Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.
+
+Clients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.
+
+This mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.
+
+
+Attribute|Identifying|Write-Only|Deprecated|Opaque
+:---|:---:|:---:|:---:|:---:
+virtual_hostname|x|||
+
+
+
+A SEMP client authorized with a minimum access scope/level of "global/read-only" is required to perform this operation.
+
+This has been available since SEMP API version 2.17.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `virtual_hostname` (String) The virtual hostname.
+
+### Optional
+
+- `enabled` (Boolean) Enable or disable Virtual Hostname to Message VPN mapping. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.
+- `msg_vpn_name` (String) The message VPN to which this virtual hostname is mapped. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `""`.
+
+### Read-Only
+
+- `id` (String) Identifier attribute, for internal use only.
diff --git a/examples/sampleconfig.tf b/examples/sampleconfig.tf
new file mode 100644
index 00000000..0bf0b56e
--- /dev/null
+++ b/examples/sampleconfig.tf
@@ -0,0 +1,29 @@
+terraform {
+  required_providers {
+    solacebroker = {
+      source = "registry.terraform.io/solaceproducts/solacebroker"
+    }
+  }
+}
+
+# Configure the   provider
+provider "solacebroker" {
+  username = "admin"
+  password = "admin"
+  url      = "http://localhost:8080"
+}
+
+# Create a message-vpn on the event broker
+resource "solacebroker_msg_vpn" "test" {
+  msg_vpn_name        = "new"
+  enabled             = true
+  max_msg_spool_usage = 10
+}
+
+# Create a messaging queue
+resource "solacebroker_msg_vpn_queue" "q" {
+  msg_vpn_name    = solacebroker_msg_vpn.test.msg_vpn_name
+  queue_name      = "green"
+  ingress_enabled = true
+  egress_enabled  = true
+}
diff --git a/go.mod b/go.mod
new file mode 100644
index 00000000..c8a75bc3
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,115 @@
+module terraform-provider-solacebroker
+
+go 1.20
+
+require (
+	github.com/agext/levenshtein v1.2.2 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
+	github.com/hashicorp/go-version v1.6.0
+	github.com/hashicorp/hcl/v2 v2.17.0 // indirect
+	github.com/hashicorp/logutils v1.0.0 // indirect
+	github.com/hashicorp/terraform-plugin-docs v0.15.0
+	github.com/hashicorp/terraform-plugin-framework v1.3.2
+	github.com/hashicorp/terraform-plugin-framework-validators v0.10.0
+	github.com/hashicorp/terraform-plugin-go v0.18.0
+	github.com/hashicorp/terraform-plugin-log v0.9.0
+	github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/spf13/cobra v1.7.0
+	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
+	golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb
+	google.golang.org/appengine v1.6.7 // indirect
+)
+
+require (
+	github.com/Masterminds/goutils v1.1.1 // indirect
+	github.com/Masterminds/semver/v3 v3.2.1 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
+	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/armon/go-radix v1.0.0 // indirect
+	github.com/bgentry/speakeasy v0.1.0 // indirect
+	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/fatih/color v1.15.0 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/uuid v1.3.1 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-hclog v1.5.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-plugin v1.4.10 // indirect
+	github.com/hashicorp/go-uuid v1.0.3 // indirect
+	github.com/hashicorp/hc-install v0.5.2 // indirect
+	github.com/hashicorp/terraform-exec v0.18.1 // indirect
+	github.com/hashicorp/terraform-json v0.17.1 // indirect
+	github.com/hashicorp/terraform-plugin-testing v1.4.0
+	github.com/hashicorp/terraform-registry-address v0.2.1 // indirect
+	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
+	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect
+	github.com/huandu/xstrings v1.4.0 // indirect
+	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mitchellh/cli v1.1.5 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/oklog/run v1.0.0 // indirect
+	github.com/posener/complete v1.2.3 // indirect
+	github.com/russross/blackfriday v1.6.0 // indirect
+	github.com/shopspring/decimal v1.3.1 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
+	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
+	github.com/zclconf/go-cty v1.13.2 // indirect
+	golang.org/x/crypto v0.11.0 // indirect
+	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/net v0.12.0 // indirect
+	golang.org/x/sys v0.11.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
+	google.golang.org/grpc v1.57.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+)
+
+require github.com/testcontainers/testcontainers-go v0.24.1
+
+require (
+	dario.cat/mergo v1.0.0 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/Microsoft/hcsshim v0.11.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/containerd/containerd v1.7.6 // indirect
+	github.com/cpuguy83/dockercfg v0.3.1 // indirect
+	github.com/docker/distribution v2.8.2+incompatible // indirect
+	github.com/docker/docker v24.0.6+incompatible // indirect
+	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/klauspost/compress v1.16.0 // indirect
+	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/moby/patternmatcher v0.5.0 // indirect
+	github.com/moby/sys/sequential v0.5.0 // indirect
+	github.com/moby/term v0.5.0 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
+	github.com/opencontainers/runc v1.1.5 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
+	github.com/shirou/gopsutil/v3 v3.23.7 // indirect
+	github.com/shoenig/go-m1cpu v0.1.6 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/tklauser/go-sysconf v0.3.11 // indirect
+	github.com/tklauser/numcpus v0.6.0 // indirect
+	github.com/yusufpapurcu/wmi v1.2.3 // indirect
+	golang.org/x/tools v0.7.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 00000000..2e3068f0
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,403 @@
+dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
+dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
+github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
+github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
+github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
+github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
+github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
+github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
+github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
+github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
+github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
+github.com/Microsoft/hcsshim v0.11.0 h1:7EFNIY4igHEXUdj1zXgAyU3fLc7QfOKHbkldRVTBdiM=
+github.com/Microsoft/hcsshim v0.11.0/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM=
+github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
+github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
+github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
+github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE=
+github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
+github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
+github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
+github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
+github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
+github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
+github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
+github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
+github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
+github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
+github.com/containerd/containerd v1.7.6 h1:oNAVsnhPoy4BTPQivLgTzI9Oleml9l/+eYIDYXRCYo8=
+github.com/containerd/containerd v1.7.6/go.mod h1:SY6lrkkuJT40BVNO37tlYTSnKJnP5AXBc0fhx0q+TJ4=
+github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E=
+github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
+github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
+github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker v24.0.6+incompatible h1:hceabKCtUgDqPu+qm0NgsaXf28Ljf4/pWFL7xjWWDgE=
+github.com/docker/docker v24.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
+github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
+github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
+github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
+github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
+github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
+github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
+github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk=
+github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
+github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
+github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI=
+github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs=
+github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c=
+github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/hashicorp/go-plugin v1.4.10 h1:xUbmA4jC6Dq163/fWcp8P3JuHilrHHMLNRxzGQJ9hNk=
+github.com/hashicorp/go-plugin v1.4.10/go.mod h1:6/1TEzT0eQznvI/gV2CM29DLSkAK/e58mUWKVsPaph0=
+github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
+github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
+github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/hc-install v0.5.2 h1:SfwMFnEXVVirpwkDuSF5kymUOhrUxrTq3udEseZdOD0=
+github.com/hashicorp/hc-install v0.5.2/go.mod h1:9QISwe6newMWIfEiXpzuu1k9HAGtQYgnSH8H9T8wmoI=
+github.com/hashicorp/hcl/v2 v2.17.0 h1:z1XvSUyXd1HP10U4lrLg5e0JMVz6CPaJvAgxM0KNZVY=
+github.com/hashicorp/hcl/v2 v2.17.0/go.mod h1:gJyW2PTShkJqQBKpAmPO3yxMxIuoXkOF2TpqXzrQyx4=
+github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
+github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+github.com/hashicorp/terraform-exec v0.18.1 h1:LAbfDvNQU1l0NOQlTuudjczVhHj061fNX5H8XZxHlH4=
+github.com/hashicorp/terraform-exec v0.18.1/go.mod h1:58wg4IeuAJ6LVsLUeD2DWZZoc/bYi6dzhLHzxM41980=
+github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA=
+github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o=
+github.com/hashicorp/terraform-plugin-docs v0.15.0 h1:W5xYB5kCUBqO7lyjE2UMmUBh95c0aAf4jwO0Xuuw2Ec=
+github.com/hashicorp/terraform-plugin-docs v0.15.0/go.mod h1:K5Taof1Y7sL4dw6Ie0qMFyQnHN0W+RSVMD0iIyFDFJc=
+github.com/hashicorp/terraform-plugin-framework v1.3.2 h1:aQ6GSD0CTnvoALEWvKAkcH/d8jqSE0Qq56NYEhCexUs=
+github.com/hashicorp/terraform-plugin-framework v1.3.2/go.mod h1:oimsRAPJOYkZ4kY6xIGfR0PHjpHLDLaknzuptl6AvnY=
+github.com/hashicorp/terraform-plugin-framework-validators v0.10.0 h1:4L0tmy/8esP6OcvocVymw52lY0HyQ5OxB7VNl7k4bS0=
+github.com/hashicorp/terraform-plugin-framework-validators v0.10.0/go.mod h1:qdQJCdimB9JeX2YwOpItEu+IrfoJjWQ5PhLpAOMDQAE=
+github.com/hashicorp/terraform-plugin-go v0.18.0 h1:IwTkOS9cOW1ehLd/rG0y+u/TGLK9y6fGoBjXVUquzpE=
+github.com/hashicorp/terraform-plugin-go v0.18.0/go.mod h1:l7VK+2u5Kf2y+A+742GX0ouLut3gttudmvMgN0PA74Y=
+github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0=
+github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0 h1:I8efBnjuDrgPjNF1MEypHy48VgcTIUY4X6rOFunrR3Y=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0/go.mod h1:cUEP4ly/nxlHy5HzD6YRrHydtlheGvGRJDhiWqqVik4=
+github.com/hashicorp/terraform-plugin-testing v1.4.0 h1:DVIXxw7VHZvnwWVik4HzhpC2yytaJ5FpiHxz5debKmE=
+github.com/hashicorp/terraform-plugin-testing v1.4.0/go.mod h1:b7Bha24iGrbZQjT+ZE8m9crck1YjdVOZ8mfGCQ19OxA=
+github.com/hashicorp/terraform-registry-address v0.2.1 h1:QuTf6oJ1+WSflJw6WYOHhLgwUiQ0FrROpHPYFtwTYWM=
+github.com/hashicorp/terraform-registry-address v0.2.1/go.mod h1:BSE9fIFzp0qWsJUUyGquo4ldV9k2n+psif6NYkBRS3Y=
+github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ=
+github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc=
+github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ=
+github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
+github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
+github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
+github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
+github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
+github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4=
+github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
+github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mitchellh/cli v1.1.5 h1:OxRIeJXpAMztws/XHlN2vu6imG5Dpq+j61AzAX5fLng=
+github.com/mitchellh/cli v1.1.5/go.mod h1:v8+iFts2sPIKUV1ltktPXMCC8fumSKFItNcD2cLtRR4=
+github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
+github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
+github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
+github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=
+github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8=
+github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
+github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
+github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
+github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
+github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
+github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
+github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
+github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
+github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
+github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
+github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
+github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
+github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
+github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
+github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
+github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/runc v1.1.5 h1:L44KXEpKmfWDcS02aeGm8QNTFXTo2D+8MYGDIJ/GDEs=
+github.com/opencontainers/runc v1.1.5/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
+github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
+github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
+github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo=
+github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
+github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
+github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
+github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
+github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
+github.com/shirou/gopsutil/v3 v3.23.7 h1:C+fHO8hfIppoJ1WdsVm1RoI0RwXoNdfTK7yWXV0wVj4=
+github.com/shirou/gopsutil/v3 v3.23.7/go.mod h1:c4gnmoRC0hQuaLqvxnx1//VXQ0Ms/X9UnJF8pddY5z4=
+github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
+github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
+github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
+github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k=
+github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
+github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0=
+github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
+github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
+github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
+github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
+github.com/testcontainers/testcontainers-go v0.24.1 h1:gJdZuQIVWnMJTo+CmQMEP7/CAagNk/0jbcUPn3OWvD8=
+github.com/testcontainers/testcontainers-go v0.24.1/go.mod h1:MGBiAkCm86yXQoCiipmQCqZLVdk1uFqtMqaU1Or0MRk=
+github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM=
+github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7AmcWpGR8lSZfqI=
+github.com/tklauser/numcpus v0.6.0 h1:kebhY2Qt+3U6RNK7UqpYNA+tJ23IBEGKkB7JQBfDYms=
+github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4=
+github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
+github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
+github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
+github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
+github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
+github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
+github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
+github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw=
+github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
+github.com/zclconf/go-cty v1.13.2 h1:4GvrUxe/QUDYuJKAav4EYqdM47/kZa672LwmXFmEKT0=
+github.com/zclconf/go-cty v1.13.2/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb h1:mIKbk8weKhSeLH2GmUTrvx8CjkyJmnU1wFmg59CUjFA=
+golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
+golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
+golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
+google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
+google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY=
diff --git a/internal/broker/attributeInfo.go b/internal/broker/attributeInfo.go
new file mode 100644
index 00000000..27b4f130
--- /dev/null
+++ b/internal/broker/attributeInfo.go
@@ -0,0 +1,65 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package broker
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/attr"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+)
+
+type objectType int8
+
+const (
+	DataSourceObject objectType = iota
+	SingletonObject
+	ReplaceOnlyObject
+	StandardObject
+)
+
+type attributeType int8
+
+const (
+	String attributeType = iota
+	Int64
+	Bool
+	Struct
+)
+
+type AttributeInfo struct {
+	BaseType            attributeType
+	SempName            string
+	TerraformName       string
+	Description         string
+	MarkdownDescription string
+	Identifying         bool
+	Required            bool
+	Sensitive           bool
+	ReadOnly            bool
+	RequiresReplace     bool
+	Deprecated          bool
+	Requires            []string
+	ConflictsWith       []string
+	Type                attr.Type
+	TerraformType       tftypes.Type
+	Attributes          []*AttributeInfo
+	Converter           Converter
+	StringValidators    []validator.String
+	Int64Validators     []validator.Int64
+	BoolValidators      []validator.Bool
+	Default             any
+}
diff --git a/internal/broker/conversions.go b/internal/broker/conversions.go
new file mode 100644
index 00000000..b1fe9a0d
--- /dev/null
+++ b/internal/broker/conversions.go
@@ -0,0 +1,152 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package broker
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"math/big"
+)
+
+type Converter interface {
+	ToTerraform(v any) (tftypes.Value, error)
+	FromTerraform(v tftypes.Value) (any, error)
+}
+
+var _ Converter = &SimpleConverter[bool]{}
+var _ Converter = &SimpleConverter[string]{}
+
+type SimpleConverter[T any] struct {
+	TerraformType tftypes.Type
+}
+
+func (c SimpleConverter[T]) ToTerraform(v any) (tftypes.Value, error) {
+	err := tftypes.ValidateValue(c.TerraformType, v)
+	if err != nil {
+		return tftypes.Value{}, err
+	}
+	return tftypes.NewValue(c.TerraformType, v), nil
+}
+
+func (c SimpleConverter[T]) FromTerraform(v tftypes.Value) (any, error) {
+	var result T
+	err := v.As(&result)
+	if err != nil {
+		return nil, err
+	}
+	return result, nil
+}
+
+var _ Converter = &IntegerConverter{}
+
+type IntegerConverter struct{}
+
+func (IntegerConverter) ToTerraform(v any) (tftypes.Value, error) {
+	err := tftypes.ValidateValue(tftypes.Number, v)
+	if err != nil {
+		return tftypes.Value{}, err
+	}
+	return tftypes.NewValue(tftypes.Number, v), nil
+}
+
+func (IntegerConverter) FromTerraform(v tftypes.Value) (any, error) {
+	var f big.Float
+	err := v.As(&f)
+	if err != nil {
+		return nil, err
+	}
+	i, _ := f.Int64()
+	return i, nil
+}
+
+var _ Converter = &ObjectConverter{}
+
+type ObjectConverter struct {
+	terraformName string
+	terraformType tftypes.Object
+	attributes    []*AttributeInfo
+}
+
+func terraformTypes(attributes []*AttributeInfo) map[string]tftypes.Type {
+	types := map[string]tftypes.Type{}
+	for _, attr := range attributes {
+		t := attr.TerraformType
+		if attr.Attributes != nil {
+			t = tftypes.Object{
+				AttributeTypes: terraformTypes(attr.Attributes),
+			}
+		}
+		types[attr.TerraformName] = t
+	}
+	return types
+}
+
+func NewObjectConverter(terraformName string, attributes []*AttributeInfo) *ObjectConverter {
+	return &ObjectConverter{
+		terraformName: terraformName,
+		terraformType: tftypes.Object{AttributeTypes: terraformTypes(attributes)},
+		attributes:    attributes,
+	}
+}
+
+func (c *ObjectConverter) ToTerraform(v any) (tftypes.Value, error) {
+	m, ok := v.(map[string]any)
+	if !ok {
+		return tftypes.Value{}, fmt.Errorf("unexpected type %T for attribute %v received in SEMP response; expected %T", v, c.terraformName, m)
+	}
+	tfData := map[string]tftypes.Value{}
+	for _, sempAttribute := range c.attributes {
+		v, ok := m[sempAttribute.SempName]
+		if ok {
+			tfv, err := sempAttribute.Converter.ToTerraform(v)
+			if err != nil {
+				return tftypes.Value{}, err
+			}
+			tfData[sempAttribute.TerraformName] = tfv
+		} else {
+			tfData[sempAttribute.TerraformName] = tftypes.NewValue(sempAttribute.TerraformType, nil)
+		}
+	}
+	err := tftypes.ValidateValue(c.terraformType, tfData)
+	if err != nil {
+		return tftypes.Value{}, err
+	}
+	return tftypes.NewValue(c.terraformType, tfData), nil
+}
+
+func (c *ObjectConverter) FromTerraform(v tftypes.Value) (any, error) {
+	sempData := map[string]any{}
+	tfAttributes := map[string]tftypes.Value{}
+	err := v.As(&tfAttributes)
+	if err != nil {
+		return nil, err
+	}
+	for _, attr := range c.attributes {
+		if attr.TerraformName == "id" {
+			continue
+		}
+		v, ok := tfAttributes[attr.TerraformName]
+		if ok && v.IsKnown() && !v.IsNull() {
+			v, err := attr.Converter.FromTerraform(v)
+			if err != nil {
+				return nil, err
+			}
+			sempData[attr.SempName] = v
+		}
+	}
+	return sempData, nil
+}
diff --git a/internal/broker/datasource.go b/internal/broker/datasource.go
new file mode 100644
index 00000000..39d0bd33
--- /dev/null
+++ b/internal/broker/datasource.go
@@ -0,0 +1,112 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package broker
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+
+	"terraform-provider-solacebroker/internal/semp"
+)
+
+func newBrokerDataSource(inputs EntityInputs) brokerEntity[schema.Schema] {
+	return resourceEntityToDataSourceEntity(newBrokerEntity(inputs, false))
+}
+
+func newBrokerDataSourceGenerator(inputs EntityInputs) func() datasource.DataSource {
+	return newBrokerDataSourceClosure(newBrokerDataSource(inputs))
+}
+
+func newBrokerDataSourceClosure(templateEntity brokerEntity[schema.Schema]) func() datasource.DataSource {
+	return func() datasource.DataSource {
+		var ds = brokerDataSource(templateEntity)
+		return &ds
+	}
+}
+
+var (
+	_ datasource.DataSourceWithConfigure        = &brokerDataSource{}
+	_ datasource.DataSourceWithConfigValidators = &brokerDataSource{}
+)
+
+type brokerDataSource brokerEntity[schema.Schema]
+
+func (ds *brokerDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) {
+	response.Schema = ds.schema
+}
+
+func (ds *brokerDataSource) Metadata(_ context.Context, request datasource.MetadataRequest, response *datasource.MetadataResponse) {
+	response.TypeName = request.ProviderTypeName + "_" + ds.terraformName
+}
+
+func (ds *brokerDataSource) Configure(_ context.Context, request datasource.ConfigureRequest, response *datasource.ConfigureResponse) {
+	if request.ProviderData == nil {
+		return
+	}
+	config, ok := request.ProviderData.(*providerData)
+	if !ok {
+		d := diag.NewErrorDiagnostic("Unexpected datasource configuration", fmt.Sprintf("Unexpected type %T for provider data; expected %T.", request.ProviderData, config))
+		response.Diagnostics.Append(d)
+		return
+	}
+	ds.providerData = config
+}
+
+func (ds *brokerDataSource) Read(ctx context.Context, request datasource.ReadRequest, response *datasource.ReadResponse) {
+	client, d := client(ds.providerData)
+	if d != nil {
+		response.Diagnostics.Append(d)
+		if response.Diagnostics.HasError() {
+			return
+		}
+	}
+	sempPath, err := resolveSempPath(ds.pathTemplate, ds.identifyingAttributes, request.Config.Raw)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Error generating SEMP path", err)
+		return
+	}
+	sempData, err := client.RequestWithoutBody(ctx, http.MethodGet, sempPath)
+	if err != nil {
+		if errors.Is(err, semp.ErrResourceNotFound) {
+			tflog.Info(ctx, fmt.Sprintf("Detected missing resource %v, removing from state", sempPath))
+			response.State.RemoveResource(ctx)
+		} else if err == semp.ErrAPIUnreachable {
+			addErrorToDiagnostics(&response.Diagnostics, fmt.Sprintf("SEMP call failed. HOST not reachable. %v", sempPath), err)
+		} else {
+			addErrorToDiagnostics(&response.Diagnostics, "SEMP call failed", err)
+		}
+	}
+	sempData["id"] = toId(sempPath)
+	responseData, err := ds.converter.ToTerraform(sempData)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "SEMP response conversion failed", err)
+		return
+	}
+
+	response.State.Raw = responseData
+}
+
+func (ds *brokerDataSource) ConfigValidators(_ context.Context) []datasource.ConfigValidator {
+	return nil
+}
diff --git a/internal/broker/entity.go b/internal/broker/entity.go
new file mode 100644
index 00000000..9d8e930f
--- /dev/null
+++ b/internal/broker/entity.go
@@ -0,0 +1,93 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package broker
+
+import (
+	"fmt"
+	dschema "github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	rschema "github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"reflect"
+)
+
+var resourceToDataSourceTypes = map[reflect.Type]reflect.Type{
+	reflect.TypeOf(rschema.StringAttribute{}):       reflect.TypeOf(dschema.StringAttribute{}),
+	reflect.TypeOf(rschema.Int64Attribute{}):        reflect.TypeOf(dschema.Int64Attribute{}),
+	reflect.TypeOf(rschema.BoolAttribute{}):         reflect.TypeOf(dschema.BoolAttribute{}),
+	reflect.TypeOf(rschema.SingleNestedAttribute{}): reflect.TypeOf(dschema.SingleNestedAttribute{}),
+}
+
+type brokerEntity[T rschema.Schema | dschema.Schema] struct {
+	schema T
+	brokerEntityBase
+}
+
+type brokerEntityBase struct {
+	pathTemplate          string
+	postPathTemplate      string
+	terraformName         string
+	objectType            objectType
+	identifyingAttributes []*AttributeInfo
+	attributes            []*AttributeInfo
+	converter             *ObjectConverter
+	providerData          *providerData
+}
+
+func copyMatchingFields(prefix string, in reflect.Value, out reflect.Value) {
+	tIn := in.Type()
+	tOut := out.Type()
+	for i := 0; i < in.NumField(); i++ {
+		tIn := tIn.Field(i)
+		tOut, tOutFound := tOut.FieldByName(tIn.Name)
+		if tOutFound {
+			fIn := in.Field(i)
+			if fIn.IsZero() {
+				continue
+			}
+			fOut := out.FieldByName(tIn.Name)
+			if tIn.Type.AssignableTo(tOut.Type) {
+				fOut.Set(fIn)
+			} else {
+				if tIn.Type.Kind() == reflect.Map {
+					fOut.Set(reflect.MakeMap(fOut.Type()))
+					iter := fIn.MapRange()
+					for iter.Next() {
+						k := iter.Key()
+						vIn := iter.Value()
+						iIn := vIn.Interface()
+						tvIn := reflect.TypeOf(iIn)
+						tvOut := resourceToDataSourceTypes[tvIn]
+						vOut := reflect.New(tvOut).Elem()
+						copyMatchingFields(fmt.Sprintf("%v.%v", prefix, k), reflect.ValueOf(iIn), vOut)
+						fOut.SetMapIndex(k, vOut)
+
+					}
+				}
+			}
+		}
+	}
+}
+
+func resourceEntityToDataSourceEntity(entity brokerEntity[rschema.Schema]) brokerEntity[dschema.Schema] {
+	ds := dschema.Schema{}
+	in := reflect.ValueOf(&entity.schema).Elem()
+	out := reflect.ValueOf(&ds).Elem()
+	copyMatchingFields(entity.terraformName, in, out)
+	return brokerEntity[dschema.Schema]{
+		schema:           ds,
+		brokerEntityBase: entity.brokerEntityBase,
+	}
+}
diff --git a/internal/broker/generated/AboutApi.go b/internal/broker/generated/AboutApi.go
new file mode 100644
index 00000000..db296b63
--- /dev/null
+++ b/internal/broker/generated/AboutApi.go
@@ -0,0 +1,75 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "about_api",
+		MarkdownDescription: "The API Description object provides metadata about the SEMP API.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.2.",
+		ObjectType:          broker.DataSourceObject,
+		PathTemplate:        "/about/api",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "platform",
+				TerraformName:       "platform",
+				MarkdownDescription: "The platform running the SEMP API.",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 10),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "sempVersion",
+				TerraformName:       "semp_version",
+				MarkdownDescription: "The version of the SEMP API.",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 10),
+				},
+			},
+		},
+	}
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/AboutUser.go b/internal/broker/generated/AboutUser.go
new file mode 100644
index 00000000..4c6683c3
--- /dev/null
+++ b/internal/broker/generated/AboutUser.go
@@ -0,0 +1,168 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "about_user",
+		MarkdownDescription: "Session and access level information about the user accessing the SEMP API.\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.2.",
+		ObjectType:          broker.DataSourceObject,
+		PathTemplate:        "/about/user",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "globalAccessLevel",
+				TerraformName:       "global_access_level",
+				MarkdownDescription: "The global access level of the User. The allowed values and their meaning are:\n\n<pre>\n\"admin\" - Full administrative access.\n\"none\" - No access.\n\"read-only\" - Read only access.\n\"read-write\" - Read and write access.\n</pre>\n",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("admin", "none", "read-only", "read-write"),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "globalDmrBridgeAccessEnabled",
+				TerraformName:       "global_dmr_bridge_access_enabled",
+				MarkdownDescription: "Indicates whether global DMR Bridge access is enabled for the User. This is only for Solace internal use. This attribute may not be returned in a GET. Available since (hidden in public API).",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "sessionActive",
+				TerraformName:       "session_active",
+				MarkdownDescription: "Indicates whether a session is active for this request. Available since SEMP API version 2.24.",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "sessionCreateTime",
+				TerraformName:       "session_create_time",
+				MarkdownDescription: "The timestamp of when the session was created. This attribute may not be returned in a GET. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since SEMP API version 2.21.",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(-2147483648, 2147483647),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "sessionCurrentTime",
+				TerraformName:       "session_current_time",
+				MarkdownDescription: "The current server timestamp. This is provided as a reference point for the other timestamps provided. This attribute may not be returned in a GET. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since SEMP API version 2.21.",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(-2147483648, 2147483647),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "sessionHardExpiryTime",
+				TerraformName:       "session_hard_expiry_time",
+				MarkdownDescription: "The hard expiry time for the session. After this time the session will be invalid, regardless of activity. This attribute may not be returned in a GET. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since SEMP API version 2.21.",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(-2147483648, 2147483647),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "sessionId",
+				TerraformName:       "session_id",
+				MarkdownDescription: "An identifier for the session to differentiate this session from other sessions for the same user. This value is not guaranteed to be unique between active sessions for different users. This attribute may not be returned in a GET. Available since SEMP API version 2.21.",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 56),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "sessionIdleExpiryTime",
+				TerraformName:       "session_idle_expiry_time",
+				MarkdownDescription: "The session idle expiry time. After this time the session will be invalid if there has been no activity. This attribute may not be returned in a GET. This value represents the number of seconds since 1970-01-01 00:00:00 UTC (Unix time). Available since SEMP API version 2.21.",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(-2147483648, 2147483647),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "username",
+				TerraformName:       "username",
+				MarkdownDescription: "The username of the User. Available since SEMP API version 2.21.",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+				},
+			},
+		},
+	}
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/AboutUserMsgVpn.go b/internal/broker/generated/AboutUserMsgVpn.go
new file mode 100644
index 00000000..8a0a6116
--- /dev/null
+++ b/internal/broker/generated/AboutUserMsgVpn.go
@@ -0,0 +1,78 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "about_user_msg_vpn",
+		MarkdownDescription: "This provides information about the Message VPN access level for the username used to access the SEMP API.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.2.",
+		ObjectType:          broker.DataSourceObject,
+		PathTemplate:        "/about/user/msgVpns/{msgVpnName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "accessLevel",
+				TerraformName:       "access_level",
+				MarkdownDescription: "The Message VPN access level of the User. The allowed values and their meaning are:\n\n<pre>\n\"none\" - No access.\n\"read-only\" - Read only access.\n\"read-write\" - Read and write access.\n</pre>\n",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "read-only", "read-write"),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/Broker.go b/internal/broker/generated/Broker.go
new file mode 100644
index 00000000..818d1a75
--- /dev/null
+++ b/internal/broker/generated/Broker.go
@@ -0,0 +1,2105 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "broker",
+		MarkdownDescription: "This object contains global configuration for the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ntls_server_cert_content||x||x\ntls_server_cert_password||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/none\" is required to perform this operation. Requests which include the following attributes require greater access scope/level:\n\n\nAttribute|Access Scope/Level\n:---|:---:\nauth_client_cert_revocation_check_mode|global/read-only\nconfig_sync_authentication_client_cert_max_chain_depth|global/read-only\nconfig_sync_authentication_client_cert_validate_date_enabled|global/read-only\nconfig_sync_client_profile_tcp_initial_congestion_window|global/read-only\nconfig_sync_client_profile_tcp_keepalive_count|global/read-only\nconfig_sync_client_profile_tcp_keepalive_idle|global/read-only\nconfig_sync_client_profile_tcp_keepalive_interval|global/read-only\nconfig_sync_client_profile_tcp_max_window|global/read-only\nconfig_sync_client_profile_tcp_mss|global/read-only\nconfig_sync_enabled|global/read-only\nconfig_sync_synchronize_username_enabled|global/read-only\nconfig_sync_tls_enabled|global/read-only\nguaranteed_msging_defragmentation_schedule_day_list|global/read-only\nguaranteed_msging_defragmentation_schedule_enabled|global/read-only\nguaranteed_msging_defragmentation_schedule_time_list|global/read-only\nguaranteed_msging_defragmentation_threshold_enabled|global/read-only\nguaranteed_msging_defragmentation_threshold_fragmentation_percentage|global/read-only\nguaranteed_msging_defragmentation_threshold_min_interval|global/read-only\nguaranteed_msging_defragmentation_threshold_usage_percentage|global/read-only\nguaranteed_msging_enabled|global/read-only\nguaranteed_msging_event_cache_usage_threshold.clear_percent|global/read-only\nguaranteed_msging_event_cache_usage_threshold.clear_value|global/read-only\nguaranteed_msging_event_cache_usage_threshold.set_percent|global/read-only\nguaranteed_msging_event_cache_usage_threshold.set_value|global/read-only\nguaranteed_msging_event_delivered_unacked_threshold.clear_percent|global/read-only\nguaranteed_msging_event_delivered_unacked_threshold.set_percent|global/read-only\nguaranteed_msging_event_disk_usage_threshold.clear_percent|global/read-only\nguaranteed_msging_event_disk_usage_threshold.set_percent|global/read-only\nguaranteed_msging_event_egress_flow_count_threshold.clear_percent|global/read-only\nguaranteed_msging_event_egress_flow_count_threshold.clear_value|global/read-only\nguaranteed_msging_event_egress_flow_count_threshold.set_percent|global/read-only\nguaranteed_msging_event_egress_flow_count_threshold.set_value|global/read-only\nguaranteed_msging_event_endpoint_count_threshold.clear_percent|global/read-only\nguaranteed_msging_event_endpoint_count_threshold.clear_value|global/read-only\nguaranteed_msging_event_endpoint_count_threshold.set_percent|global/read-only\nguaranteed_msging_event_endpoint_count_threshold.set_value|global/read-only\nguaranteed_msging_event_ingress_flow_count_threshold.clear_percent|global/read-only\nguaranteed_msging_event_ingress_flow_count_threshold.clear_value|global/read-only\nguaranteed_msging_event_ingress_flow_count_threshold.set_percent|global/read-only\nguaranteed_msging_event_ingress_flow_count_threshold.set_value|global/read-only\nguaranteed_msging_event_msg_count_threshold.clear_percent|global/read-only\nguaranteed_msging_event_msg_count_threshold.set_percent|global/read-only\nguaranteed_msging_event_msg_spool_file_count_threshold.clear_percent|global/read-only\nguaranteed_msging_event_msg_spool_file_count_threshold.set_percent|global/read-only\nguaranteed_msging_event_msg_spool_usage_threshold.clear_percent|global/read-only\nguaranteed_msging_event_msg_spool_usage_threshold.clear_value|global/read-only\nguaranteed_msging_event_msg_spool_usage_threshold.set_percent|global/read-only\nguaranteed_msging_event_msg_spool_usage_threshold.set_value|global/read-only\nguaranteed_msging_event_transacted_session_count_threshold.clear_percent|global/read-only\nguaranteed_msging_event_transacted_session_count_threshold.clear_value|global/read-only\nguaranteed_msging_event_transacted_session_count_threshold.set_percent|global/read-only\nguaranteed_msging_event_transacted_session_count_threshold.set_value|global/read-only\nguaranteed_msging_event_transacted_session_resource_count_threshold.clear_percent|global/read-only\nguaranteed_msging_event_transacted_session_resource_count_threshold.set_percent|global/read-only\nguaranteed_msging_event_transaction_count_threshold.clear_percent|global/read-only\nguaranteed_msging_event_transaction_count_threshold.clear_value|global/read-only\nguaranteed_msging_event_transaction_count_threshold.set_percent|global/read-only\nguaranteed_msging_event_transaction_count_threshold.set_value|global/read-only\nguaranteed_msging_max_cache_usage|global/read-only\nguaranteed_msging_max_msg_spool_usage|global/read-only\nguaranteed_msging_msg_spool_sync_mirrored_msg_ack_timeout|global/read-only\nguaranteed_msging_msg_spool_sync_mirrored_spool_file_ack_timeout|global/read-only\nguaranteed_msging_transaction_replication_compatibility_mode|global/read-only\noauth_profile_default|global/read-only\nservice_amqp_enabled|global/read-only\nservice_amqp_tls_listen_port|global/read-only\nservice_event_connection_count_threshold.clear_percent|global/read-only\nservice_event_connection_count_threshold.clear_value|global/read-only\nservice_event_connection_count_threshold.set_percent|global/read-only\nservice_event_connection_count_threshold.set_value|global/read-only\nservice_health_check_enabled|global/read-only\nservice_health_check_listen_port|global/read-only\nservice_health_check_tls_enabled|global/read-only\nservice_health_check_tls_listen_port|global/read-only\nservice_mate_link_enabled|global/read-only\nservice_mate_link_listen_port|global/read-only\nservice_mqtt_enabled|global/read-only\nservice_msg_backbone_enabled|global/read-only\nservice_redundancy_enabled|global/read-only\nservice_redundancy_first_listen_port|global/read-only\nservice_rest_event_outgoing_connection_count_threshold.clear_percent|global/read-only\nservice_rest_event_outgoing_connection_count_threshold.clear_value|global/read-only\nservice_rest_event_outgoing_connection_count_threshold.set_percent|global/read-only\nservice_rest_event_outgoing_connection_count_threshold.set_value|global/read-only\nservice_rest_incoming_enabled|global/read-only\nservice_rest_outgoing_enabled|global/read-only\nservice_semp_cors_allow_any_host_enabled|global/read-only\nservice_semp_legacy_timeout_enabled|global/read-only\nservice_semp_plain_text_enabled|global/read-only\nservice_semp_plain_text_listen_port|global/read-only\nservice_semp_session_idle_timeout|global/read-only\nservice_semp_session_max_lifetime|global/read-only\nservice_semp_tls_enabled|global/read-only\nservice_semp_tls_listen_port|global/read-only\nservice_smf_compression_listen_port|global/read-only\nservice_smf_enabled|global/read-only\nservice_smf_event_connection_count_threshold.clear_percent|global/read-only\nservice_smf_event_connection_count_threshold.clear_value|global/read-only\nservice_smf_event_connection_count_threshold.set_percent|global/read-only\nservice_smf_event_connection_count_threshold.set_value|global/read-only\nservice_smf_plain_text_listen_port|global/read-only\nservice_smf_routing_control_listen_port|global/read-only\nservice_smf_tls_listen_port|global/read-only\nservice_tls_event_connection_count_threshold.clear_percent|global/read-only\nservice_tls_event_connection_count_threshold.clear_value|global/read-only\nservice_tls_event_connection_count_threshold.set_percent|global/read-only\nservice_tls_event_connection_count_threshold.set_value|global/read-only\nservice_web_transport_enabled|global/read-only\nservice_web_transport_plain_text_listen_port|global/read-only\nservice_web_transport_tls_listen_port|global/read-only\nservice_web_transport_web_url_suffix|global/read-only\ntls_block_version11_enabled|global/read-only\ntls_cipher_suite_management_list|global/read-only\ntls_cipher_suite_msg_backbone_list|global/read-only\ntls_cipher_suite_secure_shell_list|global/read-only\ntls_crime_exploit_protection_enabled|global/read-only\ntls_server_cert_content|global/read-only\ntls_standard_domain_certificate_authorities_enabled|vpn/read-only\ntls_ticket_lifetime|global/read-only\nweb_manager_allow_unencrypted_wizards_enabled|vpn/read-only\nweb_manager_customization|vpn/read-only\nweb_manager_redirect_http_enabled|vpn/read-only\nweb_manager_redirect_http_override_tls_port|vpn/read-only\n\n\n\nThis has been available since SEMP API version 2.13.",
+		ObjectType:          broker.SingletonObject,
+		PathTemplate:        "/",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authClientCertRevocationCheckMode",
+				TerraformName:       "auth_client_cert_revocation_check_mode",
+				MarkdownDescription: "The client certificate revocation checking mode used when a client authenticates with a client certificate. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - Do not perform any certificate revocation checking.\n\"ocsp\" - Use the Open Certificate Status Protcol (OCSP) for certificate revocation checking.\n\"crl\" - Use Certificate Revocation Lists (CRL) for certificate revocation checking.\n\"ocsp-crl\" - Use OCSP first, but if OCSP fails to return an unambiguous result, then check via CRL.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "ocsp", "crl", "ocsp-crl"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "configSyncAuthenticationClientCertMaxChainDepth",
+				TerraformName:       "config_sync_authentication_client_cert_max_chain_depth",
+				MarkdownDescription: "The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. The default value is `3`. Available since SEMP API version 2.22.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 8),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "configSyncAuthenticationClientCertValidateDateEnabled",
+				TerraformName:       "config_sync_authentication_client_cert_validate_date_enabled",
+				MarkdownDescription: "Enable or disable validation of the \"Not Before\" and \"Not After\" validity dates in the authentication certificate(s). The default value is `true`. Available since SEMP API version 2.22.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "configSyncClientProfileTcpInitialCongestionWindow",
+				TerraformName:       "config_sync_client_profile_tcp_initial_congestion_window",
+				MarkdownDescription: "The TCP initial congestion window size for Config Sync clients, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. The default value is `2`. Available since SEMP API version 2.22.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 7826),
+				},
+				Default: 2,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "configSyncClientProfileTcpKeepaliveCount",
+				TerraformName:       "config_sync_client_profile_tcp_keepalive_count",
+				MarkdownDescription: "The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. The default value is `5`. Available since SEMP API version 2.22.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 5),
+				},
+				Default: 5,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "configSyncClientProfileTcpKeepaliveIdle",
+				TerraformName:       "config_sync_client_profile_tcp_keepalive_idle",
+				MarkdownDescription: "The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. The default value is `3`. Available since SEMP API version 2.22.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(3, 120),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "configSyncClientProfileTcpKeepaliveInterval",
+				TerraformName:       "config_sync_client_profile_tcp_keepalive_interval",
+				MarkdownDescription: "The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. The default value is `1`. Available since SEMP API version 2.22.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 30),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "configSyncClientProfileTcpMaxWindow",
+				TerraformName:       "config_sync_client_profile_tcp_max_window",
+				MarkdownDescription: "The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. The default value is `256`. Available since SEMP API version 2.22.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(16, 65536),
+				},
+				Default: 256,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "configSyncClientProfileTcpMss",
+				TerraformName:       "config_sync_client_profile_tcp_mss",
+				MarkdownDescription: "The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. The default value is `1460`. Available since SEMP API version 2.22.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(256, 1460),
+				},
+				Default: 1460,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "configSyncEnabled",
+				TerraformName:       "config_sync_enabled",
+				MarkdownDescription: "Enable or disable configuration synchronization for High Availability or Disaster Recovery. The default value is `false`. Available since SEMP API version 2.22.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "configSyncSynchronizeUsernameEnabled",
+				TerraformName:       "config_sync_synchronize_username_enabled",
+				MarkdownDescription: "Enable or disable the synchronizing of usernames within High Availability groups. The transition from not synchronizing to synchronizing will cause the High Availability mate to fall out of sync. Recommendation: leave this as enabled. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.22.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "configSyncTlsEnabled",
+				TerraformName:       "config_sync_tls_enabled",
+				MarkdownDescription: "Enable or disable the use of TLS encryption of the configuration synchronization communications between brokers in High Availability groups and/or Disaster Recovery sites. The default value is `false`. Available since SEMP API version 2.22.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "guaranteedMsgingDefragmentationScheduleDayList",
+				TerraformName:       "guaranteed_msging_defragmentation_schedule_day_list",
+				MarkdownDescription: "The days of the week to schedule defragmentation runs, specified as \"daily\" or as a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri, or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. Please note \"Sun,Mon,Tue,Wed,Thu,Fri,Sat\" is not allowed, use \"daily\" instead. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"daily\"`. Available since SEMP API version 2.25.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+				Default: "daily",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "guaranteedMsgingDefragmentationScheduleEnabled",
+				TerraformName:       "guaranteed_msging_defragmentation_schedule_enabled",
+				MarkdownDescription: "Enable or disable schedule-based defragmentation of Guaranteed Messaging spool files. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.25.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "guaranteedMsgingDefragmentationScheduleTimeList",
+				TerraformName:       "guaranteed_msging_defragmentation_schedule_time_list",
+				MarkdownDescription: "The times of the day to schedule defragmentation runs, specified as \"hourly\" or as a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"0:00\"`. Available since SEMP API version 2.25.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+				Default: "0:00",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "guaranteedMsgingDefragmentationThresholdEnabled",
+				TerraformName:       "guaranteed_msging_defragmentation_threshold_enabled",
+				MarkdownDescription: "Enable or disable threshold-based defragmentation of Guaranteed Messaging spool files. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.25.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedMsgingDefragmentationThresholdFragmentationPercentage",
+				TerraformName:       "guaranteed_msging_defragmentation_threshold_fragmentation_percentage",
+				MarkdownDescription: "Percentage of spool fragmentation needed to trigger defragmentation run. The minimum value allowed is 30%. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `50`. Available since SEMP API version 2.25.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(30, 100),
+				},
+				Default: 50,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedMsgingDefragmentationThresholdMinInterval",
+				TerraformName:       "guaranteed_msging_defragmentation_threshold_min_interval",
+				MarkdownDescription: "Minimum interval of time (in minutes) between defragmentation runs triggered by thresholds. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `15`. Available since SEMP API version 2.25.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 15,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedMsgingDefragmentationThresholdUsagePercentage",
+				TerraformName:       "guaranteed_msging_defragmentation_threshold_usage_percentage",
+				MarkdownDescription: "Percentage of spool usage needed to trigger defragmentation run. The minimum value allowed is 30%. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `50`. Available since SEMP API version 2.25.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(30, 100),
+				},
+				Default: 50,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "guaranteedMsgingEnabled",
+				TerraformName:       "guaranteed_msging_enabled",
+				MarkdownDescription: "Enable or disable Guaranteed Messaging. The default value is `false`. Available since SEMP API version 2.18.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "guaranteedMsgingEventCacheUsageThreshold",
+				TerraformName:       "guaranteed_msging_event_cache_usage_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "guaranteedMsgingEventDeliveredUnackedThreshold",
+				TerraformName:       "guaranteed_msging_event_delivered_unacked_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 80,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "guaranteedMsgingEventDiskUsageThreshold",
+				TerraformName:       "guaranteed_msging_event_disk_usage_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 80,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "guaranteedMsgingEventEgressFlowCountThreshold",
+				TerraformName:       "guaranteed_msging_event_egress_flow_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "guaranteedMsgingEventEndpointCountThreshold",
+				TerraformName:       "guaranteed_msging_event_endpoint_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "guaranteedMsgingEventIngressFlowCountThreshold",
+				TerraformName:       "guaranteed_msging_event_ingress_flow_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "guaranteedMsgingEventMsgCountThreshold",
+				TerraformName:       "guaranteed_msging_event_msg_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 80,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "guaranteedMsgingEventMsgSpoolFileCountThreshold",
+				TerraformName:       "guaranteed_msging_event_msg_spool_file_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 80,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "guaranteedMsgingEventMsgSpoolUsageThreshold",
+				TerraformName:       "guaranteed_msging_event_msg_spool_usage_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "guaranteedMsgingEventTransactedSessionCountThreshold",
+				TerraformName:       "guaranteed_msging_event_transacted_session_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "guaranteedMsgingEventTransactedSessionResourceCountThreshold",
+				TerraformName:       "guaranteed_msging_event_transacted_session_resource_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 80,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "guaranteedMsgingEventTransactionCountThreshold",
+				TerraformName:       "guaranteed_msging_event_transaction_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedMsgingMaxCacheUsage",
+				TerraformName:       "guaranteed_msging_max_cache_usage",
+				MarkdownDescription: "Guaranteed messaging cache usage limit. Expressed as a maximum percentage of the NAB's egress queueing. resources that the guaranteed message cache is allowed to use. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `10`. Available since SEMP API version 2.18.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 50),
+				},
+				Default: 10,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedMsgingMaxMsgSpoolUsage",
+				TerraformName:       "guaranteed_msging_max_msg_spool_usage",
+				MarkdownDescription: "The maximum total message spool usage allowed across all VPNs on this broker, in megabytes. Recommendation: the maximum value should be less than 90% of the disk space allocated for the guaranteed message spool. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1500`. Available since SEMP API version 2.18.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 6000000),
+				},
+				Default: 1500,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedMsgingMsgSpoolSyncMirroredMsgAckTimeout",
+				TerraformName:       "guaranteed_msging_msg_spool_sync_mirrored_msg_ack_timeout",
+				MarkdownDescription: "The maximum time, in milliseconds, that can be tolerated for remote acknowledgment of synchronization messages before which the remote system will be considered out of sync. The default value is `10000`. Available since SEMP API version 2.18.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 10000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedMsgingMsgSpoolSyncMirroredSpoolFileAckTimeout",
+				TerraformName:       "guaranteed_msging_msg_spool_sync_mirrored_spool_file_ack_timeout",
+				MarkdownDescription: "The maximum time, in milliseconds, that can be tolerated for remote disk writes before which the remote system will be considered out of sync. The default value is `10000`. Available since SEMP API version 2.18.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 10000,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "guaranteedMsgingTransactionReplicationCompatibilityMode",
+				TerraformName:       "guaranteed_msging_transaction_replication_compatibility_mode",
+				MarkdownDescription: "The replication compatibility mode for the broker. The default value is `\"legacy\"`. The allowed values and their meaning are:\"legacy\" - All transactions originated by clients are replicated to the standby site without using transactions.\"transacted\" - All transactions originated by clients are replicated to the standby site using transactions. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"legacy\"`. The allowed values and their meaning are:\n\n<pre>\n\"legacy\" - All transactions originated by clients are replicated to the standby site without using transactions.\n\"transacted\" - All transactions originated by clients are replicated to the standby site using transactions.\n</pre>\n Available since SEMP API version 2.18.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("legacy", "transacted"),
+				},
+				Default: "legacy",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthProfileDefault",
+				TerraformName:       "oauth_profile_default",
+				MarkdownDescription: "The default OAuth profile for OAuth authenticated SEMP requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`. Available since SEMP API version 2.24.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceAmqpEnabled",
+				TerraformName:       "service_amqp_enabled",
+				MarkdownDescription: "Enable or disable the AMQP service. When disabled new AMQP Clients may not connect through the global or per-VPN AMQP listen-ports, and all currently connected AMQP Clients are immediately disconnected. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceAmqpTlsListenPort",
+				TerraformName:       "service_amqp_tls_listen_port",
+				MarkdownDescription: "TCP port number that AMQP clients can use to connect to the broker using raw TCP over TLS. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_amqp_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since SEMP API version 2.17.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "serviceEventConnectionCountThreshold",
+				TerraformName:       "service_event_connection_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceHealthCheckEnabled",
+				TerraformName:       "service_health_check_enabled",
+				MarkdownDescription: "Enable or disable the plain-text health-check service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceHealthCheckListenPort",
+				TerraformName:       "service_health_check_listen_port",
+				MarkdownDescription: "The port number for the plain-text health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_health_check_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5550`. Available since SEMP API version 2.17.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 65535),
+				},
+				Default: 5550,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceHealthCheckTlsEnabled",
+				TerraformName:       "service_health_check_tls_enabled",
+				MarkdownDescription: "Enable or disable the TLS health-check service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.34.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceHealthCheckTlsListenPort",
+				TerraformName:       "service_health_check_tls_listen_port",
+				MarkdownDescription: "The port number for the TLS health-check service. The port must be unique across the message backbone. The health-check service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_health_check_tls_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since SEMP API version 2.34.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceMateLinkEnabled",
+				TerraformName:       "service_mate_link_enabled",
+				MarkdownDescription: "Enable or disable the mate-link service. The default value is `true`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceMateLinkListenPort",
+				TerraformName:       "service_mate_link_listen_port",
+				MarkdownDescription: "The port number for the mate-link service. The port must be unique across the message backbone. The mate-link service must be disabled to change the port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mate_link_enabled will be temporarily set to false to apply the change. The default value is `8741`. Available since SEMP API version 2.17.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 65535),
+				},
+				Default: 8741,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceMqttEnabled",
+				TerraformName:       "service_mqtt_enabled",
+				MarkdownDescription: "Enable or disable the MQTT service. When disabled new MQTT Clients may not connect through the per-VPN MQTT listen-ports, and all currently connected MQTT Clients are immediately disconnected. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceMsgBackboneEnabled",
+				TerraformName:       "service_msg_backbone_enabled",
+				MarkdownDescription: "Enable or disable the msg-backbone service. When disabled new Clients may not connect through global or per-VPN listen-ports, and all currently connected Clients are immediately disconnected. The default value is `true`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceRedundancyEnabled",
+				TerraformName:       "service_redundancy_enabled",
+				MarkdownDescription: "Enable or disable the redundancy service. The default value is `true`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceRedundancyFirstListenPort",
+				TerraformName:       "service_redundancy_first_listen_port",
+				MarkdownDescription: "The first listen-port used for the redundancy service. Redundancy uses this port and the subsequent 2 ports. These port must be unique across the message backbone. The redundancy service must be disabled to change this port. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_redundancy_enabled will be temporarily set to false to apply the change. The default value is `8300`. Available since SEMP API version 2.17.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 65533),
+				},
+				Default: 8300,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "serviceRestEventOutgoingConnectionCountThreshold",
+				TerraformName:       "service_rest_event_outgoing_connection_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 6000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 6000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceRestIncomingEnabled",
+				TerraformName:       "service_rest_incoming_enabled",
+				MarkdownDescription: "Enable or disable the REST service incoming connections on the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceRestOutgoingEnabled",
+				TerraformName:       "service_rest_outgoing_enabled",
+				MarkdownDescription: "Enable or disable the REST service outgoing connections on the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceSempCorsAllowAnyHostEnabled",
+				TerraformName:       "service_semp_cors_allow_any_host_enabled",
+				MarkdownDescription: "Enable or disable cross origin resource requests for the SEMP service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.24.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceSempLegacyTimeoutEnabled",
+				TerraformName:       "service_semp_legacy_timeout_enabled",
+				MarkdownDescription: "Enable or disable extended SEMP timeouts for paged responses. When a request times out, it returns the current page of content, even if the page is not full.  When enabled, the timeout is 60 seconds. When disabled, the timeout is 5 seconds.  The recommended setting is disabled (no legacy-timeout).  This parameter is intended as a temporary workaround to be used until SEMP clients can handle short pages.  This setting will be removed in a future release. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.18.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceSempPlainTextEnabled",
+				TerraformName:       "service_semp_plain_text_enabled",
+				MarkdownDescription: "Enable or disable plain-text SEMP service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceSempSessionIdleTimeout",
+				TerraformName:       "service_semp_session_idle_timeout",
+				MarkdownDescription: "The session idle timeout, in minutes. Sessions will be invalidated if there is no activity in this period of time. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `15`. Available since SEMP API version 2.21.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 5256000),
+				},
+				Default: 15,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceSempSessionMaxLifetime",
+				TerraformName:       "service_semp_session_max_lifetime",
+				MarkdownDescription: "The maximum lifetime of a session, in minutes. Sessions will be invalidated after this period of time, regardless of activity. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `43200`. Available since SEMP API version 2.21.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 5256000),
+				},
+				Default: 43200,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceSempTlsEnabled",
+				TerraformName:       "service_semp_tls_enabled",
+				MarkdownDescription: "Enable or disable TLS SEMP service. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceSmfCompressionListenPort",
+				TerraformName:       "service_smf_compression_listen_port",
+				MarkdownDescription: "TCP port number that SMF clients can use to connect to the broker using raw compression TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_smf_enabled will be temporarily set to false to apply the change. The default value is `55003`. Available since SEMP API version 2.17.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 65535),
+				},
+				Default: 55003,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceSmfEnabled",
+				TerraformName:       "service_smf_enabled",
+				MarkdownDescription: "Enable or disable the SMF service. When disabled new SMF Clients may not connect through the global listen-ports, and all currently connected SMF Clients are immediately disconnected. The default value is `true`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "serviceSmfEventConnectionCountThreshold",
+				TerraformName:       "service_smf_event_connection_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceSmfPlainTextListenPort",
+				TerraformName:       "service_smf_plain_text_listen_port",
+				MarkdownDescription: "TCP port number that SMF clients can use to connect to the broker using raw TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_smf_enabled will be temporarily set to false to apply the change. The default value is `55555`. Available since SEMP API version 2.17.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 65535),
+				},
+				Default: 55555,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceSmfRoutingControlListenPort",
+				TerraformName:       "service_smf_routing_control_listen_port",
+				MarkdownDescription: "TCP port number that SMF clients can use to connect to the broker using raw routing control TCP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_smf_enabled will be temporarily set to false to apply the change. The default value is `55556`. Available since SEMP API version 2.17.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 65535),
+				},
+				Default: 55556,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceSmfTlsListenPort",
+				TerraformName:       "service_smf_tls_listen_port",
+				MarkdownDescription: "TCP port number that SMF clients can use to connect to the broker using raw TCP over TLS. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_smf_enabled will be temporarily set to false to apply the change. The default value is `55443`. Available since SEMP API version 2.17.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 65535),
+				},
+				Default: 55443,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "serviceTlsEventConnectionCountThreshold",
+				TerraformName:       "service_tls_event_connection_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceWebTransportEnabled",
+				TerraformName:       "service_web_transport_enabled",
+				MarkdownDescription: "Enable or disable the web-transport service. When disabled new web-transport Clients may not connect through the global listen-ports, and all currently connected web-transport Clients are immediately disconnected. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceWebTransportPlainTextListenPort",
+				TerraformName:       "service_web_transport_plain_text_listen_port",
+				MarkdownDescription: "The TCP port for plain-text WEB client connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_web_transport_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `8008`. Available since SEMP API version 2.17.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 65535),
+				},
+				Default: 8008,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceWebTransportTlsListenPort",
+				TerraformName:       "service_web_transport_tls_listen_port",
+				MarkdownDescription: "The TCP port for TLS WEB client connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_web_transport_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1443`. Available since SEMP API version 2.17.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 65535),
+				},
+				Default: 1443,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "serviceWebTransportWebUrlSuffix",
+				TerraformName:       "service_web_transport_web_url_suffix",
+				MarkdownDescription: "Used to specify the Web URL suffix that will be used by Web clients when communicating with the broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_web_transport_enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since SEMP API version 2.17.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 127),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "tlsBlockVersion11Enabled",
+				TerraformName:       "tls_block_version11_enabled",
+				MarkdownDescription: "Enable or disable the blocking of TLS version 1.1 connections. When blocked, all existing incoming and outgoing TLS 1.1 connections with Clients, SEMP users, and LDAP servers remain connected while new connections are blocked. Note that support for TLS 1.1 will eventually be discontinued, at which time TLS 1.1 connections will be blocked regardless of this setting. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "tlsCipherSuiteManagementList",
+				TerraformName:       "tls_cipher_suite_management_list",
+				MarkdownDescription: "The colon-separated list of cipher suites used for TLS management connections (e.g. SEMP, LDAP). The value \"default\" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"default\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 1559),
+				},
+				Default: "default",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "tlsCipherSuiteMsgBackboneList",
+				TerraformName:       "tls_cipher_suite_msg_backbone_list",
+				MarkdownDescription: "The colon-separated list of cipher suites used for TLS data connections (e.g. client pub/sub). The value \"default\" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"default\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 1559),
+				},
+				Default: "default",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "tlsCipherSuiteSecureShellList",
+				TerraformName:       "tls_cipher_suite_secure_shell_list",
+				MarkdownDescription: "The colon-separated list of cipher suites used for TLS secure shell connections (e.g. SSH, SFTP, SCP). The value \"default\" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"default\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 1559),
+				},
+				Default: "default",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "tlsCrimeExploitProtectionEnabled",
+				TerraformName:       "tls_crime_exploit_protection_enabled",
+				MarkdownDescription: "Enable or disable protection against the CRIME exploit. When enabled, TLS+compressed messaging performance is degraded. This protection should only be disabled if sufficient ACL and authentication features are being employed such that a potential attacker does not have sufficient access to trigger the exploit. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "tlsServerCertContent",
+				TerraformName:       "tls_server_cert_content",
+				MarkdownDescription: "The PEM formatted content for the server certificate used for TLS connections. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32768),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "tlsServerCertPassword",
+				TerraformName:       "tls_server_cert_password",
+				MarkdownDescription: "The password for the server certificate used for TLS connections. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). The default value is `\"\"`.",
+				Sensitive:           true,
+				Requires:            []string{"tls_server_cert_content"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("tls_server_cert_content"),
+					),
+					stringvalidator.LengthBetween(0, 512),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "tlsStandardDomainCertificateAuthoritiesEnabled",
+				TerraformName:       "tls_standard_domain_certificate_authorities_enabled",
+				MarkdownDescription: "Enable or disable the standard domain certificate authority list. The default value is `true`. Available since SEMP API version 2.19.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "tlsTicketLifetime",
+				TerraformName:       "tls_ticket_lifetime",
+				MarkdownDescription: "The TLS ticket lifetime in seconds. When a client connects with TLS, a session with a session ticket is created using the TLS ticket lifetime which determines how long the client has to resume the session. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 86400),
+				},
+				Default: 86400,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "webManagerAllowUnencryptedWizardsEnabled",
+				TerraformName:       "web_manager_allow_unencrypted_wizards_enabled",
+				MarkdownDescription: "Enable or disable the use of unencrypted wizards in the Web-based Manager UI. This setting should be left at its default on all production systems or other systems that need to be secure.  Enabling this option will permit the broker to forward plain-text data to other brokers, making important information or credentials available for snooping. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`. Available since SEMP API version 2.28.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "webManagerCustomization",
+				TerraformName:       "web_manager_customization",
+				MarkdownDescription: "Reserved for internal use by Solace. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`. Available since SEMP API version 2.25.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 1024),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "webManagerRedirectHttpEnabled",
+				TerraformName:       "web_manager_redirect_http_enabled",
+				MarkdownDescription: "Enable or disable redirection of HTTP requests for the broker manager to HTTPS. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.24.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "webManagerRedirectHttpOverrideTlsPort",
+				TerraformName:       "web_manager_redirect_http_override_tls_port",
+				MarkdownDescription: "The HTTPS port that HTTP requests will be redirected towards in a HTTP 301 redirect response. Zero is a special value that means use the value specified for the SEMP TLS port value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`. Available since SEMP API version 2.24.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 0,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/ClientCertAuthority.go b/internal/broker/generated/ClientCertAuthority.go
new file mode 100644
index 00000000..53c159ed
--- /dev/null
+++ b/internal/broker/generated/ClientCertAuthority.go
@@ -0,0 +1,175 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "client_cert_authority",
+		MarkdownDescription: "Clients can authenticate with the message broker over TLS by presenting a valid client certificate. The message broker authenticates the client certificate by constructing a full certificate chain (from the client certificate to intermediate CAs to a configured root CA). The intermediate CAs in this chain can be provided by the client, or configured in the message broker. The root CA must be configured on the message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncert_authority_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.19.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/clientCertAuthorities/{certAuthorityName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "certAuthorityName",
+				TerraformName:       "cert_authority_name",
+				MarkdownDescription: "The name of the Certificate Authority.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_\\-.]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "certContent",
+				TerraformName:       "cert_content",
+				MarkdownDescription: "The PEM formatted content for the trusted root certificate of a client Certificate Authority. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32768),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "crlDayList",
+				TerraformName:       "crl_day_list",
+				MarkdownDescription: "The scheduled CRL refresh day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"crl_time_list\" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"daily\"`.",
+				Requires:            []string{"crl_time_list"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("crl_time_list"),
+					),
+					stringvalidator.LengthBetween(0, 100),
+				},
+				Default: "daily",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "crlTimeList",
+				TerraformName:       "crl_time_list",
+				MarkdownDescription: "The scheduled CRL refresh time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"crl_day_list\" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"3:00\"`.",
+				Requires:            []string{"crl_day_list"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("crl_day_list"),
+					),
+					stringvalidator.LengthBetween(0, 100),
+				},
+				Default: "3:00",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "crlUrl",
+				TerraformName:       "crl_url",
+				MarkdownDescription: "The URL for the CRL source. This is a required attribute for CRL to be operational and the URL must be complete with http:// included. IPv6 addresses must be enclosed in square-brackets. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as revocation_check_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 2048),
+					stringvalidator.RegexMatches(regexp.MustCompile("^(.+://.+)?$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "ocspNonResponderCertEnabled",
+				TerraformName:       "ocsp_non_responder_cert_enabled",
+				MarkdownDescription: "Enable or disable allowing a non-responder certificate to sign an OCSP response. Typically used with an OCSP override URL in cases where a single certificate is used to sign client certificates and OCSP responses. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "ocspOverrideUrl",
+				TerraformName:       "ocsp_override_url",
+				MarkdownDescription: "The OCSP responder URL to use for overriding the one supplied in the client certificate. The URL must be complete with http:// included. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 2048),
+					stringvalidator.RegexMatches(regexp.MustCompile("^((.|..|...|....|[^h]....|.[^t]...|..[^t]..|...[^p].|....[^s]|.......*)://.+)?$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "ocspTimeout",
+				TerraformName:       "ocsp_timeout",
+				MarkdownDescription: "The timeout in seconds to receive a response from the OCSP responder after sending a request or making the initial connection attempt. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 86400),
+				},
+				Default: 5,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "revocationCheckEnabled",
+				TerraformName:       "revocation_check_enabled",
+				MarkdownDescription: "Enable or disable Certificate Authority revocation checking. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/ClientCertAuthorityOcspTlsTrustedCommonName.go b/internal/broker/generated/ClientCertAuthorityOcspTlsTrustedCommonName.go
new file mode 100644
index 00000000..c60db350
--- /dev/null
+++ b/internal/broker/generated/ClientCertAuthorityOcspTlsTrustedCommonName.go
@@ -0,0 +1,82 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "client_cert_authority_ocsp_tls_trusted_common_name",
+		MarkdownDescription: "When an OCSP override URL is configured, the OCSP responder will be required to sign the OCSP responses with certificates issued to these Trusted Common Names. A maximum of 8 common names can be configured as valid response signers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncert_authority_name|x|||\nocsp_tls_trusted_common_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.19.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/clientCertAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames/{ocspTlsTrustedCommonName}",
+		PostPathTemplate:    "/clientCertAuthorities/{certAuthorityName}/ocspTlsTrustedCommonNames",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "certAuthorityName",
+				TerraformName:       "cert_authority_name",
+				MarkdownDescription: "The name of the Certificate Authority.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_\\-.]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "ocspTlsTrustedCommonName",
+				TerraformName:       "ocsp_tls_trusted_common_name",
+				MarkdownDescription: "The expected Trusted Common Name of the OCSP responder remote certificate.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/DmrCluster.go b/internal/broker/generated/DmrCluster.go
new file mode 100644
index 00000000..f7512b65
--- /dev/null
+++ b/internal/broker/generated/DmrCluster.go
@@ -0,0 +1,214 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "dmr_cluster",
+		MarkdownDescription: "A Cluster is a provisioned object on a message broker that contains global DMR configuration parameters.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthentication_basic_password||x||x\nauthentication_client_cert_content||x||x\nauthentication_client_cert_password||x||\ndmr_cluster_name|x|||\ntls_server_cert_enforce_trusted_common_name_enabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.11.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/dmrClusters/{dmrClusterName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "authenticationBasicEnabled",
+				TerraformName:       "authentication_basic_enabled",
+				MarkdownDescription: "Enable or disable basic authentication for Cluster Links. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationBasicPassword",
+				TerraformName:       "authentication_basic_password",
+				MarkdownDescription: "The password used to authenticate incoming Cluster Links when using basic internal authentication. The same password is also used by outgoing Cluster Links if a per-Link password is not configured. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 128),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationBasicType",
+				TerraformName:       "authentication_basic_type",
+				MarkdownDescription: "The type of basic authentication to use for Cluster Links. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"internal\"`. The allowed values and their meaning are:\n\n<pre>\n\"internal\" - Use locally configured password.\n\"none\" - No authentication.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("internal", "none"),
+				},
+				Default: "internal",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationClientCertContent",
+				TerraformName:       "authentication_client_cert_content",
+				MarkdownDescription: "The PEM formatted content for the client certificate used to login to the remote node. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32768),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "authenticationClientCertEnabled",
+				TerraformName:       "authentication_client_cert_enabled",
+				MarkdownDescription: "Enable or disable client certificate authentication for Cluster Links. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationClientCertPassword",
+				TerraformName:       "authentication_client_cert_password",
+				MarkdownDescription: "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
+				Sensitive:           true,
+				Requires:            []string{"authentication_client_cert_content"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("authentication_client_cert_content"),
+					),
+					stringvalidator.LengthBetween(0, 512),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "directOnlyEnabled",
+				TerraformName:       "direct_only_enabled",
+				MarkdownDescription: "Enable or disable direct messaging only. Guaranteed messages will not be transmitted through the cluster. The default value is `false`.",
+				RequiresReplace:     true,
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "dmrClusterName",
+				TerraformName:       "dmr_cluster_name",
+				MarkdownDescription: "The name of the Cluster.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the Cluster. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "nodeName",
+				TerraformName:       "node_name",
+				MarkdownDescription: "The name of this node in the Cluster. This is the name that this broker (or redundant group of brokers) is know by to other nodes in the Cluster. The name is chosen automatically to be either this broker's Router Name or Mate Router Name, depending on which Active Standby Role (primary or backup) this broker plays in its redundancy group.",
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&/]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "tlsServerCertMaxChainDepth",
+				TerraformName:       "tls_server_cert_max_chain_depth",
+				MarkdownDescription: "The maximum allowed depth of a certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 8),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "tlsServerCertValidateDateEnabled",
+				TerraformName:       "tls_server_cert_validate_date_enabled",
+				MarkdownDescription: "Enable or disable the validation of the \"Not Before\" and \"Not After\" validity dates in the certificate. When disabled, the certificate is accepted even if the certificate is not valid based on these dates. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "tlsServerCertValidateNameEnabled",
+				TerraformName:       "tls_server_cert_validate_name_enabled",
+				MarkdownDescription: "Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`. Available since SEMP API version 2.18.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/DmrClusterCertMatchingRule.go b/internal/broker/generated/DmrClusterCertMatchingRule.go
new file mode 100644
index 00000000..ba5e28cb
--- /dev/null
+++ b/internal/broker/generated/DmrClusterCertMatchingRule.go
@@ -0,0 +1,89 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "dmr_cluster_cert_matching_rule",
+		MarkdownDescription: "A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given link.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmr_cluster_name|x|||\nrule_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.28.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "dmrClusterName",
+				TerraformName:       "dmr_cluster_name",
+				MarkdownDescription: "The name of the Cluster.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable a certificate matching rule. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "ruleName",
+				TerraformName:       "rule_name",
+				MarkdownDescription: "The name of the rule.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/DmrClusterCertMatchingRuleAttributeFilter.go b/internal/broker/generated/DmrClusterCertMatchingRuleAttributeFilter.go
new file mode 100644
index 00000000..97deb6ac
--- /dev/null
+++ b/internal/broker/generated/DmrClusterCertMatchingRuleAttributeFilter.go
@@ -0,0 +1,124 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "dmr_cluster_cert_matching_rule_attribute_filter",
+		MarkdownDescription: "A Cert Matching Rule Attribute Filter compares a link attribute to a string.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmr_cluster_name|x|||\nfilter_name|x|||\nrule_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.28.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/attributeFilters/{filterName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "attributeName",
+				TerraformName:       "attribute_name",
+				MarkdownDescription: "Link Attribute to be tested. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^([A-Za-z][A-Za-z0-9\\-]*)?$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "attributeValue",
+				TerraformName:       "attribute_value",
+				MarkdownDescription: "Expected attribute value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 256),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "dmrClusterName",
+				TerraformName:       "dmr_cluster_name",
+				MarkdownDescription: "The name of the Cluster.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "filterName",
+				TerraformName:       "filter_name",
+				MarkdownDescription: "The name of the filter.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#*? ]([^*?]*[^*? ])?$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "ruleName",
+				TerraformName:       "rule_name",
+				MarkdownDescription: "The name of the rule.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/DmrClusterCertMatchingRuleCondition.go b/internal/broker/generated/DmrClusterCertMatchingRuleCondition.go
new file mode 100644
index 00000000..534cdfa0
--- /dev/null
+++ b/internal/broker/generated/DmrClusterCertMatchingRuleCondition.go
@@ -0,0 +1,126 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "dmr_cluster_cert_matching_rule_condition",
+		MarkdownDescription: "A Cert Matching Rule Condition compares data extracted from a certificate to a link attribute or an expression.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmr_cluster_name|x|||\nrule_name|x|||\nsource|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.28.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/conditions/{source}",
+		PostPathTemplate:    "/dmrClusters/{dmrClusterName}/certMatchingRules/{ruleName}/conditions",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "attribute",
+				TerraformName:       "attribute",
+				MarkdownDescription: "Link Attribute to be compared with certificate content. Either an attribute or an expression must be provided on creation, but not both. The default value is `\"\"`.",
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^([A-Za-z][A-Za-z0-9\\-]*)?$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "dmrClusterName",
+				TerraformName:       "dmr_cluster_name",
+				MarkdownDescription: "The name of the Cluster.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "expression",
+				TerraformName:       "expression",
+				MarkdownDescription: "Glob expression to be matched with certificate content. Either an expression or an attribute must be provided on creation, but not both. The default value is `\"\"`.",
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 256),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "ruleName",
+				TerraformName:       "rule_name",
+				MarkdownDescription: "The name of the rule.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "source",
+				TerraformName:       "source",
+				MarkdownDescription: "Certificate field to be compared with the Attribute. The allowed values and their meaning are:\n\n<pre>\n\"certificate-thumbprint\" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.\n\"common-name\" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.\n\"common-name-last\" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.\n\"subject-alternate-name-msupn\" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.\n\"uid\" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.\n\"uid-last\" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.\n\"org-unit\" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.\n\"org-unit-last\" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.\n\"issuer\" - The attribute is extracted from the certificate's Issuer DN.\n\"subject\" - The attribute is extracted from the certificate's Subject DN.\n\"serial-number\" - The attribute is extracted from the certificate's Serial Number.\n\"dns-name\" - The attribute is extracted from the certificate's Subject Alt Name DNS Name.\n\"ip-address\" - The attribute is extracted from the certificate's Subject Alt Name IP Address.\n</pre>\n",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("certificate-thumbprint", "common-name", "common-name-last", "subject-alternate-name-msupn", "uid", "uid-last", "org-unit", "org-unit-last", "issuer", "subject", "serial-number", "dns-name", "ip-address"),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/DmrClusterLink.go b/internal/broker/generated/DmrClusterLink.go
new file mode 100644
index 00000000..ce5c232a
--- /dev/null
+++ b/internal/broker/generated/DmrClusterLink.go
@@ -0,0 +1,570 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "dmr_cluster_link",
+		MarkdownDescription: "A Link connects nodes (either within a Cluster or between two different Clusters) and allows them to exchange topology information, subscriptions and data.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthentication_basic_password||x||x\ndmr_cluster_name|x|||\nremote_node_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.11.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationBasicPassword",
+				TerraformName:       "authentication_basic_password",
+				MarkdownDescription: "The password used to authenticate with the remote node when using basic internal authentication. If this per-Link password is not configured, the Cluster's password is used instead. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 128),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationScheme",
+				TerraformName:       "authentication_scheme",
+				MarkdownDescription: "The authentication scheme to be used by the Link which initiates connections to the remote node. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"basic\"`. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("basic", "client-certificate"),
+				},
+				Default: "basic",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileQueueControl1MaxDepth",
+				TerraformName:       "client_profile_queue_control1_max_depth",
+				MarkdownDescription: "The maximum depth of the \"Control 1\" (C-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 262144),
+				},
+				Default: 20000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileQueueControl1MinMsgBurst",
+				TerraformName:       "client_profile_queue_control1_min_msg_burst",
+				MarkdownDescription: "The number of messages that are always allowed entry into the \"Control 1\" (C-1) priority queue, regardless of the `client_profile_queue_control1_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 262144),
+				},
+				Default: 4,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileQueueDirect1MaxDepth",
+				TerraformName:       "client_profile_queue_direct1_max_depth",
+				MarkdownDescription: "The maximum depth of the \"Direct 1\" (D-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 262144),
+				},
+				Default: 20000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileQueueDirect1MinMsgBurst",
+				TerraformName:       "client_profile_queue_direct1_min_msg_burst",
+				MarkdownDescription: "The number of messages that are always allowed entry into the \"Direct 1\" (D-1) priority queue, regardless of the `client_profile_queue_direct1_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 262144),
+				},
+				Default: 4,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileQueueDirect2MaxDepth",
+				TerraformName:       "client_profile_queue_direct2_max_depth",
+				MarkdownDescription: "The maximum depth of the \"Direct 2\" (D-2) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 262144),
+				},
+				Default: 20000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileQueueDirect2MinMsgBurst",
+				TerraformName:       "client_profile_queue_direct2_min_msg_burst",
+				MarkdownDescription: "The number of messages that are always allowed entry into the \"Direct 2\" (D-2) priority queue, regardless of the `client_profile_queue_direct2_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 262144),
+				},
+				Default: 4,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileQueueDirect3MaxDepth",
+				TerraformName:       "client_profile_queue_direct3_max_depth",
+				MarkdownDescription: "The maximum depth of the \"Direct 3\" (D-3) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 262144),
+				},
+				Default: 20000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileQueueDirect3MinMsgBurst",
+				TerraformName:       "client_profile_queue_direct3_min_msg_burst",
+				MarkdownDescription: "The number of messages that are always allowed entry into the \"Direct 3\" (D-3) priority queue, regardless of the `client_profile_queue_direct3_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `4`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 262144),
+				},
+				Default: 4,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileQueueGuaranteed1MaxDepth",
+				TerraformName:       "client_profile_queue_guaranteed1_max_depth",
+				MarkdownDescription: "The maximum depth of the \"Guaranteed 1\" (G-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `20000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 262144),
+				},
+				Default: 20000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileQueueGuaranteed1MinMsgBurst",
+				TerraformName:       "client_profile_queue_guaranteed1_min_msg_burst",
+				MarkdownDescription: "The number of messages that are always allowed entry into the \"Guaranteed 1\" (G-3) priority queue, regardless of the `client_profile_queue_guaranteed1_max_depth` value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 262144),
+				},
+				Default: 255,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileTcpCongestionWindowSize",
+				TerraformName:       "client_profile_tcp_congestion_window_size",
+				MarkdownDescription: "The TCP initial congestion window size, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `2`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 7826),
+				},
+				Default: 2,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileTcpKeepaliveCount",
+				TerraformName:       "client_profile_tcp_keepalive_count",
+				MarkdownDescription: "The number of TCP keepalive retransmissions to be carried out before declaring that the remote end is not available. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `5`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 5),
+				},
+				Default: 5,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileTcpKeepaliveIdleTime",
+				TerraformName:       "client_profile_tcp_keepalive_idle_time",
+				MarkdownDescription: "The amount of time a connection must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(3, 120),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileTcpKeepaliveInterval",
+				TerraformName:       "client_profile_tcp_keepalive_interval",
+				MarkdownDescription: "The amount of time between TCP keepalive retransmissions when no acknowledgment is received, in seconds. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 30),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileTcpMaxSegmentSize",
+				TerraformName:       "client_profile_tcp_max_segment_size",
+				MarkdownDescription: "The TCP maximum segment size, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1460`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(256, 1460),
+				},
+				Default: 1460,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "clientProfileTcpMaxWindowSize",
+				TerraformName:       "client_profile_tcp_max_window_size",
+				MarkdownDescription: "The TCP maximum window size, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `256`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(16, 65536),
+				},
+				Default: 256,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "dmrClusterName",
+				TerraformName:       "dmr_cluster_name",
+				MarkdownDescription: "The name of the Cluster.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "egressFlowWindowSize",
+				TerraformName:       "egress_flow_window_size",
+				MarkdownDescription: "The number of outstanding guaranteed messages that can be sent over the Link before acknowledgment is received by the sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 255,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the Link. When disabled, subscription sets of this and the remote node are not kept up-to-date, and messages are not exchanged with the remote node. Published guaranteed messages will be queued up for future delivery based on current subscription sets. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "initiator",
+				TerraformName:       "initiator",
+				MarkdownDescription: "The initiator of the Link's TCP connections. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"lexical\"`. The allowed values and their meaning are:\n\n<pre>\n\"lexical\" - The \"higher\" node-name initiates.\n\"local\" - The local node initiates.\n\"remote\" - The remote node initiates.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("lexical", "local", "remote"),
+				},
+				Default: "lexical",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueDeadMsgQueue",
+				TerraformName:       "queue_dead_msg_queue",
+				MarkdownDescription: "The name of the Dead Message Queue (DMQ) used by the Queue for discarded messages. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+				Default: "#DEAD_MSG_QUEUE",
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "queueEventSpoolUsageThreshold",
+				TerraformName:       "queue_event_spool_usage_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 1,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 2,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueMaxDeliveredUnackedMsgsPerFlow",
+				TerraformName:       "queue_max_delivered_unacked_msgs_per_flow",
+				MarkdownDescription: "The maximum number of messages delivered but not acknowledged per flow for the Queue. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1000000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 1000000),
+				},
+				Default: 1e+06,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueMaxMsgSpoolUsage",
+				TerraformName:       "queue_max_msg_spool_usage",
+				MarkdownDescription: "The maximum message spool usage by the Queue (quota), in megabytes (MB). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `800000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 6000000),
+				},
+				Default: 800000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueMaxRedeliveryCount",
+				TerraformName:       "queue_max_redelivery_count",
+				MarkdownDescription: "The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 255),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueMaxTtl",
+				TerraformName:       "queue_max_ttl",
+				MarkdownDescription: "The maximum time in seconds a message can stay in the Queue when `queue_respect_ttl_enabled` is `true`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `queue_max_ttl` configured for the Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueRejectMsgToSenderOnDiscardBehavior",
+				TerraformName:       "queue_reject_msg_to_sender_on_discard_behavior",
+				MarkdownDescription: "Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"always\"`. The allowed values and their meaning are:\n\n<pre>\n\"never\" - Silently discard messages.\n\"when-queue-enabled\" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.\n\"always\" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("never", "when-queue-enabled", "always"),
+				},
+				Default: "always",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "queueRespectTtlEnabled",
+				TerraformName:       "queue_respect_ttl_enabled",
+				MarkdownDescription: "Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteNodeName",
+				TerraformName:       "remote_node_name",
+				MarkdownDescription: "The name of the node at the remote end of the Link.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&/]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "span",
+				TerraformName:       "span",
+				MarkdownDescription: "The span of the Link, either internal or external. Internal Links connect nodes within the same Cluster. External Links connect nodes within different Clusters. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"external\"`. The allowed values and their meaning are:\n\n<pre>\n\"internal\" - Link to same cluster.\n\"external\" - Link to other cluster.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("internal", "external"),
+				},
+				Default: "external",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "transportCompressedEnabled",
+				TerraformName:       "transport_compressed_enabled",
+				MarkdownDescription: "Enable or disable compression on the Link. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "transportTlsEnabled",
+				TerraformName:       "transport_tls_enabled",
+				MarkdownDescription: "Enable or disable encryption (TLS) on the Link. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/DmrClusterLinkAttribute.go b/internal/broker/generated/DmrClusterLinkAttribute.go
new file mode 100644
index 00000000..00da7300
--- /dev/null
+++ b/internal/broker/generated/DmrClusterLinkAttribute.go
@@ -0,0 +1,114 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "dmr_cluster_link_attribute",
+		MarkdownDescription: "A Link Attribute is a key+value pair that can be used to locate a DMR Cluster Link, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nattribute_name|x|||\nattribute_value|x|||\ndmr_cluster_name|x|||\nremote_node_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.28.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/attributes/{attributeName},{attributeValue}",
+		PostPathTemplate:    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/attributes",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "attributeName",
+				TerraformName:       "attribute_name",
+				MarkdownDescription: "The name of the Attribute.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z][A-Za-z0-9\\-]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "attributeValue",
+				TerraformName:       "attribute_value",
+				MarkdownDescription: "The value of the Attribute.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 256),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "dmrClusterName",
+				TerraformName:       "dmr_cluster_name",
+				MarkdownDescription: "The name of the Cluster.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteNodeName",
+				TerraformName:       "remote_node_name",
+				MarkdownDescription: "The name of the node at the remote end of the Link.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&/]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/DmrClusterLinkRemoteAddress.go b/internal/broker/generated/DmrClusterLinkRemoteAddress.go
new file mode 100644
index 00000000..c4549130
--- /dev/null
+++ b/internal/broker/generated/DmrClusterLinkRemoteAddress.go
@@ -0,0 +1,99 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "dmr_cluster_link_remote_address",
+		MarkdownDescription: "Each Remote Address, consisting of a FQDN or IP address and optional port, is used to connect to the remote node for this Link. Up to 4 addresses may be provided for each Link, and will be tried on a round-robin basis.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ndmr_cluster_name|x|||\nremote_address|x|||\nremote_node_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.11.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/remoteAddresses/{remoteAddress}",
+		PostPathTemplate:    "/dmrClusters/{dmrClusterName}/links/{remoteNodeName}/remoteAddresses",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "dmrClusterName",
+				TerraformName:       "dmr_cluster_name",
+				MarkdownDescription: "The name of the Cluster.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteAddress",
+				TerraformName:       "remote_address",
+				MarkdownDescription: "The FQDN or IP address (and optional port) of the remote node. If a port is not provided, it will vary based on the transport encoding: 55555 (plain-text), 55443 (encrypted), or 55003 (compressed).",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 259),
+					stringvalidator.RegexMatches(regexp.MustCompile("^((([0-9a-zA-Z_\\-\\.])+)|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])((:[0-9]{1,5}){0,1})$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteNodeName",
+				TerraformName:       "remote_node_name",
+				MarkdownDescription: "The name of the node at the remote end of the Link.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&/]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/DomainCertAuthority.go b/internal/broker/generated/DomainCertAuthority.go
new file mode 100644
index 00000000..6f65d071
--- /dev/null
+++ b/internal/broker/generated/DomainCertAuthority.go
@@ -0,0 +1,78 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "domain_cert_authority",
+		MarkdownDescription: "Certificate Authorities trusted for domain verification.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncert_authority_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.19.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/domainCertAuthorities/{certAuthorityName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "certAuthorityName",
+				TerraformName:       "cert_authority_name",
+				MarkdownDescription: "The name of the Certificate Authority.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_\\-.]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "certContent",
+				TerraformName:       "cert_content",
+				MarkdownDescription: "The PEM formatted content for the trusted root certificate of a domain Certificate Authority. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32768),
+				},
+				Default: "",
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpn.go b/internal/broker/generated/MsgVpn.go
new file mode 100644
index 00000000..c627ba4a
--- /dev/null
+++ b/internal/broker/generated/MsgVpn.go
@@ -0,0 +1,2590 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/boolvalidator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn",
+		MarkdownDescription: "Message VPNs (Virtual Private Networks) allow for the segregation of topic space and clients. They also group clients connecting to a network of message brokers, such that messages published within a particular group are only visible to that group's clients.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthentication_oauth_default_provider_name|||x|\nbridging_tls_server_cert_enforce_trusted_common_name_enabled|||x|\ndistributed_cache_management_enabled|||x|\nmsg_vpn_name|x|||\nreplication_bridge_authentication_basic_password||x||x\nreplication_bridge_authentication_client_cert_content||x||x\nreplication_bridge_authentication_client_cert_password||x||\nreplication_enabled_queue_behavior||x||\nrest_tls_server_cert_enforce_trusted_common_name_enabled|||x|\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "alias",
+				TerraformName:       "alias",
+				MarkdownDescription: "The name of another Message VPN which this Message VPN is an alias for. When this Message VPN is enabled, the alias has no effect. When this Message VPN is disabled, Clients (but not Bridges and routing Links) logging into this Message VPN are automatically logged in to the other Message VPN, and authentication and authorization take place in the context of the other Message VPN.\n\nAliases may form a non-circular chain, cascading one to the next. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.14.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "authenticationBasicEnabled",
+				TerraformName:       "authentication_basic_enabled",
+				MarkdownDescription: "Enable or disable basic authentication for clients connecting to the Message VPN. Basic authentication is authentication that involves the use of a username and password to prove identity. If a user provides credentials for a different authentication scheme, this setting is not applicable. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationBasicProfileName",
+				TerraformName:       "authentication_basic_profile_name",
+				MarkdownDescription: "The name of the RADIUS or LDAP Profile to use for basic authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+				Requires:            []string{"authentication_basic_type"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("authentication_basic_type"),
+					),
+					stringvalidator.LengthBetween(0, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationBasicRadiusDomain",
+				TerraformName:       "authentication_basic_radius_domain",
+				MarkdownDescription: "The RADIUS domain to use for basic authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 64),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationBasicType",
+				TerraformName:       "authentication_basic_type",
+				MarkdownDescription: "The type of basic authentication to use for clients connecting to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"radius\"`. The allowed values and their meaning are:\n\n<pre>\n\"internal\" - Internal database. Authentication is against Client Usernames.\n\"ldap\" - LDAP authentication. An LDAP profile name must be provided.\n\"radius\" - RADIUS authentication. A RADIUS profile name must be provided.\n\"none\" - No authentication. Anonymous login allowed.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("internal", "ldap", "radius", "none"),
+				},
+				Default: "radius",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "authenticationClientCertAllowApiProvidedUsernameEnabled",
+				TerraformName:       "authentication_client_cert_allow_api_provided_username_enabled",
+				MarkdownDescription: "Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the certificate CN (Common Name) is always used. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "authenticationClientCertCertificateMatchingRulesEnabled",
+				TerraformName:       "authentication_client_cert_certificate_matching_rules_enabled",
+				MarkdownDescription: "Enable or disable certificate matching rules. When disabled, any valid certificate is accepted. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.27.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "authenticationClientCertEnabled",
+				TerraformName:       "authentication_client_cert_enabled",
+				MarkdownDescription: "Enable or disable client certificate authentication in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "authenticationClientCertMaxChainDepth",
+				TerraformName:       "authentication_client_cert_max_chain_depth",
+				MarkdownDescription: "The maximum depth for a client certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 8),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationClientCertRevocationCheckMode",
+				TerraformName:       "authentication_client_cert_revocation_check_mode",
+				MarkdownDescription: "The desired behavior for client certificate revocation checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"allow-valid\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow-all\" - Allow the client to authenticate, the result of client certificate revocation check is ignored.\n\"allow-unknown\" - Allow the client to authenticate even if the revocation status of his certificate cannot be determined.\n\"allow-valid\" - Allow the client to authenticate only when the revocation check returned an explicit positive response.\n</pre>\n Available since SEMP API version 2.6.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("allow-all", "allow-unknown", "allow-valid"),
+				},
+				Default: "allow-valid",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationClientCertUsernameSource",
+				TerraformName:       "authentication_client_cert_username_source",
+				MarkdownDescription: "The field from the client certificate to use as the client username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"common-name\"`. The allowed values and their meaning are:\n\n<pre>\n\"certificate-thumbprint\" - The username is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.\n\"common-name\" - The username is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.\n\"common-name-last\" - The username is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.\n\"subject-alternate-name-msupn\" - The username is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.\n\"uid\" - The username is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.\n\"uid-last\" - The username is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.\n</pre>\n Available since SEMP API version 2.6.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("certificate-thumbprint", "common-name", "common-name-last", "subject-alternate-name-msupn", "uid", "uid-last"),
+				},
+				Default: "common-name",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "authenticationClientCertValidateDateEnabled",
+				TerraformName:       "authentication_client_cert_validate_date_enabled",
+				MarkdownDescription: "Enable or disable validation of the \"Not Before\" and \"Not After\" validity dates in the client certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "authenticationKerberosAllowApiProvidedUsernameEnabled",
+				TerraformName:       "authentication_kerberos_allow_api_provided_username_enabled",
+				MarkdownDescription: "Enable or disable allowing a client to specify a Client Username via the API connect method. When disabled, the Kerberos Principal name is always used. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "authenticationKerberosEnabled",
+				TerraformName:       "authentication_kerberos_enabled",
+				MarkdownDescription: "Enable or disable Kerberos authentication in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthDefaultProfileName",
+				TerraformName:       "authentication_oauth_default_profile_name",
+				MarkdownDescription: "The name of the profile to use when the client does not supply a profile name. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.25.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "authenticationOauthEnabled",
+				TerraformName:       "authentication_oauth_enabled",
+				MarkdownDescription: "Enable or disable OAuth authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.13.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authorizationLdapGroupMembershipAttributeName",
+				TerraformName:       "authorization_ldap_group_membership_attribute_name",
+				MarkdownDescription: "The name of the attribute that is retrieved from the LDAP server as part of the LDAP search when authorizing a client connecting to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"memberOf\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 64),
+				},
+				Default: "memberOf",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "authorizationLdapTrimClientUsernameDomainEnabled",
+				TerraformName:       "authorization_ldap_trim_client_username_domain_enabled",
+				MarkdownDescription: "Enable or disable client-username domain trimming for LDAP lookups of client connections. When enabled, the value of $CLIENT_USERNAME (when used for searching) will be truncated at the first occurrence of the @ character. For example, if the client-username is in the form of an email address, then the domain portion will be removed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.13.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authorizationProfileName",
+				TerraformName:       "authorization_profile_name",
+				MarkdownDescription: "The name of the LDAP Profile to use for client authorization. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Requires:            []string{"authorization_type"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("authorization_type"),
+					),
+					stringvalidator.LengthBetween(0, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authorizationType",
+				TerraformName:       "authorization_type",
+				MarkdownDescription: "The type of authorization to use for clients connecting to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"internal\"`. The allowed values and their meaning are:\n\n<pre>\n\"ldap\" - LDAP authorization.\n\"internal\" - Internal authorization.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("ldap", "internal"),
+				},
+				Default: "internal",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "bridgingTlsServerCertMaxChainDepth",
+				TerraformName:       "bridging_tls_server_cert_max_chain_depth",
+				MarkdownDescription: "The maximum depth for a server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 8),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "bridgingTlsServerCertValidateDateEnabled",
+				TerraformName:       "bridging_tls_server_cert_validate_date_enabled",
+				MarkdownDescription: "Enable or disable validation of the \"Not Before\" and \"Not After\" validity dates in the server certificate. When disabled, a certificate will be accepted even if the certificate is not valid based on these dates. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "bridgingTlsServerCertValidateNameEnabled",
+				TerraformName:       "bridging_tls_server_cert_validate_name_enabled",
+				MarkdownDescription: "Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the bridge. If enabled, the name used to connect to the bridge is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "dmrEnabled",
+				TerraformName:       "dmr_enabled",
+				MarkdownDescription: "Enable or disable Dynamic Message Routing (DMR) for the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.11.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventConnectionCountThreshold",
+				TerraformName:       "event_connection_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventEgressFlowCountThreshold",
+				TerraformName:       "event_egress_flow_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventEgressMsgRateThreshold",
+				TerraformName:       "event_egress_msg_rate_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+						},
+						Default: 3e+06,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+						},
+						Default: 4e+06,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventEndpointCountThreshold",
+				TerraformName:       "event_endpoint_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventIngressFlowCountThreshold",
+				TerraformName:       "event_ingress_flow_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventIngressMsgRateThreshold",
+				TerraformName:       "event_ingress_msg_rate_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+						},
+						Default: 3e+06,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+						},
+						Default: 4e+06,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "eventLargeMsgThreshold",
+				TerraformName:       "event_large_msg_threshold",
+				MarkdownDescription: "The threshold, in kilobytes, after which a message is considered to be large for the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1024`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 1024,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "eventLogTag",
+				TerraformName:       "event_log_tag",
+				MarkdownDescription: "A prefix applied to all published Events in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventMsgSpoolUsageThreshold",
+				TerraformName:       "event_msg_spool_usage_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "eventPublishClientEnabled",
+				TerraformName:       "event_publish_client_enabled",
+				MarkdownDescription: "Enable or disable Client level Event message publishing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "eventPublishMsgVpnEnabled",
+				TerraformName:       "event_publish_msg_vpn_enabled",
+				MarkdownDescription: "Enable or disable Message VPN level Event message publishing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "eventPublishSubscriptionMode",
+				TerraformName:       "event_publish_subscription_mode",
+				MarkdownDescription: "Subscription level Event message publishing mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"off\"`. The allowed values and their meaning are:\n\n<pre>\n\"off\" - Disable client level event message publishing.\n\"on-with-format-v1\" - Enable client level event message publishing with format v1.\n\"on-with-no-unsubscribe-events-on-disconnect-format-v1\" - As \"on-with-format-v1\", but unsubscribe events are not generated when a client disconnects. Unsubscribe events are still raised when a client explicitly unsubscribes from its subscriptions.\n\"on-with-format-v2\" - Enable client level event message publishing with format v2.\n\"on-with-no-unsubscribe-events-on-disconnect-format-v2\" - As \"on-with-format-v2\", but unsubscribe events are not generated when a client disconnects. Unsubscribe events are still raised when a client explicitly unsubscribes from its subscriptions.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("off", "on-with-format-v1", "on-with-no-unsubscribe-events-on-disconnect-format-v1", "on-with-format-v2", "on-with-no-unsubscribe-events-on-disconnect-format-v2"),
+				},
+				Default: "off",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "eventPublishTopicFormatMqttEnabled",
+				TerraformName:       "event_publish_topic_format_mqtt_enabled",
+				MarkdownDescription: "Enable or disable Event publish topics in MQTT format. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Requires:            []string{"event_publish_topic_format_smf_enabled"},
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				BoolValidators: []validator.Bool{
+					boolvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("event_publish_topic_format_smf_enabled"),
+					),
+				},
+				Default: false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "eventPublishTopicFormatSmfEnabled",
+				TerraformName:       "event_publish_topic_format_smf_enabled",
+				MarkdownDescription: "Enable or disable Event publish topics in SMF format. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Requires:            []string{"event_publish_topic_format_mqtt_enabled"},
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				BoolValidators: []validator.Bool{
+					boolvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("event_publish_topic_format_mqtt_enabled"),
+					),
+				},
+				Default: true,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventServiceAmqpConnectionCountThreshold",
+				TerraformName:       "event_service_amqp_connection_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventServiceMqttConnectionCountThreshold",
+				TerraformName:       "event_service_mqtt_connection_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventServiceRestIncomingConnectionCountThreshold",
+				TerraformName:       "event_service_rest_incoming_connection_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventServiceSmfConnectionCountThreshold",
+				TerraformName:       "event_service_smf_connection_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventServiceWebConnectionCountThreshold",
+				TerraformName:       "event_service_web_connection_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventSubscriptionCountThreshold",
+				TerraformName:       "event_subscription_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventTransactedSessionCountThreshold",
+				TerraformName:       "event_transacted_session_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventTransactionCountThreshold",
+				TerraformName:       "event_transaction_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "exportSubscriptionsEnabled",
+				TerraformName:       "export_subscriptions_enabled",
+				MarkdownDescription: "Enable or disable the export of subscriptions in the Message VPN to other routers in the network over Neighbor links. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "jndiEnabled",
+				TerraformName:       "jndi_enabled",
+				MarkdownDescription: "Enable or disable JNDI access for clients in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.2.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxConnectionCount",
+				TerraformName:       "max_connection_count",
+				MarkdownDescription: "The maximum number of client connections to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxEgressFlowCount",
+				TerraformName:       "max_egress_flow_count",
+				MarkdownDescription: "The maximum number of transmit flows that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxEndpointCount",
+				TerraformName:       "max_endpoint_count",
+				MarkdownDescription: "The maximum number of Queues and Topic Endpoints that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxIngressFlowCount",
+				TerraformName:       "max_ingress_flow_count",
+				MarkdownDescription: "The maximum number of receive flows that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 1000000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxMsgSpoolUsage",
+				TerraformName:       "max_msg_spool_usage",
+				MarkdownDescription: "The maximum message spool usage by the Message VPN, in megabytes. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 6000000),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxSubscriptionCount",
+				TerraformName:       "max_subscription_count",
+				MarkdownDescription: "The maximum number of local client subscriptions that can be added to the Message VPN. This limit is not enforced when a subscription is added using a management interface, such as CLI or SEMP. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxTransactedSessionCount",
+				TerraformName:       "max_transacted_session_count",
+				MarkdownDescription: "The maximum number of transacted sessions that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 30000),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxTransactionCount",
+				TerraformName:       "max_transaction_count",
+				MarkdownDescription: "The maximum number of transactions that can be created in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 50000),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "mqttRetainMaxMemory",
+				TerraformName:       "mqtt_retain_max_memory",
+				MarkdownDescription: "The maximum total memory usage of the MQTT Retain feature for this Message VPN, in MB. If the maximum memory is reached, any arriving retain messages that require more memory are discarded. A value of -1 indicates that the memory is bounded only by the global max memory limit. A value of 0 prevents MQTT Retain from becoming operational. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`. Available since SEMP API version 2.11.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(-1, 2147483647),
+				},
+				Default: -1,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "replicationAckPropagationIntervalMsgCount",
+				TerraformName:       "replication_ack_propagation_interval_msg_count",
+				MarkdownDescription: "The acknowledgment (ACK) propagation interval for the replication Bridge, in number of replicated messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 65535),
+				},
+				Default: 20,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replicationBridgeAuthenticationBasicClientUsername",
+				TerraformName:       "replication_bridge_authentication_basic_client_username",
+				MarkdownDescription: "The Client Username the replication Bridge uses to login to the remote Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Requires:            []string{"replication_bridge_authentication_basic_password"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("replication_bridge_authentication_basic_password"),
+					),
+					stringvalidator.LengthBetween(0, 189),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?*]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replicationBridgeAuthenticationBasicPassword",
+				TerraformName:       "replication_bridge_authentication_basic_password",
+				MarkdownDescription: "The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Requires:            []string{"replication_bridge_authentication_basic_client_username"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("replication_bridge_authentication_basic_client_username"),
+					),
+					stringvalidator.LengthBetween(0, 128),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replicationBridgeAuthenticationClientCertContent",
+				TerraformName:       "replication_bridge_authentication_client_cert_content",
+				MarkdownDescription: "The PEM formatted content for the client certificate used by this bridge to login to the Remote Message VPN. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). The default value is `\"\"`. Available since SEMP API version 2.9.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32768),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replicationBridgeAuthenticationClientCertPassword",
+				TerraformName:       "replication_bridge_authentication_client_cert_password",
+				MarkdownDescription: "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). The default value is `\"\"`. Available since SEMP API version 2.9.",
+				Sensitive:           true,
+				Requires:            []string{"replication_bridge_authentication_client_cert_content"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("replication_bridge_authentication_client_cert_content"),
+					),
+					stringvalidator.LengthBetween(0, 512),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replicationBridgeAuthenticationScheme",
+				TerraformName:       "replication_bridge_authentication_scheme",
+				MarkdownDescription: "The authentication scheme for the replication Bridge in the Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"basic\"`. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("basic", "client-certificate"),
+				},
+				Default: "basic",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "replicationBridgeCompressedDataEnabled",
+				TerraformName:       "replication_bridge_compressed_data_enabled",
+				MarkdownDescription: "Enable or disable use of compression for the replication Bridge. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "replicationBridgeEgressFlowWindowSize",
+				TerraformName:       "replication_bridge_egress_flow_window_size",
+				MarkdownDescription: "The size of the window used for guaranteed messages published to the replication Bridge, in messages. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `255`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 255,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "replicationBridgeRetryDelay",
+				TerraformName:       "replication_bridge_retry_delay",
+				MarkdownDescription: "The number of seconds that must pass before retrying the replication Bridge connection. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 255),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "replicationBridgeTlsEnabled",
+				TerraformName:       "replication_bridge_tls_enabled",
+				MarkdownDescription: "Enable or disable use of encryption (TLS) for the replication Bridge connection. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replicationBridgeUnidirectionalClientProfileName",
+				TerraformName:       "replication_bridge_unidirectional_client_profile_name",
+				MarkdownDescription: "The Client Profile for the unidirectional replication Bridge in the Message VPN. It is used only for the TCP parameters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#client-profile\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^#?[A-Za-z0-9\\-_]+$"), ""),
+				},
+				Default: "#client-profile",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "replicationEnabled",
+				TerraformName:       "replication_enabled",
+				MarkdownDescription: "Enable or disable replication for the Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replicationEnabledQueueBehavior",
+				TerraformName:       "replication_enabled_queue_behavior",
+				MarkdownDescription: "The behavior to take when enabling replication for the Message VPN, depending on the existence of the replication Queue. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"fail-on-existing-queue\"`. The allowed values and their meaning are:\n\n<pre>\n\"fail-on-existing-queue\" - The data replication queue must not already exist.\n\"force-use-existing-queue\" - The data replication queue must already exist. Any data messages on the Queue will be forwarded to interested applications. IMPORTANT: Before using this mode be certain that the messages are not stale or otherwise unsuitable to be forwarded. This mode can only be specified when the existing queue is configured the same as is currently specified under replication configuration otherwise the enabling of replication will fail.\n\"force-recreate-queue\" - The data replication queue must already exist. Any data messages on the Queue will be discarded. IMPORTANT: Before using this mode be certain that the messages on the existing data replication queue are not needed by interested applications.\n</pre>\n",
+				Sensitive:           true,
+				Requires:            []string{"replication_enabled"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("replication_enabled"),
+					),
+					stringvalidator.OneOf("fail-on-existing-queue", "force-use-existing-queue", "force-recreate-queue"),
+				},
+				Default: "fail-on-existing-queue",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "replicationQueueMaxMsgSpoolUsage",
+				TerraformName:       "replication_queue_max_msg_spool_usage",
+				MarkdownDescription: "The maximum message spool usage by the replication Bridge local Queue (quota), in megabytes. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `60000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 6000000),
+				},
+				Default: 60000,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "replicationQueueRejectMsgToSenderOnDiscardEnabled",
+				TerraformName:       "replication_queue_reject_msg_to_sender_on_discard_enabled",
+				MarkdownDescription: "Enable or disable whether messages discarded on the replication Bridge local Queue are rejected back to the sender. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "replicationRejectMsgWhenSyncIneligibleEnabled",
+				TerraformName:       "replication_reject_msg_when_sync_ineligible_enabled",
+				MarkdownDescription: "Enable or disable whether guaranteed messages published to synchronously replicated Topics are rejected back to the sender when synchronous replication becomes ineligible. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replicationRole",
+				TerraformName:       "replication_role",
+				MarkdownDescription: "The replication role for the Message VPN. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"standby\"`. The allowed values and their meaning are:\n\n<pre>\n\"active\" - Assume the Active role in replication for the Message VPN.\n\"standby\" - Assume the Standby role in replication for the Message VPN.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("active", "standby"),
+				},
+				Default: "standby",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replicationTransactionMode",
+				TerraformName:       "replication_transaction_mode",
+				MarkdownDescription: "The transaction replication mode for all transactions within the Message VPN. Changing this value during operation will not affect existing transactions; it is only used upon starting a transaction. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"async\"`. The allowed values and their meaning are:\n\n<pre>\n\"sync\" - Messages are acknowledged when replicated (spooled remotely).\n\"async\" - Messages are acknowledged when pending replication (spooled locally).\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("sync", "async"),
+				},
+				Default: "async",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "restTlsServerCertMaxChainDepth",
+				TerraformName:       "rest_tls_server_cert_max_chain_depth",
+				MarkdownDescription: "The maximum depth for a REST Consumer server certificate chain. The depth of a chain is defined as the number of signing CA certificates that are present in the chain back to a trusted self-signed root CA certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 8),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "restTlsServerCertValidateDateEnabled",
+				TerraformName:       "rest_tls_server_cert_validate_date_enabled",
+				MarkdownDescription: "Enable or disable validation of the \"Not Before\" and \"Not After\" validity dates in the REST Consumer server certificate. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "restTlsServerCertValidateNameEnabled",
+				TerraformName:       "rest_tls_server_cert_validate_name_enabled",
+				MarkdownDescription: "Enable or disable the standard TLS authentication mechanism of verifying the name used to connect to the remote REST Consumer. If enabled, the name used to connect to the remote REST Consumer is checked against the names specified in the certificate returned by the remote broker. Legacy Common Name validation is not performed if Server Certificate Name Validation is enabled, even if Common Name validation is also enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.17.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "sempOverMsgBusAdminClientEnabled",
+				TerraformName:       "semp_over_msg_bus_admin_client_enabled",
+				MarkdownDescription: "Enable or disable \"admin client\" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "sempOverMsgBusAdminDistributedCacheEnabled",
+				TerraformName:       "semp_over_msg_bus_admin_distributed_cache_enabled",
+				MarkdownDescription: "Enable or disable \"admin distributed-cache\" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "sempOverMsgBusAdminEnabled",
+				TerraformName:       "semp_over_msg_bus_admin_enabled",
+				MarkdownDescription: "Enable or disable \"admin\" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "sempOverMsgBusEnabled",
+				TerraformName:       "semp_over_msg_bus_enabled",
+				MarkdownDescription: "Enable or disable SEMP over the message bus for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "sempOverMsgBusShowEnabled",
+				TerraformName:       "semp_over_msg_bus_show_enabled",
+				MarkdownDescription: "Enable or disable \"show\" SEMP over the message bus commands for the current Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceAmqpMaxConnectionCount",
+				TerraformName:       "service_amqp_max_connection_count",
+				MarkdownDescription: "The maximum number of AMQP client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform. Available since SEMP API version 2.7.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceAmqpPlainTextEnabled",
+				TerraformName:       "service_amqp_plain_text_enabled",
+				MarkdownDescription: "Enable or disable the plain-text AMQP service in the Message VPN. Disabling causes clients connected to the corresponding listen-port to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.7.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceAmqpPlainTextListenPort",
+				TerraformName:       "service_amqp_plain_text_listen_port",
+				MarkdownDescription: "The port number for plain-text AMQP clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_amqp_plain_text_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.7.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceAmqpTlsEnabled",
+				TerraformName:       "service_amqp_tls_enabled",
+				MarkdownDescription: "Enable or disable the use of encryption (TLS) for the AMQP service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.7.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceAmqpTlsListenPort",
+				TerraformName:       "service_amqp_tls_listen_port",
+				MarkdownDescription: "The port number for AMQP clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_amqp_tls_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.7.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "serviceMqttAuthenticationClientCertRequest",
+				TerraformName:       "service_mqtt_authentication_client_cert_request",
+				MarkdownDescription: "Determines when to request a client certificate from an incoming MQTT client connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-enabled-in-message-vpn\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always ask for a client certificate regardless of the \"message-vpn > authentication > client-certificate > shutdown\" configuration.\n\"never\" - Never ask for a client certificate regardless of the \"message-vpn > authentication > client-certificate > shutdown\" configuration.\n\"when-enabled-in-message-vpn\" - Only ask for a client-certificate if client certificate authentication is enabled under \"message-vpn >  authentication > client-certificate > shutdown\".\n</pre>\n Available since SEMP API version 2.21.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("always", "never", "when-enabled-in-message-vpn"),
+				},
+				Default: "when-enabled-in-message-vpn",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceMqttMaxConnectionCount",
+				TerraformName:       "service_mqtt_max_connection_count",
+				MarkdownDescription: "The maximum number of MQTT client connections that can be simultaneously connected to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform. Available since SEMP API version 2.1.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceMqttPlainTextEnabled",
+				TerraformName:       "service_mqtt_plain_text_enabled",
+				MarkdownDescription: "Enable or disable the plain-text MQTT service in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.1.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceMqttPlainTextListenPort",
+				TerraformName:       "service_mqtt_plain_text_listen_port",
+				MarkdownDescription: "The port number for plain-text MQTT clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mqtt_plain_text_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.1.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceMqttTlsEnabled",
+				TerraformName:       "service_mqtt_tls_enabled",
+				MarkdownDescription: "Enable or disable the use of encryption (TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.1.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceMqttTlsListenPort",
+				TerraformName:       "service_mqtt_tls_listen_port",
+				MarkdownDescription: "The port number for MQTT clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mqtt_tls_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.1.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceMqttTlsWebSocketEnabled",
+				TerraformName:       "service_mqtt_tls_web_socket_enabled",
+				MarkdownDescription: "Enable or disable the use of encrypted WebSocket (WebSocket over TLS) for the MQTT service in the Message VPN. Disabling causes clients currently connected by encrypted WebSocket to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.1.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceMqttTlsWebSocketListenPort",
+				TerraformName:       "service_mqtt_tls_web_socket_listen_port",
+				MarkdownDescription: "The port number for MQTT clients that connect to the Message VPN using WebSocket over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mqtt_tls_web_socket_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.1.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceMqttWebSocketEnabled",
+				TerraformName:       "service_mqtt_web_socket_enabled",
+				MarkdownDescription: "Enable or disable the use of WebSocket for the MQTT service in the Message VPN. Disabling causes clients currently connected by WebSocket to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.1.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceMqttWebSocketListenPort",
+				TerraformName:       "service_mqtt_web_socket_listen_port",
+				MarkdownDescription: "The port number for plain-text MQTT clients that connect to the Message VPN using WebSocket. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_mqtt_web_socket_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.1.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "serviceRestIncomingAuthenticationClientCertRequest",
+				TerraformName:       "service_rest_incoming_authentication_client_cert_request",
+				MarkdownDescription: "Determines when to request a client certificate from an incoming REST Producer connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-enabled-in-message-vpn\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always ask for a client certificate regardless of the \"message-vpn > authentication > client-certificate > shutdown\" configuration.\n\"never\" - Never ask for a client certificate regardless of the \"message-vpn > authentication > client-certificate > shutdown\" configuration.\n\"when-enabled-in-message-vpn\" - Only ask for a client-certificate if client certificate authentication is enabled under \"message-vpn >  authentication > client-certificate > shutdown\".\n</pre>\n Available since SEMP API version 2.21.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("always", "never", "when-enabled-in-message-vpn"),
+				},
+				Default: "when-enabled-in-message-vpn",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "serviceRestIncomingAuthorizationHeaderHandling",
+				TerraformName:       "service_rest_incoming_authorization_header_handling",
+				MarkdownDescription: "The handling of Authorization headers for incoming REST connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"drop\"`. The allowed values and their meaning are:\n\n<pre>\n\"drop\" - Do not attach the Authorization header to the message as a user property. This configuration is most secure.\n\"forward\" - Forward the Authorization header, attaching it to the message as a user property in the same way as other headers. For best security, use the drop setting.\n\"legacy\" - If the Authorization header was used for authentication to the broker, do not attach it to the message. If the Authorization header was not used for authentication to the broker, attach it to the message as a user property in the same way as other headers. For best security, use the drop setting.\n</pre>\n Available since SEMP API version 2.19.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("drop", "forward", "legacy"),
+				},
+				Default: "drop",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceRestIncomingMaxConnectionCount",
+				TerraformName:       "service_rest_incoming_max_connection_count",
+				MarkdownDescription: "The maximum number of REST incoming client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceRestIncomingPlainTextEnabled",
+				TerraformName:       "service_rest_incoming_plain_text_enabled",
+				MarkdownDescription: "Enable or disable the plain-text REST service for incoming clients in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceRestIncomingPlainTextListenPort",
+				TerraformName:       "service_rest_incoming_plain_text_listen_port",
+				MarkdownDescription: "The port number for incoming plain-text REST clients that connect to the Message VPN. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_rest_incoming_plain_text_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceRestIncomingTlsEnabled",
+				TerraformName:       "service_rest_incoming_tls_enabled",
+				MarkdownDescription: "Enable or disable the use of encryption (TLS) for the REST service for incoming clients in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceRestIncomingTlsListenPort",
+				TerraformName:       "service_rest_incoming_tls_listen_port",
+				MarkdownDescription: "The port number for incoming REST clients that connect to the Message VPN over TLS. The port must be unique across the message backbone. A value of 0 means that the listen-port is unassigned and cannot be enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as service_rest_incoming_tls_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "serviceRestMode",
+				TerraformName:       "service_rest_mode",
+				MarkdownDescription: "The REST service mode for incoming REST clients that connect to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"messaging\"`. The allowed values and their meaning are:\n\n<pre>\n\"gateway\" - Act as a message gateway through which REST messages are propagated.\n\"messaging\" - Act as a message broker on which REST messages are queued.\n</pre>\n Available since SEMP API version 2.6.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("gateway", "messaging"),
+				},
+				Default: "messaging",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceRestOutgoingMaxConnectionCount",
+				TerraformName:       "service_rest_outgoing_max_connection_count",
+				MarkdownDescription: "The maximum number of REST Consumer (outgoing) client connections that can be simultaneously connected to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 6000),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceSmfMaxConnectionCount",
+				TerraformName:       "service_smf_max_connection_count",
+				MarkdownDescription: "The maximum number of SMF client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceSmfPlainTextEnabled",
+				TerraformName:       "service_smf_plain_text_enabled",
+				MarkdownDescription: "Enable or disable the plain-text SMF service in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceSmfTlsEnabled",
+				TerraformName:       "service_smf_tls_enabled",
+				MarkdownDescription: "Enable or disable the use of encryption (TLS) for the SMF service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "serviceWebAuthenticationClientCertRequest",
+				TerraformName:       "service_web_authentication_client_cert_request",
+				MarkdownDescription: "Determines when to request a client certificate from a Web Transport client connecting via a TLS port. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-enabled-in-message-vpn\"`. The allowed values and their meaning are:\n\n<pre>\n\"always\" - Always ask for a client certificate regardless of the \"message-vpn > authentication > client-certificate > shutdown\" configuration.\n\"never\" - Never ask for a client certificate regardless of the \"message-vpn > authentication > client-certificate > shutdown\" configuration.\n\"when-enabled-in-message-vpn\" - Only ask for a client-certificate if client certificate authentication is enabled under \"message-vpn >  authentication > client-certificate > shutdown\".\n</pre>\n Available since SEMP API version 2.21.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("always", "never", "when-enabled-in-message-vpn"),
+				},
+				Default: "when-enabled-in-message-vpn",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceWebMaxConnectionCount",
+				TerraformName:       "service_web_max_connection_count",
+				MarkdownDescription: "The maximum number of Web Transport client connections that can be simultaneously connected to the Message VPN. This value may be higher than supported by the platform. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceWebPlainTextEnabled",
+				TerraformName:       "service_web_plain_text_enabled",
+				MarkdownDescription: "Enable or disable the plain-text Web Transport service in the Message VPN. Disabling causes clients currently connected to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceWebTlsEnabled",
+				TerraformName:       "service_web_tls_enabled",
+				MarkdownDescription: "Enable or disable the use of TLS for the Web Transport service in the Message VPN. Disabling causes clients currently connected over TLS to be disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "tlsAllowDowngradeToPlainTextEnabled",
+				TerraformName:       "tls_allow_downgrade_to_plain_text_enabled",
+				MarkdownDescription: "Enable or disable the allowing of TLS SMF clients to downgrade their connections to plain-text connections. Changing this will not affect existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnAclProfile.go b/internal/broker/generated/MsgVpnAclProfile.go
new file mode 100644
index 00000000..928bc8a3
--- /dev/null
+++ b/internal/broker/generated/MsgVpnAclProfile.go
@@ -0,0 +1,133 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_acl_profile",
+		MarkdownDescription: "An ACL Profile controls whether an authenticated client is permitted to establish a connection with the message broker or permitted to publish and subscribe to specific topics.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nacl_profile_name|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "aclProfileName",
+				TerraformName:       "acl_profile_name",
+				MarkdownDescription: "The name of the ACL Profile.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientConnectDefaultAction",
+				TerraformName:       "client_connect_default_action",
+				MarkdownDescription: "The default action to take when a client using the ACL Profile connects to the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"disallow\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow\" - Allow client connection unless an exception is found for it.\n\"disallow\" - Disallow client connection unless an exception is found for it.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("allow", "disallow"),
+				},
+				Default: "disallow",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "publishTopicDefaultAction",
+				TerraformName:       "publish_topic_default_action",
+				MarkdownDescription: "The default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"disallow\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow\" - Allow topic unless an exception is found for it.\n\"disallow\" - Disallow topic unless an exception is found for it.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("allow", "disallow"),
+				},
+				Default: "disallow",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "subscribeShareNameDefaultAction",
+				TerraformName:       "subscribe_share_name_default_action",
+				MarkdownDescription: "The default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"allow\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow\" - Allow topic unless an exception is found for it.\n\"disallow\" - Disallow topic unless an exception is found for it.\n</pre>\n Available since SEMP API version 2.14.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("allow", "disallow"),
+				},
+				Default: "allow",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "subscribeTopicDefaultAction",
+				TerraformName:       "subscribe_topic_default_action",
+				MarkdownDescription: "The default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"disallow\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow\" - Allow topic unless an exception is found for it.\n\"disallow\" - Disallow topic unless an exception is found for it.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("allow", "disallow"),
+				},
+				Default: "disallow",
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnAclProfileClientConnectException.go b/internal/broker/generated/MsgVpnAclProfileClientConnectException.go
new file mode 100644
index 00000000..2c41c30e
--- /dev/null
+++ b/internal/broker/generated/MsgVpnAclProfileClientConnectException.go
@@ -0,0 +1,99 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_acl_profile_client_connect_exception",
+		MarkdownDescription: "A Client Connect Exception is an exception to the default action to take when a client using the ACL Profile connects to the Message VPN. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nacl_profile_name|x|||\nclient_connect_exception_address|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/clientConnectExceptions/{clientConnectExceptionAddress}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/clientConnectExceptions",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "aclProfileName",
+				TerraformName:       "acl_profile_name",
+				MarkdownDescription: "The name of the ACL Profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientConnectExceptionAddress",
+				TerraformName:       "client_connect_exception_address",
+				MarkdownDescription: "The IP address/netmask of the client connect exception in canonical CIDR form.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 43),
+					stringvalidator.RegexMatches(regexp.MustCompile("^\\s*((((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\\.){3}(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[1-2][0-9]|3[0-2]))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])))\\s*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnAclProfilePublishTopicException.go b/internal/broker/generated/MsgVpnAclProfilePublishTopicException.go
new file mode 100644
index 00000000..efbb88e8
--- /dev/null
+++ b/internal/broker/generated/MsgVpnAclProfilePublishTopicException.go
@@ -0,0 +1,113 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_acl_profile_publish_topic_exception",
+		MarkdownDescription: "A Publish Topic Exception is an exception to the default action to take when a client using the ACL Profile publishes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nacl_profile_name|x|||\nmsg_vpn_name|x|||\npublish_topic_exception|x|||\npublish_topic_exception_syntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.14.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishTopicExceptions/{publishTopicExceptionSyntax},{publishTopicException}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/publishTopicExceptions",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "aclProfileName",
+				TerraformName:       "acl_profile_name",
+				MarkdownDescription: "The name of the ACL Profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "publishTopicException",
+				TerraformName:       "publish_topic_exception",
+				MarkdownDescription: "The topic for the exception to the default action taken. May include wildcard characters.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 250),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "publishTopicExceptionSyntax",
+				TerraformName:       "publish_topic_exception_syntax",
+				MarkdownDescription: "The syntax of the topic for the exception to the default action taken. The allowed values and their meaning are:\n\n<pre>\n\"smf\" - Topic uses SMF syntax.\n\"mqtt\" - Topic uses MQTT syntax.\n</pre>\n",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("smf", "mqtt"),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnAclProfileSubscribeShareNameException.go b/internal/broker/generated/MsgVpnAclProfileSubscribeShareNameException.go
new file mode 100644
index 00000000..c3226935
--- /dev/null
+++ b/internal/broker/generated/MsgVpnAclProfileSubscribeShareNameException.go
@@ -0,0 +1,113 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_acl_profile_subscribe_share_name_exception",
+		MarkdownDescription: "A Subscribe Share Name Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a share-name subscription in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nacl_profile_name|x|||\nmsg_vpn_name|x|||\nsubscribe_share_name_exception|x|||\nsubscribe_share_name_exception_syntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.14.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeShareNameExceptions/{subscribeShareNameExceptionSyntax},{subscribeShareNameException}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeShareNameExceptions",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "aclProfileName",
+				TerraformName:       "acl_profile_name",
+				MarkdownDescription: "The name of the ACL Profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "subscribeShareNameException",
+				TerraformName:       "subscribe_share_name_exception",
+				MarkdownDescription: "The subscribe share name exception to the default action taken. May include wildcard characters.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 250),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "subscribeShareNameExceptionSyntax",
+				TerraformName:       "subscribe_share_name_exception_syntax",
+				MarkdownDescription: "The syntax of the subscribe share name for the exception to the default action taken. The allowed values and their meaning are:\n\n<pre>\n\"smf\" - Topic uses SMF syntax.\n\"mqtt\" - Topic uses MQTT syntax.\n</pre>\n",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("smf", "mqtt"),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnAclProfileSubscribeTopicException.go b/internal/broker/generated/MsgVpnAclProfileSubscribeTopicException.go
new file mode 100644
index 00000000..6adddf33
--- /dev/null
+++ b/internal/broker/generated/MsgVpnAclProfileSubscribeTopicException.go
@@ -0,0 +1,113 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_acl_profile_subscribe_topic_exception",
+		MarkdownDescription: "A Subscribe Topic Exception is an exception to the default action to take when a client using the ACL Profile subscribes to a topic in the Message VPN. Exceptions must be expressed as a topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nacl_profile_name|x|||\nmsg_vpn_name|x|||\nsubscribe_topic_exception|x|||\nsubscribe_topic_exception_syntax|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.14.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeTopicExceptions/{subscribeTopicExceptionSyntax},{subscribeTopicException}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/aclProfiles/{aclProfileName}/subscribeTopicExceptions",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "aclProfileName",
+				TerraformName:       "acl_profile_name",
+				MarkdownDescription: "The name of the ACL Profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "subscribeTopicException",
+				TerraformName:       "subscribe_topic_exception",
+				MarkdownDescription: "The topic for the exception to the default action taken. May include wildcard characters.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 250),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "subscribeTopicExceptionSyntax",
+				TerraformName:       "subscribe_topic_exception_syntax",
+				MarkdownDescription: "The syntax of the topic for the exception to the default action taken. The allowed values and their meaning are:\n\n<pre>\n\"smf\" - Topic uses SMF syntax.\n\"mqtt\" - Topic uses MQTT syntax.\n</pre>\n",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("smf", "mqtt"),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnAuthenticationOauthProfile.go b/internal/broker/generated/MsgVpnAuthenticationOauthProfile.go
new file mode 100644
index 00000000..c8cf9580
--- /dev/null
+++ b/internal/broker/generated/MsgVpnAuthenticationOauthProfile.go
@@ -0,0 +1,434 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_authentication_oauth_profile",
+		MarkdownDescription: "OAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclient_secret||x||x\nmsg_vpn_name|x|||\noauth_profile_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.25.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authorizationGroupsClaimName",
+				TerraformName:       "authorization_groups_claim_name",
+				MarkdownDescription: "The name of the groups claim. If non-empty, the specified claim will be used to determine groups for authorization. If empty, the authorization_type attribute of the Message VPN will be used to determine authorization. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"groups\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 100),
+				},
+				Default: "groups",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authorizationGroupsClaimStringFormat",
+				TerraformName:       "authorization_groups_claim_string_format",
+				MarkdownDescription: "The format of the authorization groups claim value when it is a string. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"single\"`. The allowed values and their meaning are:\n\n<pre>\n\"single\" - When the claim is a string, it is interpreted as as single group.\n\"space-delimited\" - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the \"scope\" claim.\n</pre>\n Available since SEMP API version 2.32.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("single", "space-delimited"),
+				},
+				Default: "single",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientId",
+				TerraformName:       "client_id",
+				MarkdownDescription: "The OAuth client id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientRequiredType",
+				TerraformName:       "client_required_type",
+				MarkdownDescription: "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"JWT\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "JWT",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientSecret",
+				TerraformName:       "client_secret",
+				MarkdownDescription: "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 512),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "clientValidateTypeEnabled",
+				TerraformName:       "client_validate_type_enabled",
+				MarkdownDescription: "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "disconnectOnTokenExpirationEnabled",
+				TerraformName:       "disconnect_on_token_expiration_enabled",
+				MarkdownDescription: "Enable or disable the disconnection of clients when their tokens expire. Changing this value does not affect existing clients, only new client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "endpointDiscovery",
+				TerraformName:       "endpoint_discovery",
+				MarkdownDescription: "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "endpointDiscoveryRefreshInterval",
+				TerraformName:       "endpoint_discovery_refresh_interval",
+				MarkdownDescription: "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `86400`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(60, 31536000),
+				},
+				Default: 86400,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "endpointIntrospection",
+				TerraformName:       "endpoint_introspection",
+				MarkdownDescription: "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "endpointIntrospectionTimeout",
+				TerraformName:       "endpoint_introspection_timeout",
+				MarkdownDescription: "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 60),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "endpointJwks",
+				TerraformName:       "endpoint_jwks",
+				MarkdownDescription: "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "endpointJwksRefreshInterval",
+				TerraformName:       "endpoint_jwks_refresh_interval",
+				MarkdownDescription: "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `86400`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(60, 31536000),
+				},
+				Default: 86400,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "endpointUserinfo",
+				TerraformName:       "endpoint_userinfo",
+				MarkdownDescription: "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "endpointUserinfoTimeout",
+				TerraformName:       "endpoint_userinfo_timeout",
+				MarkdownDescription: "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 60),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "issuer",
+				TerraformName:       "issuer",
+				MarkdownDescription: "The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "mqttUsernameValidateEnabled",
+				TerraformName:       "mqtt_username_validate_enabled",
+				MarkdownDescription: "Enable or disable whether the API provided MQTT client username will be validated against the username calculated from the token(s). When enabled, connection attempts by MQTT clients are rejected if they differ. Note that this value only applies to MQTT clients; SMF client usernames will not be validated. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthProfileName",
+				TerraformName:       "oauth_profile_name",
+				MarkdownDescription: "The name of the OAuth profile.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthRole",
+				TerraformName:       "oauth_role",
+				MarkdownDescription: "The OAuth role of the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"client\"`. The allowed values and their meaning are:\n\n<pre>\n\"client\" - The broker is in the OAuth client role.\n\"resource-server\" - The broker is in the OAuth resource server role.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("client", "resource-server"),
+				},
+				Default: "client",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "resourceServerParseAccessTokenEnabled",
+				TerraformName:       "resource_server_parse_access_token_enabled",
+				MarkdownDescription: "Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "resourceServerRequiredAudience",
+				TerraformName:       "resource_server_required_audience",
+				MarkdownDescription: "The required audience value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "resourceServerRequiredIssuer",
+				TerraformName:       "resource_server_required_issuer",
+				MarkdownDescription: "The required issuer value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "resourceServerRequiredScope",
+				TerraformName:       "resource_server_required_scope",
+				MarkdownDescription: "A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "resourceServerRequiredType",
+				TerraformName:       "resource_server_required_type",
+				MarkdownDescription: "The required TYP value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"at+jwt\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "at+jwt",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "resourceServerValidateAudienceEnabled",
+				TerraformName:       "resource_server_validate_audience_enabled",
+				MarkdownDescription: "Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "resourceServerValidateIssuerEnabled",
+				TerraformName:       "resource_server_validate_issuer_enabled",
+				MarkdownDescription: "Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "resourceServerValidateScopeEnabled",
+				TerraformName:       "resource_server_validate_scope_enabled",
+				MarkdownDescription: "Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "resourceServerValidateTypeEnabled",
+				TerraformName:       "resource_server_validate_type_enabled",
+				MarkdownDescription: "Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "usernameClaimName",
+				TerraformName:       "username_claim_name",
+				MarkdownDescription: "The name of the username claim. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"sub\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 100),
+				},
+				Default: "sub",
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnAuthenticationOauthProfileClientRequiredClaim.go b/internal/broker/generated/MsgVpnAuthenticationOauthProfileClientRequiredClaim.go
new file mode 100644
index 00000000..7d9ee7a7
--- /dev/null
+++ b/internal/broker/generated/MsgVpnAuthenticationOauthProfileClientRequiredClaim.go
@@ -0,0 +1,113 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_authentication_oauth_profile_client_required_claim",
+		MarkdownDescription: "Additional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclient_required_claim_name|x|||\nmsg_vpn_name|x|||\noauth_profile_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.25.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/clientRequiredClaims/{clientRequiredClaimName}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/clientRequiredClaims",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientRequiredClaimName",
+				TerraformName:       "client_required_claim_name",
+				MarkdownDescription: "The name of the ID token claim to verify.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientRequiredClaimValue",
+				TerraformName:       "client_required_claim_value",
+				MarkdownDescription: "The required claim value.",
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthProfileName",
+				TerraformName:       "oauth_profile_name",
+				MarkdownDescription: "The name of the OAuth profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaim.go b/internal/broker/generated/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaim.go
new file mode 100644
index 00000000..c245bd71
--- /dev/null
+++ b/internal/broker/generated/MsgVpnAuthenticationOauthProfileResourceServerRequiredClaim.go
@@ -0,0 +1,113 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_authentication_oauth_profile_resource_server_required_claim",
+		MarkdownDescription: "Additional claims to be verified in the access token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\noauth_profile_name|x|||\nresource_server_required_claim_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.25.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/resourceServerRequiredClaims/{resourceServerRequiredClaimName}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/authenticationOauthProfiles/{oauthProfileName}/resourceServerRequiredClaims",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthProfileName",
+				TerraformName:       "oauth_profile_name",
+				MarkdownDescription: "The name of the OAuth profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "resourceServerRequiredClaimName",
+				TerraformName:       "resource_server_required_claim_name",
+				MarkdownDescription: "The name of the access token claim to verify.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "resourceServerRequiredClaimValue",
+				TerraformName:       "resource_server_required_claim_value",
+				MarkdownDescription: "The required claim value.",
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnAuthorizationGroup.go b/internal/broker/generated/MsgVpnAuthorizationGroup.go
new file mode 100644
index 00000000..4950a354
--- /dev/null
+++ b/internal/broker/generated/MsgVpnAuthorizationGroup.go
@@ -0,0 +1,153 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_authorization_group",
+		MarkdownDescription: "To use client authorization groups configured on an external server to provide client authorizations, Authorization Group objects must be created on the Message VPN that match the authorization groups provisioned on the external server. These objects must be configured with the client profiles and ACL profiles that will be assigned to the clients that belong to those authorization groups. A newly created group is placed at the end of the group list which is the lowest priority.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthorization_group_name|x|||\nmsg_vpn_name|x|||\norder_after_authorization_group_name||x||\norder_before_authorization_group_name||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/authorizationGroups/{authorizationGroupName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "aclProfileName",
+				TerraformName:       "acl_profile_name",
+				MarkdownDescription: "The ACL Profile of the Authorization Group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+				},
+				Default: "default",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authorizationGroupName",
+				TerraformName:       "authorization_group_name",
+				MarkdownDescription: "The name of the Authorization Group. For LDAP groups, special care is needed if the group name contains special characters such as '#', '+', ';', '=' as the value of the group name returned from the LDAP server might prepend those characters with '\\'. For example a group name called 'test#,lab,com' will be returned from the LDAP server as 'test\\#,lab,com'.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 256),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientProfileName",
+				TerraformName:       "client_profile_name",
+				MarkdownDescription: "The Client Profile of the Authorization Group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^#?[A-Za-z0-9\\-_]+$"), ""),
+				},
+				Default: "default",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the Authorization Group in the Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "orderAfterAuthorizationGroupName",
+				TerraformName:       "order_after_authorization_group_name",
+				MarkdownDescription: "Lower the priority to be less than this group. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is not applicable.",
+				Sensitive:           true,
+				ConflictsWith:       []string{"order_before_authorization_group_name"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.ConflictsWith(
+						path.MatchRelative().AtParent().AtName("order_before_authorization_group_name"),
+					),
+					stringvalidator.LengthBetween(1, 256),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "orderBeforeAuthorizationGroupName",
+				TerraformName:       "order_before_authorization_group_name",
+				MarkdownDescription: "Raise the priority to be greater than this group. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is not applicable.",
+				Sensitive:           true,
+				ConflictsWith:       []string{"order_after_authorization_group_name"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.ConflictsWith(
+						path.MatchRelative().AtParent().AtName("order_after_authorization_group_name"),
+					),
+					stringvalidator.LengthBetween(1, 256),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnBridge.go b/internal/broker/generated/MsgVpnBridge.go
new file mode 100644
index 00000000..ce0bf462
--- /dev/null
+++ b/internal/broker/generated/MsgVpnBridge.go
@@ -0,0 +1,255 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_bridge",
+		MarkdownDescription: "Bridges can be used to link two Message VPNs so that messages published to one Message VPN that match the topic subscriptions set for the bridge are also delivered to the linked Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridge_name|x|||\nbridge_virtual_router|x|||\nmsg_vpn_name|x|||\nremote_authentication_basic_password||x||x\nremote_authentication_client_cert_content||x||x\nremote_authentication_client_cert_password||x||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "bridgeName",
+				TerraformName:       "bridge_name",
+				MarkdownDescription: "The name of the Bridge.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 150),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9\"~`!\\\\@$%|\\^()_+={}:,.#\\-;\\[\\]]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "bridgeVirtualRouter",
+				TerraformName:       "bridge_virtual_router",
+				MarkdownDescription: "The virtual router of the Bridge. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The Bridge is used for the primary virtual router.\n\"backup\" - The Bridge is used for the backup virtual router.\n\"auto\" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("primary", "backup", "auto"),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the Bridge. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxTtl",
+				TerraformName:       "max_ttl",
+				MarkdownDescription: "The maximum time-to-live (TTL) in hops. Messages are discarded if their TTL exceeds this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `8`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 255),
+				},
+				Default: 8,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteAuthenticationBasicClientUsername",
+				TerraformName:       "remote_authentication_basic_client_username",
+				MarkdownDescription: "The Client Username the Bridge uses to login to the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Requires:            []string{"remote_authentication_basic_password"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("remote_authentication_basic_password"),
+					),
+					stringvalidator.LengthBetween(0, 189),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?*]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteAuthenticationBasicPassword",
+				TerraformName:       "remote_authentication_basic_password",
+				MarkdownDescription: "The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Requires:            []string{"remote_authentication_basic_client_username"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("remote_authentication_basic_client_username"),
+					),
+					stringvalidator.LengthBetween(0, 128),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteAuthenticationClientCertContent",
+				TerraformName:       "remote_authentication_client_cert_content",
+				MarkdownDescription: "The PEM formatted content for the client certificate used by the Bridge to login to the remote Message VPN. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since SEMP API version 2.9.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32768),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteAuthenticationClientCertPassword",
+				TerraformName:       "remote_authentication_client_cert_password",
+				MarkdownDescription: "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since SEMP API version 2.9.",
+				Sensitive:           true,
+				Requires:            []string{"remote_authentication_client_cert_content"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("remote_authentication_client_cert_content"),
+					),
+					stringvalidator.LengthBetween(0, 512),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteAuthenticationScheme",
+				TerraformName:       "remote_authentication_scheme",
+				MarkdownDescription: "The authentication scheme for the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"basic\"`. The allowed values and their meaning are:\n\n<pre>\n\"basic\" - Basic Authentication Scheme (via username and password).\n\"client-certificate\" - Client Certificate Authentication Scheme (via certificate file or content).\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("basic", "client-certificate"),
+				},
+				Default: "basic",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "remoteConnectionRetryCount",
+				TerraformName:       "remote_connection_retry_count",
+				MarkdownDescription: "The maximum number of retry attempts to establish a connection to the remote Message VPN. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 255),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "remoteConnectionRetryDelay",
+				TerraformName:       "remote_connection_retry_delay",
+				MarkdownDescription: "The number of seconds the broker waits for the bridge connection to be established before attempting a new connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 255),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteDeliverToOnePriority",
+				TerraformName:       "remote_deliver_to_one_priority",
+				MarkdownDescription: "The priority for deliver-to-one (DTO) messages transmitted from the remote Message VPN. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"p1\"`. The allowed values and their meaning are:\n\n<pre>\n\"p1\" - The 1st or highest priority.\n\"p2\" - The 2nd highest priority.\n\"p3\" - The 3rd highest priority.\n\"p4\" - The 4th highest priority.\n\"da\" - Ignore priority and deliver always.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("p1", "p2", "p3", "p4", "da"),
+				},
+				Default: "p1",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "tlsCipherSuiteList",
+				TerraformName:       "tls_cipher_suite_list",
+				MarkdownDescription: "The colon-separated list of cipher suites supported for TLS connections to the remote Message VPN. The value \"default\" implies all supported suites ordered from most secure to least secure. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 1559),
+				},
+				Default: "default",
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnBridgeRemoteMsgVpn.go b/internal/broker/generated/MsgVpnBridgeRemoteMsgVpn.go
new file mode 100644
index 00000000..bbc11402
--- /dev/null
+++ b/internal/broker/generated/MsgVpnBridgeRemoteMsgVpn.go
@@ -0,0 +1,268 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_bridge_remote_msg_vpn",
+		MarkdownDescription: "The Remote Message VPN is the Message VPN that the Bridge connects to.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridge_name|x|||\nbridge_virtual_router|x|||\nmsg_vpn_name|x|||\npassword||x||x\nremote_msg_vpn_interface|x|||\nremote_msg_vpn_location|x|||\nremote_msg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteMsgVpns/{remoteMsgVpnName},{remoteMsgVpnLocation},{remoteMsgVpnInterface}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "bridgeName",
+				TerraformName:       "bridge_name",
+				MarkdownDescription: "The name of the Bridge.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 150),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9\"~`!\\\\@$%|\\^()_+={}:,.#\\-;\\[\\]]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "bridgeVirtualRouter",
+				TerraformName:       "bridge_virtual_router",
+				MarkdownDescription: "The virtual router of the Bridge. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The Bridge is used for the primary virtual router.\n\"backup\" - The Bridge is used for the backup virtual router.\n\"auto\" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("primary", "backup", "auto"),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientUsername",
+				TerraformName:       "client_username",
+				MarkdownDescription: "The Client Username the Bridge uses to login to the remote Message VPN. This per remote Message VPN value overrides the value provided for the Bridge overall. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Requires:            []string{"password"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("password"),
+					),
+					stringvalidator.LengthBetween(0, 189),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?*]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "compressedDataEnabled",
+				TerraformName:       "compressed_data_enabled",
+				MarkdownDescription: "Enable or disable data compression for the remote Message VPN connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "connectOrder",
+				TerraformName:       "connect_order",
+				MarkdownDescription: "The preference given to incoming connections from remote Message VPN hosts, from 1 (highest priority) to 4 (lowest priority). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 4),
+				},
+				Default: 4,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "egressFlowWindowSize",
+				TerraformName:       "egress_flow_window_size",
+				MarkdownDescription: "The number of outstanding guaranteed messages that can be transmitted over the remote Message VPN connection before an acknowledgment is received. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 255,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the remote Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "password",
+				TerraformName:       "password",
+				MarkdownDescription: "The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Requires:            []string{"client_username"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("client_username"),
+					),
+					stringvalidator.LengthBetween(0, 128),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueBinding",
+				TerraformName:       "queue_binding",
+				MarkdownDescription: "The queue binding of the Bridge in the remote Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteMsgVpnInterface",
+				TerraformName:       "remote_msg_vpn_interface",
+				MarkdownDescription: "The physical interface on the local Message VPN host for connecting to the remote Message VPN. By default, an interface is chosen automatically (recommended), but if specified, `remote_msg_vpn_location` must not be a virtual router name.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 15),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteMsgVpnLocation",
+				TerraformName:       "remote_msg_vpn_location",
+				MarkdownDescription: "The location of the remote Message VPN as either an FQDN with port, IP address with port, or virtual router name (starting with \"v:\").",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 259),
+					stringvalidator.RegexMatches(regexp.MustCompile("^((((([0-9a-zA-Z_\\-\\.])+)|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])((:[0-9]{1,5}){0,1}))|(v:.+))$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteMsgVpnName",
+				TerraformName:       "remote_msg_vpn_name",
+				MarkdownDescription: "The name of the remote Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "tlsEnabled",
+				TerraformName:       "tls_enabled",
+				MarkdownDescription: "Enable or disable encryption (TLS) for the remote Message VPN connection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "unidirectionalClientProfile",
+				TerraformName:       "unidirectional_client_profile",
+				MarkdownDescription: "The Client Profile for the unidirectional Bridge of the remote Message VPN. The Client Profile must exist in the local Message VPN, and it is used only for the TCP parameters. Note that the default client profile has a TCP maximum window size of 2 MB. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#client-profile\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^#?[A-Za-z0-9\\-_]+$"), ""),
+				},
+				Default: "#client-profile",
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnBridgeRemoteSubscription.go b/internal/broker/generated/MsgVpnBridgeRemoteSubscription.go
new file mode 100644
index 00000000..4e0b1e8b
--- /dev/null
+++ b/internal/broker/generated/MsgVpnBridgeRemoteSubscription.go
@@ -0,0 +1,126 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_bridge_remote_subscription",
+		MarkdownDescription: "A Remote Subscription is a topic subscription used by the Message VPN Bridge to attract messages from the remote message broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nbridge_name|x|||\nbridge_virtual_router|x|||\nmsg_vpn_name|x|||\nremote_subscription_topic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteSubscriptions/{remoteSubscriptionTopic}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/bridges/{bridgeName},{bridgeVirtualRouter}/remoteSubscriptions",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "bridgeName",
+				TerraformName:       "bridge_name",
+				MarkdownDescription: "The name of the Bridge.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 150),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9\"~`!\\\\@$%|\\^()_+={}:,.#\\-;\\[\\]]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "bridgeVirtualRouter",
+				TerraformName:       "bridge_virtual_router",
+				MarkdownDescription: "The virtual router of the Bridge. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The Bridge is used for the primary virtual router.\n\"backup\" - The Bridge is used for the backup virtual router.\n\"auto\" - The Bridge is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("primary", "backup", "auto"),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "deliverAlwaysEnabled",
+				TerraformName:       "deliver_always_enabled",
+				MarkdownDescription: "Enable or disable deliver-always for the Bridge remote subscription topic instead of a deliver-to-one remote priority. A given topic for the Bridge may be deliver-to-one or deliver-always but not both.",
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteSubscriptionTopic",
+				TerraformName:       "remote_subscription_topic",
+				MarkdownDescription: "The topic of the Bridge remote subscription.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 250),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnCertMatchingRule.go b/internal/broker/generated/MsgVpnCertMatchingRule.go
new file mode 100644
index 00000000..5b9f4856
--- /dev/null
+++ b/internal/broker/generated/MsgVpnCertMatchingRule.go
@@ -0,0 +1,91 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_cert_matching_rule",
+		MarkdownDescription: "A Cert Matching Rule is a collection of conditions and attribute filters that all have to be satisfied for certificate to be acceptable as authentication for a given username.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nrule_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.27.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable a certificate matching rule. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "ruleName",
+				TerraformName:       "rule_name",
+				MarkdownDescription: "The name of the rule.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnCertMatchingRuleAttributeFilter.go b/internal/broker/generated/MsgVpnCertMatchingRuleAttributeFilter.go
new file mode 100644
index 00000000..bcb14a8d
--- /dev/null
+++ b/internal/broker/generated/MsgVpnCertMatchingRuleAttributeFilter.go
@@ -0,0 +1,125 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_cert_matching_rule_attribute_filter",
+		MarkdownDescription: "A Cert Matching Rule Attribute Filter compares a username attribute to a string.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nfilter_name|x|||\nmsg_vpn_name|x|||\nrule_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.28.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/attributeFilters/{filterName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "attributeName",
+				TerraformName:       "attribute_name",
+				MarkdownDescription: "Client Username Attribute to be tested. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^([A-Za-z][A-Za-z0-9\\-]*)?$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "attributeValue",
+				TerraformName:       "attribute_value",
+				MarkdownDescription: "Expected attribute value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 256),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "filterName",
+				TerraformName:       "filter_name",
+				MarkdownDescription: "The name of the filter.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#*? ]([^*?]*[^*? ])?$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "ruleName",
+				TerraformName:       "rule_name",
+				MarkdownDescription: "The name of the rule.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnCertMatchingRuleCondition.go b/internal/broker/generated/MsgVpnCertMatchingRuleCondition.go
new file mode 100644
index 00000000..1b1d3b0b
--- /dev/null
+++ b/internal/broker/generated/MsgVpnCertMatchingRuleCondition.go
@@ -0,0 +1,127 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_cert_matching_rule_condition",
+		MarkdownDescription: "A Cert Matching Rule Condition compares data extracted from a certificate to a username attribute or an expression.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nrule_name|x|||\nsource|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.27.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/conditions/{source}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/certMatchingRules/{ruleName}/conditions",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "attribute",
+				TerraformName:       "attribute",
+				MarkdownDescription: "Client Username Attribute to be compared with certificate content. Either an attribute or an expression must be provided on creation, but not both. The default value is `\"\"`.",
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^([A-Za-z][A-Za-z0-9\\-]*)?$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "expression",
+				TerraformName:       "expression",
+				MarkdownDescription: "Glob expression to be matched with certificate content. Either an expression or an attribute must be provided on creation, but not both. The default value is `\"\"`.",
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 256),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "ruleName",
+				TerraformName:       "rule_name",
+				MarkdownDescription: "The name of the rule.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "source",
+				TerraformName:       "source",
+				MarkdownDescription: "Certificate field to be compared with the Attribute. The allowed values and their meaning are:\n\n<pre>\n\"certificate-thumbprint\" - The attribute is computed as the SHA-1 hash over the entire DER-encoded contents of the client certificate.\n\"common-name\" - The attribute is extracted from the certificate's first instance of the Common Name attribute in the Subject DN.\n\"common-name-last\" - The attribute is extracted from the certificate's last instance of the Common Name attribute in the Subject DN.\n\"subject-alternate-name-msupn\" - The attribute is extracted from the certificate's Other Name type of the Subject Alternative Name and must have the msUPN signature.\n\"uid\" - The attribute is extracted from the certificate's first instance of the User Identifier attribute in the Subject DN.\n\"uid-last\" - The attribute is extracted from the certificate's last instance of the User Identifier attribute in the Subject DN.\n\"org-unit\" - The attribute is extracted from the certificate's first instance of the Org Unit attribute in the Subject DN.\n\"org-unit-last\" - The attribute is extracted from the certificate's last instance of the Org Unit attribute in the Subject DN.\n\"issuer\" - The attribute is extracted from the certificate's Issuer DN.\n\"subject\" - The attribute is extracted from the certificate's Subject DN.\n\"serial-number\" - The attribute is extracted from the certificate's Serial Number.\n\"dns-name\" - The attribute is extracted from the certificate's Subject Alt Name DNS Name.\n\"ip-address\" - The attribute is extracted from the certificate's Subject Alt Name IP Address.\n</pre>\n",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("certificate-thumbprint", "common-name", "common-name-last", "subject-alternate-name-msupn", "uid", "uid-last", "org-unit", "org-unit-last", "issuer", "subject", "serial-number", "dns-name", "ip-address"),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnClientProfile.go b/internal/broker/generated/MsgVpnClientProfile.go
new file mode 100644
index 00000000..cf3ed0db
--- /dev/null
+++ b/internal/broker/generated/MsgVpnClientProfile.go
@@ -0,0 +1,1531 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_client_profile",
+		MarkdownDescription: "Client Profiles are used to assign common configuration properties to clients that have been successfully authorized.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nallow_cut_through_forwarding_enabled|||x|\napi_queue_management_copy_from_on_create_name|||x|\napi_topic_endpoint_management_copy_from_on_create_name|||x|\nclient_profile_name|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/clientProfiles/{clientProfileName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "allowBridgeConnectionsEnabled",
+				TerraformName:       "allow_bridge_connections_enabled",
+				MarkdownDescription: "Enable or disable allowing Bridge clients using the Client Profile to connect. Changing this setting does not affect existing Bridge client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "allowGuaranteedEndpointCreateDurability",
+				TerraformName:       "allow_guaranteed_endpoint_create_durability",
+				MarkdownDescription: "The types of Queues and Topic Endpoints that clients using the client-profile can create. Changing this value does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"all\"`. The allowed values and their meaning are:\n\n<pre>\n\"all\" - Client can create any type of endpoint.\n\"durable\" - Client can create only durable endpoints.\n\"non-durable\" - Client can create only non-durable endpoints.\n</pre>\n Available since SEMP API version 2.14.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("all", "durable", "non-durable"),
+				},
+				Default: "all",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "allowGuaranteedEndpointCreateEnabled",
+				TerraformName:       "allow_guaranteed_endpoint_create_enabled",
+				MarkdownDescription: "Enable or disable allowing clients using the Client Profile to create topic endpoints or queues. Changing this value does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "allowGuaranteedMsgReceiveEnabled",
+				TerraformName:       "allow_guaranteed_msg_receive_enabled",
+				MarkdownDescription: "Enable or disable allowing clients using the Client Profile to receive guaranteed messages. Changing this setting does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "allowGuaranteedMsgSendEnabled",
+				TerraformName:       "allow_guaranteed_msg_send_enabled",
+				MarkdownDescription: "Enable or disable allowing clients using the Client Profile to send guaranteed messages. Changing this setting does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "allowSharedSubscriptionsEnabled",
+				TerraformName:       "allow_shared_subscriptions_enabled",
+				MarkdownDescription: "Enable or disable allowing shared subscriptions. Changing this setting does not affect existing subscriptions. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.11.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "allowTransactedSessionsEnabled",
+				TerraformName:       "allow_transacted_sessions_enabled",
+				MarkdownDescription: "Enable or disable allowing clients using the Client Profile to establish transacted sessions. Changing this setting does not affect existing client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "apiQueueManagementCopyFromOnCreateTemplateName",
+				TerraformName:       "api_queue_management_copy_from_on_create_template_name",
+				MarkdownDescription: "The name of a queue template to copy settings from when a new queue is created by a client using the Client Profile. If the referenced queue template does not exist, queue creation will fail when it tries to resolve this template. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.14.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#?*]?[^?*]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "apiTopicEndpointManagementCopyFromOnCreateTemplateName",
+				TerraformName:       "api_topic_endpoint_management_copy_from_on_create_template_name",
+				MarkdownDescription: "The name of a topic endpoint template to copy settings from when a new topic endpoint is created by a client using the Client Profile. If the referenced topic endpoint template does not exist, topic endpoint creation will fail when it tries to resolve this template. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.14.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#?*]?[^?*]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientProfileName",
+				TerraformName:       "client_profile_name",
+				MarkdownDescription: "The name of the Client Profile.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^#?[A-Za-z0-9\\-_]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "compressionEnabled",
+				TerraformName:       "compression_enabled",
+				MarkdownDescription: "Enable or disable allowing clients using the Client Profile to use compression. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.10.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "elidingDelay",
+				TerraformName:       "eliding_delay",
+				MarkdownDescription: "The amount of time to delay the delivery of messages to clients using the Client Profile after the initial message has been delivered (the eliding delay interval), in milliseconds. A value of 0 means there is no delay in delivering messages to clients. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 60000),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "elidingEnabled",
+				TerraformName:       "eliding_enabled",
+				MarkdownDescription: "Enable or disable message eliding for clients using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "elidingMaxTopicCount",
+				TerraformName:       "eliding_max_topic_count",
+				MarkdownDescription: "The maximum number of topics tracked for message eliding per client connection using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 32000),
+				},
+				Default: 256,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventClientProvisionedEndpointSpoolUsageThreshold",
+				TerraformName:       "event_client_provisioned_endpoint_spool_usage_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 18,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 25,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventConnectionCountPerClientUsernameThreshold",
+				TerraformName:       "event_connection_count_per_client_username_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventEgressFlowCountThreshold",
+				TerraformName:       "event_egress_flow_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventEndpointCountPerClientUsernameThreshold",
+				TerraformName:       "event_endpoint_count_per_client_username_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventIngressFlowCountThreshold",
+				TerraformName:       "event_ingress_flow_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventServiceSmfConnectionCountPerClientUsernameThreshold",
+				TerraformName:       "event_service_smf_connection_count_per_client_username_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventServiceWebConnectionCountPerClientUsernameThreshold",
+				TerraformName:       "event_service_web_connection_count_per_client_username_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventSubscriptionCountThreshold",
+				TerraformName:       "event_subscription_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventTransactedSessionCountThreshold",
+				TerraformName:       "event_transacted_session_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventTransactionCountThreshold",
+				TerraformName:       "event_transaction_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxConnectionCountPerClientUsername",
+				TerraformName:       "max_connection_count_per_client_username",
+				MarkdownDescription: "The maximum number of client connections per Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxEgressFlowCount",
+				TerraformName:       "max_egress_flow_count",
+				MarkdownDescription: "The maximum number of transmit flows that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxEndpointCountPerClientUsername",
+				TerraformName:       "max_endpoint_count_per_client_username",
+				MarkdownDescription: "The maximum number of queues and topic endpoints that can be created by clients with the same Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxIngressFlowCount",
+				TerraformName:       "max_ingress_flow_count",
+				MarkdownDescription: "The maximum number of receive flows that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 1000000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxMsgsPerTransaction",
+				TerraformName:       "max_msgs_per_transaction",
+				MarkdownDescription: "The maximum number of publisher and consumer messages combined that is allowed within a transaction for each client associated with this client-profile. Exceeding this limit will result in a transaction prepare or commit failure. Changing this value during operation will not affect existing sessions. It is only validated at transaction creation time. Large transactions consume more resources and are more likely to require retrieving messages from the ADB or from disk to process the transaction prepare or commit requests. The transaction processing rate may diminish if a large number of messages must be retrieved from the ADB or from disk. Care should be taken to not use excessively large transactions needlessly to avoid exceeding resource limits and to avoid reducing the overall broker performance. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`. Available since SEMP API version 2.20.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 20000),
+				},
+				Default: 256,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxSubscriptionCount",
+				TerraformName:       "max_subscription_count",
+				MarkdownDescription: "The maximum number of subscriptions per client using the Client Profile. This limit is not enforced when a client adds a subscription to an endpoint, except for MQTT QoS 1 subscriptions. In addition, this limit is not enforced when a subscription is added using a management interface, such as CLI or SEMP. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxTransactedSessionCount",
+				TerraformName:       "max_transacted_session_count",
+				MarkdownDescription: "The maximum number of transacted sessions that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 30000),
+				},
+				Default: 10,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxTransactionCount",
+				TerraformName:       "max_transaction_count",
+				MarkdownDescription: "The maximum number of transactions that can be created by one client using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default varies by platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 50000),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueControl1MaxDepth",
+				TerraformName:       "queue_control1_max_depth",
+				MarkdownDescription: "The maximum depth of the \"Control 1\" (C-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 262144),
+				},
+				Default: 20000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueControl1MinMsgBurst",
+				TerraformName:       "queue_control1_min_msg_burst",
+				MarkdownDescription: "The number of messages that are always allowed entry into the \"Control 1\" (C-1) priority queue, regardless of the `queue_control1_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 262144),
+				},
+				Default: 4,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueDirect1MaxDepth",
+				TerraformName:       "queue_direct1_max_depth",
+				MarkdownDescription: "The maximum depth of the \"Direct 1\" (D-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 262144),
+				},
+				Default: 20000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueDirect1MinMsgBurst",
+				TerraformName:       "queue_direct1_min_msg_burst",
+				MarkdownDescription: "The number of messages that are always allowed entry into the \"Direct 1\" (D-1) priority queue, regardless of the `queue_direct1_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 262144),
+				},
+				Default: 4,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueDirect2MaxDepth",
+				TerraformName:       "queue_direct2_max_depth",
+				MarkdownDescription: "The maximum depth of the \"Direct 2\" (D-2) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 262144),
+				},
+				Default: 20000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueDirect2MinMsgBurst",
+				TerraformName:       "queue_direct2_min_msg_burst",
+				MarkdownDescription: "The number of messages that are always allowed entry into the \"Direct 2\" (D-2) priority queue, regardless of the `queue_direct2_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 262144),
+				},
+				Default: 4,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueDirect3MaxDepth",
+				TerraformName:       "queue_direct3_max_depth",
+				MarkdownDescription: "The maximum depth of the \"Direct 3\" (D-3) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 262144),
+				},
+				Default: 20000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueDirect3MinMsgBurst",
+				TerraformName:       "queue_direct3_min_msg_burst",
+				MarkdownDescription: "The number of messages that are always allowed entry into the \"Direct 3\" (D-3) priority queue, regardless of the `queue_direct3_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `4`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 262144),
+				},
+				Default: 4,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueGuaranteed1MaxDepth",
+				TerraformName:       "queue_guaranteed1_max_depth",
+				MarkdownDescription: "The maximum depth of the \"Guaranteed 1\" (G-1) priority queue, in work units. Each work unit is 2048 bytes of message data. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `20000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 262144),
+				},
+				Default: 20000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueGuaranteed1MinMsgBurst",
+				TerraformName:       "queue_guaranteed1_min_msg_burst",
+				MarkdownDescription: "The number of messages that are always allowed entry into the \"Guaranteed 1\" (G-3) priority queue, regardless of the `queue_guaranteed1_max_depth` value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 262144),
+				},
+				Default: 255,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "rejectMsgToSenderOnNoSubscriptionMatchEnabled",
+				TerraformName:       "reject_msg_to_sender_on_no_subscription_match_enabled",
+				MarkdownDescription: "Enable or disable the sending of a negative acknowledgment (NACK) to a client using the Client Profile when discarding a guaranteed message due to no matching subscription found. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.2.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "replicationAllowClientConnectWhenStandbyEnabled",
+				TerraformName:       "replication_allow_client_connect_when_standby_enabled",
+				MarkdownDescription: "Enable or disable allowing clients using the Client Profile to connect to the Message VPN when its replication state is standby. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceMinKeepaliveTimeout",
+				TerraformName:       "service_min_keepalive_timeout",
+				MarkdownDescription: "The minimum client keepalive timeout which will be enforced for client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30`. Available since SEMP API version 2.19.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(3, 3600),
+				},
+				Default: 30,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceSmfMaxConnectionCountPerClientUsername",
+				TerraformName:       "service_smf_max_connection_count_per_client_username",
+				MarkdownDescription: "The maximum number of SMF client connections per Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "serviceSmfMinKeepaliveEnabled",
+				TerraformName:       "service_smf_min_keepalive_enabled",
+				MarkdownDescription: "Enable or disable the enforcement of a minimum keepalive timeout for SMF clients. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.19.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceWebInactiveTimeout",
+				TerraformName:       "service_web_inactive_timeout",
+				MarkdownDescription: "The timeout for inactive Web Transport client sessions using the Client Profile, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 4294967295),
+				},
+				Default: 30,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceWebMaxConnectionCountPerClientUsername",
+				TerraformName:       "service_web_max_connection_count_per_client_username",
+				MarkdownDescription: "The maximum number of Web Transport client connections per Client Username using the Client Profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "serviceWebMaxPayload",
+				TerraformName:       "service_web_max_payload",
+				MarkdownDescription: "The maximum Web Transport payload size before fragmentation occurs for clients using the Client Profile, in bytes. The size of the header is not included. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(300, 10000000),
+				},
+				Default: 1e+06,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "tcpCongestionWindowSize",
+				TerraformName:       "tcp_congestion_window_size",
+				MarkdownDescription: "The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 7826),
+				},
+				Default: 2,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "tcpKeepaliveCount",
+				TerraformName:       "tcp_keepalive_count",
+				MarkdownDescription: "The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 5),
+				},
+				Default: 5,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "tcpKeepaliveIdleTime",
+				TerraformName:       "tcp_keepalive_idle_time",
+				MarkdownDescription: "The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(3, 120),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "tcpKeepaliveInterval",
+				TerraformName:       "tcp_keepalive_interval",
+				MarkdownDescription: "The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 30),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "tcpMaxSegmentSize",
+				TerraformName:       "tcp_max_segment_size",
+				MarkdownDescription: "The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1460`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(256, 1460),
+				},
+				Default: 1460,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "tcpMaxWindowSize",
+				TerraformName:       "tcp_max_window_size",
+				MarkdownDescription: "The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(16, 65536),
+				},
+				Default: 256,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "tlsAllowDowngradeToPlainTextEnabled",
+				TerraformName:       "tls_allow_downgrade_to_plain_text_enabled",
+				MarkdownDescription: "Enable or disable allowing a client using the Client Profile to downgrade an encrypted connection to plain text. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.8.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnClientUsername.go b/internal/broker/generated/MsgVpnClientUsername.go
new file mode 100644
index 00000000..02de8e37
--- /dev/null
+++ b/internal/broker/generated/MsgVpnClientUsername.go
@@ -0,0 +1,153 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_client_username",
+		MarkdownDescription: "A client is only authorized to connect to a Message VPN that is associated with a Client Username that the client has been assigned.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclient_username|x|||\nmsg_vpn_name|x|||\npassword||x||x\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "aclProfileName",
+				TerraformName:       "acl_profile_name",
+				MarkdownDescription: "The ACL Profile of the Client Username. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+				},
+				Default: "default",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientProfileName",
+				TerraformName:       "client_profile_name",
+				MarkdownDescription: "The Client Profile of the Client Username. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^#?[A-Za-z0-9\\-_]+$"), ""),
+				},
+				Default: "default",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientUsername",
+				TerraformName:       "client_username",
+				MarkdownDescription: "The name of the Client Username.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 189),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?*]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the Client Username. When disabled, all clients currently connected as the Client Username are disconnected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "guaranteedEndpointPermissionOverrideEnabled",
+				TerraformName:       "guaranteed_endpoint_permission_override_enabled",
+				MarkdownDescription: "Enable or disable guaranteed endpoint permission override for the Client Username. When enabled all guaranteed endpoints may be accessed, modified or deleted with the same permission as the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "password",
+				TerraformName:       "password",
+				MarkdownDescription: "The password for the Client Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 128),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "subscriptionManagerEnabled",
+				TerraformName:       "subscription_manager_enabled",
+				MarkdownDescription: "Enable or disable the subscription management capability of the Client Username. This is the ability to manage subscriptions on behalf of other Client Usernames. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnClientUsernameAttribute.go b/internal/broker/generated/MsgVpnClientUsernameAttribute.go
new file mode 100644
index 00000000..5f12607a
--- /dev/null
+++ b/internal/broker/generated/MsgVpnClientUsernameAttribute.go
@@ -0,0 +1,115 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_client_username_attribute",
+		MarkdownDescription: "A ClientUsername Attribute is a key+value pair that can be used to locate a client username, for example when using client certificate mapping.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nattribute_name|x|||\nattribute_value|x|||\nclient_username|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.27.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}/attributes/{attributeName},{attributeValue}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/clientUsernames/{clientUsername}/attributes",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "attributeName",
+				TerraformName:       "attribute_name",
+				MarkdownDescription: "The name of the Attribute.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z][A-Za-z0-9\\-]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "attributeValue",
+				TerraformName:       "attribute_value",
+				MarkdownDescription: "The value of the Attribute.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 256),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientUsername",
+				TerraformName:       "client_username",
+				MarkdownDescription: "The name of the Client Username.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 189),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?*]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnDistributedCache.go b/internal/broker/generated/MsgVpnDistributedCache.go
new file mode 100644
index 00000000..32479519
--- /dev/null
+++ b/internal/broker/generated/MsgVpnDistributedCache.go
@@ -0,0 +1,155 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_distributed_cache",
+		MarkdownDescription: "A Distributed Cache is a collection of one or more Cache Clusters that belong to the same Message VPN. Each Cache Cluster in a Distributed Cache is configured to subscribe to a different set of topics. This effectively divides up the configured topic space, to provide scaling to very large topic spaces or very high cached message throughput.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncache_name|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.11.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "cacheName",
+				TerraformName:       "cache_name",
+				MarkdownDescription: "The name of the Distributed Cache.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "cacheVirtualRouter",
+				TerraformName:       "cache_virtual_router",
+				MarkdownDescription: "The virtual router of the Distributed Cache. The default value is `\"auto\"`. The allowed values and their meaning are:\n\n<pre>\n\"auto\" - The Distributed Cache is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n Available since SEMP API version 2.28.",
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("auto"),
+				},
+				Default: "auto",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the Distributed Cache. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "heartbeat",
+				TerraformName:       "heartbeat",
+				MarkdownDescription: "The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the message broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(3, 60),
+				},
+				Default: 10,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "scheduledDeleteMsgDayList",
+				TerraformName:       "scheduled_delete_msg_day_list",
+				MarkdownDescription: "The scheduled delete message day(s), specified as \"daily\" or a comma-separated list of days. Days must be specified as \"Sun\", \"Mon\", \"Tue\", \"Wed\", \"Thu\", \"Fri\", or \"Sat\", with no spaces, and in sorted order from Sunday to Saturday. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"scheduled_delete_msg_time_list\" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Requires:            []string{"scheduled_delete_msg_time_list"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("scheduled_delete_msg_time_list"),
+					),
+					stringvalidator.LengthBetween(0, 100),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "scheduledDeleteMsgTimeList",
+				TerraformName:       "scheduled_delete_msg_time_list",
+				MarkdownDescription: "The scheduled delete message time(s), specified as \"hourly\" or a comma-separated list of 24-hour times in the form hh:mm, or h:mm. There must be no spaces, and times (up to 4) must be in sorted order from 0:00 to 23:59. The empty-string (\"\") can also be specified, indicating no schedule is configured (\"scheduled_delete_msg_day_list\" must also be configured to the empty-string). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Requires:            []string{"scheduled_delete_msg_day_list"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("scheduled_delete_msg_day_list"),
+					),
+					stringvalidator.LengthBetween(0, 100),
+				},
+				Default: "",
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnDistributedCacheCluster.go b/internal/broker/generated/MsgVpnDistributedCacheCluster.go
new file mode 100644
index 00000000..6367ae76
--- /dev/null
+++ b/internal/broker/generated/MsgVpnDistributedCacheCluster.go
@@ -0,0 +1,526 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_distributed_cache_cluster",
+		MarkdownDescription: "A Cache Cluster is a collection of one or more Cache Instances that subscribe to exactly the same topics. Cache Instances are grouped together in a Cache Cluster for the purpose of fault tolerance and load balancing. As published messages are received, the message broker message bus sends these live data messages to the Cache Instances in the Cache Cluster. This enables client cache requests to be served by any of Cache Instances in the Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncache_name|x|||\ncluster_name|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.11.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "cacheName",
+				TerraformName:       "cache_name",
+				MarkdownDescription: "The name of the Distributed Cache.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clusterName",
+				TerraformName:       "cluster_name",
+				MarkdownDescription: "The name of the Cache Cluster.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "deliverToOneOverrideEnabled",
+				TerraformName:       "deliver_to_one_override_enabled",
+				MarkdownDescription: "Enable or disable deliver-to-one override for the Cache Cluster. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventDataByteRateThreshold",
+				TerraformName:       "event_data_byte_rate_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+						},
+						Default: 1.875e+08,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+						},
+						Default: 2.5e+08,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventDataMsgRateThreshold",
+				TerraformName:       "event_data_msg_rate_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+						},
+						Default: 36000,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+						},
+						Default: 48000,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventMaxMemoryThreshold",
+				TerraformName:       "event_max_memory_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 80,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventMaxTopicsThreshold",
+				TerraformName:       "event_max_topics_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 80,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventRequestQueueDepthThreshold",
+				TerraformName:       "event_request_queue_depth_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+						},
+						Default: 80,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventRequestRateThreshold",
+				TerraformName:       "event_request_rate_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+						},
+						Default: 1000,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+						},
+						Default: 25000,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventResponseRateThreshold",
+				TerraformName:       "event_response_rate_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter or rate. Falling below this value will trigger a corresponding event.",
+						Requires:            []string{"set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+						},
+						Default: 1000,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter or rate. Exceeding this value will trigger a corresponding event.",
+						Requires:            []string{"clear_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+						},
+						Default: 80000,
+					},
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "globalCachingEnabled",
+				TerraformName:       "global_caching_enabled",
+				MarkdownDescription: "Enable or disable global caching for the Cache Cluster. When enabled, the Cache Instances will fetch topics from remote Home Cache Clusters when requested, and subscribe to those topics to cache them locally. When disabled, the Cache Instances will remove all subscriptions and cached messages for topics from remote Home Cache Clusters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "globalCachingHeartbeat",
+				TerraformName:       "global_caching_heartbeat",
+				MarkdownDescription: "The heartbeat interval, in seconds, used by the Cache Instances to monitor connectivity with the remote Home Cache Clusters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 255),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "globalCachingTopicLifetime",
+				TerraformName:       "global_caching_topic_lifetime",
+				MarkdownDescription: "The topic lifetime, in seconds. If no client requests are received for a given global topic over the duration of the topic lifetime, then the Cache Instance will remove the subscription and cached messages for that topic. A value of 0 disables aging. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3600`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 3600,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxMemory",
+				TerraformName:       "max_memory",
+				MarkdownDescription: "The maximum memory usage, in megabytes (MB), for each Cache Instance in the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2048`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(128, 2147483647),
+				},
+				Default: 2048,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxMsgsPerTopic",
+				TerraformName:       "max_msgs_per_topic",
+				MarkdownDescription: "The maximum number of messages per topic for each Cache Instance in the Cache Cluster. When at the maximum, old messages are removed as new messages arrive. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 2147483647),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxRequestQueueDepth",
+				TerraformName:       "max_request_queue_depth",
+				MarkdownDescription: "The maximum queue depth for cache requests received by the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `100000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 200000),
+				},
+				Default: 100000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxTopicCount",
+				TerraformName:       "max_topic_count",
+				MarkdownDescription: "The maximum number of topics for each Cache Instance in the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2000000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 4294967294),
+				},
+				Default: 2e+06,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "msgLifetime",
+				TerraformName:       "msg_lifetime",
+				MarkdownDescription: "The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the Cache Instance will remove the message. A lifetime of 0 results in the message being retained indefinitely. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967294),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "newTopicAdvertisementEnabled",
+				TerraformName:       "new_topic_advertisement_enabled",
+				MarkdownDescription: "Enable or disable the advertising, onto the message bus, of new topics learned by each Cache Instance in the Cache Cluster. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnDistributedCacheClusterGlobalCachingHomeCluster.go b/internal/broker/generated/MsgVpnDistributedCacheClusterGlobalCachingHomeCluster.go
new file mode 100644
index 00000000..7f177b5c
--- /dev/null
+++ b/internal/broker/generated/MsgVpnDistributedCacheClusterGlobalCachingHomeCluster.go
@@ -0,0 +1,117 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_distributed_cache_cluster_global_caching_home_cluster",
+		MarkdownDescription: "A Home Cache Cluster is a Cache Cluster that is the \"definitive\" Cache Cluster for a given topic in the context of the Global Caching feature.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncache_name|x|||\ncluster_name|x|||\nhome_cluster_name|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.11.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "cacheName",
+				TerraformName:       "cache_name",
+				MarkdownDescription: "The name of the Distributed Cache.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clusterName",
+				TerraformName:       "cluster_name",
+				MarkdownDescription: "The name of the Cache Cluster.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "homeClusterName",
+				TerraformName:       "home_cluster_name",
+				MarkdownDescription: "The name of the remote Home Cache Cluster.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix.go b/internal/broker/generated/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix.go
new file mode 100644
index 00000000..511719eb
--- /dev/null
+++ b/internal/broker/generated/MsgVpnDistributedCacheClusterGlobalCachingHomeClusterTopicPrefix.go
@@ -0,0 +1,133 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_distributed_cache_cluster_global_caching_home_cluster_topic_prefix",
+		MarkdownDescription: "A Topic Prefix is a prefix for a global topic that is available from the containing Home Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncache_name|x|||\ncluster_name|x|||\nhome_cluster_name|x|||\nmsg_vpn_name|x|||\ntopic_prefix|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.11.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}/topicPrefixes/{topicPrefix}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/globalCachingHomeClusters/{homeClusterName}/topicPrefixes",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "cacheName",
+				TerraformName:       "cache_name",
+				MarkdownDescription: "The name of the Distributed Cache.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clusterName",
+				TerraformName:       "cluster_name",
+				MarkdownDescription: "The name of the Cache Cluster.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "homeClusterName",
+				TerraformName:       "home_cluster_name",
+				MarkdownDescription: "The name of the remote Home Cache Cluster.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "topicPrefix",
+				TerraformName:       "topic_prefix",
+				MarkdownDescription: "A topic prefix for global topics available from the remote Home Cache Cluster. A wildcard (/>) is implied at the end of the prefix.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 250),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnDistributedCacheClusterInstance.go b/internal/broker/generated/MsgVpnDistributedCacheClusterInstance.go
new file mode 100644
index 00000000..1d62063b
--- /dev/null
+++ b/internal/broker/generated/MsgVpnDistributedCacheClusterInstance.go
@@ -0,0 +1,146 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_distributed_cache_cluster_instance",
+		MarkdownDescription: "A Cache Instance is a single Cache process that belongs to a single Cache Cluster. A Cache Instance object provisioned on the broker is used to disseminate configuration information to the Cache process. Cache Instances listen for and cache live data messages that match the topic subscriptions configured for their parent Cache Cluster.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncache_name|x|||\ncluster_name|x|||\ninstance_name|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.11.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/instances/{instanceName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "autoStartEnabled",
+				TerraformName:       "auto_start_enabled",
+				MarkdownDescription: "Enable or disable auto-start for the Cache Instance. When enabled, the Cache Instance will automatically attempt to transition from the Stopped operational state to Up whenever it restarts or reconnects to the message broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "cacheName",
+				TerraformName:       "cache_name",
+				MarkdownDescription: "The name of the Distributed Cache.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clusterName",
+				TerraformName:       "cluster_name",
+				MarkdownDescription: "The name of the Cache Cluster.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the Cache Instance. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "instanceName",
+				TerraformName:       "instance_name",
+				MarkdownDescription: "The name of the Cache Instance.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "stopOnLostMsgEnabled",
+				TerraformName:       "stop_on_lost_msg_enabled",
+				MarkdownDescription: "Enable or disable stop-on-lost-message for the Cache Instance. When enabled, the Cache Instance will transition to the stopped operational state upon losing a message. When stopped, it cannot accept or respond to cache requests, but continues to cache messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnDistributedCacheClusterTopic.go b/internal/broker/generated/MsgVpnDistributedCacheClusterTopic.go
new file mode 100644
index 00000000..dc881617
--- /dev/null
+++ b/internal/broker/generated/MsgVpnDistributedCacheClusterTopic.go
@@ -0,0 +1,116 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_distributed_cache_cluster_topic",
+		MarkdownDescription: "The Cache Instances that belong to the containing Cache Cluster will cache any messages published to topics that match a Topic Subscription.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncache_name|x|||\ncluster_name|x|||\nmsg_vpn_name|x|||\ntopic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.11.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/topics/{topic}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/distributedCaches/{cacheName}/clusters/{clusterName}/topics",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "cacheName",
+				TerraformName:       "cache_name",
+				MarkdownDescription: "The name of the Distributed Cache.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clusterName",
+				TerraformName:       "cluster_name",
+				MarkdownDescription: "The name of the Cache Cluster.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* /]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "topic",
+				TerraformName:       "topic",
+				MarkdownDescription: "The value of the Topic in the form a/b/c.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 250),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnDmrBridge.go b/internal/broker/generated/MsgVpnDmrBridge.go
new file mode 100644
index 00000000..3a108ca3
--- /dev/null
+++ b/internal/broker/generated/MsgVpnDmrBridge.go
@@ -0,0 +1,96 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_dmr_bridge",
+		MarkdownDescription: "A DMR Bridge is required to establish a data channel over a corresponding external link to the remote node for a given Message VPN. Each DMR Bridge identifies which external link the Message VPN should use, and what the name of the equivalent Message VPN at the remote node is.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nremote_node_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.11.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/dmrBridges/{remoteNodeName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteMsgVpnName",
+				TerraformName:       "remote_msg_vpn_name",
+				MarkdownDescription: "The remote Message VPN of the DMR Bridge. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteNodeName",
+				TerraformName:       "remote_node_name",
+				MarkdownDescription: "The name of the node at the remote end of the DMR Bridge.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&/]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnJndiConnectionFactory.go b/internal/broker/generated/MsgVpnJndiConnectionFactory.go
new file mode 100644
index 00000000..c2f5c591
--- /dev/null
+++ b/internal/broker/generated/MsgVpnJndiConnectionFactory.go
@@ -0,0 +1,545 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_jndi_connection_factory",
+		MarkdownDescription: "The message broker provides an internal JNDI store for provisioned Connection Factory objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nconnection_factory_name|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.2.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/jndiConnectionFactories/{connectionFactoryName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "allowDuplicateClientIdEnabled",
+				TerraformName:       "allow_duplicate_client_id_enabled",
+				MarkdownDescription: "Enable or disable whether new JMS connections can use the same Client identifier (ID) as an existing connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.3.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientDescription",
+				TerraformName:       "client_description",
+				MarkdownDescription: "The description of the Client. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientId",
+				TerraformName:       "client_id",
+				MarkdownDescription: "The Client identifier (ID). If not specified, a unique value for it will be generated. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 250),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "connectionFactoryName",
+				TerraformName:       "connection_factory_name",
+				MarkdownDescription: "The name of the JMS Connection Factory.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 256),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* ]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "dtoReceiveOverrideEnabled",
+				TerraformName:       "dto_receive_override_enabled",
+				MarkdownDescription: "Enable or disable overriding by the Subscriber (Consumer) of the deliver-to-one (DTO) property on messages. When enabled, the Subscriber can receive all DTO tagged messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "dtoReceiveSubscriberLocalPriority",
+				TerraformName:       "dto_receive_subscriber_local_priority",
+				MarkdownDescription: "The priority for receiving deliver-to-one (DTO) messages by the Subscriber (Consumer) if the messages are published on the local broker that the Subscriber is directly connected to. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 4),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "dtoReceiveSubscriberNetworkPriority",
+				TerraformName:       "dto_receive_subscriber_network_priority",
+				MarkdownDescription: "The priority for receiving deliver-to-one (DTO) messages by the Subscriber (Consumer) if the messages are published on a remote broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 4),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "dtoSendEnabled",
+				TerraformName:       "dto_send_enabled",
+				MarkdownDescription: "Enable or disable the deliver-to-one (DTO) property on messages sent by the Publisher (Producer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "dynamicEndpointCreateDurableEnabled",
+				TerraformName:       "dynamic_endpoint_create_durable_enabled",
+				MarkdownDescription: "Enable or disable whether a durable endpoint will be dynamically created on the broker when the client calls \"Session.createDurableSubscriber()\" or \"Session.createQueue()\". The created endpoint respects the message time-to-live (TTL) according to the \"dynamic_endpoint_respect_ttl_enabled\" property. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "dynamicEndpointRespectTtlEnabled",
+				TerraformName:       "dynamic_endpoint_respect_ttl_enabled",
+				MarkdownDescription: "Enable or disable whether dynamically created durable and non-durable endpoints respect the message time-to-live (TTL) property. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedReceiveAckTimeout",
+				TerraformName:       "guaranteed_receive_ack_timeout",
+				MarkdownDescription: "The timeout for sending the acknowledgment (ACK) for guaranteed messages received by the Subscriber (Consumer), in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(20, 1500),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedReceiveReconnectRetryCount",
+				TerraformName:       "guaranteed_receive_reconnect_retry_count",
+				MarkdownDescription: "The maximum number of attempts to reconnect to the host or list of hosts after the guaranteed  messaging connection has been lost. The value \"-1\" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`. Available since SEMP API version 2.14.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(-1, 2147483647),
+				},
+				Default: -1,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedReceiveReconnectRetryWait",
+				TerraformName:       "guaranteed_receive_reconnect_retry_wait",
+				MarkdownDescription: "The amount of time to wait before making another attempt to connect or reconnect to the host after the guaranteed messaging connection has been lost, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`. Available since SEMP API version 2.14.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(50, 2147483647),
+				},
+				Default: 3000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedReceiveWindowSize",
+				TerraformName:       "guaranteed_receive_window_size",
+				MarkdownDescription: "The size of the window for guaranteed messages received by the Subscriber (Consumer), in messages. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `18`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 255),
+				},
+				Default: 18,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedReceiveWindowSizeAckThreshold",
+				TerraformName:       "guaranteed_receive_window_size_ack_threshold",
+				MarkdownDescription: "The threshold for sending the acknowledgment (ACK) for guaranteed messages received by the Subscriber (Consumer) as a percentage of `guaranteed_receive_window_size`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `60`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 75),
+				},
+				Default: 60,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedSendAckTimeout",
+				TerraformName:       "guaranteed_send_ack_timeout",
+				MarkdownDescription: "The timeout for receiving the acknowledgment (ACK) for guaranteed messages sent by the Publisher (Producer), in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(20, 60000),
+				},
+				Default: 2000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "guaranteedSendWindowSize",
+				TerraformName:       "guaranteed_send_window_size",
+				MarkdownDescription: "The size of the window for non-persistent guaranteed messages sent by the Publisher (Producer), in messages. For persistent messages the window size is fixed at 1. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `255`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 255),
+				},
+				Default: 255,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "messagingDefaultDeliveryMode",
+				TerraformName:       "messaging_default_delivery_mode",
+				MarkdownDescription: "The default delivery mode for messages sent by the Publisher (Producer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"persistent\"`. The allowed values and their meaning are:\n\n<pre>\n\"persistent\" - The broker spools messages (persists in the Message Spool) as part of the send operation.\n\"non-persistent\" - The broker does not spool messages (does not persist in the Message Spool) as part of the send operation.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("persistent", "non-persistent"),
+				},
+				Default: "persistent",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "messagingDefaultDmqEligibleEnabled",
+				TerraformName:       "messaging_default_dmq_eligible_enabled",
+				MarkdownDescription: "Enable or disable whether messages sent by the Publisher (Producer) are Dead Message Queue (DMQ) eligible by default. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "messagingDefaultElidingEligibleEnabled",
+				TerraformName:       "messaging_default_eliding_eligible_enabled",
+				MarkdownDescription: "Enable or disable whether messages sent by the Publisher (Producer) are Eliding eligible by default. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "messagingJmsxUserIdEnabled",
+				TerraformName:       "messaging_jmsx_user_id_enabled",
+				MarkdownDescription: "Enable or disable inclusion (adding or replacing) of the JMSXUserID property in messages sent by the Publisher (Producer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "messagingTextInXmlPayloadEnabled",
+				TerraformName:       "messaging_text_in_xml_payload_enabled",
+				MarkdownDescription: "Enable or disable encoding of JMS text messages in Publisher (Producer) messages as XML payload. When disabled, JMS text messages are encoded as a binary attachment. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportCompressionLevel",
+				TerraformName:       "transport_compression_level",
+				MarkdownDescription: "The ZLIB compression level for the connection to the broker. The value \"0\" means no compression, and the value \"-1\" means the compression level is specified in the JNDI Properties file. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(-1, 9),
+				},
+				Default: -1,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportConnectRetryCount",
+				TerraformName:       "transport_connect_retry_count",
+				MarkdownDescription: "The maximum number of retry attempts to establish an initial connection to the host or list of hosts. The value \"0\" means a single attempt (no retries), and the value \"-1\" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(-1, 2147483647),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportConnectRetryPerHostCount",
+				TerraformName:       "transport_connect_retry_per_host_count",
+				MarkdownDescription: "The maximum number of retry attempts to establish an initial connection to each host on the list of hosts. The value \"0\" means a single attempt (no retries), and the value \"-1\" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(-1, 2147483647),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportConnectTimeout",
+				TerraformName:       "transport_connect_timeout",
+				MarkdownDescription: "The timeout for establishing an initial connection to the broker, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 2147483647),
+				},
+				Default: 30000,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "transportDirectTransportEnabled",
+				TerraformName:       "transport_direct_transport_enabled",
+				MarkdownDescription: "Enable or disable usage of Direct Transport mode. When enabled, NON-PERSISTENT messages are sent as direct messages and non-durable topic consumers and temporary queue consumers consume using direct subscriptions rather than from guaranteed endpoints. If disabled all messaging uses guaranteed transport. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportKeepaliveCount",
+				TerraformName:       "transport_keepalive_count",
+				MarkdownDescription: "The maximum number of consecutive application-level keepalive messages sent without the broker response before the connection to the broker is closed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(3, 2147483647),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "transportKeepaliveEnabled",
+				TerraformName:       "transport_keepalive_enabled",
+				MarkdownDescription: "Enable or disable usage of application-level keepalive messages to maintain a connection with the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportKeepaliveInterval",
+				TerraformName:       "transport_keepalive_interval",
+				MarkdownDescription: "The interval between application-level keepalive messages, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(50, 2147483647),
+				},
+				Default: 3000,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "transportMsgCallbackOnIoThreadEnabled",
+				TerraformName:       "transport_msg_callback_on_io_thread_enabled",
+				MarkdownDescription: "Enable or disable delivery of asynchronous messages directly from the I/O thread. Contact support before enabling this property. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "transportOptimizeDirectEnabled",
+				TerraformName:       "transport_optimize_direct_enabled",
+				MarkdownDescription: "Enable or disable optimization for the Direct Transport delivery mode. If enabled, the client application is limited to one Publisher (Producer) and one non-durable Subscriber (Consumer). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportPort",
+				TerraformName:       "transport_port",
+				MarkdownDescription: "The connection port number on the broker for SMF clients. The value \"-1\" means the port is specified in the JNDI Properties file. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(-1, 65535),
+				},
+				Default: -1,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportReadTimeout",
+				TerraformName:       "transport_read_timeout",
+				MarkdownDescription: "The timeout for reading a reply from the broker, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 2147483647),
+				},
+				Default: 10000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportReceiveBufferSize",
+				TerraformName:       "transport_receive_buffer_size",
+				MarkdownDescription: "The size of the receive socket buffer, in bytes. It corresponds to the SO_RCVBUF socket option. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `65536`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 2147483647),
+				},
+				Default: 65536,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportReconnectRetryCount",
+				TerraformName:       "transport_reconnect_retry_count",
+				MarkdownDescription: "The maximum number of attempts to reconnect to the host or list of hosts after the connection has been lost. The value \"-1\" means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(-1, 2147483647),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportReconnectRetryWait",
+				TerraformName:       "transport_reconnect_retry_wait",
+				MarkdownDescription: "The amount of time before making another attempt to connect or reconnect to the host after the connection has been lost, in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 60000),
+				},
+				Default: 3000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportSendBufferSize",
+				TerraformName:       "transport_send_buffer_size",
+				MarkdownDescription: "The size of the send socket buffer, in bytes. It corresponds to the SO_SNDBUF socket option. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `65536`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 2147483647),
+				},
+				Default: 65536,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "transportTcpNoDelayEnabled",
+				TerraformName:       "transport_tcp_no_delay_enabled",
+				MarkdownDescription: "Enable or disable the TCP_NODELAY option. When enabled, Nagle's algorithm for TCP/IP congestion control (RFC 896) is disabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "xaEnabled",
+				TerraformName:       "xa_enabled",
+				MarkdownDescription: "Enable or disable this as an XA Connection Factory. When enabled, the Connection Factory can be cast to \"XAConnectionFactory\", \"XAQueueConnectionFactory\" or \"XATopicConnectionFactory\". Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnJndiQueue.go b/internal/broker/generated/MsgVpnJndiQueue.go
new file mode 100644
index 00000000..7d846835
--- /dev/null
+++ b/internal/broker/generated/MsgVpnJndiQueue.go
@@ -0,0 +1,95 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_jndi_queue",
+		MarkdownDescription: "The message broker provides an internal JNDI store for provisioned Queue objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nqueue_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.2.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/jndiQueues/{queueName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "physicalName",
+				TerraformName:       "physical_name",
+				MarkdownDescription: "The physical name of the JMS Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueName",
+				TerraformName:       "queue_name",
+				MarkdownDescription: "The JNDI name of the JMS Queue.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 256),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* ]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnJndiTopic.go b/internal/broker/generated/MsgVpnJndiTopic.go
new file mode 100644
index 00000000..32e62943
--- /dev/null
+++ b/internal/broker/generated/MsgVpnJndiTopic.go
@@ -0,0 +1,95 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_jndi_topic",
+		MarkdownDescription: "The message broker provides an internal JNDI store for provisioned Topic objects that clients can access through JNDI lookups.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\ntopic_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.2.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/jndiTopics/{topicName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "physicalName",
+				TerraformName:       "physical_name",
+				MarkdownDescription: "The physical name of the JMS Topic. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 250),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "topicName",
+				TerraformName:       "topic_name",
+				MarkdownDescription: "The JNDI name of the JMS Topic.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 256),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^?* ]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnKafkaReceiver.go b/internal/broker/generated/MsgVpnKafkaReceiver.go
new file mode 100644
index 00000000..909481cc
--- /dev/null
+++ b/internal/broker/generated/MsgVpnKafkaReceiver.go
@@ -0,0 +1,410 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_kafka_receiver",
+		MarkdownDescription: "A Kafka Receiver receives messages from a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthentication_basic_password||x||x\nauthentication_client_cert_content||x||x\nauthentication_client_cert_password||x||\nauthentication_oauth_client_secret||x||x\nauthentication_scram_password||x||x\nkafka_receiver_name|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.36.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/kafkaReceivers/{kafkaReceiverName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationBasicPassword",
+				TerraformName:       "authentication_basic_password",
+				MarkdownDescription: "The password for the Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Requires:            []string{"authentication_basic_username"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("authentication_basic_username"),
+					),
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationBasicUsername",
+				TerraformName:       "authentication_basic_username",
+				MarkdownDescription: "The username the Kafka Receiver uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationClientCertContent",
+				TerraformName:       "authentication_client_cert_content",
+				MarkdownDescription: "The PEM formatted content for the client certificate used by the Kafka Receiver to login to the remote Kafka broker. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32768),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationClientCertPassword",
+				TerraformName:       "authentication_client_cert_password",
+				MarkdownDescription: "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
+				Sensitive:           true,
+				Requires:            []string{"authentication_client_cert_content"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("authentication_client_cert_content"),
+					),
+					stringvalidator.LengthBetween(0, 512),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthClientId",
+				TerraformName:       "authentication_oauth_client_id",
+				MarkdownDescription: "The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthClientScope",
+				TerraformName:       "authentication_oauth_client_scope",
+				MarkdownDescription: "The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthClientSecret",
+				TerraformName:       "authentication_oauth_client_secret",
+				MarkdownDescription: "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 512),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthClientTokenEndpoint",
+				TerraformName:       "authentication_oauth_client_token_endpoint",
+				MarkdownDescription: "The OAuth token endpoint URL that the Kafka Receiver will use to request a token for login to the Kafka broker. Must begin with \"https\". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 2048),
+					stringvalidator.RegexMatches(regexp.MustCompile("^([hH][tT][tT][pP][sS]://.+)?$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationScheme",
+				TerraformName:       "authentication_scheme",
+				MarkdownDescription: "The authentication scheme for the Kafka Receiver. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - Anonymous Authentication.\n\"basic\" - Basic Authentication.\n\"scram\" - Salted Challenge Response Authentication.\n\"client-certificate\" - Client Certificate Authentication.\n\"oauth-client\" - Oauth Authentication.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "basic", "scram", "client-certificate", "oauth-client"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationScramHash",
+				TerraformName:       "authentication_scram_hash",
+				MarkdownDescription: "The hash used for SCRAM authentication. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"sha-512\"`. The allowed values and their meaning are:\n\n<pre>\n\"sha-256\" - SHA-2 256 bits.\n\"sha-512\" - SHA-2 512 bits.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("sha-256", "sha-512"),
+				},
+				Default: "sha-512",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationScramPassword",
+				TerraformName:       "authentication_scram_password",
+				MarkdownDescription: "The password for the Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Requires:            []string{"authentication_scram_username"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("authentication_scram_username"),
+					),
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationScramUsername",
+				TerraformName:       "authentication_scram_username",
+				MarkdownDescription: "The username the Kafka Receiver uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "batchDelay",
+				TerraformName:       "batch_delay",
+				MarkdownDescription: "Delay (in ms) to wait to accumulate a batch of messages to receive. Batching is done on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `500`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 300000),
+				},
+				Default: 500,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "batchMaxSize",
+				TerraformName:       "batch_max_size",
+				MarkdownDescription: "Maximum size of a message batch, in bytes (B). Batching is done on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 100000000),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "bootstrapAddressList",
+				TerraformName:       "bootstrap_address_list",
+				MarkdownDescription: "Comma separated list of addresses (and optional ports) of brokers in the Kafka Cluster from which the state of the entire Kafka Cluster can be learned. If a port is not provided with an address it will default to 9092. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 1044),
+					stringvalidator.RegexMatches(regexp.MustCompile("^(((((([0-9a-zA-Z\\-\\.])+)|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])((:[0-9]{1,5}){0,1})),)*(((([0-9a-zA-Z\\-\\.])+)|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])((:[0-9]{1,5}){0,1})))?$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the Kafka Receiver. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "groupId",
+				TerraformName:       "group_id",
+				MarkdownDescription: "The id of the Kafka consumer group for the Receiver. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 100),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "groupKeepaliveInterval",
+				TerraformName:       "group_keepalive_interval",
+				MarkdownDescription: "The time between sending keepalives to the group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 3600000),
+				},
+				Default: 3000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "groupKeepaliveTimeout",
+				TerraformName:       "group_keepalive_timeout",
+				MarkdownDescription: "The time until unresponsive group members are removed, triggering a partition rebalance across other members of the group. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `45000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 3600000),
+				},
+				Default: 45000,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "groupMembershipType",
+				TerraformName:       "group_membership_type",
+				MarkdownDescription: "The membership type of the Kafka consumer group for the Receiver. Static members can leave and rejoin the group (within group_keepalive_timeout) without prompting a group rebalance. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"dynamic\"`. The allowed values and their meaning are:\n\n<pre>\n\"dynamic\" - Dynamic Membership.\n\"static\" - Static Membership.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("dynamic", "static"),
+				},
+				Default: "dynamic",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "groupPartitionSchemeList",
+				TerraformName:       "group_partition_scheme_list",
+				MarkdownDescription: "The ordered, comma-separated list of schemes used for partition assignment of the consumer group for this Receiver. Both Eager (\"range\", \"roundrobin\") and Cooperative (\"cooperative-sticky\") schemes are supported. The elected group leader will choose the first common strategy provided by all members of the group. Eager and Cooperative schemes must not be mixed. For more information on these schemes, see Kafka documentation. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"range,roundrobin\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 64),
+				},
+				Default: "range,roundrobin",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "kafkaReceiverName",
+				TerraformName:       "kafka_receiver_name",
+				MarkdownDescription: "The name of the Kafka Receiver.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#*? ]([^*?]*[^*? ])?$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "metadataTopicExcludeList",
+				TerraformName:       "metadata_topic_exclude_list",
+				MarkdownDescription: "A comma-separated list of regular expressions. Any matching topic names will be ignored in broker metadata. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 1023),
+					stringvalidator.RegexMatches(regexp.MustCompile("^(((\\^.*|[a-zA-Z0-9\\._\\-]+),)*(\\^.*|[a-zA-Z0-9\\._\\-]+))?$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "metadataTopicRefreshInterval",
+				TerraformName:       "metadata_topic_refresh_interval",
+				MarkdownDescription: "The time between refreshes of topic metadata from the Kafka Cluster. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1000, 3600000),
+				},
+				Default: 30000,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "transportTlsEnabled",
+				TerraformName:       "transport_tls_enabled",
+				MarkdownDescription: "Enable or disable encryption (TLS) for the Kafka Receiver. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnKafkaReceiverTopicBinding.go b/internal/broker/generated/MsgVpnKafkaReceiverTopicBinding.go
new file mode 100644
index 00000000..44e82396
--- /dev/null
+++ b/internal/broker/generated/MsgVpnKafkaReceiverTopicBinding.go
@@ -0,0 +1,148 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_kafka_receiver_topic_binding",
+		MarkdownDescription: "A Topic Binding receives messages from a remote Kafka Topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nkafka_receiver_name|x|||\nmsg_vpn_name|x|||\ntopic_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.36.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/kafkaReceivers/{kafkaReceiverName}/topicBindings/{topicName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable this topic binding of the Kafka Receiver. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "initialOffset",
+				TerraformName:       "initial_offset",
+				MarkdownDescription: "The initial offset to consume from the Kafka Topic if no member of the group has consumed and committed any offset already, or if the last committed offset has been deleted. Offsets are unique per partition. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"end\"`. The allowed values and their meaning are:\n\n<pre>\n\"beginning\" - Start with the earliest offset available.\n\"end\" - Start with new offsets only.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("beginning", "end"),
+				},
+				Default: "end",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "kafkaReceiverName",
+				TerraformName:       "kafka_receiver_name",
+				MarkdownDescription: "The name of the Kafka Receiver.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#*? ]([^*?]*[^*? ])?$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "localKey",
+				TerraformName:       "local_key",
+				MarkdownDescription: "The Substitution Expression used to generate the key for each message received from Kafka. This expression can include fields extracted from the metadata of each individual Kafka message as it is received from the Kafka Topic.\n\nIf empty, no key is included for each message as it is published into Solace. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 1024),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "localTopic",
+				TerraformName:       "local_topic",
+				MarkdownDescription: "The Substitution Expression used to generate the Solace Topic for each message received from Kafka. This expression can include data extracted from the metadata of each individual Kafka message as it is received from the Kafka Topic.\n\nIf empty, the Topic Binding will not be operational. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 1024),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "topicName",
+				TerraformName:       "topic_name",
+				MarkdownDescription: "The name of the Topic.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 255),
+					stringvalidator.RegexMatches(regexp.MustCompile("^\\^.*|[a-zA-Z0-9\\._\\-]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnKafkaSender.go b/internal/broker/generated/MsgVpnKafkaSender.go
new file mode 100644
index 00000000..fe1053ad
--- /dev/null
+++ b/internal/broker/generated/MsgVpnKafkaSender.go
@@ -0,0 +1,377 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_kafka_sender",
+		MarkdownDescription: "A Kafka Sender sends messages to a Kafka Cluster.\n\nWARNING: This feature is in BETA with limited scalability and no production support. Configuration may change or be eliminated by future upgrades.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthentication_basic_password||x||x\nauthentication_client_cert_content||x||x\nauthentication_client_cert_password||x||\nauthentication_oauth_client_secret||x||x\nauthentication_scram_password||x||x\nkafka_sender_name|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.36.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/kafkaSenders/{kafkaSenderName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationBasicPassword",
+				TerraformName:       "authentication_basic_password",
+				MarkdownDescription: "The password for the Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Requires:            []string{"authentication_basic_username"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("authentication_basic_username"),
+					),
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationBasicUsername",
+				TerraformName:       "authentication_basic_username",
+				MarkdownDescription: "The username the Kafka Sender uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationClientCertContent",
+				TerraformName:       "authentication_client_cert_content",
+				MarkdownDescription: "The PEM formatted content for the client certificate used by the Kafka Sender to login to the remote Kafka broker. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32768),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationClientCertPassword",
+				TerraformName:       "authentication_client_cert_password",
+				MarkdownDescription: "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`.",
+				Sensitive:           true,
+				Requires:            []string{"authentication_client_cert_content"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("authentication_client_cert_content"),
+					),
+					stringvalidator.LengthBetween(0, 512),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthClientId",
+				TerraformName:       "authentication_oauth_client_id",
+				MarkdownDescription: "The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthClientScope",
+				TerraformName:       "authentication_oauth_client_scope",
+				MarkdownDescription: "The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthClientSecret",
+				TerraformName:       "authentication_oauth_client_secret",
+				MarkdownDescription: "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 512),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthClientTokenEndpoint",
+				TerraformName:       "authentication_oauth_client_token_endpoint",
+				MarkdownDescription: "The OAuth token endpoint URL that the Kafka Sender will use to request a token for login to the Kafka broker. Must begin with \"https\". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 2048),
+					stringvalidator.RegexMatches(regexp.MustCompile("^([hH][tT][tT][pP][sS]://.+)?$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationScheme",
+				TerraformName:       "authentication_scheme",
+				MarkdownDescription: "The authentication scheme for the Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - Anonymous Authentication.\n\"basic\" - Basic Authentication.\n\"scram\" - Salted Challenge Response Authentication.\n\"client-certificate\" - Client Certificate Authentication.\n\"oauth-client\" - Oauth Authentication.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "basic", "scram", "client-certificate", "oauth-client"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationScramHash",
+				TerraformName:       "authentication_scram_hash",
+				MarkdownDescription: "The hash used for SCRAM authentication. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"sha-512\"`. The allowed values and their meaning are:\n\n<pre>\n\"sha-256\" - SHA-2 256 bits.\n\"sha-512\" - SHA-2 512 bits.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("sha-256", "sha-512"),
+				},
+				Default: "sha-512",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationScramPassword",
+				TerraformName:       "authentication_scram_password",
+				MarkdownDescription: "The password for the Username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Requires:            []string{"authentication_scram_username"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("authentication_scram_username"),
+					),
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationScramUsername",
+				TerraformName:       "authentication_scram_username",
+				MarkdownDescription: "The username the Kafka Sender uses to login to the remote Kafka broker. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "batchDelay",
+				TerraformName:       "batch_delay",
+				MarkdownDescription: "Delay (in ms) to wait to accumulate a batch of messages to send. Batching is done for all Senders on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 900000),
+				},
+				Default: 5,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "batchMaxMsgCount",
+				TerraformName:       "batch_max_msg_count",
+				MarkdownDescription: "Maximum number of messages sent in a single batch. Batching is done for all Senders on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 1000000),
+				},
+				Default: 10000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "batchMaxSize",
+				TerraformName:       "batch_max_size",
+				MarkdownDescription: "Maximum size of a message batch, in bytes (B). Batching is done for all Senders on a per-partition basis. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 2147483647),
+				},
+				Default: 1e+06,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "bootstrapAddressList",
+				TerraformName:       "bootstrap_address_list",
+				MarkdownDescription: "Comma separated list of addresses (and optional ports) of brokers in the Kafka Cluster from which the state of the entire Kafka Cluster can be learned. If a port is not provided with an address it will default to 9092. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 1044),
+					stringvalidator.RegexMatches(regexp.MustCompile("^(((((([0-9a-zA-Z\\-\\.])+)|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])((:[0-9]{1,5}){0,1})),)*(((([0-9a-zA-Z\\-\\.])+)|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])((:[0-9]{1,5}){0,1})))?$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the Kafka Sender. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "idempotenceEnabled",
+				TerraformName:       "idempotence_enabled",
+				MarkdownDescription: "Enable or disable idempotence for the Kafka Sender. Idempotence guarantees in order at-least-once message delivery to the remote Kafka Topic, at the expense of performance. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "kafkaSenderName",
+				TerraformName:       "kafka_sender_name",
+				MarkdownDescription: "The name of the Kafka Sender.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#*? ]([^*?]*[^*? ])?$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "transportCompressionEnabled",
+				TerraformName:       "transport_compression_enabled",
+				MarkdownDescription: "Enable or disable compression for the Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "transportCompressionLevel",
+				TerraformName:       "transport_compression_level",
+				MarkdownDescription: "Compression level. The valid range is dependent on the compression type. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `-1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(-1, 22),
+				},
+				Default: -1,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "transportCompressionType",
+				TerraformName:       "transport_compression_type",
+				MarkdownDescription: "Compression type. Only relevant if compression is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"gzip\"`. The allowed values and their meaning are:\n\n<pre>\n\"gzip\" - GZIP Compression.\n\"snappy\" - Snappy Compression.\n\"lz4\" - LZ4 Compression.\n\"zstd\" - Zstandard Compression.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("gzip", "snappy", "lz4", "zstd"),
+				},
+				Default: "gzip",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "transportTlsEnabled",
+				TerraformName:       "transport_tls_enabled",
+				MarkdownDescription: "Enable or disable encryption (TLS) for the Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnKafkaSenderQueueBinding.go b/internal/broker/generated/MsgVpnKafkaSenderQueueBinding.go
new file mode 100644
index 00000000..345ce542
--- /dev/null
+++ b/internal/broker/generated/MsgVpnKafkaSenderQueueBinding.go
@@ -0,0 +1,199 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_kafka_sender_queue_binding",
+		MarkdownDescription: "A Queue Binding sends messages from a local Solace Queue to a remote Kafka topic.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nkafka_sender_name|x|||\nmsg_vpn_name|x|||\nqueue_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.36.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/kafkaSenders/{kafkaSenderName}/queueBindings/{queueName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "ackMode",
+				TerraformName:       "ack_mode",
+				MarkdownDescription: "The number of acks required from the remote Kafka broker. When \"none\" messages are delivered at-most-once. When \"one\" or \"all\" messages are delivered at-least-once but may be reordered. This is overridden to \"all\" for an idempotent Kafka Sender. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"all\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - No Acks.\n\"one\" - Leader Ack Only.\n\"all\" - All Replica Acks.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "one", "all"),
+				},
+				Default: "all",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable this queue binding of the Kafka Sender. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "kafkaSenderName",
+				TerraformName:       "kafka_sender_name",
+				MarkdownDescription: "The name of the Kafka Sender.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#*? ]([^*?]*[^*? ])?$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "partitionConsistentHash",
+				TerraformName:       "partition_consistent_hash",
+				MarkdownDescription: "The hash algorithm to use for consistent partition selection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"crc\"`. The allowed values and their meaning are:\n\n<pre>\n\"crc\" - CRC Hash.\n\"murmur2\" - Murmer2 Hash.\n\"fnv1a\" - Fowler-Noll-Vo 1a Hash.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("crc", "murmur2", "fnv1a"),
+				},
+				Default: "crc",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "partitionExplicitNumber",
+				TerraformName:       "partition_explicit_number",
+				MarkdownDescription: "The partition number to use for explicit partition selection. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "partitionRandomFallbackEnabled",
+				TerraformName:       "partition_random_fallback_enabled",
+				MarkdownDescription: "Enable or disable fallback to the random partition selection scheme when the consistent partition scheme is being used but no partition key is available for the message. When enabled a random partition will be selected for each unkeyed messages, otherwise some partition will be selected for groups of unkeyed messages. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "partitionScheme",
+				TerraformName:       "partition_scheme",
+				MarkdownDescription: "The partitioning scheme used to select a partition of the topic on the Kafka cluster to send messages to. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"consistent\"`. The allowed values and their meaning are:\n\n<pre>\n\"consistent\" - Select a consistent partition for each key value. A hash of the key will be used to select the partition number.\n\"explicit\" - Select an explicit partition independent of key value.\n\"random\" - Select a random partition independent of key value.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("consistent", "explicit", "random"),
+				},
+				Default: "consistent",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueName",
+				TerraformName:       "queue_name",
+				MarkdownDescription: "The name of the Queue.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteKey",
+				TerraformName:       "remote_key",
+				MarkdownDescription: "The Substitution Expression used to generate the key for each message sent to Kafka. This expression can include fields extracted from the metadata of each individual Solace message as it is taken from the Solace Queue.\n\nIf empty, no key is included for each message as it is published into Kafka. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 1024),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteTopic",
+				TerraformName:       "remote_topic",
+				MarkdownDescription: "The Kafka Topic on the Kafka Cluster to send each message taken from the Solace Queue to.\n\nIf empty, the Queue Binding will not be operational. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 249),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[a-zA-Z0-9\\._\\-]*$"), ""),
+				},
+				Default: "",
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnMqttRetainCache.go b/internal/broker/generated/MsgVpnMqttRetainCache.go
new file mode 100644
index 00000000..1a9e446e
--- /dev/null
+++ b/internal/broker/generated/MsgVpnMqttRetainCache.go
@@ -0,0 +1,106 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_mqtt_retain_cache",
+		MarkdownDescription: "Using MQTT retained messages allows publishing MQTT clients to indicate that a message must be stored for later delivery to subscribing clients when those subscribing clients add subscriptions matching the retained message's topic. An MQTT Retain Cache processes all retained messages for a Message VPN.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ncache_name|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.11.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/mqttRetainCaches/{cacheName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "cacheName",
+				TerraformName:       "cache_name",
+				MarkdownDescription: "The name of the MQTT Retain Cache.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable this MQTT Retain Cache. When the cache is disabled, neither retain messages nor retain requests will be delivered by the cache. However, live retain messages will continue to be delivered to currently connected MQTT clients. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "msgLifetime",
+				TerraformName:       "msg_lifetime",
+				MarkdownDescription: "The message lifetime, in seconds. If a message remains cached for the duration of its lifetime, the cache will remove the message. A lifetime of 0 results in the message being retained indefinitely, otherwise it must be 3 seconds or more. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967294),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnMqttSession.go b/internal/broker/generated/MsgVpnMqttSession.go
new file mode 100644
index 00000000..6d9b2a74
--- /dev/null
+++ b/internal/broker/generated/MsgVpnMqttSession.go
@@ -0,0 +1,551 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_mqtt_session",
+		MarkdownDescription: "An MQTT Session object is a virtual representation of an MQTT client connection. An MQTT session holds the state of an MQTT client (that is, it is used to contain a client's QoS 0 and QoS 1 subscription sets and any undelivered QoS 1 messages).\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqtt_session_client_id|x|||\nmqtt_session_virtual_router|x|||\nmsg_vpn_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.1.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the MQTT Session. When disabled, the client is disconnected, new messages matching QoS 0 subscriptions are discarded, and new messages matching QoS 1 subscriptions are stored for future delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "mqttSessionClientId",
+				TerraformName:       "mqtt_session_client_id",
+				MarkdownDescription: "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 128),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "mqttSessionVirtualRouter",
+				TerraformName:       "mqtt_session_virtual_router",
+				MarkdownDescription: "The virtual router of the MQTT Session. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The MQTT Session belongs to the primary virtual router.\n\"backup\" - The MQTT Session belongs to the backup virtual router.\n\"auto\" - The MQTT Session is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("primary", "backup", "auto"),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "owner",
+				TerraformName:       "owner",
+				MarkdownDescription: "The owner of the MQTT Session. For externally-created sessions this defaults to the Client Username of the connecting client. For management-created sessions this defaults to empty. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 189),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "queueConsumerAckPropagationEnabled",
+				TerraformName:       "queue_consumer_ack_propagation_enabled",
+				MarkdownDescription: "Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.14.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueDeadMsgQueue",
+				TerraformName:       "queue_dead_msg_queue",
+				MarkdownDescription: "The name of the Dead Message Queue (DMQ) used by the MQTT Session Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`. Available since SEMP API version 2.14.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+				Default: "#DEAD_MSG_QUEUE",
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "queueEventBindCountThreshold",
+				TerraformName:       "queue_event_bind_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "queueEventMsgSpoolUsageThreshold",
+				TerraformName:       "queue_event_msg_spool_usage_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 18,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 25,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "queueEventRejectLowPriorityMsgLimitThreshold",
+				TerraformName:       "queue_event_reject_low_priority_msg_limit_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueMaxBindCount",
+				TerraformName:       "queue_max_bind_count",
+				MarkdownDescription: "The maximum number of consumer flows that can bind to the MQTT Session Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.14.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 10000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueMaxDeliveredUnackedMsgsPerFlow",
+				TerraformName:       "queue_max_delivered_unacked_msgs_per_flow",
+				MarkdownDescription: "The maximum number of messages delivered but not acknowledged per flow for the MQTT Session Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`. Available since SEMP API version 2.14.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 1000000),
+				},
+				Default: 10000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueMaxMsgSize",
+				TerraformName:       "queue_max_msg_size",
+				MarkdownDescription: "The maximum message size allowed in the MQTT Session Queue, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`. Available since SEMP API version 2.14.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 30000000),
+				},
+				Default: 1e+07,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueMaxMsgSpoolUsage",
+				TerraformName:       "queue_max_msg_spool_usage",
+				MarkdownDescription: "The maximum message spool usage allowed by the MQTT Session Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`. Available since SEMP API version 2.14.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 6000000),
+				},
+				Default: 5000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueMaxRedeliveryCount",
+				TerraformName:       "queue_max_redelivery_count",
+				MarkdownDescription: "The maximum number of times the MQTT Session Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.14.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 255),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueMaxTtl",
+				TerraformName:       "queue_max_ttl",
+				MarkdownDescription: "The maximum time in seconds a message can stay in the MQTT Session Queue when `queue_respect_ttl_enabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `queue_max_ttl` configured for the MQTT Session Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.14.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.AtLeast(0),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "queueRejectLowPriorityMsgEnabled",
+				TerraformName:       "queue_reject_low_priority_msg_enabled",
+				MarkdownDescription: "Enable or disable the checking of low priority messages against the `queue_reject_low_priority_msg_limit`. This may only be enabled if `queue_reject_msg_to_sender_on_discard_behavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.14.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueRejectLowPriorityMsgLimit",
+				TerraformName:       "queue_reject_low_priority_msg_limit",
+				MarkdownDescription: "The number of messages of any priority in the MQTT Session Queue above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.14.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueRejectMsgToSenderOnDiscardBehavior",
+				TerraformName:       "queue_reject_msg_to_sender_on_discard_behavior",
+				MarkdownDescription: "Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as queue_reject_low_priority_msg_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-queue-enabled\"`. The allowed values and their meaning are:\n\n<pre>\n\"never\" - Silently discard messages.\n\"when-queue-enabled\" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.\n\"always\" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.\n</pre>\n Available since SEMP API version 2.14.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("never", "when-queue-enabled", "always"),
+				},
+				Default: "when-queue-enabled",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "queueRespectTtlEnabled",
+				TerraformName:       "queue_respect_ttl_enabled",
+				MarkdownDescription: "Enable or disable the respecting of the time-to-live (TTL) for messages in the MQTT Session Queue. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.14.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnMqttSessionSubscription.go b/internal/broker/generated/MsgVpnMqttSessionSubscription.go
new file mode 100644
index 00000000..03038659
--- /dev/null
+++ b/internal/broker/generated/MsgVpnMqttSessionSubscription.go
@@ -0,0 +1,127 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_mqtt_session_subscription",
+		MarkdownDescription: "An MQTT session contains a client's QoS 0 and QoS 1 subscription sets. On creation, a subscription defaults to QoS 0.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmqtt_session_client_id|x|||\nmqtt_session_virtual_router|x|||\nmsg_vpn_name|x|||\nsubscription_topic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.1.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/mqttSessions/{mqttSessionClientId},{mqttSessionVirtualRouter}/subscriptions/{subscriptionTopic}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "mqttSessionClientId",
+				TerraformName:       "mqtt_session_client_id",
+				MarkdownDescription: "The Client ID of the MQTT Session, which corresponds to the ClientId provided in the MQTT CONNECT packet.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 128),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "mqttSessionVirtualRouter",
+				TerraformName:       "mqtt_session_virtual_router",
+				MarkdownDescription: "The virtual router of the MQTT Session. The allowed values and their meaning are:\n\n<pre>\n\"primary\" - The MQTT Session belongs to the primary virtual router.\n\"backup\" - The MQTT Session belongs to the backup virtual router.\n\"auto\" - The MQTT Session is automatically assigned a virtual router at creation, depending on the broker's active-standby role.\n</pre>\n",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("primary", "backup", "auto"),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "subscriptionQos",
+				TerraformName:       "subscription_qos",
+				MarkdownDescription: "The quality of service (QoS) for the subscription as either 0 (deliver at most once) or 1 (deliver at least once). QoS 2 is not supported, but QoS 2 messages attracted by QoS 0 or QoS 1 subscriptions are accepted and delivered accordingly. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 1),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "subscriptionTopic",
+				TerraformName:       "subscription_topic",
+				MarkdownDescription: "The MQTT subscription topic.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 250),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnProxy.go b/internal/broker/generated/MsgVpnProxy.go
new file mode 100644
index 00000000..484d7e96
--- /dev/null
+++ b/internal/broker/generated/MsgVpnProxy.go
@@ -0,0 +1,173 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_proxy",
+		MarkdownDescription: "Proxy objects define the connection parameters for a proxy server. To use a proxy for a particular connection such as a REST Consumer, select the proxy by name in the configuration for that object.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthentication_basic_password||x||x\nmsg_vpn_name|x|||\nproxy_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.36.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/proxies/{proxyName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationBasicPassword",
+				TerraformName:       "authentication_basic_password",
+				MarkdownDescription: "The password to use with basic authentication. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 64),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationBasicUsername",
+				TerraformName:       "authentication_basic_username",
+				MarkdownDescription: "The username to use with basic authentication. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationScheme",
+				TerraformName:       "authentication_scheme",
+				MarkdownDescription: "The authentication scheme used to connect to the proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - No authentication.\n\"basic\" - Username/password authentication.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "basic"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the proxy. When disabled, no connections are initiated to this particular Proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "host",
+				TerraformName:       "host",
+				MarkdownDescription: "The IP address or host name of the proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 253),
+					stringvalidator.RegexMatches(regexp.MustCompile("^([0-9a-zA-Z\\-\\.]*|([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|([0-9a-fA-F]{1,4}:){1,7}:|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|:((:[0-9a-fA-F]{1,4}){1,7}|:)|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "port",
+				TerraformName:       "port",
+				MarkdownDescription: "The port to connect to on the proxy host. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 65535),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "proxyName",
+				TerraformName:       "proxy_name",
+				MarkdownDescription: "The name of the proxy.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#*? ]([^*?]*[^*? ])?$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "proxyType",
+				TerraformName:       "proxy_type",
+				MarkdownDescription: "The type of proxy. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"direct\"`. The allowed values and their meaning are:\n\n<pre>\n\"direct\" - Direct connection (no proxy).\n\"http\" - HTTP proxy.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("direct", "http"),
+				},
+				Default: "direct",
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnQueue.go b/internal/broker/generated/MsgVpnQueue.go
new file mode 100644
index 00000000..6977de9d
--- /dev/null
+++ b/internal/broker/generated/MsgVpnQueue.go
@@ -0,0 +1,704 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_queue",
+		MarkdownDescription: "A Queue acts as both a destination that clients can publish messages to, and as an endpoint that clients can bind consumers to and consume messages from.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nqueue_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/queues/{queueName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "accessType",
+				TerraformName:       "access_type",
+				MarkdownDescription: "The access type for delivering messages to consumer flows bound to the Queue. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("exclusive", "non-exclusive"),
+				},
+				Default: "exclusive",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "consumerAckPropagationEnabled",
+				TerraformName:       "consumer_ack_propagation_enabled",
+				MarkdownDescription: "Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "deadMsgQueue",
+				TerraformName:       "dead_msg_queue",
+				MarkdownDescription: "The name of the Dead Message Queue (DMQ) used by the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`. Available since SEMP API version 2.2.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+				Default: "#DEAD_MSG_QUEUE",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "deliveryCountEnabled",
+				TerraformName:       "delivery_count_enabled",
+				MarkdownDescription: "Enable or disable the ability for client applications to query the message delivery count of messages received from the Queue. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.19.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "deliveryDelay",
+				TerraformName:       "delivery_delay",
+				MarkdownDescription: "The delay, in seconds, to apply to messages arriving on the Queue before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.22.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "egressEnabled",
+				TerraformName:       "egress_enabled",
+				MarkdownDescription: "Enable or disable the transmission of messages from the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventBindCountThreshold",
+				TerraformName:       "event_bind_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventMsgSpoolUsageThreshold",
+				TerraformName:       "event_msg_spool_usage_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 18,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 25,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventRejectLowPriorityMsgLimitThreshold",
+				TerraformName:       "event_reject_low_priority_msg_limit_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "ingressEnabled",
+				TerraformName:       "ingress_enabled",
+				MarkdownDescription: "Enable or disable the reception of messages to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxBindCount",
+				TerraformName:       "max_bind_count",
+				MarkdownDescription: "The maximum number of consumer flows that can bind to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 10000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxDeliveredUnackedMsgsPerFlow",
+				TerraformName:       "max_delivered_unacked_msgs_per_flow",
+				MarkdownDescription: "The maximum number of messages delivered but not acknowledged per flow for the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 1000000),
+				},
+				Default: 10000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxMsgSize",
+				TerraformName:       "max_msg_size",
+				MarkdownDescription: "The maximum message size allowed in the Queue, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 30000000),
+				},
+				Default: 1e+07,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxMsgSpoolUsage",
+				TerraformName:       "max_msg_spool_usage",
+				MarkdownDescription: "The maximum message spool usage allowed by the Queue, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 6000000),
+				},
+				Default: 5000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxRedeliveryCount",
+				TerraformName:       "max_redelivery_count",
+				MarkdownDescription: "The maximum number of times the Queue will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 255),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxTtl",
+				TerraformName:       "max_ttl",
+				MarkdownDescription: "The maximum time in seconds a message can stay in the Queue when `respect_ttl_enabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `max_ttl` configured for the Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "owner",
+				TerraformName:       "owner",
+				MarkdownDescription: "The Client Username that owns the Queue and has permission equivalent to `\"delete\"`. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 189),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "partitionCount",
+				TerraformName:       "partition_count",
+				MarkdownDescription: "The count of partitions of the queue. Only relevant for queues with an access type of non-exclusive. When zero, bound clients receive messages round-robin. Otherwise, bound clients receive messages from individually assigned partitions. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.35.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 1000),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "partitionRebalanceDelay",
+				TerraformName:       "partition_rebalance_delay",
+				MarkdownDescription: "The delay (in seconds) before a partition rebalance is started once needed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`. Available since SEMP API version 2.35.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 5,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "partitionRebalanceMaxHandoffTime",
+				TerraformName:       "partition_rebalance_max_handoff_time",
+				MarkdownDescription: "The maximum time (in seconds) to wait before handing off a partition while rebalancing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`. Available since SEMP API version 2.35.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "permission",
+				TerraformName:       "permission",
+				MarkdownDescription: "The permission level for all consumers of the Queue, excluding the owner. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("no-access", "read-only", "consume", "modify-topic", "delete"),
+				},
+				Default: "no-access",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueName",
+				TerraformName:       "queue_name",
+				MarkdownDescription: "The name of the Queue.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "redeliveryDelayEnabled",
+				TerraformName:       "redelivery_delay_enabled",
+				MarkdownDescription: "Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.33.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "redeliveryDelayInitialInterval",
+				TerraformName:       "redelivery_delay_initial_interval",
+				MarkdownDescription: "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.33.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 3600000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "redeliveryDelayMaxInterval",
+				TerraformName:       "redelivery_delay_max_interval",
+				MarkdownDescription: "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since SEMP API version 2.33.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 10800000),
+				},
+				Default: 64000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "redeliveryDelayMultiplier",
+				TerraformName:       "redelivery_delay_multiplier",
+				MarkdownDescription: "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since SEMP API version 2.33.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(100, 500),
+				},
+				Default: 200,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "redeliveryEnabled",
+				TerraformName:       "redelivery_enabled",
+				MarkdownDescription: "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max_redelivery_count. When disabled, the message will never be delivered from the queue more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "rejectLowPriorityMsgEnabled",
+				TerraformName:       "reject_low_priority_msg_enabled",
+				MarkdownDescription: "Enable or disable the checking of low priority messages against the `reject_low_priority_msg_limit`. This may only be enabled if `reject_msg_to_sender_on_discard_behavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "rejectLowPriorityMsgLimit",
+				TerraformName:       "reject_low_priority_msg_limit",
+				MarkdownDescription: "The number of messages of any priority in the Queue above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "rejectMsgToSenderOnDiscardBehavior",
+				TerraformName:       "reject_msg_to_sender_on_discard_behavior",
+				MarkdownDescription: "Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as reject_low_priority_msg_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-queue-enabled\"`. The allowed values and their meaning are:\n\n<pre>\n\"never\" - Silently discard messages.\n\"when-queue-enabled\" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.\n\"always\" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.\n</pre>\n Available since SEMP API version 2.1.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("never", "when-queue-enabled", "always"),
+				},
+				Default: "when-queue-enabled",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "respectMsgPriorityEnabled",
+				TerraformName:       "respect_msg_priority_enabled",
+				MarkdownDescription: "Enable or disable the respecting of message priority. When enabled, messages contained in the Queue are delivered in priority order, from 9 (highest) to 0 (lowest). Regardless of this setting, message priority is not respected when browsing the queue, when the queue is used by a bridge, or if the queue is partitioned. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled and ingress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.8.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "respectTtlEnabled",
+				TerraformName:       "respect_ttl_enabled",
+				MarkdownDescription: "Enable or disable the respecting of the time-to-live (TTL) for messages in the Queue. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnQueueSubscription.go b/internal/broker/generated/MsgVpnQueueSubscription.go
new file mode 100644
index 00000000..a83663b1
--- /dev/null
+++ b/internal/broker/generated/MsgVpnQueueSubscription.go
@@ -0,0 +1,99 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_queue_subscription",
+		MarkdownDescription: "One or more Queue Subscriptions can be added to a durable queue so that Guaranteed messages published to matching topics are also delivered to and spooled by the queue.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nqueue_name|x|||\nsubscription_topic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/queues/{queueName}/subscriptions/{subscriptionTopic}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/queues/{queueName}/subscriptions",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueName",
+				TerraformName:       "queue_name",
+				MarkdownDescription: "The name of the Queue.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "subscriptionTopic",
+				TerraformName:       "subscription_topic",
+				MarkdownDescription: "The topic of the Subscription.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 250),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnQueueTemplate.go b/internal/broker/generated/MsgVpnQueueTemplate.go
new file mode 100644
index 00000000..33cbbd9c
--- /dev/null
+++ b/internal/broker/generated/MsgVpnQueueTemplate.go
@@ -0,0 +1,648 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_queue_template",
+		MarkdownDescription: "A Queue Template provides a mechanism for specifying the initial state for client created queues.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nqueue_template_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.14.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/queueTemplates/{queueTemplateName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "accessType",
+				TerraformName:       "access_type",
+				MarkdownDescription: "The access type for delivering messages to consumer flows. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("exclusive", "non-exclusive"),
+				},
+				Default: "exclusive",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "consumerAckPropagationEnabled",
+				TerraformName:       "consumer_ack_propagation_enabled",
+				MarkdownDescription: "Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "deadMsgQueue",
+				TerraformName:       "dead_msg_queue",
+				MarkdownDescription: "The name of the Dead Message Queue (DMQ). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+				Default: "#DEAD_MSG_QUEUE",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "deliveryDelay",
+				TerraformName:       "delivery_delay",
+				MarkdownDescription: "The delay, in seconds, to apply to messages arriving on the Queue before the messages are eligible for delivery. This attribute does not apply to MQTT queues created from this template, but it may apply in future releases. Therefore, to maintain forward compatibility, do not set this value on templates that might be used for MQTT queues. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.22.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "durabilityOverride",
+				TerraformName:       "durability_override",
+				MarkdownDescription: "Controls the durability of queues created from this template. If non-durable, the created queue will be non-durable, regardless of the specified durability. If none, the created queue will have the requested durability. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - The durability of the endpoint will be as requested on create.\n\"non-durable\" - The durability of the created queue will be non-durable, regardless of what was requested.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "non-durable"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventBindCountThreshold",
+				TerraformName:       "event_bind_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 10000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 10000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventMsgSpoolUsageThreshold",
+				TerraformName:       "event_msg_spool_usage_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 18,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 6000000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 25,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 6000000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventRejectLowPriorityMsgLimitThreshold",
+				TerraformName:       "event_reject_low_priority_msg_limit_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxBindCount",
+				TerraformName:       "max_bind_count",
+				MarkdownDescription: "The maximum number of consumer flows that can bind. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 10000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxDeliveredUnackedMsgsPerFlow",
+				TerraformName:       "max_delivered_unacked_msgs_per_flow",
+				MarkdownDescription: "The maximum number of messages delivered but not acknowledged per flow. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 1000000),
+				},
+				Default: 10000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxMsgSize",
+				TerraformName:       "max_msg_size",
+				MarkdownDescription: "The maximum message size allowed, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 30000000),
+				},
+				Default: 1e+07,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxMsgSpoolUsage",
+				TerraformName:       "max_msg_spool_usage",
+				MarkdownDescription: "The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 6000000),
+				},
+				Default: 5000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxRedeliveryCount",
+				TerraformName:       "max_redelivery_count",
+				MarkdownDescription: "The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 255),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxTtl",
+				TerraformName:       "max_ttl",
+				MarkdownDescription: "The maximum time in seconds a message can stay in a Queue when `respect_ttl_enabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `max_ttl` configured for the Queue, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "permission",
+				TerraformName:       "permission",
+				MarkdownDescription: "The permission level for all consumers, excluding the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("no-access", "read-only", "consume", "modify-topic", "delete"),
+				},
+				Default: "no-access",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueNameFilter",
+				TerraformName:       "queue_name_filter",
+				MarkdownDescription: "A pattern used to determine which Queues use settings from this Template. Two different wildcards can be used in the pattern: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when used at the end, after a /. A * is only allowed at the end, after a slash (/). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueTemplateName",
+				TerraformName:       "queue_template_name",
+				MarkdownDescription: "The name of the Queue Template.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 255),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#?*][^?*]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "redeliveryDelayEnabled",
+				TerraformName:       "redelivery_delay_enabled",
+				MarkdownDescription: "Enable or disable a message redelivery delay. When false, messages are redelivered as soon as possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.33.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "redeliveryDelayInitialInterval",
+				TerraformName:       "redelivery_delay_initial_interval",
+				MarkdownDescription: "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.33.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 3600000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "redeliveryDelayMaxInterval",
+				TerraformName:       "redelivery_delay_max_interval",
+				MarkdownDescription: "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since SEMP API version 2.33.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 10800000),
+				},
+				Default: 64000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "redeliveryDelayMultiplier",
+				TerraformName:       "redelivery_delay_multiplier",
+				MarkdownDescription: "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since SEMP API version 2.33.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(100, 500),
+				},
+				Default: 200,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "redeliveryEnabled",
+				TerraformName:       "redelivery_enabled",
+				MarkdownDescription: "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max_redelivery_count. When disabled, the message will never be delivered from the queue more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "rejectLowPriorityMsgEnabled",
+				TerraformName:       "reject_low_priority_msg_enabled",
+				MarkdownDescription: "Enable or disable the checking of low priority messages against the `reject_low_priority_msg_limit`. This may only be enabled if `reject_msg_to_sender_on_discard_behavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "rejectLowPriorityMsgLimit",
+				TerraformName:       "reject_low_priority_msg_limit",
+				MarkdownDescription: "The number of messages of any priority above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "rejectMsgToSenderOnDiscardBehavior",
+				TerraformName:       "reject_msg_to_sender_on_discard_behavior",
+				MarkdownDescription: "Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs prevent the message from being delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"when-queue-enabled\"`. The allowed values and their meaning are:\n\n<pre>\n\"never\" - Silently discard messages.\n\"when-queue-enabled\" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.\n\"always\" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("never", "when-queue-enabled", "always"),
+				},
+				Default: "when-queue-enabled",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "respectMsgPriorityEnabled",
+				TerraformName:       "respect_msg_priority_enabled",
+				MarkdownDescription: "Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "respectTtlEnabled",
+				TerraformName:       "respect_ttl_enabled",
+				MarkdownDescription: "Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnReplayLog.go b/internal/broker/generated/MsgVpnReplayLog.go
new file mode 100644
index 00000000..c15c2219
--- /dev/null
+++ b/internal/broker/generated/MsgVpnReplayLog.go
@@ -0,0 +1,126 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_replay_log",
+		MarkdownDescription: "When the Message Replay feature is enabled, message brokers store persistent messages in a Replay Log. These messages are kept until the log is full, after which the oldest messages are removed to free up space for new messages.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nreplay_log_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.10.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "egressEnabled",
+				TerraformName:       "egress_enabled",
+				MarkdownDescription: "Enable or disable the transmission of messages from the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "ingressEnabled",
+				TerraformName:       "ingress_enabled",
+				MarkdownDescription: "Enable or disable the reception of messages to the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxSpoolUsage",
+				TerraformName:       "max_spool_usage",
+				MarkdownDescription: "The maximum spool usage allowed by the Replay Log, in megabytes (MB). If this limit is exceeded, old messages will be trimmed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 6000000),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replayLogName",
+				TerraformName:       "replay_log_name",
+				MarkdownDescription: "The name of the Replay Log.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 185),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "topicFilterEnabled",
+				TerraformName:       "topic_filter_enabled",
+				MarkdownDescription: "Enable or disable topic filtering for the Replay Log. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.27.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnReplayLogTopicFilterSubscription.go b/internal/broker/generated/MsgVpnReplayLogTopicFilterSubscription.go
new file mode 100644
index 00000000..3831b547
--- /dev/null
+++ b/internal/broker/generated/MsgVpnReplayLogTopicFilterSubscription.go
@@ -0,0 +1,99 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_replay_log_topic_filter_subscription",
+		MarkdownDescription: "One or more Subscriptions can be added to a replay-log so that only guaranteed messages published to matching topics are stored in the Replay Log.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nreplay_log_name|x|||\ntopic_filter_subscription|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.27.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}/topicFilterSubscriptions/{topicFilterSubscription}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/replayLogs/{replayLogName}/topicFilterSubscriptions",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replayLogName",
+				TerraformName:       "replay_log_name",
+				MarkdownDescription: "The name of the Replay Log.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 185),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "topicFilterSubscription",
+				TerraformName:       "topic_filter_subscription",
+				MarkdownDescription: "The topic of the Subscription.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 250),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnReplicatedTopic.go b/internal/broker/generated/MsgVpnReplicatedTopic.go
new file mode 100644
index 00000000..a4c75a60
--- /dev/null
+++ b/internal/broker/generated/MsgVpnReplicatedTopic.go
@@ -0,0 +1,94 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_replicated_topic",
+		MarkdownDescription: "To indicate which messages should be replicated between the active and standby site, a Replicated Topic subscription must be configured on a Message VPN. If a published message matches both a replicated topic and an endpoint on the active site, then the message is replicated to the standby site.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nreplicated_topic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.1.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/replicatedTopics/{replicatedTopic}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replicatedTopic",
+				TerraformName:       "replicated_topic",
+				MarkdownDescription: "The topic for applying replication. Published messages matching this topic will be replicated to the standby site.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 250),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "replicationMode",
+				TerraformName:       "replication_mode",
+				MarkdownDescription: "The replication mode for the Replicated Topic. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"async\"`. The allowed values and their meaning are:\n\n<pre>\n\"sync\" - Messages are acknowledged when replicated (spooled remotely).\n\"async\" - Messages are acknowledged when pending replication (spooled locally).\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("sync", "async"),
+				},
+				Default: "async",
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnRestDeliveryPoint.go b/internal/broker/generated/MsgVpnRestDeliveryPoint.go
new file mode 100644
index 00000000..834dbcee
--- /dev/null
+++ b/internal/broker/generated/MsgVpnRestDeliveryPoint.go
@@ -0,0 +1,131 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_rest_delivery_point",
+		MarkdownDescription: "A REST Delivery Point manages delivery of messages from queues to a named list of REST Consumers.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nrest_delivery_point_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientProfileName",
+				TerraformName:       "client_profile_name",
+				MarkdownDescription: "The Client Profile of the REST Delivery Point. It must exist in the local Message VPN. Its TCP parameters are used for all REST Consumers in this RDP. Its queue properties are used by the RDP client. The Client Profile is used inside the auto-generated Client Username for this RDP. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^#?[A-Za-z0-9\\-_]+$"), ""),
+				},
+				Default: "default",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the REST Delivery Point. When disabled, no connections are initiated or messages delivered to any of the contained REST Consumers. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "restDeliveryPointName",
+				TerraformName:       "rest_delivery_point_name",
+				MarkdownDescription: "The name of the REST Delivery Point.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "service",
+				TerraformName:       "service",
+				MarkdownDescription: "The name of the service that this REST Delivery Point connects to. Internally the broker does not use this value; it is informational only. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.19.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 50),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "vendor",
+				TerraformName:       "vendor",
+				MarkdownDescription: "The name of the vendor that this REST Delivery Point connects to. Internally the broker does not use this value; it is informational only. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.19.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 50),
+				},
+				Default: "",
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnRestDeliveryPointQueueBinding.go b/internal/broker/generated/MsgVpnRestDeliveryPointQueueBinding.go
new file mode 100644
index 00000000..de1d7b8e
--- /dev/null
+++ b/internal/broker/generated/MsgVpnRestDeliveryPointQueueBinding.go
@@ -0,0 +1,134 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_rest_delivery_point_queue_binding",
+		MarkdownDescription: "A Queue Binding for a REST Delivery Point attracts messages to be delivered to REST consumers. If the queue does not exist it can be created subsequently, and once the queue is operational the broker performs the queue binding. Removing the queue binding does not delete the queue itself. Similarly, removing the queue does not remove the queue binding, which fails until the queue is recreated or the queue binding is deleted.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nqueue_binding_name|x|||\nrest_delivery_point_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "gatewayReplaceTargetAuthorityEnabled",
+				TerraformName:       "gateway_replace_target_authority_enabled",
+				MarkdownDescription: "Enable or disable whether the authority for the request-target is replaced with that configured for the REST Consumer remote. When enabled, the broker sends HTTP requests in absolute-form, with the request-target's authority taken from the REST Consumer's remote host and port configuration. When disabled, the broker sends HTTP requests whose request-target matches that of the original request message, including whether to use absolute-form or origin-form. This configuration is applicable only when the Message VPN is in REST gateway mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.6.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "postRequestTarget",
+				TerraformName:       "post_request_target",
+				MarkdownDescription: "The request-target string to use when sending requests. It identifies the target resource on the far-end REST Consumer upon which to apply the request. There are generally two common forms for the request-target. The origin-form is most often used in practice and contains the path and query components of the target URI. If the path component is empty then the client must generally send a \"/\" as the path. When making a request to a proxy, most often the absolute-form is required. This configuration is only applicable when the Message VPN is in REST messaging mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 2000),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueBindingName",
+				TerraformName:       "queue_binding_name",
+				MarkdownDescription: "The name of a queue in the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "requestTargetEvaluation",
+				TerraformName:       "request_target_evaluation",
+				MarkdownDescription: "The type of evaluation to perform on the request target. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - Do not evaluate substitution expressions on the request target.\n\"substitution-expressions\" - Evaluate substitution expressions on the request target.\n</pre>\n Available since SEMP API version 2.23.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "substitution-expressions"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "restDeliveryPointName",
+				TerraformName:       "rest_delivery_point_name",
+				MarkdownDescription: "The name of the REST Delivery Point.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader.go b/internal/broker/generated/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader.go
new file mode 100644
index 00000000..d4a51848
--- /dev/null
+++ b/internal/broker/generated/MsgVpnRestDeliveryPointQueueBindingProtectedRequestHeader.go
@@ -0,0 +1,129 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_rest_delivery_point_queue_binding_protected_request_header",
+		MarkdownDescription: "A protected request header to be added to the HTTP request. Unlike a non-protected request header, the header value cannot be displayed after it is set.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nheader_name|x|||\nheader_value||x||x\nmsg_vpn_name|x|||\nqueue_binding_name|x|||\nrest_delivery_point_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.30.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/protectedRequestHeaders/{headerName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "headerName",
+				TerraformName:       "header_name",
+				MarkdownDescription: "The name of the protected HTTP request header.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 50),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9!#$%&'*+\\-.\\^_`|~]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "headerValue",
+				TerraformName:       "header_value",
+				MarkdownDescription: "The value of the protected HTTP request header. Unlike a non-protected request header, this value cannot be displayed after it is set, and does not support substitution expressions. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 2000),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueBindingName",
+				TerraformName:       "queue_binding_name",
+				MarkdownDescription: "The name of a queue in the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "restDeliveryPointName",
+				TerraformName:       "rest_delivery_point_name",
+				MarkdownDescription: "The name of the REST Delivery Point.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnRestDeliveryPointQueueBindingRequestHeader.go b/internal/broker/generated/MsgVpnRestDeliveryPointQueueBindingRequestHeader.go
new file mode 100644
index 00000000..0bd2298a
--- /dev/null
+++ b/internal/broker/generated/MsgVpnRestDeliveryPointQueueBindingRequestHeader.go
@@ -0,0 +1,128 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_rest_delivery_point_queue_binding_request_header",
+		MarkdownDescription: "A request header to be added to the HTTP request.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nheader_name|x|||\nmsg_vpn_name|x|||\nqueue_binding_name|x|||\nrest_delivery_point_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.23.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/queueBindings/{queueBindingName}/requestHeaders/{headerName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "headerName",
+				TerraformName:       "header_name",
+				MarkdownDescription: "The name of the HTTP request header.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 50),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9!#$%&'*+\\-.\\^_`|~]*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "headerValue",
+				TerraformName:       "header_value",
+				MarkdownDescription: "A substitution expression for the value of the HTTP request header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 2000),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "queueBindingName",
+				TerraformName:       "queue_binding_name",
+				MarkdownDescription: "The name of a queue in the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "restDeliveryPointName",
+				TerraformName:       "rest_delivery_point_name",
+				MarkdownDescription: "The name of the REST Delivery Point.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnRestDeliveryPointRestConsumer.go b/internal/broker/generated/MsgVpnRestDeliveryPointRestConsumer.go
new file mode 100644
index 00000000..3765b7bf
--- /dev/null
+++ b/internal/broker/generated/MsgVpnRestDeliveryPointRestConsumer.go
@@ -0,0 +1,516 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/boolvalidator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_rest_delivery_point_rest_consumer",
+		MarkdownDescription: "REST Consumer objects establish HTTP connectivity to REST consumer applications who wish to receive messages from a broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthentication_aws_secret_access_key||x||x\nauthentication_client_cert_content||x||x\nauthentication_client_cert_password||x||\nauthentication_http_basic_password||x||x\nauthentication_http_header_value||x||x\nauthentication_oauth_client_secret||x||x\nauthentication_oauth_jwt_secret_key||x||x\nmsg_vpn_name|x|||\nrest_consumer_name|x|||\nrest_delivery_point_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationAwsAccessKeyId",
+				TerraformName:       "authentication_aws_access_key_id",
+				MarkdownDescription: "The AWS access key id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.26.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationAwsRegion",
+				TerraformName:       "authentication_aws_region",
+				MarkdownDescription: "The AWS region id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.26.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 20),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationAwsSecretAccessKey",
+				TerraformName:       "authentication_aws_secret_access_key",
+				MarkdownDescription: "The AWS secret access key. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.26.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 64),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationAwsService",
+				TerraformName:       "authentication_aws_service",
+				MarkdownDescription: "The AWS service id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.26.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 50),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationClientCertContent",
+				TerraformName:       "authentication_client_cert_content",
+				MarkdownDescription: "The PEM formatted content for the client certificate that the REST Consumer will present to the REST host. It must consist of a private key and between one and three certificates comprising the certificate trust chain. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since SEMP API version 2.9.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32768),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationClientCertPassword",
+				TerraformName:       "authentication_client_cert_password",
+				MarkdownDescription: "The password for the client certificate. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. The default value is `\"\"`. Available since SEMP API version 2.9.",
+				Sensitive:           true,
+				Requires:            []string{"authentication_client_cert_content"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("authentication_client_cert_content"),
+					),
+					stringvalidator.LengthBetween(0, 512),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationHttpBasicPassword",
+				TerraformName:       "authentication_http_basic_password",
+				MarkdownDescription: "The password for the username. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Requires:            []string{"authentication_http_basic_username"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("authentication_http_basic_username"),
+					),
+					stringvalidator.LengthBetween(0, 128),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationHttpBasicUsername",
+				TerraformName:       "authentication_http_basic_username",
+				MarkdownDescription: "The username that the REST Consumer will use to login to the REST host. Normally a username is only configured when basic authentication is selected for the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Requires:            []string{"authentication_http_basic_password"},
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("authentication_http_basic_password"),
+					),
+					stringvalidator.LengthBetween(0, 189),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationHttpHeaderName",
+				TerraformName:       "authentication_http_header_name",
+				MarkdownDescription: "The authentication header name. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.15.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 50),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9!#$%&'*+\\-.\\^_`|~]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationHttpHeaderValue",
+				TerraformName:       "authentication_http_header_value",
+				MarkdownDescription: "The authentication header value. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.15.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 2100),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[ -~\\t]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthClientId",
+				TerraformName:       "authentication_oauth_client_id",
+				MarkdownDescription: "The OAuth client ID. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.19.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthClientScope",
+				TerraformName:       "authentication_oauth_client_scope",
+				MarkdownDescription: "The OAuth scope. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.19.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthClientSecret",
+				TerraformName:       "authentication_oauth_client_secret",
+				MarkdownDescription: "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.19.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 512),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthClientTokenEndpoint",
+				TerraformName:       "authentication_oauth_client_token_endpoint",
+				MarkdownDescription: "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Must begin with \"https\". Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.19.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 2048),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "authenticationOauthClientTokenExpiryDefault",
+				TerraformName:       "authentication_oauth_client_token_expiry_default",
+				MarkdownDescription: "The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `900`. Available since SEMP API version 2.30.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(60, 86400),
+				},
+				Default: 900,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthJwtSecretKey",
+				TerraformName:       "authentication_oauth_jwt_secret_key",
+				MarkdownDescription: "The OAuth secret key used to sign the token request JWT. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.21.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 4096),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationOauthJwtTokenEndpoint",
+				TerraformName:       "authentication_oauth_jwt_token_endpoint",
+				MarkdownDescription: "The OAuth token endpoint URL that the REST Consumer will use to request a token for login to the REST host. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.21.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 2048),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "authenticationOauthJwtTokenExpiryDefault",
+				TerraformName:       "authentication_oauth_jwt_token_expiry_default",
+				MarkdownDescription: "The default expiry time for a token, in seconds. Only used when the token endpoint does not return an expiry time. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `900`. Available since SEMP API version 2.30.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(60, 86400),
+				},
+				Default: 900,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authenticationScheme",
+				TerraformName:       "authentication_scheme",
+				MarkdownDescription: "The authentication scheme used by the REST Consumer to login to the REST host. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - Login with no authentication. This may be useful for anonymous connections or when a REST Consumer does not require authentication.\n\"http-basic\" - Login with a username and optional password according to HTTP Basic authentication as per RFC 2616.\n\"client-certificate\" - Login with a client TLS certificate as per RFC 5246. Client certificate authentication is only available on TLS connections.\n\"http-header\" - Login with a specified HTTP header.\n\"oauth-client\" - Login with OAuth 2.0 client credentials.\n\"oauth-jwt\" - Login with OAuth (RFC 7523 JWT Profile).\n\"transparent\" - Login using the Authorization header from the message properties, if present. Transparent authentication passes along existing Authorization header metadata instead of discarding it. Note that if the message is coming from a REST producer, the REST service must be configured to forward the Authorization header.\n\"aws\" - Login using AWS Signature Version 4 authentication (AWS4-HMAC-SHA256).\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "http-basic", "client-certificate", "http-header", "oauth-client", "oauth-jwt", "transparent", "aws"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the REST Consumer. When disabled, no connections are initiated or messages delivered to this particular REST Consumer. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "httpMethod",
+				TerraformName:       "http_method",
+				MarkdownDescription: "The HTTP method to use (POST or PUT). This is used only when operating in the REST service \"messaging\" mode and is ignored in \"gateway\" mode. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"post\"`. The allowed values and their meaning are:\n\n<pre>\n\"post\" - Use the POST HTTP method.\n\"put\" - Use the PUT HTTP method.\n</pre>\n Available since SEMP API version 2.17.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("post", "put"),
+				},
+				Default: "post",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "localInterface",
+				TerraformName:       "local_interface",
+				MarkdownDescription: "The interface that will be used for all outgoing connections associated with the REST Consumer. When unspecified, an interface is automatically chosen. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 15),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxPostWaitTime",
+				TerraformName:       "max_post_wait_time",
+				MarkdownDescription: "The maximum amount of time (in seconds) to wait for an HTTP POST response from the REST Consumer. Once this time is exceeded, the TCP connection is reset. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `30`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 300),
+				},
+				Default: 30,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "outgoingConnectionCount",
+				TerraformName:       "outgoing_connection_count",
+				MarkdownDescription: "The number of concurrent TCP connections open to the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 50),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "proxyName",
+				TerraformName:       "proxy_name",
+				MarkdownDescription: "The name of the proxy to use. Leave empty for no proxy. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`. Available since SEMP API version 2.36.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "remoteHost",
+				TerraformName:       "remote_host",
+				MarkdownDescription: "The IP address or DNS name to which the broker is to connect to deliver messages for the REST Consumer. A host value must be configured for the REST Consumer to be operationally up. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 253),
+					stringvalidator.RegexMatches(regexp.MustCompile("^([0-9a-zA-Z_\\-\\.]*|([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|\\[([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\\]|([0-9a-fA-F]{1,4}:){1,7}:|\\[([0-9a-fA-F]{1,4}:){1,7}:\\]|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|\\[([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\\]|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|\\[([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\\]|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|\\[([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\\]|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|\\[([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\\]|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|\\[([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\\]|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|\\[[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\\]|:((:[0-9a-fA-F]{1,4}){1,7}|:)|\\[:((:[0-9a-fA-F]{1,4}){1,7}|:)\\])$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "remotePort",
+				TerraformName:       "remote_port",
+				MarkdownDescription: "The port associated with the host of the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `8080`.",
+				Requires:            []string{"tls_enabled"},
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("tls_enabled"),
+					),
+					int64validator.Between(1, 65535),
+				},
+				Default: 8080,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "restConsumerName",
+				TerraformName:       "rest_consumer_name",
+				MarkdownDescription: "The name of the REST Consumer.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "restDeliveryPointName",
+				TerraformName:       "rest_delivery_point_name",
+				MarkdownDescription: "The name of the REST Delivery Point.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "retryDelay",
+				TerraformName:       "retry_delay",
+				MarkdownDescription: "The number of seconds that must pass before retrying the remote REST Consumer connection. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 300),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "tlsCipherSuiteList",
+				TerraformName:       "tls_cipher_suite_list",
+				MarkdownDescription: "The colon-separated list of cipher suites the REST Consumer uses in its encrypted connection. The value `\"default\"` implies all supported suites ordered from most secure to least secure. The list of default cipher suites is available in the `tlsCipherSuiteMsgBackboneDefaultList` attribute of the broker object in the Monitoring API. The REST Consumer should choose the first suite from this list that it supports. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"default\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 1559),
+				},
+				Default: "default",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "tlsEnabled",
+				TerraformName:       "tls_enabled",
+				MarkdownDescription: "Enable or disable encryption (TLS) for the REST Consumer. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Requires:            []string{"remote_port"},
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				BoolValidators: []validator.Bool{
+					boolvalidator.AlsoRequires(
+						path.MatchRelative().AtParent().AtName("remote_port"),
+					),
+				},
+				Default: false,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaim.go b/internal/broker/generated/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaim.go
new file mode 100644
index 00000000..7bf9e2fe
--- /dev/null
+++ b/internal/broker/generated/MsgVpnRestDeliveryPointRestConsumerOauthJwtClaim.go
@@ -0,0 +1,128 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_rest_delivery_point_rest_consumer_oauth_jwt_claim",
+		MarkdownDescription: "A Claim is added to the JWT sent to the OAuth token request endpoint.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\noauth_jwt_claim_name|x|||\nrest_consumer_name|x|||\nrest_delivery_point_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.21.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/oauthJwtClaims/{oauthJwtClaimName}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/restDeliveryPoints/{restDeliveryPointName}/restConsumers/{restConsumerName}/oauthJwtClaims",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthJwtClaimName",
+				TerraformName:       "oauth_jwt_claim_name",
+				MarkdownDescription: "The name of the additional claim. Cannot be \"exp\", \"iat\", or \"jti\".",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthJwtClaimValue",
+				TerraformName:       "oauth_jwt_claim_value",
+				MarkdownDescription: "The value of the additional claim, which must be a string containing a valid JSON value.",
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "restConsumerName",
+				TerraformName:       "rest_consumer_name",
+				MarkdownDescription: "The name of the REST Consumer.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "restDeliveryPointName",
+				TerraformName:       "rest_delivery_point_name",
+				MarkdownDescription: "The name of the REST Delivery Point.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnSequencedTopic.go b/internal/broker/generated/MsgVpnSequencedTopic.go
new file mode 100644
index 00000000..f53c8a8a
--- /dev/null
+++ b/internal/broker/generated/MsgVpnSequencedTopic.go
@@ -0,0 +1,82 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_sequenced_topic",
+		MarkdownDescription: "A Sequenced Topic is a topic subscription for which any matching messages received on the Message VPN are assigned a sequence number that is monotonically increased by a value of one per message.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nsequenced_topic|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.0.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/sequencedTopics/{sequencedTopic}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/sequencedTopics",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "sequencedTopic",
+				TerraformName:       "sequenced_topic",
+				MarkdownDescription: "Topic for applying sequence numbers.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 250),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnTelemetryProfile.go b/internal/broker/generated/MsgVpnTelemetryProfile.go
new file mode 100644
index 00000000..81ebcbca
--- /dev/null
+++ b/internal/broker/generated/MsgVpnTelemetryProfile.go
@@ -0,0 +1,525 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_telemetry_profile",
+		MarkdownDescription: "Using the Telemetry Profile allows trace spans to be generated as messages are processed by the broker. The generated spans are stored persistently on the broker and may be consumed by the Solace receiver component of an OpenTelemetry Collector.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\ntelemetry_profile_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.31.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "queueEventBindCountThreshold",
+				TerraformName:       "queue_event_bind_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "queueEventMsgSpoolUsageThreshold",
+				TerraformName:       "queue_event_msg_spool_usage_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 1,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 2,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueMaxBindCount",
+				TerraformName:       "queue_max_bind_count",
+				MarkdownDescription: "The maximum number of consumer flows that can bind to the Queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 10000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "queueMaxMsgSpoolUsage",
+				TerraformName:       "queue_max_msg_spool_usage",
+				MarkdownDescription: "The maximum message spool usage allowed by the Queue, in megabytes (MB). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `800000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 6000000),
+				},
+				Default: 800000,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "receiverAclConnectDefaultAction",
+				TerraformName:       "receiver_acl_connect_default_action",
+				MarkdownDescription: "The default action to take when a receiver client connects to the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"disallow\"`. The allowed values and their meaning are:\n\n<pre>\n\"allow\" - Allow client connection unless an exception is found for it.\n\"disallow\" - Disallow client connection unless an exception is found for it.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("allow", "disallow"),
+				},
+				Default: "disallow",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "receiverEnabled",
+				TerraformName:       "receiver_enabled",
+				MarkdownDescription: "Enable or disable the ability for receiver clients to consume from the #telemetry queue. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "receiverEventConnectionCountPerClientUsernameThreshold",
+				TerraformName:       "receiver_event_connection_count_per_client_username_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 200000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "receiverMaxConnectionCountPerClientUsername",
+				TerraformName:       "receiver_max_connection_count_per_client_username",
+				MarkdownDescription: "The maximum number of receiver connections per Client Username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default is the maximum value supported by the platform.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 200000),
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "receiverTcpCongestionWindowSize",
+				TerraformName:       "receiver_tcp_congestion_window_size",
+				MarkdownDescription: "The TCP initial congestion window size for clients using the Client Profile, in multiples of the TCP Maximum Segment Size (MSS). Changing the value from its default of 2 results in non-compliance with RFC 2581. Contact support before changing this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `2`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 7826),
+				},
+				Default: 2,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "receiverTcpKeepaliveCount",
+				TerraformName:       "receiver_tcp_keepalive_count",
+				MarkdownDescription: "The number of TCP keepalive retransmissions to a client using the Client Profile before declaring that it is not available. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(2, 5),
+				},
+				Default: 5,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "receiverTcpKeepaliveIdleTime",
+				TerraformName:       "receiver_tcp_keepalive_idle_time",
+				MarkdownDescription: "The amount of time a client connection using the Client Profile must remain idle before TCP begins sending keepalive probes, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `3`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(3, 120),
+				},
+				Default: 3,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "receiverTcpKeepaliveInterval",
+				TerraformName:       "receiver_tcp_keepalive_interval",
+				MarkdownDescription: "The amount of time between TCP keepalive retransmissions to a client using the Client Profile when no acknowledgment is received, in seconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 30),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "receiverTcpMaxSegmentSize",
+				TerraformName:       "receiver_tcp_max_segment_size",
+				MarkdownDescription: "The TCP maximum segment size for clients using the Client Profile, in bytes. Changes are applied to all existing connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1460`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(256, 1460),
+				},
+				Default: 1460,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "receiverTcpMaxWindowSize",
+				TerraformName:       "receiver_tcp_max_window_size",
+				MarkdownDescription: "The TCP maximum window size for clients using the Client Profile, in kilobytes. Changes are applied to all existing connections. This setting is ignored on the software broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `256`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(16, 65536),
+				},
+				Default: 256,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "telemetryProfileName",
+				TerraformName:       "telemetry_profile_name",
+				MarkdownDescription: "The name of the Telemetry Profile.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 21),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9\\-_]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "traceEnabled",
+				TerraformName:       "trace_enabled",
+				MarkdownDescription: "Enable or disable generation of all trace span data messages. When enabled, the state of configured trace filters control which messages get traced. When disabled, trace span data messages are never generated, regardless of the state of trace filters. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "traceSendSpanGenerationEnabled",
+				TerraformName:       "trace_send_span_generation_enabled",
+				MarkdownDescription: "Enable or disable generation of send spans. For the most complete view of broker message processing, this should be enabled. If the information provided by send spans are not needed, send spans can be disabled to reduce the performance impact of tracing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.36.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnTelemetryProfileReceiverAclConnectException.go b/internal/broker/generated/MsgVpnTelemetryProfileReceiverAclConnectException.go
new file mode 100644
index 00000000..b794cc18
--- /dev/null
+++ b/internal/broker/generated/MsgVpnTelemetryProfileReceiverAclConnectException.go
@@ -0,0 +1,100 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_telemetry_profile_receiver_acl_connect_exception",
+		MarkdownDescription: "A Receiver ACL Connect Exception is an exception to the default action to take when a receiver connects to the broker. Exceptions must be expressed as an IP address/netmask in CIDR form.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nreceiver_acl_connect_exception_address|x|||\ntelemetry_profile_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.31.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/receiverAclConnectExceptions/{receiverAclConnectExceptionAddress}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/receiverAclConnectExceptions",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "receiverAclConnectExceptionAddress",
+				TerraformName:       "receiver_acl_connect_exception_address",
+				MarkdownDescription: "The IP address/netmask of the receiver connect exception in CIDR form.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 43),
+					stringvalidator.RegexMatches(regexp.MustCompile("^\\s*((((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\\.){3}(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[1-2][0-9]|3[0-2]))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])))\\s*$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "telemetryProfileName",
+				TerraformName:       "telemetry_profile_name",
+				MarkdownDescription: "The name of the Telemetry Profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 21),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9\\-_]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnTelemetryProfileTraceFilter.go b/internal/broker/generated/MsgVpnTelemetryProfileTraceFilter.go
new file mode 100644
index 00000000..7a97f212
--- /dev/null
+++ b/internal/broker/generated/MsgVpnTelemetryProfileTraceFilter.go
@@ -0,0 +1,109 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_telemetry_profile_trace_filter",
+		MarkdownDescription: "A Trace Filter controls which messages received by the broker will be traced. If an incoming message matches an enabled tracing filter's subscription, the message will be traced as it passes through the broker.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\ntelemetry_profile_name|x|||\ntrace_filter_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.31.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters/{traceFilterName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the trace filter. When the filter is disabled, the filter's subscriptions will not trigger a message to be traced. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "telemetryProfileName",
+				TerraformName:       "telemetry_profile_name",
+				MarkdownDescription: "The name of the Telemetry Profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 21),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9\\-_]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "traceFilterName",
+				TerraformName:       "trace_filter_name",
+				MarkdownDescription: "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 127),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#*? ]([^*?]*[^*? ])?$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnTelemetryProfileTraceFilterSubscription.go b/internal/broker/generated/MsgVpnTelemetryProfileTraceFilterSubscription.go
new file mode 100644
index 00000000..23395793
--- /dev/null
+++ b/internal/broker/generated/MsgVpnTelemetryProfileTraceFilterSubscription.go
@@ -0,0 +1,131 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_telemetry_profile_trace_filter_subscription",
+		MarkdownDescription: "Trace filter subscriptions control which messages will be attracted by the tracing filter.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\nsubscription|x|||\nsubscription_syntax|x|||\ntelemetry_profile_name|x|||\ntrace_filter_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.31.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters/{traceFilterName}/subscriptions/{subscription},{subscriptionSyntax}",
+		PostPathTemplate:    "/msgVpns/{msgVpnName}/telemetryProfiles/{telemetryProfileName}/traceFilters/{traceFilterName}/subscriptions",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "subscription",
+				TerraformName:       "subscription",
+				MarkdownDescription: "Messages matching this subscription will follow this filter's configuration.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 250),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "subscriptionSyntax",
+				TerraformName:       "subscription_syntax",
+				MarkdownDescription: "The syntax of the trace filter subscription. The allowed values and their meaning are:\n\n<pre>\n\"smf\" - Subscription uses SMF syntax.\n\"mqtt\" - Subscription uses MQTT syntax.\n</pre>\n",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("smf", "mqtt"),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "telemetryProfileName",
+				TerraformName:       "telemetry_profile_name",
+				MarkdownDescription: "The name of the Telemetry Profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 21),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9\\-_]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "traceFilterName",
+				TerraformName:       "trace_filter_name",
+				MarkdownDescription: "A name used to identify the trace filter. Consider a name that describes the subscriptions contained within the filter, such as the name of the application and/or the scenario in which the trace filter might be enabled, such as \"appNameDebug\".",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 127),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#*? ]([^*?]*[^*? ])?$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnTopicEndpoint.go b/internal/broker/generated/MsgVpnTopicEndpoint.go
new file mode 100644
index 00000000..bcd613b8
--- /dev/null
+++ b/internal/broker/generated/MsgVpnTopicEndpoint.go
@@ -0,0 +1,665 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_topic_endpoint",
+		MarkdownDescription: "A Topic Endpoint attracts messages published to a topic for which the Topic Endpoint has a matching topic subscription. The topic subscription for the Topic Endpoint is specified in the client request to bind a Flow to that Topic Endpoint. Queues are significantly more flexible than Topic Endpoints and are the recommended approach for most applications. The use of Topic Endpoints should be restricted to JMS applications.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\ntopic_endpoint_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.1.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/topicEndpoints/{topicEndpointName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "accessType",
+				TerraformName:       "access_type",
+				MarkdownDescription: "The access type for delivering messages to consumer flows bound to the Topic Endpoint. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.\n</pre>\n Available since SEMP API version 2.4.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("exclusive", "non-exclusive"),
+				},
+				Default: "exclusive",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "consumerAckPropagationEnabled",
+				TerraformName:       "consumer_ack_propagation_enabled",
+				MarkdownDescription: "Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "deadMsgQueue",
+				TerraformName:       "dead_msg_queue",
+				MarkdownDescription: "The name of the Dead Message Queue (DMQ) used by the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`. Available since SEMP API version 2.2.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+				Default: "#DEAD_MSG_QUEUE",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "deliveryCountEnabled",
+				TerraformName:       "delivery_count_enabled",
+				MarkdownDescription: "Enable or disable the ability for client applications to query the message delivery count of messages received from the Topic Endpoint. This is a controlled availability feature. Please contact support to find out if this feature is supported for your use case. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.19.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "deliveryDelay",
+				TerraformName:       "delivery_delay",
+				MarkdownDescription: "The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.22.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "egressEnabled",
+				TerraformName:       "egress_enabled",
+				MarkdownDescription: "Enable or disable the transmission of messages from the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventBindCountThreshold",
+				TerraformName:       "event_bind_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventRejectLowPriorityMsgLimitThreshold",
+				TerraformName:       "event_reject_low_priority_msg_limit_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventSpoolUsageThreshold",
+				TerraformName:       "event_spool_usage_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 18,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 25,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "ingressEnabled",
+				TerraformName:       "ingress_enabled",
+				MarkdownDescription: "Enable or disable the reception of messages to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxBindCount",
+				TerraformName:       "max_bind_count",
+				MarkdownDescription: "The maximum number of consumer flows that can bind to the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`. Available since SEMP API version 2.4.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 10000),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxDeliveredUnackedMsgsPerFlow",
+				TerraformName:       "max_delivered_unacked_msgs_per_flow",
+				MarkdownDescription: "The maximum number of messages delivered but not acknowledged per flow for the Topic Endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 1000000),
+				},
+				Default: 10000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxMsgSize",
+				TerraformName:       "max_msg_size",
+				MarkdownDescription: "The maximum message size allowed in the Topic Endpoint, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 30000000),
+				},
+				Default: 1e+07,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxRedeliveryCount",
+				TerraformName:       "max_redelivery_count",
+				MarkdownDescription: "The maximum number of times the Topic Endpoint will attempt redelivery of a message prior to it being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 255),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxSpoolUsage",
+				TerraformName:       "max_spool_usage",
+				MarkdownDescription: "The maximum message spool usage allowed by the Topic Endpoint, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 6000000),
+				},
+				Default: 5000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxTtl",
+				TerraformName:       "max_ttl",
+				MarkdownDescription: "The maximum time in seconds a message can stay in the Topic Endpoint when `respect_ttl_enabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `max_ttl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "owner",
+				TerraformName:       "owner",
+				MarkdownDescription: "The Client Username that owns the Topic Endpoint and has permission equivalent to `\"delete\"`. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 189),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "permission",
+				TerraformName:       "permission",
+				MarkdownDescription: "The permission level for all consumers of the Topic Endpoint, excluding the owner. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("no-access", "read-only", "consume", "modify-topic", "delete"),
+				},
+				Default: "no-access",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "redeliveryDelayEnabled",
+				TerraformName:       "redelivery_delay_enabled",
+				MarkdownDescription: "Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.33.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "redeliveryDelayInitialInterval",
+				TerraformName:       "redelivery_delay_initial_interval",
+				MarkdownDescription: "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.33.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 3600000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "redeliveryDelayMaxInterval",
+				TerraformName:       "redelivery_delay_max_interval",
+				MarkdownDescription: "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since SEMP API version 2.33.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 10800000),
+				},
+				Default: 64000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "redeliveryDelayMultiplier",
+				TerraformName:       "redelivery_delay_multiplier",
+				MarkdownDescription: "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since SEMP API version 2.33.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(100, 500),
+				},
+				Default: 200,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "redeliveryEnabled",
+				TerraformName:       "redelivery_enabled",
+				MarkdownDescription: "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max_redelivery_count. When disabled, the message will never be delivered from the topic-endpoint more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "rejectLowPriorityMsgEnabled",
+				TerraformName:       "reject_low_priority_msg_enabled",
+				MarkdownDescription: "Enable or disable the checking of low priority messages against the `reject_low_priority_msg_limit`. This may only be enabled if `reject_msg_to_sender_on_discard_behavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "rejectLowPriorityMsgLimit",
+				TerraformName:       "reject_low_priority_msg_limit",
+				MarkdownDescription: "The number of messages of any priority in the Topic Endpoint above which low priority messages are not admitted but higher priority messages are allowed. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "rejectMsgToSenderOnDiscardBehavior",
+				TerraformName:       "reject_msg_to_sender_on_discard_behavior",
+				MarkdownDescription: "Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as reject_low_priority_msg_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"never\"`. The allowed values and their meaning are:\n\n<pre>\n\"never\" - Silently discard messages.\n\"when-topic-endpoint-enabled\" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.\n\"always\" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("never", "when-topic-endpoint-enabled", "always"),
+				},
+				Default: "never",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "respectMsgPriorityEnabled",
+				TerraformName:       "respect_msg_priority_enabled",
+				MarkdownDescription: "Enable or disable the respecting of message priority. When enabled, messages contained in the Topic Endpoint are delivered in priority order, from 9 (highest) to 0 (lowest). Modifying this attribute while the object (or the relevant part of the object) is administratively enabled may be service impacting as egress_enabled and ingress_enabled will be temporarily set to false to apply the change. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.8.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "respectTtlEnabled",
+				TerraformName:       "respect_ttl_enabled",
+				MarkdownDescription: "Enable or disable the respecting of the time-to-live (TTL) for messages in the Topic Endpoint. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "topicEndpointName",
+				TerraformName:       "topic_endpoint_name",
+				MarkdownDescription: "The name of the Topic Endpoint.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/MsgVpnTopicEndpointTemplate.go b/internal/broker/generated/MsgVpnTopicEndpointTemplate.go
new file mode 100644
index 00000000..22661cee
--- /dev/null
+++ b/internal/broker/generated/MsgVpnTopicEndpointTemplate.go
@@ -0,0 +1,635 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "msg_vpn_topic_endpoint_template",
+		MarkdownDescription: "A Topic Endpoint Template provides a mechanism for specifying the initial state for client created topic endpoints.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\ntopic_endpoint_template_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"vpn/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.14.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/msgVpns/{msgVpnName}/topicEndpointTemplates/{topicEndpointTemplateName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "accessType",
+				TerraformName:       "access_type",
+				MarkdownDescription: "The access type for delivering messages to consumer flows. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"exclusive\"`. The allowed values and their meaning are:\n\n<pre>\n\"exclusive\" - Exclusive delivery of messages to the first bound consumer flow.\n\"non-exclusive\" - Non-exclusive delivery of messages to bound consumer flows in a round-robin (if partition count is zero) or partitioned (if partition count is non-zero) fashion.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("exclusive", "non-exclusive"),
+				},
+				Default: "exclusive",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "consumerAckPropagationEnabled",
+				TerraformName:       "consumer_ack_propagation_enabled",
+				MarkdownDescription: "Enable or disable the propagation of consumer acknowledgments (ACKs) received on the active replication Message VPN to the standby replication Message VPN. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "deadMsgQueue",
+				TerraformName:       "dead_msg_queue",
+				MarkdownDescription: "The name of the Dead Message Queue (DMQ). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"#DEAD_MSG_QUEUE\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?'<>&;]+$"), ""),
+				},
+				Default: "#DEAD_MSG_QUEUE",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "deliveryDelay",
+				TerraformName:       "delivery_delay",
+				MarkdownDescription: "The delay, in seconds, to apply to messages arriving on the Topic Endpoint before the messages are eligible for delivery. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`. Available since SEMP API version 2.22.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventBindCountThreshold",
+				TerraformName:       "event_bind_count_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 10000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 10000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventMsgSpoolUsageThreshold",
+				TerraformName:       "event_msg_spool_usage_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 18,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 6000000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 25,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 6000000),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Struct,
+				SempName:            "eventRejectLowPriorityMsgLimitThreshold",
+				TerraformName:       "event_reject_low_priority_msg_limit_threshold",
+				MarkdownDescription: "",
+				Attributes: []*broker.AttributeInfo{
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearPercent",
+						TerraformName:       "clear_percent",
+						MarkdownDescription: "The clear threshold for the value of this counter as a percentage of its maximum value. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 60,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "clearValue",
+						TerraformName:       "clear_value",
+						MarkdownDescription: "The clear threshold for the absolute value of this counter. Falling below this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"set_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setPercent",
+						TerraformName:       "set_percent",
+						MarkdownDescription: "The set threshold for the value of this counter as a percentage of its maximum value. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_percent"},
+						ConflictsWith:       []string{"clear_value", "set_value"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+							),
+							int64validator.Between(0, 100),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+								path.MatchRelative().AtParent().AtName("set_value"),
+							),
+						},
+						Default: 80,
+					},
+					{
+						BaseType:            broker.Int64,
+						SempName:            "setValue",
+						TerraformName:       "set_value",
+						MarkdownDescription: "The set threshold for the absolute value of this counter. Exceeding this value will trigger a corresponding event. This attribute may not be returned in a GET.",
+						Requires:            []string{"clear_value"},
+						ConflictsWith:       []string{"clear_percent", "set_percent"},
+						Type:                types.Int64Type,
+						TerraformType:       tftypes.Number,
+						Converter:           broker.IntegerConverter{},
+						Int64Validators: []validator.Int64{
+							int64validator.AlsoRequires(
+								path.MatchRelative().AtParent().AtName("clear_value"),
+							),
+							int64validator.Between(0, 4294967295),
+							int64validator.ConflictsWith(
+								path.MatchRelative().AtParent().AtName("clear_percent"),
+								path.MatchRelative().AtParent().AtName("set_percent"),
+							),
+						},
+					},
+				},
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxBindCount",
+				TerraformName:       "max_bind_count",
+				MarkdownDescription: "The maximum number of consumer flows that can bind. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 10000),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxDeliveredUnackedMsgsPerFlow",
+				TerraformName:       "max_delivered_unacked_msgs_per_flow",
+				MarkdownDescription: "The maximum number of messages delivered but not acknowledged per flow. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 1000000),
+				},
+				Default: 10000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxMsgSize",
+				TerraformName:       "max_msg_size",
+				MarkdownDescription: "The maximum message size allowed, in bytes (B). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `10000000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 30000000),
+				},
+				Default: 1e+07,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxMsgSpoolUsage",
+				TerraformName:       "max_msg_spool_usage",
+				MarkdownDescription: "The maximum message spool usage allowed, in megabytes (MB). A value of 0 only allows spooling of the last message received and disables quota checking. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `5000`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 6000000),
+				},
+				Default: 5000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxRedeliveryCount",
+				TerraformName:       "max_redelivery_count",
+				MarkdownDescription: "The maximum number of message redelivery attempts that will occur prior to the message being discarded or moved to the DMQ. A value of 0 means to retry forever. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 255),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "maxTtl",
+				TerraformName:       "max_ttl",
+				MarkdownDescription: "The maximum time in seconds a message can stay in the Topic Endpoint when `respect_ttl_enabled` is `\"true\"`. A message expires when the lesser of the sender assigned time-to-live (TTL) in the message and the `max_ttl` configured for the Topic Endpoint, is exceeded. A value of 0 disables expiry. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the Message VPN.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "permission",
+				TerraformName:       "permission",
+				MarkdownDescription: "The permission level for all consumers, excluding the owner. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"no-access\"`. The allowed values and their meaning are:\n\n<pre>\n\"no-access\" - Disallows all access.\n\"read-only\" - Read-only access to the messages.\n\"consume\" - Consume (read and remove) messages.\n\"modify-topic\" - Consume messages or modify the topic/selector.\n\"delete\" - Consume messages, modify the topic/selector or delete the Client created endpoint altogether.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("no-access", "read-only", "consume", "modify-topic", "delete"),
+				},
+				Default: "no-access",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "redeliveryDelayEnabled",
+				TerraformName:       "redelivery_delay_enabled",
+				MarkdownDescription: "Enable or disable a message redelivery delay. When false, messages are redelivered as-soon-as-possible.  When true, messages are redelivered according to the initial, max and multiplier.  This should only be enabled when redelivery is enabled. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`. Available since SEMP API version 2.33.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "redeliveryDelayInitialInterval",
+				TerraformName:       "redelivery_delay_initial_interval",
+				MarkdownDescription: "The delay to be used between the first 2 redelivery attempts.  This value is in milliseconds. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `1000`. Available since SEMP API version 2.33.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 3600000),
+				},
+				Default: 1000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "redeliveryDelayMaxInterval",
+				TerraformName:       "redelivery_delay_max_interval",
+				MarkdownDescription: "The maximum delay to be used between any 2 redelivery attempts.  This value is in milliseconds.  Due to technical limitations, some redelivery attempt delays may slightly exceed this value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `64000`. Available since SEMP API version 2.33.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 10800000),
+				},
+				Default: 64000,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "redeliveryDelayMultiplier",
+				TerraformName:       "redelivery_delay_multiplier",
+				MarkdownDescription: "The amount each delay interval is multiplied by after each failed delivery attempt.  This number is in a fixed-point decimal format in which you must divide by 100 to get the floating point value. For example, a value of 125 would cause the delay to be multiplied by 1.25. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `200`. Available since SEMP API version 2.33.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(100, 500),
+				},
+				Default: 200,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "redeliveryEnabled",
+				TerraformName:       "redelivery_enabled",
+				MarkdownDescription: "Enable or disable message redelivery. When enabled, the number of redelivery attempts is controlled by max_redelivery_count. When disabled, the message will never be delivered from the topic-endpoint more than once. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `true`. Available since SEMP API version 2.18.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "rejectLowPriorityMsgEnabled",
+				TerraformName:       "reject_low_priority_msg_enabled",
+				MarkdownDescription: "Enable or disable the checking of low priority messages against the `reject_low_priority_msg_limit`. This may only be enabled if `reject_msg_to_sender_on_discard_behavior` does not have a value of `\"never\"`. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "rejectLowPriorityMsgLimit",
+				TerraformName:       "reject_low_priority_msg_limit",
+				MarkdownDescription: "The number of messages that are permitted before low priority messages are rejected. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `0`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(0, 4294967295),
+				},
+				Default: 0,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "rejectMsgToSenderOnDiscardBehavior",
+				TerraformName:       "reject_msg_to_sender_on_discard_behavior",
+				MarkdownDescription: "Determines when to return negative acknowledgments (NACKs) to sending clients on message discards. Note that NACKs cause the message to not be delivered to any destination and Transacted Session commits to fail. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"never\"`. The allowed values and their meaning are:\n\n<pre>\n\"never\" - Silently discard messages.\n\"when-topic-endpoint-enabled\" - NACK each message discard back to the client, except messages that are discarded because an endpoint is administratively disabled.\n\"always\" - NACK each message discard back to the client, including messages that are discarded because an endpoint is administratively disabled.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("never", "when-topic-endpoint-enabled", "always"),
+				},
+				Default: "never",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "respectMsgPriorityEnabled",
+				TerraformName:       "respect_msg_priority_enabled",
+				MarkdownDescription: "Enable or disable the respecting of message priority. When enabled, messages are delivered in priority order, from 9 (highest) to 0 (lowest). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "respectTtlEnabled",
+				TerraformName:       "respect_ttl_enabled",
+				MarkdownDescription: "Enable or disable the respecting of the time-to-live (TTL) for messages. When enabled, expired messages are discarded or moved to the DMQ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "topicEndpointNameFilter",
+				TerraformName:       "topic_endpoint_name_filter",
+				MarkdownDescription: "A pattern used to determine which Topic Endpoints use settings from this Template. Two different wildcards can be used in the pattern: * and >. Similar to topic filters or subscription patterns, a > matches anything (but only when used at the end), and a * matches zero or more characters but never a slash (/). A > is only a wildcard when  used at the end, after a /. A * is only allowed at the end, after a slash (/). Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "topicEndpointTemplateName",
+				TerraformName:       "topic_endpoint_template_name",
+				MarkdownDescription: "The name of the Topic Endpoint Template.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 255),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^#?*][^?*]*$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/OauthProfile.go b/internal/broker/generated/OauthProfile.go
new file mode 100644
index 00000000..08d1fbf1
--- /dev/null
+++ b/internal/broker/generated/OauthProfile.go
@@ -0,0 +1,547 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "oauth_profile",
+		MarkdownDescription: "OAuth profiles specify how to securely authenticate to an OAuth provider.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclient_secret||x||x\noauth_profile_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.24.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/oauthProfiles/{oauthProfileName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "accessLevelGroupsClaimName",
+				TerraformName:       "access_level_groups_claim_name",
+				MarkdownDescription: "The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"groups\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 100),
+				},
+				Default: "groups",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "accessLevelGroupsClaimStringFormat",
+				TerraformName:       "access_level_groups_claim_string_format",
+				MarkdownDescription: "The format of the access level groups claim value when it is a string. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"single\"`. The allowed values and their meaning are:\n\n<pre>\n\"single\" - When the claim is a string, it is interpreted as as single group.\n\"space-delimited\" - When the claim is a string, it is interpreted as a space-delimited list of groups, similar to the \"scope\" claim.\n</pre>\n Available since SEMP API version 2.32.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("single", "space-delimited"),
+				},
+				Default: "single",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientId",
+				TerraformName:       "client_id",
+				MarkdownDescription: "The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientRedirectUri",
+				TerraformName:       "client_redirect_uri",
+				MarkdownDescription: "The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 300),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientRequiredType",
+				TerraformName:       "client_required_type",
+				MarkdownDescription: "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"JWT\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+				},
+				Default: "JWT",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientScope",
+				TerraformName:       "client_scope",
+				MarkdownDescription: "The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"openid email\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "openid email",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientSecret",
+				TerraformName:       "client_secret",
+				MarkdownDescription: "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4 (refer to the `Notes` section in the SEMP API `Config reference`). Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Sensitive:           true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 512),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "clientValidateTypeEnabled",
+				TerraformName:       "client_validate_type_enabled",
+				MarkdownDescription: "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "defaultGlobalAccessLevel",
+				TerraformName:       "default_global_access_level",
+				MarkdownDescription: "The default global access level for this OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to global data.\n\"read-only\" - User has read-only access to global data.\n\"read-write\" - User has read-write access to most global data.\n\"admin\" - User has read-write access to all global data.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "read-only", "read-write", "admin"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "defaultMsgVpnAccessLevel",
+				TerraformName:       "default_msg_vpn_access_level",
+				MarkdownDescription: "The default message VPN access level for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "read-only", "read-write"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "displayName",
+				TerraformName:       "display_name",
+				MarkdownDescription: "The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 64),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "endpointAuthorization",
+				TerraformName:       "endpoint_authorization",
+				MarkdownDescription: "The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "endpointDiscovery",
+				TerraformName:       "endpoint_discovery",
+				MarkdownDescription: "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "endpointDiscoveryRefreshInterval",
+				TerraformName:       "endpoint_discovery_refresh_interval",
+				MarkdownDescription: "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(60, 31536000),
+				},
+				Default: 86400,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "endpointIntrospection",
+				TerraformName:       "endpoint_introspection",
+				MarkdownDescription: "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "endpointIntrospectionTimeout",
+				TerraformName:       "endpoint_introspection_timeout",
+				MarkdownDescription: "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 60),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "endpointJwks",
+				TerraformName:       "endpoint_jwks",
+				MarkdownDescription: "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "endpointJwksRefreshInterval",
+				TerraformName:       "endpoint_jwks_refresh_interval",
+				MarkdownDescription: "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(60, 31536000),
+				},
+				Default: 86400,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "endpointToken",
+				TerraformName:       "endpoint_token",
+				MarkdownDescription: "The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "endpointTokenTimeout",
+				TerraformName:       "endpoint_token_timeout",
+				MarkdownDescription: "The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 60),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "endpointUserinfo",
+				TerraformName:       "endpoint_userinfo",
+				MarkdownDescription: "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.Int64,
+				SempName:            "endpointUserinfoTimeout",
+				TerraformName:       "endpoint_userinfo_timeout",
+				MarkdownDescription: "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.",
+				Type:                types.Int64Type,
+				TerraformType:       tftypes.Number,
+				Converter:           broker.IntegerConverter{},
+				Int64Validators: []validator.Int64{
+					int64validator.Between(1, 60),
+				},
+				Default: 1,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "interactiveEnabled",
+				TerraformName:       "interactive_enabled",
+				MarkdownDescription: "Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "interactivePromptForExpiredSession",
+				TerraformName:       "interactive_prompt_for_expired_session",
+				MarkdownDescription: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "interactivePromptForNewSession",
+				TerraformName:       "interactive_prompt_for_new_session",
+				MarkdownDescription: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"select_account\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32),
+				},
+				Default: "select_account",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "issuer",
+				TerraformName:       "issuer",
+				MarkdownDescription: "The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthProfileName",
+				TerraformName:       "oauth_profile_name",
+				MarkdownDescription: "The name of the OAuth profile.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthRole",
+				TerraformName:       "oauth_role",
+				MarkdownDescription: "The OAuth role of the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"client\"`. The allowed values and their meaning are:\n\n<pre>\n\"client\" - The broker is in the OAuth client role.\n\"resource-server\" - The broker is in the OAuth resource server role.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("client", "resource-server"),
+				},
+				Default: "client",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "resourceServerParseAccessTokenEnabled",
+				TerraformName:       "resource_server_parse_access_token_enabled",
+				MarkdownDescription: "Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "resourceServerRequiredAudience",
+				TerraformName:       "resource_server_required_audience",
+				MarkdownDescription: "The required audience value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "resourceServerRequiredIssuer",
+				TerraformName:       "resource_server_required_issuer",
+				MarkdownDescription: "The required issuer value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "resourceServerRequiredScope",
+				TerraformName:       "resource_server_required_scope",
+				MarkdownDescription: "A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 200),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "resourceServerRequiredType",
+				TerraformName:       "resource_server_required_type",
+				MarkdownDescription: "The required TYP value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"at+jwt\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+				},
+				Default: "at+jwt",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "resourceServerValidateAudienceEnabled",
+				TerraformName:       "resource_server_validate_audience_enabled",
+				MarkdownDescription: "Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "resourceServerValidateIssuerEnabled",
+				TerraformName:       "resource_server_validate_issuer_enabled",
+				MarkdownDescription: "Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "resourceServerValidateScopeEnabled",
+				TerraformName:       "resource_server_validate_scope_enabled",
+				MarkdownDescription: "Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "resourceServerValidateTypeEnabled",
+				TerraformName:       "resource_server_validate_type_enabled",
+				MarkdownDescription: "Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "sempEnabled",
+				TerraformName:       "semp_enabled",
+				MarkdownDescription: "Enable or disable authentication of SEMP requests with OAuth tokens. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             true,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "usernameClaimName",
+				TerraformName:       "username_claim_name",
+				MarkdownDescription: "The name of the username claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"sub\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+				Default: "sub",
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/OauthProfileAccessLevelGroup.go b/internal/broker/generated/OauthProfileAccessLevelGroup.go
new file mode 100644
index 00000000..87b768db
--- /dev/null
+++ b/internal/broker/generated/OauthProfileAccessLevelGroup.go
@@ -0,0 +1,120 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "oauth_profile_access_level_group",
+		MarkdownDescription: "The name of a group as it exists on the OAuth server being used to authenticate SEMP users.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ngroup_name|x|||\noauth_profile_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.24.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/oauthProfiles/{oauthProfileName}/accessLevelGroups/{groupName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "description",
+				TerraformName:       "description",
+				MarkdownDescription: "A description for the group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 64),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "globalAccessLevel",
+				TerraformName:       "global_access_level",
+				MarkdownDescription: "The global access level for this group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to global data.\n\"read-only\" - User has read-only access to global data.\n\"read-write\" - User has read-write access to most global data.\n\"admin\" - User has read-write access to all global data.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "read-only", "read-write", "admin"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "groupName",
+				TerraformName:       "group_name",
+				MarkdownDescription: "The name of the group.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnAccessLevel",
+				TerraformName:       "msg_vpn_access_level",
+				MarkdownDescription: "The default message VPN access level for this group. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "read-only", "read-write"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthProfileName",
+				TerraformName:       "oauth_profile_name",
+				MarkdownDescription: "The name of the OAuth profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/OauthProfileAccessLevelGroupMsgVpnAccessLevelException.go b/internal/broker/generated/OauthProfileAccessLevelGroupMsgVpnAccessLevelException.go
new file mode 100644
index 00000000..f5b9701e
--- /dev/null
+++ b/internal/broker/generated/OauthProfileAccessLevelGroupMsgVpnAccessLevelException.go
@@ -0,0 +1,111 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "oauth_profile_access_level_group_msg_vpn_access_level_exception",
+		MarkdownDescription: "Message VPN access-level exceptions for members of this group.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\ngroup_name|x|||\nmsg_vpn_name|x|||\noauth_profile_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.24.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/oauthProfiles/{oauthProfileName}/accessLevelGroups/{groupName}/msgVpnAccessLevelExceptions/{msgVpnName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "accessLevel",
+				TerraformName:       "access_level",
+				MarkdownDescription: "The message VPN access level. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "read-only", "read-write"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "groupName",
+				TerraformName:       "group_name",
+				MarkdownDescription: "The name of the group.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 64),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the message VPN.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthProfileName",
+				TerraformName:       "oauth_profile_name",
+				MarkdownDescription: "The name of the OAuth profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/OauthProfileClientAllowedHost.go b/internal/broker/generated/OauthProfileClientAllowedHost.go
new file mode 100644
index 00000000..686ce7c9
--- /dev/null
+++ b/internal/broker/generated/OauthProfileClientAllowedHost.go
@@ -0,0 +1,82 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "oauth_profile_client_allowed_host",
+		MarkdownDescription: "A valid hostname for this broker in OAuth redirects.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nallowed_host|x|||\noauth_profile_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.24.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/oauthProfiles/{oauthProfileName}/clientAllowedHosts/{allowedHost}",
+		PostPathTemplate:    "/oauthProfiles/{oauthProfileName}/clientAllowedHosts",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "allowedHost",
+				TerraformName:       "allowed_host",
+				MarkdownDescription: "An allowed value for the Host header.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 255),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthProfileName",
+				TerraformName:       "oauth_profile_name",
+				MarkdownDescription: "The name of the OAuth profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/OauthProfileClientAuthorizationParameter.go b/internal/broker/generated/OauthProfileClientAuthorizationParameter.go
new file mode 100644
index 00000000..e7c0b659
--- /dev/null
+++ b/internal/broker/generated/OauthProfileClientAuthorizationParameter.go
@@ -0,0 +1,94 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "oauth_profile_client_authorization_parameter",
+		MarkdownDescription: "Additional parameters to be passed to the OAuth authorization endpoint.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nauthorization_parameter_name|x|||\noauth_profile_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.24.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/oauthProfiles/{oauthProfileName}/clientAuthorizationParameters/{authorizationParameterName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authorizationParameterName",
+				TerraformName:       "authorization_parameter_name",
+				MarkdownDescription: "The name of the authorization parameter.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "authorizationParameterValue",
+				TerraformName:       "authorization_parameter_value",
+				MarkdownDescription: "The authorization parameter value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 255),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthProfileName",
+				TerraformName:       "oauth_profile_name",
+				MarkdownDescription: "The name of the OAuth profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/OauthProfileClientRequiredClaim.go b/internal/broker/generated/OauthProfileClientRequiredClaim.go
new file mode 100644
index 00000000..32b2e372
--- /dev/null
+++ b/internal/broker/generated/OauthProfileClientRequiredClaim.go
@@ -0,0 +1,96 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "oauth_profile_client_required_claim",
+		MarkdownDescription: "Additional claims to be verified in the ID token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nclient_required_claim_name|x|||\noauth_profile_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.24.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/oauthProfiles/{oauthProfileName}/clientRequiredClaims/{clientRequiredClaimName}",
+		PostPathTemplate:    "/oauthProfiles/{oauthProfileName}/clientRequiredClaims",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientRequiredClaimName",
+				TerraformName:       "client_required_claim_name",
+				MarkdownDescription: "The name of the ID token claim to verify.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "clientRequiredClaimValue",
+				TerraformName:       "client_required_claim_value",
+				MarkdownDescription: "The required claim value, which must be a string containing a valid JSON value.",
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthProfileName",
+				TerraformName:       "oauth_profile_name",
+				MarkdownDescription: "The name of the OAuth profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/OauthProfileDefaultMsgVpnAccessLevelException.go b/internal/broker/generated/OauthProfileDefaultMsgVpnAccessLevelException.go
new file mode 100644
index 00000000..d0da1bfe
--- /dev/null
+++ b/internal/broker/generated/OauthProfileDefaultMsgVpnAccessLevelException.go
@@ -0,0 +1,95 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "oauth_profile_default_msg_vpn_access_level_exception",
+		MarkdownDescription: "Default message VPN access-level exceptions.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nmsg_vpn_name|x|||\noauth_profile_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.24.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/oauthProfiles/{oauthProfileName}/defaultMsgVpnAccessLevelExceptions/{msgVpnName}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "accessLevel",
+				TerraformName:       "access_level",
+				MarkdownDescription: "The message VPN access level. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"none\"`. The allowed values and their meaning are:\n\n<pre>\n\"none\" - User has no access to a Message VPN.\n\"read-only\" - User has read-only access to a Message VPN.\n\"read-write\" - User has read-write access to most Message VPN settings.\n</pre>\n",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.OneOf("none", "read-only", "read-write"),
+				},
+				Default: "none",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The name of the message VPN.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthProfileName",
+				TerraformName:       "oauth_profile_name",
+				MarkdownDescription: "The name of the OAuth profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]+$"), ""),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/OauthProfileResourceServerRequiredClaim.go b/internal/broker/generated/OauthProfileResourceServerRequiredClaim.go
new file mode 100644
index 00000000..4a4376fe
--- /dev/null
+++ b/internal/broker/generated/OauthProfileResourceServerRequiredClaim.go
@@ -0,0 +1,96 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "oauth_profile_resource_server_required_claim",
+		MarkdownDescription: "Additional claims to be verified in the access token.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\noauth_profile_name|x|||\nresource_server_required_claim_name|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.24.",
+		ObjectType:          broker.ReplaceOnlyObject,
+		PathTemplate:        "/oauthProfiles/{oauthProfileName}/resourceServerRequiredClaims/{resourceServerRequiredClaimName}",
+		PostPathTemplate:    "/oauthProfiles/{oauthProfileName}/resourceServerRequiredClaims",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "oauthProfileName",
+				TerraformName:       "oauth_profile_name",
+				MarkdownDescription: "The name of the OAuth profile.",
+				Identifying:         true,
+				Required:            true,
+				ReadOnly:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[A-Za-z0-9_]+$"), ""),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "resourceServerRequiredClaimName",
+				TerraformName:       "resource_server_required_claim_name",
+				MarkdownDescription: "The name of the access token claim to verify.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 100),
+				},
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "resourceServerRequiredClaimValue",
+				TerraformName:       "resource_server_required_claim_value",
+				MarkdownDescription: "The required claim value, which must be a string containing a valid JSON value.",
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 200),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/generated/VersionDetails.go b/internal/broker/generated/VersionDetails.go
new file mode 100644
index 00000000..7b3ab969
--- /dev/null
+++ b/internal/broker/generated/VersionDetails.go
@@ -0,0 +1,26 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import "terraform-provider-solacebroker/internal/broker"
+
+const BasePath = "/SEMP/v2/config"
+const SempVersion = "2.36"
+
+func init() {
+	broker.RegisterSempVersionDetails(BasePath, SempVersion)
+}
diff --git a/internal/broker/generated/VirtualHostname.go b/internal/broker/generated/VirtualHostname.go
new file mode 100644
index 00000000..c1b99318
--- /dev/null
+++ b/internal/broker/generated/VirtualHostname.go
@@ -0,0 +1,88 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generated
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"regexp"
+	"terraform-provider-solacebroker/internal/broker"
+)
+
+func init() {
+	info := broker.EntityInputs{
+		TerraformName:       "virtual_hostname",
+		MarkdownDescription: "A Virtual Hostname is a provisioned object on a message broker that contains a Virtual Hostname to Message VPN mapping.\n\nClients which connect to a global (as opposed to per Message VPN) port and provides this hostname will be directed to its corresponding Message VPN. A case-insentive match is performed on the full client-provided hostname against the configured virtual-hostname.\n\nThis mechanism is only supported for hostnames provided through the Server Name Indication (SNI) extension of TLS.\n\n\nAttribute|Identifying|Write-Only|Deprecated|Opaque\n:---|:---:|:---:|:---:|:---:\nvirtual_hostname|x|||\n\n\n\nA SEMP client authorized with a minimum access scope/level of \"global/read-only\" is required to perform this operation.\n\nThis has been available since SEMP API version 2.17.",
+		ObjectType:          broker.StandardObject,
+		PathTemplate:        "/virtualHostnames/{virtualHostname}",
+		Version:             0,
+		Attributes: []*broker.AttributeInfo{
+			{
+				BaseType:      broker.String,
+				SempName:      "id",
+				TerraformName: "id",
+				Type:          types.StringType,
+				TerraformType: tftypes.String,
+				Converter:     broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				Default:       "",
+			},
+			{
+				BaseType:            broker.Bool,
+				SempName:            "enabled",
+				TerraformName:       "enabled",
+				MarkdownDescription: "Enable or disable Virtual Hostname to Message VPN mapping. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.",
+				Type:                types.BoolType,
+				TerraformType:       tftypes.Bool,
+				Converter:           broker.SimpleConverter[bool]{TerraformType: tftypes.Bool},
+				Default:             false,
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "msgVpnName",
+				TerraformName:       "msg_vpn_name",
+				MarkdownDescription: "The message VPN to which this virtual hostname is mapped. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.",
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(0, 32),
+					stringvalidator.RegexMatches(regexp.MustCompile("^[^*?]*$"), ""),
+				},
+				Default: "",
+			},
+			{
+				BaseType:            broker.String,
+				SempName:            "virtualHostname",
+				TerraformName:       "virtual_hostname",
+				MarkdownDescription: "The virtual hostname.",
+				Identifying:         true,
+				Required:            true,
+				RequiresReplace:     true,
+				Type:                types.StringType,
+				TerraformType:       tftypes.String,
+				Converter:           broker.SimpleConverter[string]{TerraformType: tftypes.String},
+				StringValidators: []validator.String{
+					stringvalidator.LengthBetween(1, 253),
+				},
+			},
+		},
+	}
+	broker.RegisterResource(info)
+	broker.RegisterDataSource(info)
+}
diff --git a/internal/broker/provider.go b/internal/broker/provider.go
new file mode 100644
index 00000000..0a50f1a9
--- /dev/null
+++ b/internal/broker/provider.go
@@ -0,0 +1,173 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package broker
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/http/cookiejar"
+	"strings"
+
+	"github.com/hashicorp/go-version"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/provider"
+	"github.com/hashicorp/terraform-plugin-framework/provider/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+)
+
+const minRequiredBrokerSempApiVersion = "2.33" // Shipped with broker version 10.3
+
+var _ provider.Provider = &BrokerProvider{}
+var ProviderVersion string
+
+var Cookiejar, _ = cookiejar.New(nil)
+
+type BrokerProvider struct {
+	Version string
+}
+
+func (p *BrokerProvider) Metadata(_ context.Context, _ provider.MetadataRequest, response *provider.MetadataResponse) {
+	response.Version = p.Version
+	response.TypeName = "solacebroker"
+}
+
+func (p *BrokerProvider) Schema(_ context.Context, _ provider.SchemaRequest, response *provider.SchemaResponse) {
+	response.Schema = schema.Schema{
+		Attributes: map[string]schema.Attribute{
+			"url": schema.StringAttribute{
+				MarkdownDescription: "The base URL of the event broker, for example `https://mybroker.example.org:1943/`. The trailing / can be omitted.",
+				Required:            true,
+			},
+			"username": schema.StringAttribute{
+				MarkdownDescription: "The username to connect to the broker with.  Requires password and conflicts with bearer_token.",
+				Optional:            true,
+			},
+			"password": schema.StringAttribute{
+				MarkdownDescription: "The password to connect to the broker with. Requires username and conflicts with bearer_token.",
+				Optional:            true,
+				Sensitive:           true,
+			},
+			"bearer_token": schema.StringAttribute{
+				MarkdownDescription: "A bearer token that will be sent in the Authorization header of SEMP requests. Requires TLS transport enabled. Conflicts with username and password.",
+				Optional:            true,
+				Sensitive:           true,
+			},
+			"retries": schema.Int64Attribute{
+				MarkdownDescription: "The number of retries for a SEMP call. The default value is 10.",
+				Optional:            true,
+			},
+			"retry_min_interval": schema.StringAttribute{
+				MarkdownDescription: "A [duration](https://pkg.go.dev/maze.io/x/duration#ParseDuration) string indicating how long to wait after an initial failed request before the first retry.  Exponential backoff is used, up to the limit set by retry_max_interval. The default value is 3s.",
+				Optional:            true,
+			},
+			"retry_max_interval": schema.StringAttribute{
+				MarkdownDescription: "A [duration](https://pkg.go.dev/maze.io/x/duration#ParseDuration) string indicating the maximum retry interval. The default value is 30s.",
+				Optional:            true,
+			},
+			"request_timeout_duration": schema.StringAttribute{
+				MarkdownDescription: "A [duration](https://pkg.go.dev/maze.io/x/duration#ParseDuration) string indicating the maximum time to wait for a SEMP request.  The default value is 1m.",
+				Optional:            true,
+			},
+			"request_min_interval": schema.StringAttribute{
+				MarkdownDescription: "A [duration](https://pkg.go.dev/maze.io/x/duration#ParseDuration) string indicating the minimum interval between requests; this serves as a rate limit. This setting does not apply to retries. Set to 0 for no rate limit. The default value is 100ms (which equates to a rate limit of 10 calls per second).",
+				Optional:            true,
+			},
+			"insecure_skip_verify": schema.BoolAttribute{
+				MarkdownDescription: "Disable validation of server SSL certificates, accept/ignore self-signed. The default value is false.",
+				Optional:            true,
+			},
+		},
+		MarkdownDescription: "",
+	}
+}
+
+func (p *BrokerProvider) Configure(ctx context.Context, req provider.ConfigureRequest, resp *provider.ConfigureResponse) {
+	// Retrieve provider data from configuration
+	var config providerData
+	diags := req.Config.Get(ctx, &config)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = tflog.SetField(ctx, "solacebroker_url", strings.Trim(config.Url.String(), "\""))
+	ctx = tflog.SetField(ctx, "solacebroker_provider_version", p.Version)
+	tflog.Debug(ctx, "Configuring solacebroker provider client")
+
+	client, d := client(&config)
+	if d != nil {
+		resp.Diagnostics.Append(d)
+		if resp.Diagnostics.HasError() {
+			return
+		}
+	}
+
+	path := "/about/api"
+	result, err := client.RequestWithoutBody(ctx, http.MethodGet, path)
+	if err != nil {
+		addErrorToDiagnostics(&resp.Diagnostics, "SEMP call failed", err)
+		return
+	}
+	brokerSempVersion, err := version.NewVersion(result["sempVersion"].(string))
+	if err != nil {
+		addErrorToDiagnostics(&resp.Diagnostics, "unable to parse SEMP version returned from \"/about/api\"", err)
+		return
+	}
+	minSempVersion, _ := version.NewVersion(minRequiredBrokerSempApiVersion)
+	if brokerSempVersion.LessThan(minSempVersion) {
+		err := fmt.Errorf("BrokerSempVersion %s is less than required %s", brokerSempVersion, minSempVersion)
+		addErrorToDiagnostics(&resp.Diagnostics, "Broker does not meet minimum SEMP API version", err)
+		return
+	}
+
+	tflog.Info(ctx, "Solacebroker provider client config success")
+
+	resp.ResourceData = &config
+	resp.DataSourceData = &config
+}
+
+func (p *BrokerProvider) Resources(_ context.Context) []func() resource.Resource {
+	return Resources
+}
+
+func (p *BrokerProvider) DataSources(_ context.Context) []func() datasource.DataSource {
+	return DataSources
+}
+
+type providerData struct {
+	Url                    types.String `tfsdk:"url"`
+	Username               types.String `tfsdk:"username"`
+	Password               types.String `tfsdk:"password"`
+	BearerToken            types.String `tfsdk:"bearer_token"`
+	Retries                types.Int64  `tfsdk:"retries"`
+	RetryMinInterval       types.String `tfsdk:"retry_min_interval"`
+	RetryMaxInterval       types.String `tfsdk:"retry_max_interval"`
+	RequestTimeoutDuration types.String `tfsdk:"request_timeout_duration"`
+	RequestMinInterval     types.String `tfsdk:"request_min_interval"`
+	InsecureSkipVerify     types.Bool   `tfsdk:"insecure_skip_verify"`
+}
+
+func New(version string) func() provider.Provider {
+	return func() provider.Provider {
+		return &BrokerProvider{
+			Version: version,
+		}
+	}
+}
diff --git a/internal/broker/resource.go b/internal/broker/resource.go
new file mode 100644
index 00000000..d61011f0
--- /dev/null
+++ b/internal/broker/resource.go
@@ -0,0 +1,529 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package broker
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"path/filepath"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+
+	"terraform-provider-solacebroker/internal/semp"
+)
+
+const (
+	defaults = "defaults"
+	defaultObjectName = "default"
+)
+
+var (
+	ErrDeleteSingletonOrDefaultsNotAllowed = errors.New("Deleting singleton or default objects are not allowed from the broker")
+)
+
+func newBrokerResource(inputs EntityInputs) brokerEntity[schema.Schema] {
+	return newBrokerEntity(inputs, true)
+}
+
+func newBrokerResourceGenerator(inputs EntityInputs) func() resource.Resource {
+	return newBrokerResourceClosure(newBrokerResource(inputs))
+}
+
+func newBrokerResourceClosure(templateEntity brokerEntity[schema.Schema]) func() resource.Resource {
+	return func() resource.Resource {
+		var r = brokerResource(templateEntity)
+		return &r
+	}
+}
+
+var (
+	_ resource.ResourceWithConfigure        = &brokerResource{}
+	_ resource.ResourceWithConfigValidators = &brokerResource{}
+	_ resource.ResourceWithImportState      = &brokerResource{}
+	_ resource.ResourceWithUpgradeState     = &brokerResource{}
+)
+
+type brokerResource brokerEntity[schema.Schema]
+
+// Compares the value with the attribute default value. Must take care of type conversions.
+func isValueEqualsAttrDefault(attr *AttributeInfo, response tftypes.Value, brokerDefault tftypes.Value) (bool, error) {
+	responseValue, err := attr.Converter.FromTerraform(response)
+	if err != nil {
+		return false, err
+	}
+	if attr.Default == nil {
+		if brokerDefault.IsNull() {
+			// No broker default
+			return false, nil
+		}
+		// Analyze broker default
+		brokerDefaultValue, err := attr.Converter.FromTerraform(brokerDefault)
+		if err != nil {
+			return false, err
+		}
+		// compare
+		return responseValue == brokerDefaultValue, nil
+	}
+	tfDefault, err := attr.Converter.ToTerraform(attr.Default)
+	if err != nil {
+		return false, err
+	}
+	attrDefaultValue, err := attr.Converter.FromTerraform(tfDefault)
+	if err != nil {
+		return false, err
+	}
+	return responseValue == attrDefaultValue, nil
+}
+
+func toId(path string) string {
+	// the generated id will only be used for testing
+	return filepath.Base(path)
+}
+
+func (r *brokerResource) resetResponse(attributes []*AttributeInfo, response tftypes.Value, brokerDefaults tftypes.Value, state tftypes.Value, isObject bool) (tftypes.Value, error) {
+	responseValues := map[string]tftypes.Value{}
+	err := response.As(&responseValues)
+	if err != nil {
+		return tftypes.Value{}, err
+	}
+	stateValues := map[string]tftypes.Value{}
+	err = state.As(&stateValues)
+	if err != nil {
+		return tftypes.Value{}, err
+	}
+	brokerDefaultValues := map[string]tftypes.Value{}
+	err = brokerDefaults.As(&brokerDefaultValues)
+	if err != nil {
+		return tftypes.Value{}, err
+	}
+	for _, attr := range attributes {
+		name := attr.TerraformName
+		response, responseExists := responseValues[name]
+		state, stateExists := stateValues[name]
+		if responseExists && response.IsKnown() && !response.IsNull() {
+			if len(attr.Attributes) != 0 {
+				// This case is an object, typically threshold attributes
+				v, err := r.resetResponse(attr.Attributes, response, tftypes.NewValue(attr.TerraformType, nil), state, true)
+				if err != nil {
+					return tftypes.Value{}, err
+				}
+				responseValuesMap := map[string]tftypes.Value{}
+				err = v.As(&responseValuesMap)
+				if err != nil {
+					return tftypes.Value{}, err
+				}
+				allDefaults := true
+				for _, attr := range responseValuesMap {
+					if !attr.IsNull() {
+						allDefaults = false
+						break
+					}
+				}
+				if allDefaults {
+					// Set the whole object to null
+					responseValues[name] = tftypes.NewValue(attr.TerraformType, nil)
+				} else {
+					// Keep the object with individual attributes
+					responseValues[name] = v
+				}
+			} else {
+				isResponseValueDefault, err := isValueEqualsAttrDefault(attr, response, brokerDefaultValues[name])
+				if err != nil {
+					return tftypes.Value{}, err
+				}
+				if !isResponseValueDefault {
+					continue // do not change response for this attr if it was non-default
+				}
+				if !stateExists && isObject {
+					responseValues[name] = tftypes.NewValue(attr.TerraformType, nil)
+				} else if stateExists && state.IsNull() {
+					responseValues[name] = state
+				} // else leave attr response unchanged
+			}
+		} else if stateExists && attr.Sensitive {
+			responseValues[name] = state
+		} else {
+			responseValues[name] = tftypes.NewValue(attr.TerraformType, nil)
+		}
+	}
+	return tftypes.NewValue(response.Type(), responseValues), nil
+}
+
+func (r *brokerResource) findBrokerDefaults(attributes []*AttributeInfo, response tftypes.Value, request tftypes.Value) (any, error) {
+	defaultValues := map[string]tftypes.Value{}
+	requestValues := map[string]tftypes.Value{}
+	err := request.As(&requestValues)
+	if err != nil {
+		return nil, err
+	}
+	responseValues := map[string]tftypes.Value{}
+	err = response.As(&responseValues)
+	if err != nil {
+		return nil, err
+	}
+	for _, attr := range attributes {
+		// Set obtained default values and null for any other attributes
+		name := attr.TerraformName
+		if !attr.Identifying && attr.ReadOnly {
+			continue
+		}
+		if attr.Default == nil && requestValues[name].IsNull() && attr.BaseType != Struct {
+			defaultValues[name] = responseValues[name]
+		} else {
+			defaultValues[name] = tftypes.NewValue(attr.TerraformType, nil)
+		}
+	}
+	return r.converter.FromTerraform(tftypes.NewValue(request.Type(), defaultValues))
+}
+
+func convert(any any) {
+	panic("unimplemented")
+}
+
+func (r *brokerResource) Schema(_ context.Context, request resource.SchemaRequest, response *resource.SchemaResponse) {
+	response.Schema = r.schema
+}
+
+func (r *brokerResource) Metadata(_ context.Context, request resource.MetadataRequest, response *resource.MetadataResponse) {
+	response.TypeName = request.ProviderTypeName + "_" + r.terraformName
+}
+
+func (r *brokerResource) Configure(_ context.Context, request resource.ConfigureRequest, response *resource.ConfigureResponse) {
+	if request.ProviderData == nil {
+		return
+	}
+	config, ok := request.ProviderData.(*providerData)
+	if !ok {
+		d := diag.NewErrorDiagnostic("Unexpected resource configuration", fmt.Sprintf("Unexpected type %T for provider data; expected %T.", request.ProviderData, config))
+		response.Diagnostics.Append(d)
+		return
+	}
+	r.providerData = config
+}
+
+func (r *brokerResource) Create(ctx context.Context, request resource.CreateRequest, response *resource.CreateResponse) {
+	client, d := client(r.providerData)
+	if d != nil {
+		response.Diagnostics.Append(d)
+		if response.Diagnostics.HasError() {
+			return
+		}
+	}
+
+	sempData, err := r.converter.FromTerraform(request.Plan.Raw)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Error converting data", err)
+		return
+	}
+
+	var sempPath string
+	var id string
+	method := http.MethodPut
+	if r.postPathTemplate != "" {
+		method = http.MethodPost
+		sempPath, err = resolveSempPath(r.postPathTemplate, r.identifyingAttributes, request.Plan.Raw)
+		var idPath string
+		idPath, err = resolveSempPath(r.pathTemplate, r.identifyingAttributes, request.Plan.Raw)
+		id = toId(idPath)
+	} else {
+		sempPath, err = resolveSempPath(r.pathTemplate, r.identifyingAttributes, request.Plan.Raw)
+		id = toId(sempPath)
+	}
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Error generating SEMP path", err)
+		return
+	}
+	if r.objectType == SingletonObject {
+		// if the object is a singleton, PATCH rather than PUT
+		method = http.MethodPatch
+	}
+	jsonResponseData, err := client.RequestWithBody(ctx, method, sempPath, sempData)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "SEMP call failed", err)
+		return
+	}
+	// Determine broker defaults as each attribute response, where request was set to null and it didn't have a default
+	//   then store it as private data
+	tfResponseData, err := r.converter.ToTerraform(jsonResponseData)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "SEMP response conversion failed", err)
+		return
+	}
+	brokerDefaultsData, err := r.findBrokerDefaults(r.attributes, tfResponseData, request.Plan.Raw)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Response postprocessing failed", err)
+		return
+	}
+	privatData, err := json.Marshal(brokerDefaultsData)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Response postprocessing failed", err)
+		return
+	}
+	tflog.Info(ctx, fmt.Sprintf("Create: determined following broker-defined defaults:\n%v", brokerDefaultsData))
+	response.Private.SetKey(ctx, defaults, privatData)
+	// Set the response
+	response.State.Raw = request.Plan.Raw
+	response.State.SetAttribute(ctx, path.Root("id"), id)
+}
+
+func (r *brokerResource) Read(ctx context.Context, request resource.ReadRequest, response *resource.ReadResponse) {
+	client, d := client(r.providerData)
+	if d != nil {
+		response.Diagnostics.Append(d)
+		if response.Diagnostics.HasError() {
+			return
+		}
+	}
+	sempPath, err := resolveSempPath(r.pathTemplate, r.identifyingAttributes, request.State.Raw)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Error generating SEMP path", err)
+		return
+	}
+	sempData, err := client.RequestWithoutBody(ctx, http.MethodGet, sempPath)
+	if err != nil {
+		if errors.Is(err, semp.ErrResourceNotFound) {
+			tflog.Info(ctx, fmt.Sprintf("Detected missing resource %v, removing from state", sempPath))
+			response.State.RemoveResource(ctx)
+		} else if err == semp.ErrAPIUnreachable {
+			addErrorToDiagnostics(&response.Diagnostics, fmt.Sprintf("SEMP call failed. HOST not reachable. %v", sempPath), err)
+		} else {
+			addErrorToDiagnostics(&response.Diagnostics, "SEMP call failed", err)
+		}
+		return
+	}
+	sempData["id"] = toId(sempPath)
+	responseData, err := r.converter.ToTerraform(sempData)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "SEMP response conversion failed", err)
+		return
+	}
+	defaultsJson, diags := request.Private.GetKey(ctx, defaults)
+	if diags.HasError() {
+		response.Diagnostics.Append(diags...)
+		return
+	}
+	if defaultsJson == nil {
+		defaultsJson = []byte("{}")
+	}
+	brokerDefaultsData := map[string]any{}
+	err = json.Unmarshal(defaultsJson, &brokerDefaultsData)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Retrieve of defaults failed", err)
+		return
+	}
+	defaultsData, err := r.converter.ToTerraform(brokerDefaultsData)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Retrieve of defaults failed", err)
+		return
+	}
+	// Replace default values in response to null
+	responseData, err = r.resetResponse(r.attributes, responseData, defaultsData, request.State.Raw, false)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Read response postprocessing failed", err)
+		return
+	}
+	response.State.Raw = responseData
+}
+
+func (r *brokerResource) Update(ctx context.Context, request resource.UpdateRequest, response *resource.UpdateResponse) {
+	client, d := client(r.providerData)
+	if d != nil {
+		response.Diagnostics.Append(d)
+		if response.Diagnostics.HasError() {
+			return
+		}
+	}
+	sempData, err := r.converter.FromTerraform(request.Plan.Raw)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Error converting data", err)
+		return
+	}
+	sempPath, err := resolveSempPath(r.pathTemplate, r.identifyingAttributes, request.Plan.Raw)
+	id := toId(sempPath)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Error generating SEMP path", err)
+		return
+	}
+	method := http.MethodPut
+	if r.objectType == SingletonObject {
+		method = http.MethodPatch
+	}
+	jsonResponseData, err := client.RequestWithBody(ctx, method, sempPath, sempData)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "SEMP call failed", err)
+		return
+	}
+	// Determine broker defaults as each attribute response, where request was set to null and it didn't have a default
+	//   then store it as private data
+	tfResponseData, err := r.converter.ToTerraform(jsonResponseData)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "SEMP response conversion failed", err)
+		return
+	}
+	brokerDefaultsData, err := r.findBrokerDefaults(r.attributes, tfResponseData, request.Plan.Raw)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Response postprocessing failed", err)
+		return
+	}
+	privatData, err := json.Marshal(brokerDefaultsData)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Response postprocessing failed", err)
+		return
+	}
+	tflog.Info(ctx, fmt.Sprintf("Update: determined following broker-defined defaults:\n%v", brokerDefaultsData))
+	response.Private.SetKey(ctx, defaults, privatData)
+	// Set the response
+	response.State.Raw = request.Plan.Raw
+	response.State.SetAttribute(ctx, path.Root("id"), id)
+}
+
+func (r *brokerResource) Delete(ctx context.Context, request resource.DeleteRequest, response *resource.DeleteResponse) {
+	// don't actually do anything if the object is a singleton
+	if r.objectType == SingletonObject {
+		addWarningToDiagnostics(&response.Diagnostics, fmt.Sprintf("Associated state will be removed but singleton object %s cannot be deleted", r.terraformName), ErrDeleteSingletonOrDefaultsNotAllowed)
+		return
+	}
+	path, err := resolveSempPath(r.pathTemplate, r.identifyingAttributes, request.State.Raw)
+	if err != nil {
+		addErrorToDiagnostics(&response.Diagnostics, "Error generating SEMP path", err)
+		return
+	}
+	// don't actually do anything if the object is a default object
+  if toId(path) == defaultObjectName {
+		switch r.terraformName {
+			case
+				"msg_vpn",
+				"msg_vpn_client_profile",
+				"msg_vpn_acl_profile",
+				"msg_vpn_client_username":
+				addWarningToDiagnostics(&response.Diagnostics, fmt.Sprintf("Associated state will be removed but default object %s, \"%s\" cannot be deleted", r.terraformName, toId(path)), ErrDeleteSingletonOrDefaultsNotAllowed)
+				return
+		}
+	}
+  // request delete
+	client, d := client(r.providerData)
+	if d != nil {
+		response.Diagnostics.Append(d)
+		if response.Diagnostics.HasError() {
+			return
+		}
+	}
+	_, err = client.RequestWithoutBody(ctx, http.MethodDelete, path)
+	if err != nil {
+		if err == semp.ErrAPIUnreachable {
+			addErrorToDiagnostics(&response.Diagnostics, fmt.Sprintf("SEMP call failed. HOST not reachable. %v", path), err)
+			return
+		} else if !errors.Is(err, semp.ErrResourceNotFound) {
+			addErrorToDiagnostics(&response.Diagnostics, "SEMP call failed", err)
+			return
+		}
+		tflog.Info(ctx, fmt.Sprintf("Detected object %s, \"%s\" was already missing from the broker, removing from state", r.terraformName, toId(path)))
+		// Let destroy finish normally if the error was Resource Not Found - only means that the resource has already been removed from the broker.
+	}
+}
+
+func (r *brokerResource) ImportState(_ context.Context, request resource.ImportStateRequest, response *resource.ImportStateResponse) {
+
+	if len(r.identifyingAttributes) == 0 {
+		if request.ID != "" {
+			response.Diagnostics.AddError(
+				"singleton object requires empty identifier for import",
+				"singleton object requires empty identifier for import",
+			)
+		}
+		return
+	}
+	split := strings.Split(strings.ReplaceAll(request.ID, ",", "/"), "/")
+	if len(split) != len(r.identifyingAttributes) {
+		r.addIdentifierErrorToDiagnostics(&response.Diagnostics, request.ID)
+		return
+	}
+
+	identifierData := map[string]any{}
+	for i, attr := range r.identifyingAttributes {
+		v, err := url.PathUnescape(split[i])
+		if err != nil {
+			r.addIdentifierErrorToDiagnostics(&response.Diagnostics, request.ID)
+		}
+		identifierData[attr.SempName] = v
+	}
+	identifierState, err := r.converter.ToTerraform(identifierData)
+	if err != nil {
+		r.addIdentifierErrorToDiagnostics(&response.Diagnostics, request.ID)
+		return
+	}
+	response.State.Raw = identifierState
+}
+
+func addErrorToDiagnostics(diags *diag.Diagnostics, summary string, err error) {
+	for err != nil {
+		diags.AddError(summary, err.Error())
+		err = errors.Unwrap(err)
+	}
+}
+
+func addWarningToDiagnostics(diags *diag.Diagnostics, summary string, err error) {
+	for err != nil {
+		diags.AddWarning(summary, err.Error())
+		err = errors.Unwrap(err)
+	}
+}
+
+func (r *brokerResource) addIdentifierErrorToDiagnostics(diags *diag.Diagnostics, id string) {
+	var identifiers []string
+	for _, attr := range r.identifyingAttributes {
+		identifiers = append(identifiers, attr.TerraformName)
+	}
+	addErrorToDiagnostics(
+		diags,
+		"invalid identifier",
+		fmt.Errorf("invalid identifier %v, identifier must be of the form %v with each segment URL-encoded as necessary", id, strings.Join(identifiers, "/")))
+}
+
+func (r *brokerResource) ConfigValidators(_ context.Context) []resource.ConfigValidator {
+	return nil
+}
+
+func (r *brokerResource) UpgradeState(ctx context.Context) map[int64]resource.StateUpgrader {
+	// Placeholder for future StateUpgrader code
+	// example:
+	// if r.terraformName == "a_b_c" {
+	// 	return map[int64]resource.StateUpgrader{
+	// 		// State upgrade implementation from 0 (prior state version) to 2 (Schema.Version)
+	// 		0: {
+	// 				// Optionally, the PriorSchema field can be defined.
+	// 				StateUpgrader: func(ctx context.Context, req resource.UpgradeStateRequest, resp *resource.UpgradeStateResponse) { /* ... */ },
+	// 		},
+	// 		// State upgrade implementation from 1 (prior state version) to 2 (Schema.Version)
+	// 		1: {
+	// 				// Optionally, the PriorSchema field can be defined.
+	// 				StateUpgrader: func(ctx context.Context, req resource.UpgradeStateRequest, resp *resource.UpgradeStateResponse) { /* ... */ },
+	// 		},
+	// 	}
+	// }
+	return nil
+}
diff --git a/internal/broker/schema.go b/internal/broker/schema.go
new file mode 100644
index 00000000..f5d896b5
--- /dev/null
+++ b/internal/broker/schema.go
@@ -0,0 +1,218 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package broker
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/boolplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/int64planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/objectplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+	"sort"
+	"strings"
+)
+
+var DataSources []func() datasource.DataSource
+
+var Entities []EntityInputs
+
+func RegisterDataSource(inputs EntityInputs) {
+	DataSources = append(DataSources, newBrokerDataSourceGenerator(inputs))
+}
+
+var Resources []func() resource.Resource
+
+func RegisterResource(inputs EntityInputs) {
+	Resources = append(Resources, newBrokerResourceGenerator(inputs))
+	Entities = append(Entities, inputs)
+}
+
+var SempDetail SempVersionDetail
+
+func RegisterSempVersionDetails(sempAPIBasePath string, sempVersion string) {
+	SempDetail = SempVersionDetail{
+		BasePath: sempAPIBasePath,
+		SempVersion:  sempVersion,
+	}
+}
+
+func addObjectConverters(attributes []*AttributeInfo) {
+	for _, attr := range attributes {
+		// if it is an object, we need to add a converter for it (simple attributes will already have converters)
+		if attr.Attributes != nil {
+			addObjectConverters(attr.Attributes)
+			attr.Converter = NewObjectConverter(attr.TerraformName, attr.Attributes)
+		}
+	}
+}
+
+func modifiers[T any](requiresReplace bool, f func() T) []T {
+	if requiresReplace {
+		return []T{f()}
+	}
+	return nil
+}
+
+func terraformAttributeMap(attributes []*AttributeInfo, isResource bool, requiresReplace bool) map[string]schema.Attribute {
+	tfAttributes := map[string]schema.Attribute{}
+	for _, attr := range attributes {
+		if attr.TerraformName == "id" {
+			// Handle the id attribute for each object, required by the acceptance test framework
+			if isResource {
+				tfAttributes["id"] = schema.StringAttribute{
+					Description: "Identifier attribute, for internal use only.",
+					Computed:    true,
+					}
+			} else {
+				tfAttributes["id"] = schema.StringAttribute{
+					Description: "Identifier attribute, for internal use only.",
+					Computed:    true,
+					PlanModifiers:       []planmodifier.String{
+						stringplanmodifier.UseStateForUnknown(),
+					},
+				}
+			}
+			continue
+		}
+		if attr.Sensitive && !isResource {
+			// write-only attributes can't be retrieved so we don't expose them in the datasource
+			continue
+		}
+		if !attr.Identifying && attr.ReadOnly && isResource {
+			// read-only attributes should only be in the datasource
+			continue
+		}
+		attrRequiresReplace := isResource && (requiresReplace || attr.RequiresReplace)
+		if len(attr.Attributes) != 0 {
+			childTypes := map[string]tftypes.Type{}
+			for _, cAttr := range attr.Attributes {
+				childTypes[cAttr.TerraformName] = cAttr.TerraformType
+			}
+			attr.TerraformType = tftypes.Object{
+				AttributeTypes: childTypes,
+			}
+		}
+		var deprecationMessage string
+		if attr.Deprecated {
+			deprecationMessage = "This attribute is deprecated."
+		}
+		switch attr.BaseType {
+		case String:
+			tfAttributes[attr.TerraformName] = schema.StringAttribute{
+				Description:         attr.Description,
+				MarkdownDescription: attr.MarkdownDescription,
+				Required:            attr.Required && isResource || attr.Identifying,
+				Optional:            !attr.Required && isResource,
+				Computed:            !attr.Identifying && !isResource,
+				Sensitive:           attr.Sensitive,
+				DeprecationMessage:  deprecationMessage,
+				Validators:          attr.StringValidators,
+				PlanModifiers:       modifiers[planmodifier.String](attrRequiresReplace, stringplanmodifier.RequiresReplace),
+			}
+		case Int64:
+			tfAttributes[attr.TerraformName] = schema.Int64Attribute{
+				Description:         attr.Description,
+				MarkdownDescription: attr.MarkdownDescription,
+				Required:            attr.Required && isResource || attr.Identifying,
+				Optional:            !attr.Required && isResource,
+				Computed:            !attr.Identifying && !isResource,
+				Sensitive:           attr.Sensitive,
+				DeprecationMessage:  deprecationMessage,
+				Validators:          attr.Int64Validators,
+				PlanModifiers:       modifiers[planmodifier.Int64](attrRequiresReplace, int64planmodifier.RequiresReplace),
+			}
+		case Bool:
+			tfAttributes[attr.TerraformName] = schema.BoolAttribute{
+				Description:         attr.Description,
+				MarkdownDescription: attr.MarkdownDescription,
+				Required:            attr.Required && isResource || attr.Identifying,
+				Optional:            !attr.Required && isResource,
+				Computed:            !attr.Identifying && !isResource,
+				Sensitive:           attr.Sensitive,
+				DeprecationMessage:  deprecationMessage,
+				Validators:          attr.BoolValidators,
+				PlanModifiers:       modifiers[planmodifier.Bool](attrRequiresReplace, boolplanmodifier.RequiresReplace),
+			}
+		case Struct:
+			tfAttributes[attr.TerraformName] = schema.SingleNestedAttribute{
+				Attributes:          terraformAttributeMap(attr.Attributes, isResource, requiresReplace || attr.RequiresReplace),
+				Description:         attr.Description,
+				MarkdownDescription: attr.MarkdownDescription,
+				Required:            attr.Required && isResource || attr.Identifying,
+				Optional:            !attr.Required && isResource,
+				Computed:            !attr.Identifying && !isResource,
+				Sensitive:           attr.Sensitive,
+				DeprecationMessage:  deprecationMessage,
+				PlanModifiers:       modifiers[planmodifier.Object](attrRequiresReplace, objectplanmodifier.RequiresReplace),
+			}
+		}
+	}
+	return tfAttributes
+}
+
+type EntityInputs struct {
+	TerraformName       string
+	Description         string
+	MarkdownDescription string
+	DeprecationMessage  string
+	ObjectType          objectType
+	PathTemplate        string
+	PostPathTemplate    string
+	Version             int64
+	Attributes          []*AttributeInfo
+}
+
+func newBrokerEntity(inputs EntityInputs, isResource bool) brokerEntity[schema.Schema] {
+	addObjectConverters(inputs.Attributes)
+	tfAttributes := terraformAttributeMap(inputs.Attributes, isResource, inputs.ObjectType == ReplaceOnlyObject)
+	var identifyingAttributes []*AttributeInfo
+	for _, attr := range inputs.Attributes {
+		if attr.Identifying {
+			identifyingAttributes = append(identifyingAttributes, attr)
+		}
+	}
+	sort.Slice(identifyingAttributes, func(i, j int) bool {
+		iAttr := identifyingAttributes[i]
+		jAttr := identifyingAttributes[j]
+		iIndex := strings.Index(inputs.PathTemplate, "{"+iAttr.SempName+"}")
+		jIndex := strings.Index(inputs.PathTemplate, "{"+jAttr.SempName+"}")
+		return iIndex < jIndex
+	})
+	s := schema.Schema{
+		Attributes:          tfAttributes,
+		Description:         inputs.Description,
+		MarkdownDescription: inputs.MarkdownDescription,
+		DeprecationMessage:  inputs.DeprecationMessage,
+		Version:             inputs.Version,
+	}
+	return brokerEntity[schema.Schema]{
+		schema: s,
+		brokerEntityBase: brokerEntityBase{
+			pathTemplate:          inputs.PathTemplate,
+			postPathTemplate:      inputs.PostPathTemplate,
+			terraformName:         inputs.TerraformName,
+			objectType:            inputs.ObjectType,
+			identifyingAttributes: identifyingAttributes,
+			attributes:            inputs.Attributes,
+			converter:             NewObjectConverter(inputs.TerraformName, inputs.Attributes),
+		},
+	}
+}
diff --git a/internal/broker/sempversion.go b/internal/broker/sempversion.go
new file mode 100644
index 00000000..42b2b1e5
--- /dev/null
+++ b/internal/broker/sempversion.go
@@ -0,0 +1,22 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package broker
+
+type SempVersionDetail struct {
+	BasePath string
+	SempVersion  string
+}
diff --git a/internal/broker/testacc/datasource_test.go b/internal/broker/testacc/datasource_test.go
new file mode 100644
index 00000000..aa38b286
--- /dev/null
+++ b/internal/broker/testacc/datasource_test.go
@@ -0,0 +1,45 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package acctest
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccDataSource(t *testing.T) {
+    resource.Test(t, resource.TestCase{
+        PreCheck:                 func() { testAccPreCheck(t) },
+        ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+        Steps: []resource.TestStep{
+            // Read testing
+            {
+            Config: ProviderConfig + `
+data "solacebroker_msg_vpn" "default" {
+		msg_vpn_name = "default"
+}
+`,
+            Check: resource.ComposeAggregateTestCheckFunc(
+                    resource.TestCheckResourceAttr("data.solacebroker_msg_vpn.default", "authentication_basic_enabled", "true"),
+                ),
+            },
+        },
+    })
+}
+
+
diff --git a/internal/broker/testacc/provider_test.go b/internal/broker/testacc/provider_test.go
new file mode 100644
index 00000000..825c6395
--- /dev/null
+++ b/internal/broker/testacc/provider_test.go
@@ -0,0 +1,108 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package acctest
+
+import (
+	"os"
+	"terraform-provider-solacebroker/internal/broker"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-framework/providerserver"
+	"github.com/hashicorp/terraform-plugin-go/tfprotov6"
+
+	"context"
+
+	"github.com/testcontainers/testcontainers-go"
+	"github.com/testcontainers/testcontainers-go/wait"
+
+    _ "terraform-provider-solacebroker/internal/broker/generated"
+
+)
+
+var ProviderConfig string
+
+var (
+    // testAccProtoV6ProviderFactories are used to instantiate a provider during
+    // acceptance testing. The factory function will be invoked for every Terraform
+    // CLI command executed to create a provider server to which the CLI can
+    // reattach.
+    testAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServer, error){
+        "solacebroker": providerserver.NewProtocol6WithError(broker.New("test")()),
+    }
+)
+
+func init() {
+    // start docker test broker
+    ctx := context.Background()
+    req := testcontainers.ContainerRequest{
+        Image:        "solace/solace-pubsub-standard:latest",
+        ExposedPorts: []string{"8080/tcp"},
+        Env: map[string]string{
+            "username_admin_globalaccesslevel":  "admin",
+            "username_admin_password":           "admin",
+            "system_scaling_maxconnectioncount": "100",
+        },
+        Mounts: testcontainers.ContainerMounts{
+            {
+                Source: testcontainers.GenericVolumeMountSource{
+                    Name: "test-volume",
+                },
+                Target: "/var/lib/solace",
+            },
+        },
+        ShmSize:    1000000000,
+        WaitingFor: wait.ForHTTP("/").WithPort("8080/tcp"),
+    }
+    solaceC, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{
+        ContainerRequest: req,
+        Started:          true,
+    })
+    if err != nil {
+        panic(err)
+    }
+    endpoint, err := solaceC.Endpoint(ctx, "")
+    if err != nil {
+        panic(err)
+    }
+    ProviderConfig = `
+provider "solacebroker" {
+username = "admin"
+password = "admin"
+url      = "http://` + endpoint + `"
+}
+`
+    const user = "admin"
+    const password = "admin"
+
+    if err = os.Setenv("SOLACEBROKER_URL", "http://" + endpoint); err != nil {
+        panic(err)
+    }
+
+    if err = os.Setenv("SOLACEBROKER_USERNAME", password); err != nil {
+        panic(err)
+    }
+
+    if err = os.Setenv("SOLACEBROKER_PASSWORD", password); err != nil {
+        panic(err)
+    }
+}
+
+func testAccPreCheck(t *testing.T) {
+	// You can add code here to run prior to any test case execution, for example assertions
+	// about the appropriate environment variables being set are common to see in a pre-check
+	// function.
+}
diff --git a/internal/broker/testacc/resource_test.go b/internal/broker/testacc/resource_test.go
new file mode 100644
index 00000000..45d1d3fa
--- /dev/null
+++ b/internal/broker/testacc/resource_test.go
@@ -0,0 +1,81 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package acctest
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccResource(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			// Create and Read testing
+			{
+				Config: ProviderConfig + `
+resource "solacebroker_msg_vpn" "test" {
+		msg_vpn_name = "test"
+		enabled      = true
+		max_msg_spool_usage = 5
+}
+`,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("solacebroker_msg_vpn.test", "msg_vpn_name", "test"),
+					resource.TestCheckResourceAttr("solacebroker_msg_vpn.test", "max_msg_spool_usage", "5"),
+				),
+			},
+			// Update and Read testing
+			{
+				Config: ProviderConfig + `
+resource "solacebroker_msg_vpn" "test" {
+		msg_vpn_name = "test"
+		enabled      = true
+		max_msg_spool_usage = 10
+}
+`,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("solacebroker_msg_vpn.test", "msg_vpn_name", "test"),
+					resource.TestCheckResourceAttr("solacebroker_msg_vpn.test", "max_msg_spool_usage", "10"),
+				),
+			},
+			// ImportState testing
+			{
+				ResourceName:      "solacebroker_msg_vpn.test",
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					// These attributes need to be ignored from the test as they have broker-defaults and cannot be imported so that state will be null
+					"max_connection_count",
+					"max_subscription_count",
+					"max_transacted_session_count",
+					"max_transaction_count",
+					"service_amqp_max_connection_count",
+					"service_mqtt_max_connection_count",
+					"service_rest_incoming_max_connection_count",
+					"service_rest_outgoing_max_connection_count",
+					"service_smf_max_connection_count",
+					"service_web_max_connection_count",
+					"authentication_basic_profile_name",
+				},
+			},
+			// Delete testing automatically occurs in TestCase
+		},
+	})
+}
diff --git a/internal/broker/utilities.go b/internal/broker/utilities.go
new file mode 100644
index 00000000..023751f1
--- /dev/null
+++ b/internal/broker/utilities.go
@@ -0,0 +1,195 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package broker
+
+import (
+	"fmt"
+	"net/url"
+	"os"
+	"strconv"
+	"strings"
+	"terraform-provider-solacebroker/internal/semp"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-go/tftypes"
+)
+
+func resolveSempPath(pathTemplate string, attributes []*AttributeInfo, v tftypes.Value) (string, error) {
+	m := map[string]tftypes.Value{}
+	err := v.As(&m)
+	if err != nil {
+		return "", err
+	}
+	identifiers := map[string]string{}
+	for _, attr := range attributes {
+		v, err := attr.Converter.FromTerraform(m[attr.TerraformName])
+		if err != nil {
+			return "", err
+		}
+		identifiers[attr.SempName] = fmt.Sprintf("%v", v)
+	}
+	// doing it this way identifies missed parameters (as opposed to doing strings.Replace or something like that)
+	var path string
+	split := strings.SplitN(pathTemplate, "{", 2)
+	for len(split) == 2 {
+		path += split[0]
+		split = strings.SplitN(split[1], "}", 2)
+		v, ok := identifiers[split[0]]
+		if !ok {
+			return "", fmt.Errorf("no value provided for SEMP path parameter %v", split[0])
+		}
+		path += url.PathEscape(v)
+		split = strings.SplitN(split[1], "{", 2)
+	}
+	return path + split[0], nil
+}
+
+func stringWithDefaultFromEnv(value types.String, name string) (string, error) {
+	if value.IsUnknown() {
+		return "", fmt.Errorf("cannot use unknown value as %v", name)
+	}
+
+	var s string
+	if value.IsNull() {
+		// If env var is not found then the default return value will be empty string
+		s = os.Getenv("SOLACEBROKER_" + strings.ToUpper(name))
+	} else {
+		s = value.ValueString()
+	}
+
+	return s, nil
+}
+
+func int64WithDefaultFromEnv(value types.Int64, name string, def int64) (int64, error) {
+	if value.IsUnknown() {
+		return 0, fmt.Errorf("cannot use unknown value as %v", name)
+	}
+
+	if !value.IsNull() {
+		return value.ValueInt64(), nil
+	}
+
+	envName := "SOLACEBROKER_" + strings.ToUpper(name)
+	s, ok := os.LookupEnv(envName)
+	if !ok {
+		return def, nil
+	}
+	return strconv.ParseInt(s, 10, 64)
+}
+
+func booleanWithDefaultFromEnv(value types.Bool, name string, def bool) (bool, error) {
+	if value.IsUnknown() {
+		return false, fmt.Errorf("cannot use unknown value as %v", name)
+	}
+
+	if !value.IsNull() {
+		return value.ValueBool(), nil
+	}
+
+	envName := "SOLACEBROKER_" + strings.ToUpper(name)
+	s, ok := os.LookupEnv(envName)
+	if !ok {
+		return def, nil
+	}
+	return strconv.ParseBool(s)
+}
+
+func durationWithDefaultFromEnv(value types.String, name string, def time.Duration) (time.Duration, error) {
+	if value.IsUnknown() {
+		return 0, fmt.Errorf("cannot use unknown value as %v", name)
+	}
+
+	var s string
+	if value.IsNull() {
+		s = os.Getenv("SOLACEBROKER_" + strings.ToUpper(name))
+	} else {
+		s = value.ValueString()
+	}
+
+	if s == "" {
+		return def, nil
+	}
+	// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
+	d, err := time.ParseDuration(s)
+	if err != nil {
+		return 0, fmt.Errorf("%v is not valid; %q cannot be parsed as a duration: %w", name, s, err)
+	}
+
+	return d, nil
+}
+
+func client(providerData *providerData) (*semp.Client, diag.Diagnostic) {
+	// username, password, bearer token and url will be set to "" if not provided through env or config
+	username, err := stringWithDefaultFromEnv(providerData.Username, "username")
+	if err != nil {
+		return nil, diag.NewErrorDiagnostic("Unable to parse provider attribute", err.Error())
+	}
+	password, err := stringWithDefaultFromEnv(providerData.Password, "password")
+	if err != nil {
+		return nil, diag.NewErrorDiagnostic("Unable to parse provider attribute", err.Error())
+	}
+	bearerToken, err := stringWithDefaultFromEnv(providerData.BearerToken, "bearer_token")
+	if err != nil {
+		return nil, diag.NewErrorDiagnostic("Unable to parse provider attribute", err.Error())
+	}
+	url, err := stringWithDefaultFromEnv(providerData.Url, "url")
+	if err != nil {
+		return nil, diag.NewErrorDiagnostic("Unable to parse provider attribute", err.Error())
+	}
+	retries, err := int64WithDefaultFromEnv(providerData.Retries, "retries", 10)
+	if err != nil {
+		return nil, diag.NewErrorDiagnostic("Unable to parse provider attribute", err.Error())
+	}
+	retryMinInterval, err := durationWithDefaultFromEnv(providerData.RetryMinInterval, "retry_min_interval", 3*time.Second)
+	if err != nil {
+		return nil, diag.NewErrorDiagnostic("Unable to parse provider attribute", err.Error())
+	}
+	retryMaxInterval, err := durationWithDefaultFromEnv(providerData.RetryMaxInterval, "retry_max_interval", 30*time.Second)
+	if err != nil {
+		return nil, diag.NewErrorDiagnostic("Unable to parse provider attribute", err.Error())
+	}
+	requestTimeoutDuration, err := durationWithDefaultFromEnv(providerData.RequestTimeoutDuration, "request_timeout_duration", time.Minute)
+	if err != nil {
+		return nil, diag.NewErrorDiagnostic("Unable to parse provider attribute", err.Error())
+	}
+	requestMinInterval, err := durationWithDefaultFromEnv(providerData.RequestMinInterval, "request_min_interval", 100*time.Millisecond)
+	if err != nil {
+		return nil, diag.NewErrorDiagnostic("Unable to parse provider attribute", err.Error())
+	}
+	insecure_skip_verify, err := booleanWithDefaultFromEnv(providerData.InsecureSkipVerify, "insecure_skip_verify", false)
+	if err != nil {
+		return nil, diag.NewErrorDiagnostic("Unable to parse provider attribute", err.Error())
+	}
+	url = getFullSempAPIURL(url)
+	client := semp.NewClient(
+		url,
+		insecure_skip_verify,
+		Cookiejar,
+		semp.BasicAuth(username, password),
+		semp.BearerToken(bearerToken),
+		semp.Retries(uint(retries), retryMinInterval, retryMaxInterval),
+		semp.RequestLimits(requestTimeoutDuration, requestMinInterval))
+	return client, nil
+}
+
+func getFullSempAPIURL(url string) string {
+	url = strings.TrimSuffix(url, "/")
+	baseBath := strings.TrimPrefix(SempDetail.BasePath, "/")
+	return url + "/" + baseBath
+}
diff --git a/internal/semp/client.go b/internal/semp/client.go
new file mode 100644
index 00000000..a888d527
--- /dev/null
+++ b/internal/semp/client.go
@@ -0,0 +1,306 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package semp
+
+import (
+	"bytes"
+	"context"
+	"crypto/tls"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/http/cookiejar"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+)
+
+var (
+	ErrResourceNotFound = errors.New("Resource not found")
+	ErrBadRequest       = errors.New("Bad request")
+	ErrAPIUnreachable   = errors.New("SEMP API unreachable")
+)
+
+var cookieJar, _ = cookiejar.New(nil)
+
+type Client struct {
+	*http.Client
+	url                string
+	username           string
+	password           string
+	bearerToken        string
+	retries            uint
+	retryMinInterval   time.Duration
+	retryMaxInterval   time.Duration
+	requestMinInterval time.Duration
+	rateLimiter        <-chan time.Time
+}
+
+var Cookies = map[string]*http.Cookie{}
+
+type Option func(*Client)
+
+func BasicAuth(username, password string) Option {
+	return func(client *Client) {
+		client.username = username
+		client.password = password
+	}
+}
+
+func BearerToken(bearerToken string) Option {
+	return func(client *Client) {
+		client.bearerToken = bearerToken
+	}
+}
+
+func Retries(numRetries uint, retryMinInterval, retryMaxInterval time.Duration) Option {
+	return func(client *Client) {
+		client.retries = numRetries
+		client.retryMinInterval = retryMinInterval
+		client.retryMaxInterval = retryMaxInterval
+	}
+}
+
+func RequestLimits(requestTimeoutDuration, requestMinInterval time.Duration) Option {
+	return func(client *Client) {
+		client.Client.Timeout = requestTimeoutDuration
+		client.requestMinInterval = requestMinInterval
+	}
+}
+
+func NewClient(url string, insecure_skip_verify bool, cookiejar http.CookieJar, options ...Option) *Client {
+	customTransport := http.DefaultTransport.(*http.Transport)
+	customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: insecure_skip_verify}
+	client := &Client{
+		Client: &http.Client{
+			Transport: customTransport,
+			Jar:       cookiejar,
+		},
+		url:              url,
+		retries:          3,
+		retryMinInterval: time.Second,
+		retryMaxInterval: time.Second * 10,
+	}
+	for _, o := range options {
+		o(client)
+	}
+	if client.requestMinInterval > 0 {
+		client.rateLimiter = time.NewTicker(client.requestMinInterval).C
+	} else {
+		ch := make(chan time.Time)
+		// closing the channel will make receiving from the channel non-blocking (the value received will be the
+		//  zero value)
+		close(ch)
+		client.rateLimiter = ch
+	}
+
+	return client
+}
+
+func (c *Client) RequestWithBody(ctx context.Context, method, url string, body any) (map[string]any, error) {
+	data, err := json.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+	request, err := http.NewRequestWithContext(ctx, method, c.url+url, bytes.NewBuffer(data))
+	if err != nil {
+		return nil, err
+	}
+	dumpData(ctx, fmt.Sprintf("%v to %v", request.Method, request.URL), data)
+	rawBody, err := c.doRequest(request)
+	if err != nil {
+		return nil, err
+	}
+	return parseResponseAsObject(ctx, request, rawBody)
+}
+
+func (c *Client) doRequest(request *http.Request) ([]byte, error) {
+	// the value doesn't matter, it is waiting for the value that matters
+	<-c.rateLimiter
+	if request.Method != http.MethodGet {
+		request.Header.Set("Content-Type", "application/json")
+	}
+	// Prefer OAuth even if Basic Auth credentials provided
+	if c.bearerToken != "" {
+		// TODO: add log
+		request.Header.Set("Authorization", "Bearer "+c.bearerToken)
+	} else if c.username != "" {
+		request.SetBasicAuth(c.username, c.password)
+	} else {
+		return nil, fmt.Errorf("either username or bearer token must be provided to access the broker")
+	}
+	attemptsRemaining := c.retries + 1
+	retryWait := c.retryMinInterval
+	var response *http.Response
+	var err error
+loop:
+	for attemptsRemaining != 0 {
+		response, err = c.Do(request)
+		if err != nil {
+			response = nil // make sure response is nil
+		} else {
+			switch response.StatusCode {
+			case http.StatusOK:
+				break loop
+			case http.StatusBadRequest:
+				break loop
+			case http.StatusTooManyRequests:
+				// ignore the too many requests body and any errors that happen while reading it
+				_, _ = io.ReadAll(response.Body)
+				// just continue
+			default:
+				// ignore errors while reading the error response body
+				body, _ := io.ReadAll(response.Body)
+				return nil, fmt.Errorf("unexpected status %v (%v) during %v to %v, body:\n%s", response.StatusCode, response.Status, request.Method, request.URL, body)
+			}
+		}
+		time.Sleep(retryWait)
+		retryWait *= 2
+		if retryWait > c.retryMaxInterval {
+			retryWait = c.retryMaxInterval
+		}
+		attemptsRemaining--
+	}
+	if response == nil {
+		return nil, err
+	}
+	rawBody, _ := io.ReadAll(response.Body)
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusBadRequest {
+		return nil, fmt.Errorf("could not perform request: status %v (%v) during %v to %v, response body:\n%s", response.StatusCode, response.Status, request.Method, request.URL, rawBody)
+	}
+	if _, err := io.Copy(io.Discard, response.Body); err != nil {
+		return nil, fmt.Errorf("could not perform request: status %v (%v) during %v to %v, response body:\n%s", response.StatusCode, response.Status, request.Method, request.URL, rawBody)
+	}
+	defer response.Body.Close()
+	return rawBody, nil
+}
+
+func parseResponseAsObject(ctx context.Context, request *http.Request, dataResponse []byte) (map[string]any, error) {
+	data := map[string]any{}
+	err := json.Unmarshal(dataResponse, &data)
+	if err != nil {
+		return nil, fmt.Errorf("could not parse response body from %v to %v, response body was:\n%s", request.Method, request.URL, dataResponse)
+	}
+	dumpData(ctx, "response", dataResponse)
+	rawData, ok := data["data"]
+	if ok {
+		// Valid data
+		data, _ = rawData.(map[string]any)
+		return data, nil
+	} else {
+		// Analize response metadata details
+		rawData, ok = data["meta"]
+		if ok {
+			data, _ = rawData.(map[string]any)
+			if data["responseCode"].(float64) == http.StatusOK {
+				// this is valid response for delete
+				return nil, nil
+			}
+			description := data["error"].(map[string]interface{})["description"].(string)
+			status := data["error"].(map[string]interface{})["status"].(string)
+			if status == "NOT_FOUND" {
+				// resource not found is a special type we want to return
+				return nil, fmt.Errorf("request failed from %v to %v, %v, %v, %w", request.Method, request.URL, description, status, ErrResourceNotFound)
+			}
+			tflog.Error(ctx, fmt.Sprintf("SEMP request returned %v, %v", description, status))
+			return nil, fmt.Errorf("request failed for %v using %v, %v, %v", request.URL, request.Method, description, status)
+		}
+	}
+	return nil, fmt.Errorf("could not parse response details from %v to %v, response body was:\n%s", request.Method, request.URL, dataResponse)
+}
+
+func parseResponseForGenerator(c *Client, ctx context.Context, basePath string, method string, request *http.Request, dataResponse []byte, appendToResult []map[string]any) ([]map[string]any, error) {
+	data := map[string]any{}
+	err := json.Unmarshal(dataResponse, &data)
+	if err != nil {
+		return nil, fmt.Errorf("could not parse response body from %v to %v, response body was:\n%s", request.Method, request.URL, dataResponse)
+	}
+	responseData := []map[string]any{}
+	dumpData(ctx, "response", dataResponse)
+	rawData, ok := data["data"]
+	if ok {
+		switch rawData.(type) {
+		case []interface{}:
+			responseDataRaw, _ := rawData.([]interface{})
+			for _, t := range responseDataRaw {
+				responseData = append(responseData, t.(map[string]any))
+			}
+		case map[string]interface{}:
+			responseDataRaw, _ := rawData.(map[string]any)
+			responseData = append(responseData, responseDataRaw)
+		}
+		metaData, hasMeta := data["meta"]
+		appendToResult = append(appendToResult, responseData...)
+		if hasMeta {
+			pageData, hasPaging := metaData.(map[string]any)["paging"]
+			if hasPaging {
+				nextPage := fmt.Sprint(pageData.(map[string]any)["nextPageUri"])
+				nextPageUrl := strings.Split(nextPage, basePath)
+				print("..")
+				return c.RequestWithoutBodyForGenerator(ctx, basePath, method, nextPageUrl[1], appendToResult)
+			}
+		}
+		return appendToResult, nil
+	} else {
+		rawData, ok = data["meta"]
+		if ok {
+			data, _ = rawData.(map[string]any)
+			responseData = append(responseData, data)
+			errorCode, errorCodeExist := data["responseCode"]
+			if errorCodeExist && fmt.Sprint(errorCode) == "400" {
+				return responseData, ErrBadRequest
+			}
+			return responseData, ErrResourceNotFound
+		}
+	}
+	return nil, nil
+}
+
+func (c *Client) RequestWithoutBody(ctx context.Context, method, url string) (map[string]interface{}, error) {
+	request, err := http.NewRequestWithContext(ctx, method, c.url+url, nil)
+	if err != nil {
+		return nil, err
+	}
+	tflog.Debug(ctx, fmt.Sprintf("===== %v to %v =====", request.Method, request.URL))
+	rawBody, err := c.doRequest(request)
+	if err != nil {
+		return nil, err
+	}
+	return parseResponseAsObject(ctx, request, rawBody)
+}
+
+func (c *Client) RequestWithoutBodyForGenerator(ctx context.Context, basePath string, method string, url string, appendToResult []map[string]any) ([]map[string]interface{}, error) {
+	request, err := http.NewRequestWithContext(ctx, method, c.url+url, nil)
+	if err != nil {
+		return nil, err
+	}
+	rawBody, err := c.doRequest(request)
+	if err != nil {
+		return nil, err
+	}
+	return parseResponseForGenerator(c, ctx, basePath, method, request, rawBody, appendToResult)
+}
+
+func dumpData(ctx context.Context, tag string, data []byte) {
+	var in any
+	_ = json.Unmarshal(data, &in)
+	out, _ := json.MarshalIndent(in, "", "\t")
+	tflog.Debug(ctx, fmt.Sprintf("===== %v =====\n%s\n", tag, out))
+}
diff --git a/main.go b/main.go
new file mode 100644
index 00000000..7ba2ba7e
--- /dev/null
+++ b/main.go
@@ -0,0 +1,71 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"log"
+	"os"
+	"terraform-provider-solacebroker/cmd"
+	"terraform-provider-solacebroker/internal/broker"
+	_ "terraform-provider-solacebroker/internal/broker/generated"
+
+	"github.com/hashicorp/terraform-plugin-framework/providerserver"
+)
+
+var (
+// these will be set by the goreleaser configuration
+// to appropriate values for the compiled binary
+
+// commenting out for now, using version from a different file
+//	version string = "dev"
+
+// goreleaser can also pass the specific commit if you want
+// commit  string = ""
+)
+
+func main() {
+	broker.ProviderVersion = version
+	if len(os.Args) > 1 && (os.Args[1] == "generate" || os.Args[1] == "help" || os.Args[1] == "--help" || os.Args[1] == "-h" || os.Args[1] == "version") {
+		err := cmd.Execute()
+		if err != nil && err.Error() != "" {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+	} else {
+		var debug bool
+		flag.BoolVar(&debug, "debug", false, "set to true to run the provider with support for debuggers like delve")
+		flag.Parse()
+		registry, ok := os.LookupEnv("SOLACEBROKER_REGISTRY_OVERRIDE")
+		if !ok {
+			registry = "registry.terraform.io"
+		}
+		opts := providerserver.ServeOpts{
+			Address: registry + "/" + providerNamespace + "/" + providerType,
+			Debug:   debug,
+		}
+		if debug {
+			go debugRun(os.Getenv("SOLACEBROKER_DEBUG_RUN"), opts.Address)
+		}
+		err := providerserver.Serve(context.Background(), broker.New(version), opts)
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+	}
+}
diff --git a/scripts/Jenkinsfile b/scripts/Jenkinsfile
new file mode 100644
index 00000000..7a313397
--- /dev/null
+++ b/scripts/Jenkinsfile
@@ -0,0 +1,14 @@
+currentBuild.description = "Publish Private Terraform Provider"
+node(label: 'master') {
+  library 'jenkins-pipeline-library@main'
+  cleanWs()
+
+  String TERRAFORM_BRANCH = env.BRANCH_NAME
+  println "Launching build"
+  stage("publish-broker-terraform-provider") {
+    job = build job: 'publish-broker-terraform-provider', propagate: true, parameters:
+    [
+      string(name: 'TERRAFORM_BRANCH', value: TERRAFORM_BRANCH),
+    ]
+  }
+}
\ No newline at end of file
diff --git a/source-address.go b/source-address.go
new file mode 100644
index 00000000..889d866e
--- /dev/null
+++ b/source-address.go
@@ -0,0 +1,21 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+const providerNamespace = "solaceproducts"
+const providerSimpleType = "solacebroker"
+const providerType = providerSimpleType
diff --git a/templates/guides/config-generator.md b/templates/guides/config-generator.md
new file mode 100644
index 00000000..7dec49be
--- /dev/null
+++ b/templates/guides/config-generator.md
@@ -0,0 +1,110 @@
+---
+page_title: "Command-line Terraform Configuration Generator Guide"
+---
+
+# Command-Line Terraform Configuration Generator
+
+Normally, provider binaries are not run standalone, they are started and their services are used by Terraform CLI.
+
+The `solacebroker` provider, however, includes an additional feature where you can run its binary outside of Terraform CLI. In this case, you can use the "generate" command on the provider binary to generate a Terraform HLC configuration file for a specified object and all child objects known to the provider.
+
+You can [locate](https://terra-farm.github.io/main/installation.html) the provider binary in the `.terraform/providers` directory of an existing Terraform configuration directory that uses the `solacebroker` provider.
+
+You can run the provider binary directly with the `generate` command to generate a Terraform configuration file from the current configuration of a PubSub+ broker.
+
+`<binary> generate <broker URL> <provider-specific identifier> <filename>`
+
+- `<binary>` is the broker provider binary.
+- `<broker URL>` is the broker address, for example `https://mybroker.example.org:1943/`.
+- `<provider-specific identifier>` are the similar to the Terraform Import command. This is the resource name and possible values to find a specific resource.
+- `<filename>` is the desirable name of the generated filename.
+- There are also supported options, which mirror the configuration options for the provider object. These can be found [here](#supported-options).
+
+## Important notes
+
+The generated configuration shoud be reviewed for followings:
+
+* Provider configuration values (url, username, etc.) may need to be updated.
+* Write-only attributes, such as passwords, are omitted from the config as they cannot be read from the broker configuration. They need to be added manually.
+* Default resources may be present that may be omitted.
+* The generator uses a naming scheme for the resources. This may be updated by manually replacing the generated names.
+
+## Usage
+
+```shell
+terraform-provider-solacebroker -h
+
+Usage:
+    terraform-provider-solacebroker [command]
+
+Available Commands:
+generate    Generates a Terraform configuration file for a specified PubSub+ Broker object and all child objects known to the provider
+help        Help about any command
+version     Provides version information about the current binary
+```
+
+To `generate` the configuration, make sure all ENVIRONMENT VARIABLES, which mirrors the configuration options for the
+provider object are set. The list of variables
+are listed [here](#supported-options).
+
+For example:
+`SOLACEBROKER_USERNAME=admin SOLACEBROKER_PASSWORD=admin terraform-provider-solacebroker generate --url=https://localhost:8080 solacebroker_msg_vpn.mq default my-messagevpn.tf`
+
+This command would create a file `my-messagevpn.tf` that contains a resource definition for the default Message VPN resource and
+any child objects, assuming the appropriate broker credentials were set in environment variables.
+
+Note: For objects with no child object, the file will only contain a resource definition for that object.
+
+For example:
+`SOLACEBROKER_USERNAME=admin SOLACEBROKER_PASSWORD=admin terraform-provider-solacebroker generate --url=https://localhost:8080 solacebroker_msg_vpn_queue.q default/test my-message-vpn-queue.tf`
+
+This command would create a file `my-message-vpn-queue.tf` that contains the msg_vpn_queue resource , `test`  for the
+Message VPN, `default`, assuming a msg_vpn_queue resource called `test` exists for the Message VPN, `default`.
+
+### Supported Options
+
+The following parameters can be set as ENVIRONMENT VARIABLES. When used as environment variables
+each parameter must be preceded with _SOLACEBROKER__. For example for a PubSub+ broker using username and password
+_**admin/password**_
+would be:
+
+`SOLACEBROKER_USERNAME=admin SOLACEBROKER_PASSWORD=password`
+
+- `bearer_token`, (String, Sensitive, Mandatory if `password` will not be provided)
+- `insecure_skip_verify` (Boolean) Disable validation of server SSL certificates, accept/ignore self-signed.
+- `password` (String, Sensitive, Mandatory is `bearer_token` will not be provided)
+- `request_min_interval` (String)
+- `request_timeout_duration` (String)
+- `retries` (Number)
+- `retry_max_interval` (String)
+- `retry_min_interval` (String)
+- `username` (String, Mandatory) The username for the broker request.
+
+## Troubleshooting
+
+The following issues may arise while using the generator.
+
+| Error           | SEMP call failed. unexpected status 401 (401 Unauthorized)                 |
+|-----------------|----------------------------------------------------------------------------|
+| Explanation     | Configurations to connect to the PubSub+ Broker not accurate.              |
+| Possible Action | Check and confirm, configuration details to PubSub+ Broker are accurate.   |
+
+| Error           | SOLACEBROKER_xxx is mandatory but not available                                    |
+|-----------------|------------------------------------------------------------------------------------|
+| Explanation     | A mandatory parameter which is required to connect to PubSub+ broker is missing.   |
+| Possible Action | Confirm if all [mandatory parameters](#supported-options) are correctly set.       |
+
+| Error           | Error: Too many provider specific identifiers. Required identifiers: [{xxx}] |
+|-----------------|------------------------------------------------------------------------------|
+| Explanation     | This indicates that identifiers specific to the provider are set in an ambiguous manner. |
+| Possible Action | Ensure all identifiers are available and separated by `/` where needed. For example a msgVpnName will require `msgVpnName`, however a specific queueName under a specific msgVpnName will be `msgVpnName/queueName`. |
+
+| Error           | SEMP called failed. resource not found on path /xxx/xxx                                  |
+|-----------------|------------------------------------------------------------------------------------------|
+| Explanation     | This indicates the resource attributes attempted to be fetch could not be read.          |
+| Possible Action | Ensure identifiers values are consistent as set on the PubSub+ broker configured with.   |
+
+| Error           | Error: Broker resource not found by terraform name xxx                                                     |
+|-----------------|------------------------------------------------------------------------------------------------------------|
+| Explanation     | This indicates the resource by name _xxx_ is not recognized by the generator.                              |
+| Possible Action | Ensure the resource name used is available as a Terraform resource for the version of the provider in use. |
diff --git a/templates/guides/provider.md b/templates/guides/provider.md
new file mode 100644
index 00000000..49d6411b
--- /dev/null
+++ b/templates/guides/provider.md
@@ -0,0 +1,91 @@
+---
+page_title: "Solacebroker Provider Guide"
+---
+
+# Solace PubSub+ Software Event Broker (solacebroker) Provider
+
+The `solacebroker` provider supports Terraform CLI operations including basic CRUD (create, read, update, and delete) and import.
+
+The provider leverages the [SEMP (Solace Element Management Protocol)](https://docs.solace.com/Admin/SEMP/Using-SEMP.htm) REST API to configure the PubSub+ event broker. The API reference is available from the [Solace PubSub+ Documentation](https://docs.solace.com/API-Developer-Online-Ref-Documentation/swagger-ui/software-broker/config/index.html).
+
+## Mapping of SEMP API and Provider Names
+
+Terraform uses the [snake case](https://en.wikipedia.org/wiki/Snake_case) naming scheme, while SEMP uses camel case. Resources and datasource are also prefixed with the provider local name, `solacebroker_`.  For example, `solacebroker_msg_vpn` is the message-vpn resource name and `max_subscription_count` is the attribute for the maximum subscription count, since `MsgVpn` is the SEMP API object name and `maxSubscriptionCount` is the name of the SEMP attribute.
+
+## Broker SEMP API Access
+
+The broker SEMP service, by default at port 8080 for HTTP and TLS port 1943 for HTTPS, must be accessible to the console running Terraform CLI.
+
+The supported access credentials are basic authentication using username and password, and OAuth using a token. The two options are mutually exclusive and the provider will fail if both are configured.
+
+-> The [user access levels](https://docs.solace.com/Admin/CLI-User-Access-Levels.htm) associated with the credentials used must be properly configured on the broker so that the desired actions are authorized.
+
+## SEMP API Versioning and Provider Broker Compatibility
+
+The SEMP API minor version reflects the supported set of objects, attributes, their properties and possible deprecations.
+
+New versions of the PubSub+ event broker with new features typically require a newer SEMP API version that supports the new or updated objects, attributes, etc. The SEMP API version of a broker version can be determined from the [Solace PubSub+ documentation](https://docs.solace.com/Admin/SEMP/SEMP-API-Versions.htm#SEMP_v2_to_SolOS_Version_Mapping).
+
+A given version of the provider is built to support a specific version of the SEMP API. For the SEMP API version of the provider and corresponding broker version, refer to the [Version Compatibility section](https://docs.solace.com/Admin/SEMP/Declarative-SEMP.htm#Version) of the Solace PubSub+ documentation.
+
+* Broker versions at the same SEMP API version level as the provider can be fully configured.
+* Broker versions at a lower SEMP API version level than the provider can be configured, except for objects or attributes that have been deprecated and removed in the provider's SEMP version. However, configuration will fail when attempting to configure objects or attributes that have been introduced in a later SEMP version than the broker supports.
+* Broker versions at a higher SEMP API version level than the provider can be configured for objects or attributes that are included in the provider's SEMP version. Objects or attributes that have been introduced in a later SEMP version will be unknown to the provider. Objects or attributes that have been deprecated in the broker SEMP version may result in configuration failure.
+
+## Object Relationships
+
+Broker inter-object references must be correctly encoded in Terraform configuration to have the apply operation work. This requires an understanding of the PubSub+ event broker objects. For more information about each object consult the [SEMP API reference](https://docs.solace.com/API-Developer-Online-Ref-Documentation/swagger-ui/software-broker/config/index.htm) and especially look for "Identifying" attributes that give a hint to required already configured objects.
+For example:
+
+```terraform
+resource "solacebroker_msg_vpn" "test" {
+  # on the resource itself, specify the value
+  msg_vpn_name        = "new"
+  # ... other attributes
+}
+
+resource "solacebroker_msg_vpn_queue" "q" {
+  # on dependent resources, specify as a reference so
+  # that Terraform creates the referenced object first
+  msg_vpn_name    = solacebroker_msg_vpn.test.msg_vpn_name
+  # ... other attributes
+}
+```
+
+## The Broker Object
+
+The Broker object is the `solacebroker_broker` resource. This object contains global configuration for the PubSub+ event broker.
+
+The Broker object differs from all other objects as it always exists for a given broker and can only be updated.
+
+-> Important: only attributes that are specified will be set to their configured value. Unspecified attributes will not be set to their default-attribute value. This may result in `terraform plan` indicating a change to set attributes to default even after an `apply`, for example after removing an attribute from the configuration.
+
+## Default Objects
+
+There are objects that are preexisting defaults and cannot be created or destroyed, only updated. The default Message VPN and the default client profile are examples of this. Any attempt to remove these resources will fail.
+
+## Broker-Defined Attributes
+
+Some attributes don't have a default value. In this case their value will be determined by the broker. Typically, these defaults depend on the broker scaling settings. While Terraform plan and apply operations function the same way as with other attributes, import will set the Terraform state of the attribute to the broker value (instead of null), even if they were set at default. You can use subsequent plan and apply operations to fix this. 
+
+## Importing Resources
+
+When [importing resources to Terraform](https://developer.hashicorp.com/terraform/language/import#syntax) an `id` is required. Note that this `id` is not the same as the internal `id` attribute of resources.
+
+The `id` to be used shall be constructed as a path from the highest parent object down to the resource.
+
+For example, when importing a `solacebroker_msg_vpn_queue_subscription`, the parent relationship is `msg_vpn` > `msg_vpn_queue` > `msg_vpn_queue_subscription`. To construct the `id`, concatenate the identifications of parents and the particular resource identification, separated by `/` (slash). Also note that elements containing `/` must be URL-encoded.
+
+For this example:
+```
+id = <msg-vpn-name>/<queue-name>/<url-encoded subscription-name>
+# using my-vpn, my-queue, a/b/c
+id = my-vpn/my-queue/a%2Fb%2Fc
+```
+
+## Notes
+
+* Terraform `apply` is not atomic.  If interrupted by a user, failure, reboot, or switchover the configuration changes may be partly applied.  Terraform does not perform rollbacks.
+* Terraform must be the authoritative source of configuration.  If there is any overlap between Terraform controlled configuration and either pre-existing configuration or modifications from other management interfaces the behaviour will be undefined.
+* Apply operations may impact broker AD performance, especially large changes.  The `request_min_interval` attribute on the provider limits the request rate and can be adjusted to control the impact.
+* Application of configuration may cause brief service interruptions to the resources affected.  These can include a queue missing a published message or clients being briefly disconnected.  These outages are no different from a current administrator manually making an equivalent change to a broker.
\ No newline at end of file
diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl
new file mode 100644
index 00000000..43c31147
--- /dev/null
+++ b/templates/index.md.tmpl
@@ -0,0 +1,40 @@
+---
+page_title: "Provider: solacebroker"
+description: |-
+  A provider for a Solace PubSub+ Software Event Broker.  
+---
+
+# Solace PubSub+ Software Event Broker (solacebroker) Provider
+
+The [Solace PubSub+ Platform](https://solace.com/products/platform/)'s [PubSub+ Software Event Broker](https://solace.com/products/event-broker/software/) 
+efficiently streams event-driven information between applications, IoT devices and user interfaces running in cloud, on-premises, and hybrid environments 
+using open APIs and protocols like AMQP, JMS, MQTT, REST and WebSocket.
+
+It can be installed into a variety of public and private clouds, PaaS, and on-premises environments, 
+and brokers in multiple locations can be linked together in an [Event Mesh](https://solace.com/what-is-an-event-mesh/) 
+to dynamically share events across the distributed enterprise.
+
+## Overview
+
+The _solacebroker_ provider enables you to configure a PubSub+ Software Event Broker using Terraform.
+
+This provider also offers the possibility to generate an [HCL configuration](https://developer.hashicorp.com/terraform/language) file from a preconfigured event broker.
+
+Use the navigation to the left for more information in the guides and for the available provider resources and data sources.
+
+## Minimum broker version
+
+The minimum required PubSub+ Software Event Broker version is 10.4.
+
+## Example Usage
+
+{{ tffile "examples/sampleconfig.tf" }}
+
+{{ .SchemaMarkdown | trimspace }}
+
+-> All provider configuration values can also be set as environment variables with the same name but uppercase and with the `SOLACEBROKER_` prefix.
+For example, the password attribute can be set via the `SOLACEBROKER_PASSWORD` environment variable.  Values in the configuration take precedence over environment variables.
+
+# Release Notes and History
+
+For detailed Release Notes and release history, refer to the Releases section in the [Provider GitHub repository](https://github.com/SolaceProducts/terraform-provider-solacebroker/releases).
diff --git a/terraform-registry-manifest.json b/terraform-registry-manifest.json
new file mode 100644
index 00000000..fec2a569
--- /dev/null
+++ b/terraform-registry-manifest.json
@@ -0,0 +1,6 @@
+{
+    "version": 1,
+    "metadata": {
+        "protocol_versions": ["6.0"]
+    }
+}
diff --git a/tools/tools.go b/tools/tools.go
new file mode 100644
index 00000000..f35d2326
--- /dev/null
+++ b/tools/tools.go
@@ -0,0 +1,24 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build tools
+
+package tools
+
+import (
+	// Documentation generation
+	_ "github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs"
+)
diff --git a/version.go b/version.go
new file mode 100644
index 00000000..49ea1ba8
--- /dev/null
+++ b/version.go
@@ -0,0 +1,19 @@
+// terraform-provider-solacebroker
+//
+// Copyright 2023 Solace Corporation. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+const version = "0.5.9"