From 41b6f06c81d62c5f55c093de503e53541ecbd741 Mon Sep 17 00:00:00 2001
From: pranavskumar <pra.kumar@f5.com>
Date: Wed, 11 Sep 2024 11:18:34 +0530
Subject: [PATCH] 11 Sept Release

---
 docs/resources/volterra_apm.md                |    2 +-
 docs/resources/volterra_cloud_site_labels.md  |    2 +-
 docs/resources/volterra_service_policy.md     |  363 +-
 .../resources/volterra_service_policy_rule.md |    4 +-
 ...ection_resource_volterra_service_policy.go |  164 +-
 volterra/resource_helper.go                   |    2 +-
 .../resource_volterra_reg_approval_test.go    |    2 +
 ...resource_volterra_registration_approval.go |    1 +
 volterra/resource_volterra_service_policy.go  | 8211 +++++++++++------
 volterra/resource_volterra_token.go           |   28 +-
 10 files changed, 5677 insertions(+), 3102 deletions(-)

diff --git a/docs/resources/volterra_apm.md b/docs/resources/volterra_apm.md
index d7bdb28b4..3598ace3b 100644
--- a/docs/resources/volterra_apm.md
+++ b/docs/resources/volterra_apm.md
@@ -18,7 +18,7 @@ description: "The apm allows CRUD of Apm  resource on Volterra SaaS"
 
 The Apm  allows CRUD of Apm  resource on Volterra SaaS
 
-~> **Note:** Please refer to [Apm  API docs](https://docs.cloud.f5.com/docs-v2/api/apm) to learn more
+~> **Note:** Please refer to [Apm  API docs]( https://docs.cloud.f5.com/docs-v2/api/bigip-apm) to learn more
 
 ## Example Usage
 
diff --git a/docs/resources/volterra_cloud_site_labels.md b/docs/resources/volterra_cloud_site_labels.md
index b9497293e..6008cb970 100644
--- a/docs/resources/volterra_cloud_site_labels.md
+++ b/docs/resources/volterra_cloud_site_labels.md
@@ -10,7 +10,7 @@ Resource volterra_cloud_site_labels
 
 volterra_cloud_site_labels resource updates the labels for the cloud site also known as view sites
 
-~> **Note:** Please add ignore_lifecycle hooks for your you cloud sites to ignore updates on labels and control the update of site label through this resource. Below is a sample snippet.
+~> **Note:** Please add ignore_lifecycle hooks for your cloud sites to ignore updates on labels and control the update of site label through this resource. Below is a sample snippet.
 
 ```
 lifecycle {
diff --git a/docs/resources/volterra_service_policy.md b/docs/resources/volterra_service_policy.md
index c0bfd5334..d529c0565 100644
--- a/docs/resources/volterra_service_policy.md
+++ b/docs/resources/volterra_service_policy.md
@@ -312,7 +312,9 @@ The predicate evaluates to true if the destination address is covered by one or
 
 `invert_match` - (Optional) Invert the match result. (`Bool`).
 
-`ip_prefixes` - (Required) List of IPv4 prefix strings. (`String`).
+`ip_prefixes` - (Optional) List of IPv4 prefix strings. (`String`).
+
+`ipv6_prefixes` - (Optional) List of IPv6 prefix strings. (`String`).
 
 ### Headers
 
@@ -352,7 +354,9 @@ The predicate evaluates to true if the client IPv4 Address is covered by one or
 
 `invert_match` - (Optional) Invert the match result. (`Bool`).
 
-`ip_prefixes` - (Required) List of IPv4 prefix strings. (`String`).
+`ip_prefixes` - (Optional) List of IPv4 prefix strings. (`String`).
+
+`ipv6_prefixes` - (Optional) List of IPv6 prefix strings. (`String`).
 
 ### Item
 
@@ -392,10 +396,6 @@ List of references to service_policy_rule objects.
 
 `rules` - (Optional) The order of evaluation of the rules depends on the rule combining algorithm.. See [ref](#ref) below for details.
 
-### Malicious User Mitigation Bypass
-
-the appropriate match conditions in the enclosing policy rule and setting malicious user mitigation bypass flag..
-
 ### Metadata
 
 Common attributes for the rule including name and description..
@@ -422,6 +422,8 @@ The predicate evaluates to true if the actual path value matches any of the exac
 
 `transformers` - (Optional) An ordered list of transformers (starting from index 0) to be applied to the path before matching. (`List of Strings`).
 
+`invert_matcher` - (Optional) Invert the match result. (`Bool`).
+
 ### Port Matcher
 
 The list of port ranges to which the destination port should belong. In case of an HTTP Connect, the port is extracted from the desired destination..
@@ -434,7 +436,9 @@ The list of port ranges to which the destination port should belong. In case of
 
 Addresses that are covered by the given list of IPv4 prefixes.
 
-`prefixes` - (Required) List of IPv4 prefixes that represent an endpoint (`String`).
+`prefixes` - (Optional) List of IPv4 prefixes that represent an endpoint (`String`).
+
+`ipv6_prefixes` - (Optional) List of IPv6 prefix strings (`String`).
 
 ### Query Params
 
@@ -508,6 +512,10 @@ Specification for the rule including match predicates and actions..
 
 `body_matcher` - (Optional) The actual request body value is extracted from the request API as a string.. See [Body Matcher ](#body-matcher) below for details.
 
+`bot_action` - (Optional) Bot action to be enforced if the input request matches the rule. See [Bot Action ](#bot-action)
+
+`mum_action` - (Optional) Specifies how Malicious User Mitigation is handled. See [MUM Action ](#mum-action) below for details.
+
 `challenge_action` - (Required) Select challenge action, enable javascript/captcha challenge or disable challenge (`String`).
 
 `any_client` - (Optional) Any Client (bool).
@@ -518,8 +526,12 @@ Specification for the rule including match predicates and actions..
 
 `client_selector` - (Optional) The predicate evaluates to true if the expressions in the label selector are true for the client labels.. See [Client Selector ](#client-selector) below for details.
 
+`ip_threat_category_list` - (Optional) IP threat categories to choose from. See [Client Choice Ip Threat Category List ](#client-choice-ip-threat-category-list) below for details.
+
 `client_role` - (Optional) The predicate evaluates to true if any of the client's roles match the value(s) specified in client role.. See [Client Role ](#client-role) below for details.
 
+`content_rewrite_action` - (Optional) Rewrite HTML response action to insert HTML content such as Javascript script tags into the HTML document. See [Content Rewrite Action ](#content-rewrite-action) below for details.
+
 `cookie_matchers` - (Optional) Note that all specified cookie matcher predicates must evaluate to true.. See [Cookie Matchers ](#cookie-matchers) below for details.
 
 `domain_matcher` - (Optional) matcher.. See [Domain Matcher ](#domain-matcher) below for details.
@@ -534,7 +546,7 @@ Specification for the rule including match predicates and actions..
 
 `dst_ip_matcher` - (Optional) The predicate evaluates to true if the client IPv4 Address is covered by one or more of the IPv4 Prefixes in the IP Prefix Sets.. See [Dst Ip Matcher ](#dst-ip-matcher) below for details.
 
-`dst_ip_prefix_list` - (Optional) The predicate evaluates to true if the destination address is covered by one or more of the IPv4 Prefixes from the list.. See [Dst Ip Prefix List ](#dst-ip-prefix-list) below for details.
+`dst_ip_prefix_list` - (Optional) The predicate evaluates to true if the destination address is covered by one or more of the IP Prefixes from the list. See [Dst Ip Prefix List ](#dst-ip-prefix-list) below for details.
 
 `expiration_timestamp` - (Optional) the configuration but is not applied anymore. (`String`).
 
@@ -550,14 +562,12 @@ Specification for the rule including match predicates and actions..
 
 `ip_matcher` - (Optional) The predicate evaluates to true if the client IPv4 Address is covered by one or more of the IPv4 Prefixes in the IP Prefix Sets.. See [Ip Matcher ](#ip-matcher) below for details.
 
-`ip_prefix_list` - (Optional) The predicate evaluates to true if the client IPv4 Address is covered by one or more of the IPv4 Prefixes from the list.. See [Ip Prefix List ](#ip-prefix-list) below for details.
+`ip_prefix_list` - (Optional) The predicate evaluates to true if the client IP Address is covered by one or more of the IP Prefixes from the list. See [Ip Prefix List ](#ip-prefix-list) below for details.
 
 `l4_dest_matcher` - (Optional) IP matches one of the prefixes and the destination port belongs to the port range.. See [L4 Dest Matcher ](#l4-dest-matcher) below for details.
 
 `label_matcher` - (Optional) other labels do not matter.. See [Label Matcher ](#label-matcher) below for details.
 
-`malicious_user_mitigation_bypass` - (Optional) the appropriate match conditions in the enclosing policy rule and setting malicious user mitigation bypass flag. (bool).
-
 `path` - (Optional) The predicate evaluates to true if the actual path value matches any of the exact or prefix values or regular expressions in the path matcher.. See [Path ](#path) below for details.
 
 `port_matcher` - (Optional) The list of port ranges to which the destination port should belong. In case of an HTTP Connect, the port is extracted from the desired destination.. See [Port Matcher ](#port-matcher) below for details.
@@ -570,6 +580,8 @@ Specification for the rule including match predicates and actions..
 
 `server_selector` - (Optional) The predicate evaluates to true if the expressions in the label selector are true for the server labels.. See [Server Selector ](#server-selector) below for details.
 
+`shape_protected_endpoint_action` - (Optional) Shape Protected Endpoint Action that include application traffic type and mitigation.. See [Shape Protected Endpoint Action](#shape-protected-endpoint-action) below for details.
+
 `tls_fingerprint_matcher` - (Optional) The predicate evaluates to true if the TLS fingerprint matches any of the exact values or classes of known TLS fingerprints.. See [Tls Fingerprint Matcher ](#tls-fingerprint-matcher) below for details.
 
 `url_matcher` - (Optional) A URL matcher specifies a list of URL items as match criteria. The match is considered successful if the domain and path match any of the URL items.. See [Url Matcher ](#url-matcher) below for details.
@@ -578,6 +590,14 @@ Specification for the rule including match predicates and actions..
 
 `waf_action` - (Required) App Firewall action to be enforced if the input request matches the rule.. See [Waf Action ](#waf-action) below for details.
 
+`jwt_claims` - (Optional) A list of predicates for various JWT claims that need to match. The criteria for matching each JWT claim are described in individual JWTClaimMatcherType instances. The actual JWT claims values are extracted from the JWT payload as a list of strings.Note that all specified JWT claim predicates must evaluate to true. See [Jwt Claims ](#jwt-claims) below for details.
+
+`request_constraints` - (Optional) Place limits on request based on the request attributes. The request matches if any of the attribute sizes exceed the corresponding maximum value.. See [Request Constraints ](#request-constraints) below for details.
+
+`user_identity_matcher` - (Optional) Match the specified user identity. The format is prefixed by the type.. See [User Identity Matcher ](#user-identity-matcher) below for details.
+
+`segment_policy` - (Optional) Skip the configuration or set option as Any to ignore corresponding segment match. See [Segment Policy ](#segment-policy) below for details.
+
 ### Tls Fingerprint Matcher
 
 The predicate evaluates to true if the TLS fingerprint matches any of the exact values or classes of known TLS fingerprints..
@@ -628,35 +648,328 @@ App Firewall action to be enforced if the input request matches the rule..
 
 `waf_in_monitoring_mode` - (Optional) App Firewall will run in monitoring mode without blocking the request (bool).
 
-`waf_inline_rule_control` - (Optional) App Firewall rule changes to be applied for this request. See [Waf Inline Rule Control ](#waf-inline-rule-control) below for details.
-
-`waf_rule_control` - (Optional) App Firewall rule changes to be applied for this request. See [Waf Rule Control ](#waf-rule-control) below for details.
-
 `waf_skip_processing` - (Optional) Skip all App Firewall processing for this request (bool).
 
+`app_firewall_detection_control` - (Optional) Define the list of Signature IDs, Violations, Attack Types and Bot Names that should be excluded from triggering on the defined match criteria.. See [Waf Advanced Configuration App Firewall Detection Control ](#waf-advanced-configuration-app-firewall-detection-control) below for details.
+
 ### Waf In Monitoring Mode
 
 App Firewall will run in monitoring mode without blocking the request.
 
-### Waf Inline Rule Control
 
-App Firewall rule changes to be applied for this request.
+### Waf Skip Processing
 
-`exclude_rule_ids` - (Optional) App Firewall Rule IDs to be excluded for this request (`List of Strings`).
+Skip all App Firewall processing for this request.
 
-`monitoring_mode` - (Optional) App Firewall will run in monitoring mode without blocking the request (`Bool`).
+### Bot Action
 
-### Waf Rule Control
+Bot action to be enforced if the input request matches the rule.
 
-App Firewall rule changes to be applied for this request.
+###### One of the arguments from this list "bot_skip_processing none" must be set
 
-`exclude_rule_ids` - (Optional) App Firewall Rule List specifying the rule IDs to be excluded for this request. See [ref](#ref) below for details.
+`bot_skip_processing` - (Optional) Skip all Bot processing for this request (`Bool`).
 
-`monitoring_mode` - (Optional) App Firewall will run in monitoring mode without blocking the request (`Bool`).
+`none` - (Optional) Perform normal Bot processing for this request (`Bool`).
 
-### Waf Skip Processing
+### MUM Action
 
-Skip all App Firewall processing for this request.
+Specifies how Malicious User Mitigation is handled
+
+###### One of the arguments from this list "default skip_processing" must be set
+
+`default` - (Optional) Perform the default enforcement for this request (`Bool`).
+
+`skip_processing` - (Optional) Do not perform enforcement for this request (`Bool`).
+
+### Client Choice Ip Threat Category List 
+
+IP threat categories to choose from.
+
+`ip_threat_categories` - (Required) The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions (`List of Strings`).
+
+### Content Rewrite Action 
+
+Rewrite HTML response action to insert HTML content such as Javascript script tags into the HTML document.
+
+`element_selector` - (Required) Element selector to insert into. (`String`).
+
+`insert_content` - (Optional) HTML content to insert. (`String`).
+
+`inserted_types` - (Optional) Inserted types of security configuration like Bot Defense, Client Side Defense. (`Bool`).
+
+`position` - (Optional) Position of HTML content to be inserted within HTML tag. (`String`).
+
+### Shape Protected Endpoint Action
+
+Shape Protected Endpoint Action that include application traffic type and mitigation.
+
+`allow_goodbot` - (Required) Good bot (`Bool`).
+
+`app_traffic_type` - (Required) Traffic type (`String`).
+
+`flow_label` - (Required) Flow label (`String`).
+
+`mitigation` - (Required) Mitigation action for protected endpoint. See [Shape Protected Endpoint Action Mitigation ](#shape-protected-endpoint-action-mitigation) below for details.
+
+`transaction_result` - (Optional) Success/failure Criteria for transaction result. See [Shape Protected Endpoint Action Transaction Result ](#shape-protected-endpoint-action-transaction-result) below for details.
+
+`web_scraping` - (Required) Web scraping protection enabled for protected endpoint (`Bool`).
+
+### Shape Protected Endpoint Action Mitigation 
+
+Mitigation action for protected endpoint.
+
+###### One of the arguments from this list "none, block, redirect, flag" can be set
+
+`block` - (Optional) Block bot request and send response with custom content.. See [Action Type Block ](#action-type-block) below for details.
+
+`flag` - (Optional) Flag the request while not taking any invasive actions.. See [Action Type Flag ](#action-type-flag) below for details.
+
+`none` - (Optional) No mitigation actions. (`Bool`).(Deprecated)
+
+`redirect` - (Optional) Redirect bot request to a custom URI.. See [Action Type Redirect ](#action-type-redirect) below for details.
+
+### Shape Protected Endpoint Action Transaction Result 
+ 
+Success/failure Criteria for transaction result.
+ 
+`failure_conditions` - (Optional) Failure Conditions. See [Transaction Result Failure Conditions ](#transaction-result-failure-conditions) below for details.
+ 
+`success_conditions` - (Optional) Success Conditions. See [Transaction Result Success Conditions ](#transaction-result-success-conditions) below for details.
+
+### Transaction Result Failure Conditions 
+
+Failure Conditions.
+
+`name` - (Optional) A case-insensitive HTTP header name. (`String`).
+
+`regex_values` - (Optional) A list of regular expressions to match the input against. (`String`).
+
+`status` - (Required) HTTP Status code (`String`).
+
+### Transaction Result Success Conditions 
+
+Success Conditions.
+
+`name` - (Optional) A case-insensitive HTTP header name. (`String`).
+
+`regex_values` - (Optional) A list of regular expressions to match the input against. (`String`).
+
+`status` - (Required) HTTP Status code (`String`).
+
+### Action Type Block 
+
+Block bot request and send response with custom content..
+
+`body` - (Optional) E.g. "<p> Your request was blocked </p>". Base64 encoded string for this html is "LzxwPiBZb3VyIHJlcXVlc3Qgd2FzIGJsb2NrZWQgPC9wPg==" (`String`).
+
+`body_hash` - (Optional) Represents the corresponding MD5 Hash for the body message. (`String`).(Deprecated)
+
+`status` - (Optional) HTTP Status code to respond with (`String`).
+
+### Action Type Flag 
+
+Flag the request while not taking any invasive actions..
+
+###### One of the arguments from this list "no_headers, append_headers" can be set
+
+`append_headers` - (Optional) Append mitigation headers.. See [Send Headers Choice Append Headers ](#send-headers-choice-append-headers) below for details.
+
+`no_headers` - (Optional) No mitigation headers. (`Bool`).
+
+### Send Headers Choice Append Headers 
+
+Append mitigation headers..
+
+`auto_type_header_name` - (Required) A case-insensitive HTTP header name. (`String`).
+
+`inference_header_name` - (Required) A case-insensitive HTTP header name. (`String`).
+
+### Action Type Redirect 
+
+Redirect bot request to a custom URI..
+
+`uri` - (Required) URI location for redirect may be relative or absolute. (`String`).
+
+### Waf Advanced Configuration App Firewall Detection Control 
+
+Define the list of Signature IDs, Violations, Attack Types and Bot Names that should be excluded from triggering on the defined match criteria..
+
+`exclude_attack_type_contexts` - (Optional) Attack Types to be excluded for the defined match criteria. See [App Firewall Detection Control Exclude Attack Type Contexts ](#app-firewall-detection-control-exclude-attack-type-contexts) below for details.
+
+`exclude_bot_name_contexts` - (Optional) Bot Names to be excluded for the defined match criteria. See [App Firewall Detection Control Exclude Bot Name Contexts ](#app-firewall-detection-control-exclude-bot-name-contexts) below for details.
+
+`exclude_signature_contexts` - (Optional) Signature IDs to be excluded for the defined match criteria. See [App Firewall Detection Control Exclude Signature Contexts ](#app-firewall-detection-control-exclude-signature-contexts) below for details.
+
+`exclude_violation_contexts` - (Optional) Violations to be excluded for the defined match criteria. See [App Firewall Detection Control Exclude Violation Contexts ](#app-firewall-detection-control-exclude-violation-contexts) below for details.
+
+### App Firewall Detection Control Exclude Attack Type Contexts 
+
+Attack Types to be excluded for the defined match criteria.
+
+`context` - (Required) x-required (`String`).
+
+`context_name` - (Optional) Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. (`String`).
+
+`exclude_attack_type` - (Required) x-required (`String`).
+
+### App Firewall Detection Control Exclude Bot Name Contexts 
+
+Bot Names to be excluded for the defined match criteria.
+
+`bot_name` - (Required) x-example: "Hydra" (`String`).
+
+### App Firewall Detection Control Exclude Signature Contexts 
+
+Signature IDs to be excluded for the defined match criteria.
+
+`context` - (Required) x-required (`String`).
+
+`context_name` - (Optional) Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. (`String`).
+
+`signature_id` - (Required) 0 implies that all signatures will be excluded for the specified context. (`Int`).
+
+### App Firewall Detection Control Exclude Violation Contexts 
+
+Violations to be excluded for the defined match criteria.
+
+`context` - (Required) x-required (`String`).
+
+`context_name` - (Optional) Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. (`String`).
+
+`exclude_violation` - (Required) x-required (`String`).
+
+### Jwt Claims 
+
+List of predicates for various JWT claims that need to match. 
+
+`invert_matcher` - (Optional) Invert the match result. (`Bool`).
+
+###### One of the arguments from this list "check_present, check_not_present, item" must be set
+
+`check_not_present` - (Optional) Check that the JWT Claim is not present. (`Bool`).
+
+`check_present` - (Optional) Check that the JWT Claim is present. (`Bool`).
+
+`item` - (Optional) Criteria for matching the values for the JWT Claim. The match is successful if any of the values in the input satisfies the criteria in the matcher. See [Match Item ](#match-item) below for details.
+
+`name` - (Required) JWT claim name. (`String`).
+
+### Match Item 
+
+Criteria for matching the values for the JWT Claim. The match is successful if any of the values in the input satisfies the criteria in the matcher.
+
+`exact_values` - (Optional) A list of exact values to match the input against. (`String`).
+
+`regex_values` - (Optional) A list of regular expressions to match the input against. (`String`).
+
+`transformers` - (Optional) An ordered list of transformers (starting from index 0) to be applied to the path before matching. (`List of Strings`).
+
+### Request Constraints 
+
+Place limits on request based on the request attributes. The request matches if any of the attribute sizes exceed the corresponding maximum value..
+
+###### One of the arguments from this list "max_cookie_count_none, max_cookie_count_exceeds" must be set
+
+`max_cookie_count_exceeds` - (Optional) x-example: "40" (`Int`).
+
+`max_cookie_count_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+###### One of the arguments from this list "max_cookie_key_size_none, max_cookie_key_size_exceeds" must be set
+
+`max_cookie_key_size_exceeds` - (Optional) x-example: "64" (`Int`).
+
+`max_cookie_key_size_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+###### One of the arguments from this list "max_cookie_value_size_none, max_cookie_value_size_exceeds" must be set
+
+`max_cookie_value_size_exceeds` - (Optional) x-example: "4096" (`Int`).
+
+`max_cookie_value_size_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+###### One of the arguments from this list "max_header_count_none, max_header_count_exceeds" must be set
+
+`max_header_count_exceeds` - (Optional) x-example: "20" (`Int`).
+
+`max_header_count_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+###### One of the arguments from this list "max_header_key_size_none, max_header_key_size_exceeds" must be set
+
+`max_header_key_size_exceeds` - (Optional) x-example: "32" (`Int`).
+
+`max_header_key_size_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+###### One of the arguments from this list "max_header_value_size_none, max_header_value_size_exceeds" must be set
+
+`max_header_value_size_exceeds` - (Optional) x-example: "1024" (`Int`).
+
+`max_header_value_size_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+###### One of the arguments from this list "max_parameter_count_exceeds, max_parameter_count_none" must be set
+
+`max_parameter_count_exceeds` - (Optional) x-example: "4" (`Int`).
+
+`max_parameter_count_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+###### One of the arguments from this list "max_parameter_name_size_none, max_parameter_name_size_exceeds" must be set
+
+`max_parameter_name_size_exceeds` - (Optional) x-example: "64" (`Int`).
+
+`max_parameter_name_size_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+###### One of the arguments from this list "max_parameter_value_size_none, max_parameter_value_size_exceeds" must be set
+
+`max_parameter_value_size_exceeds` - (Optional) x-example: "1000" (`Int`).
+
+`max_parameter_value_size_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+###### One of the arguments from this list "max_query_size_none, max_query_size_exceeds" must be set
+
+`max_query_size_exceeds` - (Optional) x-example: "4096" (`Int`).
+
+`max_query_size_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+###### One of the arguments from this list "max_request_line_size_none, max_request_line_size_exceeds" must be set
+
+`max_request_line_size_exceeds` - (Optional) x-example: "4096" (`Int`).
+
+`max_request_line_size_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+###### One of the arguments from this list "max_request_size_none, max_request_size_exceeds" must be set
+
+`max_request_size_exceeds` - (Optional) x-example: "32768" (`Int`).
+
+`max_request_size_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+###### One of the arguments from this list "max_url_size_none, max_url_size_exceeds" must be set
+
+`max_url_size_exceeds` - (Optional) x-example: "4096" (`Int`).
+
+`max_url_size_none` - (Optional) x-displayName: "Not Configured" (`Bool`).
+
+### User Identity Matcher
+
+Match the specified user identity. The format is prefixed by the type.
+
+`exact_values` - (Optional) A list of exact values to match the input against. (`String`).
+
+`regex_values` - (Optional) A list of regular expressions to match the input against. (`String`).
+
+### Segment Policy 
+
+Skip the configuration or set option as Any to ignore corresponding segment match.
+
+###### One of the arguments from this list "src_any, src_segments" can be set
+
+`src_any` - (Optional) Traffic is not matched against any segment (`Bool`).
+
+`src_segments` - (Optional) Source traffic is matched against selected segments. See [Src Segment Choice Src Segments ](#src-segments) below for details.
+
+### Src Segments
+
+Source traffic is matched against selected segments.
+
+`segments` - (Required) Select list of segments. See [ref](#ref) below for details.
 
 Attribute Reference
 -------------------
diff --git a/docs/resources/volterra_service_policy_rule.md b/docs/resources/volterra_service_policy_rule.md
index b7ce2f3e5..45679e1bb 100644
--- a/docs/resources/volterra_service_policy_rule.md
+++ b/docs/resources/volterra_service_policy_rule.md
@@ -190,7 +190,7 @@ resource "volterra_service_policy_rule" "example" {
 
 
 
-`content_rewrite_action` - (Optional) Rewrite HTML response action to insert HTML content such as Javascript <script> tags into the HTML document. See [Content Rewrite Action ](#content-rewrite-action) below for details.(Deprecated)
+`content_rewrite_action` - (Optional) Rewrite HTML response action to insert HTML content such as Javascript script tags into the HTML document. See [Content Rewrite Action ](#content-rewrite-action) below for details.(Deprecated)
 
 
 
@@ -794,7 +794,7 @@ resource "volterra_service_policy_rule" "example" {
 
 ### Content Rewrite Action 
 
- Rewrite HTML response action to insert HTML content such as Javascript <script> tags into the HTML document.
+ Rewrite HTML response action to insert HTML content such as Javascript script tags into the HTML document.
 
 `element_selector` - (Required) Element selector to insert into. (`String`).
 
diff --git a/volterra/drift_detection/drift_detection_resource_volterra_service_policy.go b/volterra/drift_detection/drift_detection_resource_volterra_service_policy.go
index c71a65e5f..1dc525635 100644
--- a/volterra/drift_detection/drift_detection_resource_volterra_service_policy.go
+++ b/volterra/drift_detection/drift_detection_resource_volterra_service_policy.go
@@ -14,7 +14,8 @@ func FlattenPrefixList(f *ves_io_schema_views.PrefixStringListType) []interface{
 	rslt := make([]interface{}, 0)
 	if f != nil {
 		val := map[string]interface{}{
-			"prefixes": f.GetPrefixes(),
+			"prefixes":      f.GetPrefixes(),
+			"ipv6_prefixes": f.GetIpv6Prefixes(),
 		}
 		rslt = append(rslt, val)
 	}
@@ -61,25 +62,11 @@ func FlattenPortMatcher(f *ves_io_schema_policy.PortMatcherType) []interface{} {
 	return rslt
 }
 
-func FlattenRulesServicePolicy(f []*ves_io_schema.ObjectRefType) interface{} {
-	rstl := make([]interface{}, 0)
-	for _, fval := range f {
-		val := map[string]interface{}{
-			"kind":      fval.GetKind(),
-			"name":      fval.GetName(),
-			"namespace": fval.GetNamespace(),
-			"tenant":    fval.GetTenant(),
-		}
-		rstl = append(rstl, val)
-	}
-	return rstl
-}
-
 func FlattenLegacyRuleList(f *ves_io_schema_service_policy.LegacyRuleList) []interface{} {
 	rslt := make([]interface{}, 0)
 	if f != nil {
 		val := map[string]interface{}{
-			"rules": FlattenRulesServicePolicy(f.GetRules()),
+			"rules": FlattenObjectRefTypeList(f.GetRules()),
 		}
 		rslt = append(rslt, val)
 	}
@@ -139,17 +126,7 @@ func FlattenContentRewriteAction(f *ves_io_schema_policy.ContentRewriteAction) i
 			"element_selector": f.GetElementSelector(),
 			"insert_content":   f.GetInsertContent(),
 			"position":         f.GetPosition().String(),
-		}
-		rslt = append(rslt, val)
-	}
-	return rslt
-}
-
-func FlattenDstAsnList(f *ves_io_schema_policy.AsnMatchList) interface{} {
-	rslt := make([]interface{}, 0)
-	if f != nil {
-		val := map[string]interface{}{
-			"as_numbers": FlattenAsNumbers(f.GetAsNumbers()),
+			// "inserted_types":   f.GetInsertedTypes(),
 		}
 		rslt = append(rslt, val)
 	}
@@ -195,11 +172,12 @@ func FlattenPathServicePolicy(f *ves_io_schema_policy.PathMatcherType) interface
 	rslt := make([]interface{}, 0)
 	if f != nil {
 		val := map[string]interface{}{
-			"exact_values":  f.GetExactValues(),
-			"prefix_values": f.GetPrefixValues(),
-			"regex_values":  f.GetRegexValues(),
-			"suffix_values": f.GetSuffixValues(),
-			"transformers":  FlattenTransformers(f.GetTransformers()),
+			"exact_values":   f.GetExactValues(),
+			"prefix_values":  f.GetPrefixValues(),
+			"regex_values":   f.GetRegexValues(),
+			"suffix_values":  f.GetSuffixValues(),
+			"transformers":   FlattenTransformers(f.GetTransformers()),
+			"invert_matcher": f.GetInvertMatcher(),
 		}
 		rslt = append(rslt, val)
 	}
@@ -221,8 +199,12 @@ func FlattenShapeProtectedEndpointAction(f *ves_io_schema_policy.ShapeProtectedE
 	rslt := make([]interface{}, 0)
 	if f != nil {
 		val := map[string]interface{}{
-			"app_traffic_type": f.GetAppTrafficType().String(),
-			"mitigation":       FlattenSPMitigation(f.GetMitigation()),
+			"app_traffic_type":   f.GetAppTrafficType().String(),
+			"mitigation":         FlattenMitigation(f.GetMitigation()),
+			"allow_goodbot":      f.GetAllowGoodbot(),
+			"web_scraping":       f.GetWebScraping(),
+			"flow_label":         f.GetFlowLabel(),
+			"transaction_result": FlattenTransactionResult(f.GetTransactionResult()),
 		}
 		rslt = append(rslt, val)
 	}
@@ -282,6 +264,7 @@ func FlattenSpecServicePolicy(f *ves_io_schema_service_policy_rule.GlobalSpecTyp
 			"asn_matcher":                     FlattenAsnMatcher(f.GetAsnMatcher()),
 			"body_matcher":                    FlattenItem(f.GetBodyMatcher()),
 			"bot_action":                      FlattenBotAction(f.GetBotAction()),
+			"mum_action":                      FlattenMumAction(f.GetMumAction()),
 			"challenge_action":                f.GetChallengeAction().String(),
 			"any_client":                      f.GetAnyClient() != nil,
 			"client_name":                     f.GetClientName(),
@@ -293,11 +276,11 @@ func FlattenSpecServicePolicy(f *ves_io_schema_service_policy_rule.GlobalSpecTyp
 			"cookie_matchers":                 FlattenCookieMatchers(f.GetCookieMatchers()),
 			"domain_matcher":                  FlattenItem(f.GetDomainMatcher()),
 			"any_dst_asn":                     isEmpty(f.GetAnyDstAsn()),
-			"dst_asn_list":                    FlattenDstAsnList(f.GetDstAsnList()),
+			"dst_asn_list":                    FlattenAsnList(f.GetDstAsnList()),
 			"dst_asn_matcher":                 FlattenAsnMatcher(f.GetDstAsnMatcher()),
 			"any_dst_ip":                      f.GetAnyDstIp() != nil,
 			"dst_ip_matcher":                  FlattenIpMatcher(f.GetDstIpMatcher()),
-			"dst_ip_prefix_list":              FlattenSPIpPrefixList(f.GetDstIpPrefixList()),
+			"dst_ip_prefix_list":              FlattenIpPrefixList(f.GetDstIpPrefixList()),
 			"expiration_timestamp":            FlattenExpirationTimestamp(f.GetExpirationTimestamp()),
 			"forwarding_class":                FlattenObjectRefTypeList(f.GetForwardingClass()),
 			"goto_policy":                     FlattenObjectRefTypeList(f.GetGotoPolicy()),
@@ -305,7 +288,7 @@ func FlattenSpecServicePolicy(f *ves_io_schema_service_policy_rule.GlobalSpecTyp
 			"http_method":                     FlattenHttpMethod(f.GetHttpMethod()),
 			"any_ip":                          f.GetAnyIp() != nil,
 			"ip_matcher":                      FlattenIpMatcher(f.GetIpMatcher()),
-			"ip_prefix_list":                  FlattenSPIpPrefixList(f.GetIpPrefixList()),
+			"ip_prefix_list":                  FlattenIpPrefixList(f.GetIpPrefixList()),
 			"l4_dest_matcher":                 FlattenL4DestMatcher(f.GetL4DestMatcher()),
 			"label_matcher":                   FlattenLabelMatcher(f.GetLabelMatcher()),
 			"path":                            FlattenPathServicePolicy(f.GetPath()),
@@ -319,6 +302,95 @@ func FlattenSpecServicePolicy(f *ves_io_schema_service_policy_rule.GlobalSpecTyp
 			"url_matcher":                     FlattenUrlMatcher(f.GetUrlMatcher()),
 			"virtual_host_matcher":            FlattenItem(f.GetVirtualHostMatcher()),
 			"waf_action":                      FlattenWafAction(f.GetWafAction()),
+			"jwt_claims":                      FlattenJwtClaims(f.GetJwtClaims()),
+			"request_constraints":             FlattenRequestConstraints(f.GetRequestConstraints()),
+			"user_identity_matcher":           FlattenUserIdentityMatcher(f.GetUserIdentityMatcher()),
+			"segment_policy":                  FlattenSegmentPolicy(f.GetSegmentPolicy()),
+		}
+		rslt = append(rslt, val)
+	}
+	return rslt
+}
+
+func FlattenSegmentPolicy(x *ves_io_schema_policy.SegmentPolicyType) interface{} {
+	rslt := make([]interface{}, 0)
+	if x != nil {
+		temp := map[string]interface{}{
+			"src_segments": FlattenSrcSegments(x.GetSrcSegments()),
+			"src_any":      isEmpty(x.GetSrcAny()),
+		}
+		rslt = append(rslt, temp)
+	}
+	return rslt
+
+}
+
+func FlattenSrcSegments(x *ves_io_schema_views.SegmentRefList) interface{} {
+	rslt := make([]interface{}, 0)
+	if x != nil {
+		temp := map[string]interface{}{
+			"segments": FlattenVObjectRefTypeList(x.GetSegments()),
+		}
+		rslt = append(rslt, temp)
+	}
+	return rslt
+}
+
+func FlattenUserIdentityMatcher(x *ves_io_schema_policy.MatcherTypeBasic) interface{} {
+	res := make([]interface{}, 0)
+	if x != nil {
+		val := map[string]interface{}{
+			"exact_values": x.GetExactValues(),
+			"regex_values": x.GetRegexValues(),
+		}
+		res = append(res, val)
+	}
+	return res
+}
+
+func FlattenRequestConstraints(f *ves_io_schema_policy.RequestConstraintType) interface{} {
+
+	rslt := make([]interface{}, 0)
+	if f != nil {
+		val := map[string]interface{}{
+			"max_cookie_count_none":            isEmpty(f.GetMaxCookieCountNone()),
+			"max_cookie_count_exceeds":         f.GetMaxCookieCountExceeds(),
+			"max_cookie_key_size_none":         isEmpty(f.GetMaxCookieKeySizeNone()),
+			"max_cookie_key_size_exceeds":      f.GetMaxCookieKeySizeExceeds(),
+			"max_cookie_value_size_none":       isEmpty(f.GetMaxCookieKeySizeNone()),
+			"max_cookie_value_size_exceeds":    f.GetMaxCookieValueSizeExceeds(),
+			"max_header_count_none":            isEmpty(f.GetMaxHeaderCountNone()),
+			"max_header_count_exceeds":         f.GetMaxHeaderCountExceeds(),
+			"max_header_key_size_none":         isEmpty(f.GetMaxHeaderKeySizeNone()),
+			"max_header_key_size_exceeds":      f.GetMaxHeaderKeySizeExceeds(),
+			"max_header_value_size_none":       isEmpty(f.GetMaxHeaderValueSizeNone()),
+			"max_header_value_size_exceeds":    f.GetMaxHeaderKeySizeExceeds(),
+			"max_parameter_count_none":         isEmpty(f.GetMaxParameterCountNone()),
+			"max_parameter_count_exceeds":      f.GetMaxParameterCountExceeds(),
+			"max_parameter_name_size_none":     isEmpty(f.GetMaxParameterNameSizeNone()),
+			"max_parameter_name_size_exceeds":  f.GetMaxParameterValueSizeExceeds(),
+			"max_parameter_value_size_none":    isEmpty(f.GetMaxParameterValueSizeNone()),
+			"max_parameter_value_size_exceeds": f.GetMaxParameterValueSizeExceeds(),
+			"max_url_size_none":                isEmpty(f.GetMaxUrlSizeNone()),
+			"max_url_size_exceeds":             f.GetMaxUrlSizeExceeds(),
+			"max_query_size_none":              isEmpty(f.GetMaxQuerySizeNone()),
+			"max_query_size_exceeds":           f.GetMaxQuerySizeExceeds(),
+			"max_request_line_size_none":       isEmpty(f.GetMaxRequestLineSizeNone()),
+			"max_request_line_size_exceeds":    f.GetMaxRequestLineSizeExceeds(),
+			"max_request_size_none":            isEmpty(f.GetMaxRequestSizeNone()),
+			"max_request_size_exceeds":         f.GetMaxRequestSizeExceeds(),
+		}
+		rslt = append(rslt, val)
+	}
+	return rslt
+}
+
+func FlattenMumAction(f *ves_io_schema_policy.ModifyAction) interface{} {
+	rslt := make([]interface{}, 0)
+	if f != nil {
+		val := map[string]interface{}{
+			"skip_processing": isEmpty(f.GetSkipProcessing()),
+			"none":            isEmpty(f.GetDefault()),
 		}
 		rslt = append(rslt, val)
 	}
@@ -403,17 +475,31 @@ func FlattenSPAppFirewallDetectionControl(x *ves_io_schema_policy.AppFirewallDet
 			"exclude_attack_type_contexts": FlattenSPExcludeAttackTypeContexts(x.GetExcludeAttackTypeContexts()),
 			"exclude_signature_contexts":   FlattenSPExcludeSignatureContexts(x.GetExcludeSignatureContexts()),
 			"exclude_violation_contexts":   FlattenSPExcludeViolationContexts(x.GetExcludeViolationContexts()),
+			"exclude_bot_names":            FlattenExcludeBotNames(x.GetExcludeBotNameContexts()),
 		}
 		afdcValue = append(afdcValue, afdcVal)
 	}
 	return afdcValue
 }
 
+func FlattenExcludeBotNames(x []*ves_io_schema_policy.BotNameContext) []interface{} {
+	rslt := make([]interface{}, 0)
+	for _, val := range x {
+		mapValue := map[string]interface{}{
+			"bot_name": val.GetBotName(),
+		}
+		rslt = append(rslt, mapValue)
+	}
+	return rslt
+}
+
 func FlattenSPExcludeAttackTypeContexts(x []*ves_io_schema_policy.AppFirewallAttackTypeContext) []interface{} {
 	rslt := make([]interface{}, 0)
 	for _, val := range x {
 		mapValue := map[string]interface{}{
 			"exclude_attack_type": val.GetExcludeAttackType().String(),
+			"context":             val.GetContext().String(),
+			"context_name":        val.GetContextName(),
 		}
 		rslt = append(rslt, mapValue)
 	}
@@ -424,6 +510,8 @@ func FlattenSPExcludeSignatureContexts(x []*ves_io_schema_policy.AppFirewallSign
 	for _, val := range x {
 		mapValue := map[string]interface{}{
 			"signature_id": val.GetSignatureId(),
+			"context":      val.GetContext().String(),
+			"context_name": val.GetContextName(),
 		}
 		rslt = append(rslt, mapValue)
 	}
@@ -435,6 +523,8 @@ func FlattenSPExcludeViolationContexts(x []*ves_io_schema_policy.AppFirewallViol
 	for _, val := range x {
 		mapValue := map[string]interface{}{
 			"exclude_violation": val.GetExcludeViolation().String(),
+			"context":           val.GetContext().String(),
+			"context_name":      val.GetContextName(),
 		}
 		rslt = append(rslt, mapValue)
 	}
diff --git a/volterra/resource_helper.go b/volterra/resource_helper.go
index 915be113e..270b88aa8 100644
--- a/volterra/resource_helper.go
+++ b/volterra/resource_helper.go
@@ -69,7 +69,7 @@ func isIntfNil(v interface{}) bool {
 }
 
 func parseTime(t string) (*google_protobuf1.Timestamp, error) {
-	layout := "0001-01-01T00:00:00Z"
+	layout := time.RFC3339
 	timeFmt, err := time.Parse(layout, t)
 	if err != nil {
 		return nil, err
diff --git a/volterra/resource_volterra_reg_approval_test.go b/volterra/resource_volterra_reg_approval_test.go
index d80d0dc51..b4106bf8f 100644
--- a/volterra/resource_volterra_reg_approval_test.go
+++ b/volterra/resource_volterra_reg_approval_test.go
@@ -112,6 +112,7 @@ func TestRegistrationApproval(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "registration_name", name),
 					resource.TestCheckResourceAttr(resourceName, "cluster_name", "site-1"),
+					resource.TestCheckResourceAttr(resourceName, "private_network_name", "private_network_name"),
 				),
 			},
 		},
@@ -132,6 +133,7 @@ func testRegApproval(name string) string {
 		  longitude = 50
 		  hostname = "master-0"
 		  tunnel_type = "SITE_TO_SITE_TUNNEL_IPSEC"
+		  private_network_name = "private_network_name"
 		}
 		`, approvalResource, name)
 }
diff --git a/volterra/resource_volterra_registration_approval.go b/volterra/resource_volterra_registration_approval.go
index 420439485..5db2ab5af 100644
--- a/volterra/resource_volterra_registration_approval.go
+++ b/volterra/resource_volterra_registration_approval.go
@@ -270,6 +270,7 @@ func findRegistration(client *APIClient, approvalReq *ves_io_schema_registration
 		if it.GetGetSpec().GetPassport().GetClusterName() == aParams.clusterName && it.GetGetSpec().GetInfra().GetHostname() == aParams.hostname {
 			approvalReq.Passport = it.GetSpec.Passport
 			approvalReq.Passport.ClusterSize = aParams.clusterSize
+			approvalReq.Passport.PrivateNetworkName = aParams.privateNetworkName
 
 			if aParams.latitude != 0 {
 				approvalReq.Passport.Latitude = aParams.latitude
diff --git a/volterra/resource_volterra_service_policy.go b/volterra/resource_volterra_service_policy.go
index b4d8145bc..58e8ea064 100644
--- a/volterra/resource_volterra_service_policy.go
+++ b/volterra/resource_volterra_service_policy.go
@@ -218,6 +218,17 @@ func resourceVolterraServicePolicy() *schema.Resource {
 											Type: schema.TypeString,
 										},
 									},
+								
+									"ipv6_prefixes": {
+
+										Type: schema.TypeList,
+
+										Required: true,
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+										},
+									},
+
 								},
 							},
 						},
@@ -368,6 +379,16 @@ func resourceVolterraServicePolicy() *schema.Resource {
 											Type: schema.TypeString,
 										},
 									},
+									
+									"ipv6_prefixes": {
+
+										Type: schema.TypeList,
+
+										Required: true,
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+										},
+									},
 								},
 							},
 						},
@@ -718,6 +739,27 @@ func resourceVolterraServicePolicy() *schema.Resource {
 														},
 													},
 												},
+												
+												"mum_action": {
+													Type:     schema.TypeList,
+													Optional: true,
+													Elem: &schema.Resource{
+														Schema: map[string]*schema.Schema{
+
+															"skip_processing": {
+
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
+
+															"none": {
+
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
+														},
+													},
+												},
 
 												"challenge_action": {
 													Type:     schema.TypeString,
@@ -852,6 +894,13 @@ func resourceVolterraServicePolicy() *schema.Resource {
 																Type:     schema.TypeString,
 																Optional: true,
 															},
+
+															"inserted_types": {
+																Type:       schema.TypeMap,
+																Optional:   true,
+												
+																
+															},
 														},
 													},
 												},
@@ -1108,6 +1157,17 @@ func resourceVolterraServicePolicy() *schema.Resource {
 																	Type: schema.TypeString,
 																},
 															},
+
+															"ipv6_prefixes":{
+
+																Type: schema.TypeList,
+
+																Optional: true,
+																Elem: &schema.Schema{
+																	Type: schema.TypeString,
+																},
+															},
+
 														},
 													},
 												},
@@ -1341,7 +1401,16 @@ func resourceVolterraServicePolicy() *schema.Resource {
 
 																Type: schema.TypeList,
 
-																Required: true,
+																Optional: true,
+																Elem: &schema.Schema{
+																	Type: schema.TypeString,
+																},
+															},
+
+															"ipv6_prefixes":{
+																Type: schema.TypeList,
+
+																Optional: true,
 																Elem: &schema.Schema{
 																	Type: schema.TypeString,
 																},
@@ -1466,6 +1535,11 @@ func resourceVolterraServicePolicy() *schema.Resource {
 																	Type: schema.TypeString,
 																},
 															},
+															
+															"invert_matcher": {
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
 														},
 													},
 												},
@@ -1633,7 +1707,7 @@ func resourceVolterraServicePolicy() *schema.Resource {
 
 												"shape_protected_endpoint_action": {
 
-													Type:     schema.TypeSet,
+													Type:     schema.TypeList,
 													Optional: true,
 													Elem: &schema.Resource{
 														Schema: map[string]*schema.Schema{
@@ -1645,14 +1719,14 @@ func resourceVolterraServicePolicy() *schema.Resource {
 
 															"mitigation": {
 
-																Type:     schema.TypeSet,
+																Type:     schema.TypeList,
 																Optional: true,
 																Elem: &schema.Resource{
 																	Schema: map[string]*schema.Schema{
 
 																		"block": {
 
-																			Type:     schema.TypeSet,
+																			Type:     schema.TypeList,
 																			Optional: true,
 																			Elem: &schema.Resource{
 																				Schema: map[string]*schema.Schema{
@@ -1666,6 +1740,11 @@ func resourceVolterraServicePolicy() *schema.Resource {
 																						Type:     schema.TypeString,
 																						Optional: true,
 																					},
+
+																					"body_hash": {
+																						Type:       schema.TypeString,
+																						Optional:   true,
+																					},
 																				},
 																			},
 																		},
@@ -1678,7 +1757,7 @@ func resourceVolterraServicePolicy() *schema.Resource {
 
 																		"redirect": {
 
-																			Type:     schema.TypeSet,
+																			Type:     schema.TypeList,
 																			Optional: true,
 																			Elem: &schema.Resource{
 																				Schema: map[string]*schema.Schema{
@@ -1690,9 +1769,134 @@ func resourceVolterraServicePolicy() *schema.Resource {
 																				},
 																			},
 																		},
+
+																		"flag": {
+
+																			Type:       schema.TypeList,
+																			Optional:   true,
+																			Elem: &schema.Resource{
+																				Schema: map[string]*schema.Schema{
+
+																					"append_headers": {
+
+																						Type:       schema.TypeList,
+																						Optional:   true,
+																						Elem: &schema.Resource{
+																							Schema: map[string]*schema.Schema{
+
+																								"auto_type_header_name": {
+																									Type:       schema.TypeString,
+																									Required:   true,
+																								},
+
+																								"inference_header_name": {
+																									Type:       schema.TypeString,
+																									Required:   true,
+																								},
+																							},
+																						},
+																					},
+
+																					"no_headers": {
+
+																						Type:       schema.TypeBool,
+																						Optional:   true,
+																					},
+																				},
+																			},
+																		},
+																	},
+																},
+															},
+
+															"allow_goodbot": {
+																Type:       schema.TypeBool,
+																Required:   true,
+															},
+
+															"web_scraping": {
+																Type:       schema.TypeBool,
+																Required:   true,
+															},
+
+															"flow_label": {
+																Type:       schema.TypeString,
+																Required:   true,
+															},
+
+															"transaction_result": {
+
+																Type:       schema.TypeSet,
+																Optional:   true,
+																Elem: &schema.Resource{
+																	Schema: map[string]*schema.Schema{
+
+																		"failure_conditions": {
+
+																			Type:       schema.TypeList,
+																			Optional:   true,
+																			Elem: &schema.Resource{
+																				Schema: map[string]*schema.Schema{
+
+																					"name": {
+																						Type:       schema.TypeString,
+																						Optional:   true,
+																					},
+
+																					"regex_values": {
+
+																						Type: schema.TypeList,
+																						Optional:   true,
+																						
+																						Elem: &schema.Schema{
+																							Type: schema.TypeString,
+																						},
+																					},
+
+																					"status": {
+																						Type:       schema.TypeString,
+																						Required:   true,																						
+																					},
+																				},
+																			},
+																		},
+
+																		"success_conditions": {
+
+																			Type:       schema.TypeList,
+																			Optional:   true,
+																			
+																			Elem: &schema.Resource{
+																				Schema: map[string]*schema.Schema{
+
+																					"name": {
+																						Type:       schema.TypeString,
+																						Optional:   true,																						
+																					},
+
+																					"regex_values": {
+
+																						Type: schema.TypeList,
+
+																						Optional:   true,
+																						
+																						Elem: &schema.Schema{
+																							Type: schema.TypeString,
+																						},
+																					},
+
+																					"status": {
+																						Type:       schema.TypeString,
+																						Required:   true,																						
+																					},
+																				},
+																			},
+																		},
 																	},
 																},
 															},
+
+
 														},
 													},
 												},
@@ -1855,7 +2059,16 @@ func resourceVolterraServicePolicy() *schema.Resource {
 
 																					"exclude_attack_type": {
 																						Type:     schema.TypeString,
-																						Optional: true,
+																						Required: true,
+																					},
+																					
+																					"context": {
+																						Type:     schema.TypeString,
+																						Required: true,
+																					},
+																					"context_name": {
+																						Type:     schema.TypeString,
+																						Optional: true,		
 																					},
 																				},
 																			},
@@ -1870,7 +2083,16 @@ func resourceVolterraServicePolicy() *schema.Resource {
 
 																					"signature_id": {
 																						Type:     schema.TypeInt,
-																						Optional: true,
+																						Required: true,
+																					},
+																					
+																					"context": {
+																						Type:     schema.TypeString,
+																						Required: true,
+																					},
+																					"context_name": {
+																						Type:     schema.TypeString,
+																						Optional: true,		
 																					},
 																				},
 																			},
@@ -1885,10 +2107,35 @@ func resourceVolterraServicePolicy() *schema.Resource {
 
 																					"exclude_violation": {
 																						Type:     schema.TypeString,
-																						Optional: true,
+																						Required: true,
+																					},
+																					
+																					"context": {
+																						Type:     schema.TypeString,
+																						Required: true,
+																					},
+																					"context_name": {
+																						Type:     schema.TypeString,
+																						Optional: true,		
+																					},
+																				},
+																			},
+																		},
+																		
+																		"exclude_bot_names": {
+																			Type:     schema.TypeList,
+																			Optional: true,
+																			Elem: &schema.Resource{
+																				Schema: map[string]*schema.Schema{
+
+																					"bot_name": {
+																						Type: schema.TypeString,
+																						Required: true,
+
 																					},
 																				},
 																			},
+
 																		},
 																	},
 																},
@@ -1914,762 +2161,2642 @@ func resourceVolterraServicePolicy() *schema.Resource {
 														},
 													},
 												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-
-			"any_server": {
-
-				Type:     schema.TypeBool,
-				Optional: true,
-			},
+												
+												"jwt_claims": {
 
-			"server_name": {
+													Type:     schema.TypeList,
+													Optional: true,
+													Elem: &schema.Resource{
+														Schema: map[string]*schema.Schema{
 
-				Type:     schema.TypeString,
-				Optional: true,
-			},
+															"invert_matcher": {
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
 
-			"server_name_matcher": {
+															"check_not_present": {
 
-				Type:     schema.TypeSet,
-				Optional: true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
 
-						"exact_values": {
+															"check_present": {
 
-							Type: schema.TypeList,
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
 
-							Optional: true,
-							Elem: &schema.Schema{
-								Type: schema.TypeString,
-							},
-						},
+															"item": {
 
-						"regex_values": {
+																Type:     schema.TypeList,
+																Optional: true,
+																Elem: &schema.Resource{
+																	Schema: map[string]*schema.Schema{
 
-							Type: schema.TypeList,
+																		"exact_values": {
 
-							Optional: true,
-							Elem: &schema.Schema{
-								Type: schema.TypeString,
-							},
-						},
-					},
-				},
-			},
+																			Type: schema.TypeList,
 
-			"server_selector": {
+																			Optional: true,
+																			Elem: &schema.Schema{
+																				Type: schema.TypeString,
+																			},
+																		},
 
-				Type:     schema.TypeSet,
-				Optional: true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
+																		"regex_values": {
 
-						"expressions": {
+																			Type: schema.TypeList,
 
-							Type: schema.TypeList,
+																			Optional: true,
+																			Elem: &schema.Schema{
+																				Type: schema.TypeString,
+																			},
+																		},
 
-							Required: true,
-							Elem: &schema.Schema{
-								Type: schema.TypeString,
-							},
-						},
-					},
-				},
-			},
-		},
-	}
-}
+																		"transformers": {
 
-// resourceVolterraServicePolicyCreate creates ServicePolicy resource
-func resourceVolterraServicePolicyCreate(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*APIClient)
+																			Type: schema.TypeList,
 
-	createMeta := &ves_io_schema.ObjectCreateMetaType{}
-	createSpec := &ves_io_schema_service_policy.CreateSpecType{}
-	createReq := &ves_io_schema_service_policy.CreateRequest{
-		Metadata: createMeta,
-		Spec:     createSpec,
+																			Optional: true,
+																			Elem: &schema.Schema{
+																				Type: schema.TypeString,
+																			},
+																		},
+																	},
+																},
+															},
+
+															"name": {
+																Type:     schema.TypeString,
+																Required: true,
+															},
+														},
+													},
+												},
+
+												"request_constraints": {
+													
+													Type: schema.TypeList,
+													Optional: true,
+													Elem: &schema.Resource{
+														Schema: map[string]*schema.Schema{
+
+
+															"max_cookie_count_none": {
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
+
+															"max_cookie_count_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+
+															"max_cookie_key_size_none": {
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
+
+															"max_cookie_key_size_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+
+															"max_cookie_value_size_none": {
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
+
+															"max_cookie_value_size_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+
+															"max_header_count_none": {
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
+
+															"max_header_count_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+
+															"max_header_key_size_none": {
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
+
+															"max_header_key_size_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+
+															"max_header_value_size_none": {
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
+
+															"max_header_value_size_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+
+															"max_parameter_count_none": {
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
+
+															"max_parameter_count_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+
+															"max_parameter_name_size_none": {
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
+
+															"max_parameter_name_size_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+
+															"max_parameter_value_size_none": {
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
+															"max_parameter_value_size_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+															
+															"max_url_size_none": {
+																Type:     schema.TypeBool,
+																Optional: true,			
+															},
+
+															"max_url_size_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+
+															"max_query_size_none": {
+																Type:     schema.TypeBool,
+																Optional: true,			
+															},
+
+															"max_query_size_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+
+															"max_request_line_size_none": {
+																Type:     schema.TypeBool,
+																Optional: true,			
+															},
+
+															"max_request_line_size_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+
+															"max_request_size_none": {
+																Type:     schema.TypeBool,
+																Optional: true,			
+															},
+
+															"max_request_size_exceeds": {
+																Type:     schema.TypeInt,
+																Optional: true,
+															},
+														},
+
+													},
+												},
+
+												"user_identity_matcher": {
+													Type: schema.TypeList,
+													Optional: true,
+													Elem: &schema.Resource{
+														Schema: map[string]*schema.Schema{
+
+															"exact_values": {
+
+																Type: schema.TypeList,
+
+																Optional: true,
+																Elem: &schema.Schema{
+																	Type: schema.TypeString,
+																},
+															},
+
+															"regex_values": {
+
+																Type: schema.TypeList,
+
+																Optional: true,
+																Elem: &schema.Schema{
+																	Type: schema.TypeString,
+																},
+															},
+														},
+													},
+												},
+												
+												"segment_policy": {
+													Type: schema.TypeList,
+													Optional: true,
+													Elem: &schema.Resource{
+														Schema: map[string]*schema.Schema{
+
+															"src_any": {
+																Type:     schema.TypeBool,
+																Optional: true,
+															},
+
+															"src_segments": {
+																Type: schema.TypeList,
+																Optional: true,
+																Elem: &schema.Resource{
+																	Schema: map[string]*schema.Schema{
+																
+																		"segments": {
+																			Type:     schema.TypeList,
+																			Optional: true,
+																			Elem: &schema.Resource{
+																				Schema: map[string]*schema.Schema{
+
+																					"name": {
+																						Type:     schema.TypeString,
+																						Optional: true,
+																					},
+																					"namespace": {
+																						Type:     schema.TypeString,
+																						Optional: true,
+																					},
+																					"tenant": {
+																						Type:     schema.TypeString,
+																						Optional: true,
+																					},
+																				},
+																			},
+																		},
+																		
+																	},
+																},
+
+															},
+														},
+													},
+
+												},
+												
+											},
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+
+			"any_server": {
+
+				Type:     schema.TypeBool,
+				Optional: true,
+			},
+
+			"server_name": {
+
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+
+			"server_name_matcher": {
+
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+
+						"exact_values": {
+
+							Type: schema.TypeList,
+
+							Optional: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+
+						"regex_values": {
+
+							Type: schema.TypeList,
+
+							Optional: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+					},
+				},
+			},
+
+			"server_selector": {
+
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+
+						"expressions": {
+
+							Type: schema.TypeList,
+
+							Required: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+					},
+				},
+			},
+		},
 	}
+}
+
+// resourceVolterraServicePolicyCreate creates ServicePolicy resource
+func resourceVolterraServicePolicyCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*APIClient)
+
+	createMeta := &ves_io_schema.ObjectCreateMetaType{}
+	createSpec := &ves_io_schema_service_policy.CreateSpecType{}
+	createReq := &ves_io_schema_service_policy.CreateRequest{
+		Metadata: createMeta,
+		Spec:     createSpec,
+	}
+
+	if v, ok := d.GetOk("annotations"); ok && !isIntfNil(v) {
+
+		ms := map[string]string{}
+
+		for k, v := range v.(map[string]interface{}) {
+			val := v.(string)
+			ms[k] = val
+		}
+		createMeta.Annotations = ms
+	}
+
+	if v, ok := d.GetOk("description"); ok && !isIntfNil(v) {
+		createMeta.Description =
+			v.(string)
+	}
+
+	if v, ok := d.GetOk("disable"); ok && !isIntfNil(v) {
+		createMeta.Disable =
+			v.(bool)
+	}
+
+	if v, ok := d.GetOk("labels"); ok && !isIntfNil(v) {
+
+		ms := map[string]string{}
+
+		for k, v := range v.(map[string]interface{}) {
+			val := v.(string)
+			ms[k] = val
+		}
+		createMeta.Labels = ms
+	}
+
+	if v, ok := d.GetOk("name"); ok && !isIntfNil(v) {
+		createMeta.Name =
+			v.(string)
+	}
+
+	if v, ok := d.GetOk("namespace"); ok && !isIntfNil(v) {
+		createMeta.Namespace =
+			v.(string)
+	}
+
+	//algo
+	if v, ok := d.GetOk("algo"); ok && !isIntfNil(v) {
+
+		createSpec.Algo = ves_io_schema_policy.RuleCombiningAlgorithm(ves_io_schema_policy.RuleCombiningAlgorithm_value[v.(string)])
+
+	}
+
+	//port_matcher
+	if v, ok := d.GetOk("port_matcher"); ok && !isIntfNil(v) {
+
+		sl := v.(*schema.Set).List()
+		portMatcher := &ves_io_schema_policy.PortMatcherType{}
+		createSpec.PortMatcher = portMatcher
+		for _, set := range sl {
+			portMatcherMapStrToI := set.(map[string]interface{})
+
+			if w, ok := portMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+				portMatcher.InvertMatcher = w.(bool)
+			}
+
+			if w, ok := portMatcherMapStrToI["ports"]; ok && !isIntfNil(w) {
+				ls := make([]string, len(w.([]interface{})))
+				for i, v := range w.([]interface{}) {
+					ls[i] = v.(string)
+				}
+				portMatcher.Ports = ls
+			}
+
+		}
+
+	}
+
+
+
+	//rule_choice
+
+	ruleChoiceTypeFound := false
+
+	if v, ok := d.GetOk("allow_all_requests"); ok && !ruleChoiceTypeFound {
+
+		ruleChoiceTypeFound = true
+
+		if v.(bool) {
+			ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_AllowAllRequests{}
+			ruleChoiceInt.AllowAllRequests = &ves_io_schema.Empty{}
+			createSpec.RuleChoice = ruleChoiceInt
+		}
+
+	}
+
+	if v, ok := d.GetOk("allow_list"); ok && !ruleChoiceTypeFound {
+
+		ruleChoiceTypeFound = true
+		ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_AllowList{}
+		ruleChoiceInt.AllowList = &ves_io_schema_service_policy.SourceList{}
+		createSpec.RuleChoice = ruleChoiceInt
+
+		sl := v.(*schema.Set).List()
+		for _, set := range sl {
+			cs := set.(map[string]interface{})
+
+			if v, ok := cs["asn_list"]; ok && !isIntfNil(v) {
+
+				sl := v.(*schema.Set).List()
+				asnList := &ves_io_schema_policy.AsnMatchList{}
+				ruleChoiceInt.AllowList.AsnList = asnList
+				for _, set := range sl {
+					asnListMapStrToI := set.(map[string]interface{})
+
+					if w, ok := asnListMapStrToI["as_numbers"]; ok && !isIntfNil(w) {
+						ls := make([]uint32, len(w.([]interface{})))
+						for i, v := range w.([]interface{}) {
+							ls[i] = uint32(v.(int))
+						}
+						asnList.AsNumbers = ls
+					}
+
+				}
+
+			}
+
+			if v, ok := cs["asn_set"]; ok && !isIntfNil(v) {
+
+				sl := v.([]interface{})
+				asnSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
+				ruleChoiceInt.AllowList.AsnSet = asnSetInt
+				for i, ps := range sl {
+
+					asMapToStrVal := ps.(map[string]interface{})
+					asnSetInt[i] = &ves_io_schema_views.ObjectRefType{}
+
+					if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
+						asnSetInt[i].Name = v.(string)
+					}
+
+					if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+						asnSetInt[i].Namespace = v.(string)
+					}
+
+					if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+						asnSetInt[i].Tenant = v.(string)
+					}
+
+				}
+
+			}
+
+			if v, ok := cs["country_list"]; ok && !isIntfNil(v) {
+
+				country_listList := []ves_io_schema_policy.CountryCode{}
+				for _, j := range v.([]interface{}) {
+					country_listList = append(country_listList, ves_io_schema_policy.CountryCode(ves_io_schema_policy.CountryCode_value[j.(string)]))
+				}
+				ruleChoiceInt.AllowList.CountryList = country_listList
+
+			}
+
+			defaultActionChoiceTypeFound := false
+
+			if v, ok := cs["default_action_allow"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+
+				defaultActionChoiceTypeFound = true
+
+				if v.(bool) {
+					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionAllow{}
+					defaultActionChoiceInt.DefaultActionAllow = &ves_io_schema.Empty{}
+					ruleChoiceInt.AllowList.DefaultActionChoice = defaultActionChoiceInt
+				}
+
+			}
+
+			if v, ok := cs["default_action_deny"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+
+				defaultActionChoiceTypeFound = true
+
+				if v.(bool) {
+					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionDeny{}
+					defaultActionChoiceInt.DefaultActionDeny = &ves_io_schema.Empty{}
+					ruleChoiceInt.AllowList.DefaultActionChoice = defaultActionChoiceInt
+				}
+
+			}
+
+			if v, ok := cs["default_action_next_policy"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+
+				defaultActionChoiceTypeFound = true
+
+				if v.(bool) {
+					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionNextPolicy{}
+					defaultActionChoiceInt.DefaultActionNextPolicy = &ves_io_schema.Empty{}
+					ruleChoiceInt.AllowList.DefaultActionChoice = defaultActionChoiceInt
+				}
+
+			}
+
+			if v, ok := cs["ip_prefix_set"]; ok && !isIntfNil(v) {
+
+				sl := v.([]interface{})
+				ipPrefixSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
+				ruleChoiceInt.AllowList.IpPrefixSet = ipPrefixSetInt
+				for i, ps := range sl {
+
+					ipsMapToStrVal := ps.(map[string]interface{})
+					ipPrefixSetInt[i] = &ves_io_schema_views.ObjectRefType{}
+
+					if v, ok := ipsMapToStrVal["name"]; ok && !isIntfNil(v) {
+						ipPrefixSetInt[i].Name = v.(string)
+					}
+
+					if v, ok := ipsMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+						ipPrefixSetInt[i].Namespace = v.(string)
+					}
+
+					if v, ok := ipsMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+						ipPrefixSetInt[i].Tenant = v.(string)
+					}
+
+				}
+
+			}
+
+			if v, ok := cs["prefix_list"]; ok && !isIntfNil(v) {
+
+				sl := v.(*schema.Set).List()
+				prefixList := &ves_io_schema_views.PrefixStringListType{}
+				ruleChoiceInt.AllowList.PrefixList = prefixList
+				for _, set := range sl {
+					prefixListMapStrToI := set.(map[string]interface{})
+
+					if w, ok := prefixListMapStrToI["prefixes"]; ok && !isIntfNil(w) {
+						ls := make([]string, len(w.([]interface{})))
+						for i, v := range w.([]interface{}) {
+							ls[i] = v.(string)
+						}
+						prefixList.Prefixes = ls
+					}
+					
+					if w, ok := prefixListMapStrToI["ipv6_prefixes"]; ok && !isIntfNil(w) {
+						ls := make([]string, len(w.([]interface{})))
+						for i, v := range w.([]interface{}) {
+							ls[i] = v.(string)
+						}
+						prefixList.Ipv6Prefixes = ls
+					}
+
+				}
+
+			}
+
+			if v, ok := cs["tls_fingerprint_classes"]; ok && !isIntfNil(v) {
+
+				tls_fingerprint_classesList := []ves_io_schema_policy.KnownTlsFingerprintClass{}
+				for _, j := range v.([]interface{}) {
+					tls_fingerprint_classesList = append(tls_fingerprint_classesList, ves_io_schema_policy.KnownTlsFingerprintClass(ves_io_schema_policy.KnownTlsFingerprintClass_value[j.(string)]))
+				}
+				ruleChoiceInt.AllowList.TlsFingerprintClasses = tls_fingerprint_classesList
+
+			}
+
+			if v, ok := cs["tls_fingerprint_values"]; ok && !isIntfNil(v) {
+
+				ls := make([]string, len(v.([]interface{})))
+				for i, v := range v.([]interface{}) {
+					ls[i] = v.(string)
+				}
+				ruleChoiceInt.AllowList.TlsFingerprintValues = ls
+
+			}
+
+		}
+
+	}
+
+	if v, ok := d.GetOk("deny_all_requests"); ok && !ruleChoiceTypeFound {
+
+		ruleChoiceTypeFound = true
+
+		if v.(bool) {
+			ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_DenyAllRequests{}
+			ruleChoiceInt.DenyAllRequests = &ves_io_schema.Empty{}
+			createSpec.RuleChoice = ruleChoiceInt
+		}
+
+	}
+
+	if v, ok := d.GetOk("deny_list"); ok && !ruleChoiceTypeFound {
+
+		ruleChoiceTypeFound = true
+		ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_DenyList{}
+		ruleChoiceInt.DenyList = &ves_io_schema_service_policy.SourceList{}
+		createSpec.RuleChoice = ruleChoiceInt
+
+		sl := v.(*schema.Set).List()
+		for _, set := range sl {
+			cs := set.(map[string]interface{})
+
+			if v, ok := cs["asn_list"]; ok && !isIntfNil(v) {
+
+				sl := v.(*schema.Set).List()
+				asnList := &ves_io_schema_policy.AsnMatchList{}
+				ruleChoiceInt.DenyList.AsnList = asnList
+				for _, set := range sl {
+					asnListMapStrToI := set.(map[string]interface{})
+
+					if w, ok := asnListMapStrToI["as_numbers"]; ok && !isIntfNil(w) {
+						ls := make([]uint32, len(w.([]interface{})))
+						for i, v := range w.([]interface{}) {
+							ls[i] = uint32(v.(int))
+						}
+						asnList.AsNumbers = ls
+					}
+
+				}
+
+			}
+
+			if v, ok := cs["asn_set"]; ok && !isIntfNil(v) {
+
+				sl := v.([]interface{})
+				asnSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
+				ruleChoiceInt.DenyList.AsnSet = asnSetInt
+				for i, ps := range sl {
+
+					asMapToStrVal := ps.(map[string]interface{})
+					asnSetInt[i] = &ves_io_schema_views.ObjectRefType{}
+
+					if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
+						asnSetInt[i].Name = v.(string)
+					}
+
+					if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+						asnSetInt[i].Namespace = v.(string)
+					}
+
+					if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+						asnSetInt[i].Tenant = v.(string)
+					}
+
+				}
+
+			}
+
+			if v, ok := cs["country_list"]; ok && !isIntfNil(v) {
+
+				country_listList := []ves_io_schema_policy.CountryCode{}
+				for _, j := range v.([]interface{}) {
+					country_listList = append(country_listList, ves_io_schema_policy.CountryCode(ves_io_schema_policy.CountryCode_value[j.(string)]))
+				}
+				ruleChoiceInt.DenyList.CountryList = country_listList
+
+			}
+
+			defaultActionChoiceTypeFound := false
+
+			if v, ok := cs["default_action_allow"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+
+				defaultActionChoiceTypeFound = true
+
+				if v.(bool) {
+					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionAllow{}
+					defaultActionChoiceInt.DefaultActionAllow = &ves_io_schema.Empty{}
+					ruleChoiceInt.DenyList.DefaultActionChoice = defaultActionChoiceInt
+				}
+
+			}
+
+			if v, ok := cs["default_action_deny"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+
+				defaultActionChoiceTypeFound = true
+
+				if v.(bool) {
+					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionDeny{}
+					defaultActionChoiceInt.DefaultActionDeny = &ves_io_schema.Empty{}
+					ruleChoiceInt.DenyList.DefaultActionChoice = defaultActionChoiceInt
+				}
+
+			}
+
+			if v, ok := cs["default_action_next_policy"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+
+				defaultActionChoiceTypeFound = true
+
+				if v.(bool) {
+					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionNextPolicy{}
+					defaultActionChoiceInt.DefaultActionNextPolicy = &ves_io_schema.Empty{}
+					ruleChoiceInt.DenyList.DefaultActionChoice = defaultActionChoiceInt
+				}
+
+			}
+
+			if v, ok := cs["ip_prefix_set"]; ok && !isIntfNil(v) {
+
+				sl := v.([]interface{})
+				ipPrefixSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
+				ruleChoiceInt.DenyList.IpPrefixSet = ipPrefixSetInt
+				for i, ps := range sl {
+
+					ipsMapToStrVal := ps.(map[string]interface{})
+					ipPrefixSetInt[i] = &ves_io_schema_views.ObjectRefType{}
+
+					if v, ok := ipsMapToStrVal["name"]; ok && !isIntfNil(v) {
+						ipPrefixSetInt[i].Name = v.(string)
+					}
+
+					if v, ok := ipsMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+						ipPrefixSetInt[i].Namespace = v.(string)
+					}
+
+					if v, ok := ipsMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+						ipPrefixSetInt[i].Tenant = v.(string)
+					}
+
+				}
+
+			}
+
+			if v, ok := cs["prefix_list"]; ok && !isIntfNil(v) {
+
+				sl := v.(*schema.Set).List()
+				prefixList := &ves_io_schema_views.PrefixStringListType{}
+				ruleChoiceInt.DenyList.PrefixList = prefixList
+				for _, set := range sl {
+					prefixListMapStrToI := set.(map[string]interface{})
+
+					if w, ok := prefixListMapStrToI["prefixes"]; ok && !isIntfNil(w) {
+						ls := make([]string, len(w.([]interface{})))
+						for i, v := range w.([]interface{}) {
+							ls[i] = v.(string)
+						}
+						prefixList.Prefixes = ls
+					}
+
+					if w, ok := prefixListMapStrToI["ipv6_prefixes"]; ok && !isIntfNil(w) {
+						ls := make([]string, len(w.([]interface{})))
+						for i, v := range w.([]interface{}) {
+							ls[i] = v.(string)
+						}
+						prefixList.Ipv6Prefixes = ls
+					}
+
+				}
+
+			}
+
+			if v, ok := cs["tls_fingerprint_classes"]; ok && !isIntfNil(v) {
+
+				tls_fingerprint_classesList := []ves_io_schema_policy.KnownTlsFingerprintClass{}
+				for _, j := range v.([]interface{}) {
+					tls_fingerprint_classesList = append(tls_fingerprint_classesList, ves_io_schema_policy.KnownTlsFingerprintClass(ves_io_schema_policy.KnownTlsFingerprintClass_value[j.(string)]))
+				}
+				ruleChoiceInt.DenyList.TlsFingerprintClasses = tls_fingerprint_classesList
+
+			}
+
+			if v, ok := cs["tls_fingerprint_values"]; ok && !isIntfNil(v) {
+
+				ls := make([]string, len(v.([]interface{})))
+				for i, v := range v.([]interface{}) {
+					ls[i] = v.(string)
+				}
+				ruleChoiceInt.DenyList.TlsFingerprintValues = ls
+
+			}
+
+		}
+
+	}
+
+	if v, ok := d.GetOk("internally_generated"); ok && !ruleChoiceTypeFound {
+
+		ruleChoiceTypeFound = true
+
+		if v.(bool) {
+			ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_InternallyGenerated{}
+			ruleChoiceInt.InternallyGenerated = &ves_io_schema.Empty{}
+			createSpec.RuleChoice = ruleChoiceInt
+		}
+
+	}
+
+	if v, ok := d.GetOk("legacy_rule_list"); ok && !ruleChoiceTypeFound {
+
+		ruleChoiceTypeFound = true
+		ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_LegacyRuleList{}
+		ruleChoiceInt.LegacyRuleList = &ves_io_schema_service_policy.LegacyRuleList{}
+		createSpec.RuleChoice = ruleChoiceInt
+
+		sl := v.(*schema.Set).List()
+		for _, set := range sl {
+			cs := set.(map[string]interface{})
+
+			if v, ok := cs["rules"]; ok && !isIntfNil(v) {
+
+				sl := v.([]interface{})
+				rulesInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+				ruleChoiceInt.LegacyRuleList.Rules = rulesInt
+				for i, ps := range sl {
+
+					rMapToStrVal := ps.(map[string]interface{})
+					rulesInt[i] = &ves_io_schema.ObjectRefType{}
+
+					rulesInt[i].Kind = "service_policy_rule"
+
+					if v, ok := rMapToStrVal["name"]; ok && !isIntfNil(v) {
+						rulesInt[i].Name = v.(string)
+					}
+
+					if v, ok := rMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+						rulesInt[i].Namespace = v.(string)
+					}
+
+					if v, ok := rMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+						rulesInt[i].Tenant = v.(string)
+					}
+
+					if v, ok := rMapToStrVal["uid"]; ok && !isIntfNil(v) {
+						rulesInt[i].Uid = v.(string)
+					}
+
+				}
+
+			}
+
+		}
+
+	}
+
+	if v, ok := d.GetOk("rule_list"); ok && !ruleChoiceTypeFound {
+
+		ruleChoiceTypeFound = true
+		ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_RuleList{}
+		ruleChoiceInt.RuleList = &ves_io_schema_service_policy.RuleList{}
+		createSpec.RuleChoice = ruleChoiceInt
+
+		sl := v.(*schema.Set).List()
+		for _, set := range sl {
+			cs := set.(map[string]interface{})
+
+			if v, ok := cs["rules"]; ok && !isIntfNil(v) {
+
+				sl := v.([]interface{})
+				rules := make([]*ves_io_schema_service_policy.Rule, len(sl))
+				ruleChoiceInt.RuleList.Rules = rules
+				for i, set := range sl {
+					rules[i] = &ves_io_schema_service_policy.Rule{}
+					rulesMapStrToI := set.(map[string]interface{})
+
+					if v, ok := rulesMapStrToI["metadata"]; ok && !isIntfNil(v) {
+
+						sl := v.(*schema.Set).List()
+						metadata := &ves_io_schema.MessageMetaType{}
+						rules[i].Metadata = metadata
+						for _, set := range sl {
+							metadataMapStrToI := set.(map[string]interface{})
+
+							if w, ok := metadataMapStrToI["description"]; ok && !isIntfNil(w) {
+								metadata.Description = w.(string)
+							}
+
+							if w, ok := metadataMapStrToI["disable"]; ok && !isIntfNil(w) {
+								metadata.Disable = w.(bool)
+							}
+
+							if w, ok := metadataMapStrToI["name"]; ok && !isIntfNil(w) {
+								metadata.Name = w.(string)
+							}
+
+						}
+
+					}
+
+					if v, ok := rulesMapStrToI["spec"]; ok && !isIntfNil(v) {
+
+						sl := v.(*schema.Set).List()
+						spec := &ves_io_schema_service_policy_rule.GlobalSpecType{}
+						rules[i].Spec = spec
+						for _, set := range sl {
+							specMapStrToI := set.(map[string]interface{})
+
+							if v, ok := specMapStrToI["action"]; ok && !isIntfNil(v) {
+
+								spec.Action = ves_io_schema_policy.RuleAction(ves_io_schema_policy.RuleAction_value[v.(string)])
+
+							}
+
+							if v, ok := specMapStrToI["api_group_matcher"]; ok && !isIntfNil(v) {
+
+								sl := v.(*schema.Set).List()
+								apiGroupMatcher := &ves_io_schema_policy.StringMatcherType{}
+								spec.ApiGroupMatcher = apiGroupMatcher
+								for _, set := range sl {
+									apiGroupMatcherMapStrToI := set.(map[string]interface{})
+
+									if w, ok := apiGroupMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										apiGroupMatcher.InvertMatcher = w.(bool)
+									}
+
+									if w, ok := apiGroupMatcherMapStrToI["match"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										apiGroupMatcher.Match = ls
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["arg_matchers"]; ok && !isIntfNil(v) {
+
+								sl := v.([]interface{})
+								argMatchers := make([]*ves_io_schema_policy.ArgMatcherType, len(sl))
+								spec.ArgMatchers = argMatchers
+								for i, set := range sl {
+									argMatchers[i] = &ves_io_schema_policy.ArgMatcherType{}
+									argMatchersMapStrToI := set.(map[string]interface{})
+
+									if w, ok := argMatchersMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										argMatchers[i].InvertMatcher = w.(bool)
+									}
+
+									matchTypeFound := false
+
+									if v, ok := argMatchersMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+
+										matchTypeFound = true
+
+										if v.(bool) {
+											matchInt := &ves_io_schema_policy.ArgMatcherType_CheckNotPresent{}
+											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
+											argMatchers[i].Match = matchInt
+										}
+
+									}
+
+									if v, ok := argMatchersMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+
+										matchTypeFound = true
+
+										if v.(bool) {
+											matchInt := &ves_io_schema_policy.ArgMatcherType_CheckPresent{}
+											matchInt.CheckPresent = &ves_io_schema.Empty{}
+											argMatchers[i].Match = matchInt
+										}
+
+									}
+
+									if v, ok := argMatchersMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
+
+										matchTypeFound = true
+										matchInt := &ves_io_schema_policy.ArgMatcherType_Item{}
+										matchInt.Item = &ves_io_schema_policy.MatcherType{}
+										argMatchers[i].Match = matchInt
+
+										sl := v.(*schema.Set).List()
+										for _, set := range sl {
+											cs := set.(map[string]interface{})
+
+											if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
+
+												ls := make([]string, len(v.([]interface{})))
+												for i, v := range v.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												matchInt.Item.ExactValues = ls
+
+											}
+
+											if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
+
+												ls := make([]string, len(v.([]interface{})))
+												for i, v := range v.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												matchInt.Item.RegexValues = ls
+
+											}
+
+											if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
+
+												transformersList := []ves_io_schema_policy.Transformer{}
+												for _, j := range v.([]interface{}) {
+													transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+												}
+												matchInt.Item.Transformers = transformersList
+
+											}
+
+										}
+
+									}
+
+									if v, ok := argMatchersMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
+
+										matchTypeFound = true
+										matchInt := &ves_io_schema_policy.ArgMatcherType_Presence{}
+
+										argMatchers[i].Match = matchInt
+
+										matchInt.Presence = v.(bool)
+
+									}
+
+									if w, ok := argMatchersMapStrToI["name"]; ok && !isIntfNil(w) {
+										argMatchers[i].Name = w.(string)
+									}
+
+								}
+
+							}
+
+							asnChoiceTypeFound := false
+
+							if v, ok := specMapStrToI["any_asn"]; ok && !isIntfNil(v) && !asnChoiceTypeFound {
+
+								asnChoiceTypeFound = true
+
+								if v.(bool) {
+									asnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyAsn{}
+									asnChoiceInt.AnyAsn = &ves_io_schema.Empty{}
+									spec.AsnChoice = asnChoiceInt
+								}
+
+							}
+
+							if v, ok := specMapStrToI["asn_list"]; ok && !isIntfNil(v) && !asnChoiceTypeFound {
+
+								asnChoiceTypeFound = true
+								asnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AsnList{}
+								asnChoiceInt.AsnList = &ves_io_schema_policy.AsnMatchList{}
+								spec.AsnChoice = asnChoiceInt
+
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
+
+									if v, ok := cs["as_numbers"]; ok && !isIntfNil(v) {
+
+										ls := make([]uint32, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = uint32(v.(int))
+										}
+										asnChoiceInt.AsnList.AsNumbers = ls
+
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["asn_matcher"]; ok && !isIntfNil(v) && !asnChoiceTypeFound {
+
+								asnChoiceTypeFound = true
+								asnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AsnMatcher{}
+								asnChoiceInt.AsnMatcher = &ves_io_schema_policy.AsnMatcherType{}
+								spec.AsnChoice = asnChoiceInt
+
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
+
+									if v, ok := cs["asn_sets"]; ok && !isIntfNil(v) {
+
+										sl := v.([]interface{})
+										asnSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+										asnChoiceInt.AsnMatcher.AsnSets = asnSetsInt
+										for i, ps := range sl {
+
+											asMapToStrVal := ps.(map[string]interface{})
+											asnSetsInt[i] = &ves_io_schema.ObjectRefType{}
+
+											asnSetsInt[i].Kind = "bgp_asn_set"
+
+											if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Name = v.(string)
+											}
+
+											if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Namespace = v.(string)
+											}
+
+											if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Tenant = v.(string)
+											}
+
+											if v, ok := asMapToStrVal["uid"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Uid = v.(string)
+											}
+
+										}
+
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["body_matcher"]; ok && !isIntfNil(v) {
+
+								sl := v.(*schema.Set).List()
+								bodyMatcher := &ves_io_schema_policy.MatcherType{}
+								spec.BodyMatcher = bodyMatcher
+								for _, set := range sl {
+									bodyMatcherMapStrToI := set.(map[string]interface{})
+
+									if w, ok := bodyMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										bodyMatcher.ExactValues = ls
+									}
+
+									if w, ok := bodyMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										bodyMatcher.RegexValues = ls
+									}
+
+									if v, ok := bodyMatcherMapStrToI["transformers"]; ok && !isIntfNil(v) {
+
+										transformersList := []ves_io_schema_policy.Transformer{}
+										for _, j := range v.([]interface{}) {
+											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+										}
+										bodyMatcher.Transformers = transformersList
+
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["bot_action"]; ok && !isIntfNil(v) {
+
+								sl := v.(*schema.Set).List()
+								botAction := &ves_io_schema_policy.BotAction{}
+								spec.BotAction = botAction
+								for _, set := range sl {
+									botActionMapStrToI := set.(map[string]interface{})
+
+									actionTypeTypeFound := false
+
+									if v, ok := botActionMapStrToI["bot_skip_processing"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+
+										actionTypeTypeFound = true
+
+										if v.(bool) {
+											actionTypeInt := &ves_io_schema_policy.BotAction_BotSkipProcessing{}
+											actionTypeInt.BotSkipProcessing = &ves_io_schema.Empty{}
+											botAction.ActionType = actionTypeInt
+										}
+
+									}
+
+									if v, ok := botActionMapStrToI["none"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+
+										actionTypeTypeFound = true
+
+										if v.(bool) {
+											actionTypeInt := &ves_io_schema_policy.BotAction_None{}
+											actionTypeInt.None = &ves_io_schema.Empty{}
+											botAction.ActionType = actionTypeInt
+										}
+
+									}
+
+								}
+
+							}
+
+
+							if v, ok := specMapStrToI["mum_action"]; ok && !isIntfNil(v) {
+
+								sl := v.([]interface{})
+								mumAction := &ves_io_schema_policy.ModifyAction{}
+								spec.MumAction = mumAction
+								for _, set := range sl {
+									mumActionMapStrToI := set.(map[string]interface{})
+
+									if w, ok := mumActionMapStrToI["skip_processing"]; ok && !isIntfNil(w) {
+										if w.(bool) {
+											SkipProcessingInt := &ves_io_schema_policy.ModifyAction_SkipProcessing{}
+											SkipProcessingInt.SkipProcessing = &ves_io_schema.Empty{}
+
+											mumAction.ActionType = SkipProcessingInt
+										}
+									}
+
+									if w, ok := mumActionMapStrToI["none"]; ok && !isIntfNil(w) {
+										if w.(bool) {
+											SkipProcessingInt := &ves_io_schema_policy.ModifyAction_Default{}
+											SkipProcessingInt.Default = &ves_io_schema.Empty{}
+											mumAction.ActionType = SkipProcessingInt
+										}
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["challenge_action"]; ok && !isIntfNil(v) {
+
+								spec.ChallengeAction = ves_io_schema_policy.ChallengeAction(ves_io_schema_policy.ChallengeAction_value[v.(string)])
+
+							}
+
+							clientChoiceTypeFound := false
+
+							if v, ok := specMapStrToI["any_client"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
+
+								clientChoiceTypeFound = true
+
+								if v.(bool) {
+									clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyClient{}
+									clientChoiceInt.AnyClient = &ves_io_schema.Empty{}
+									spec.ClientChoice = clientChoiceInt
+								}
+
+							}
+
+							if v, ok := specMapStrToI["client_name"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
+
+								clientChoiceTypeFound = true
+								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_ClientName{}
+
+								spec.ClientChoice = clientChoiceInt
+
+								clientChoiceInt.ClientName = v.(string)
+
+							}
+
+							if v, ok := specMapStrToI["client_name_matcher"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
+
+								clientChoiceTypeFound = true
+								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_ClientNameMatcher{}
+								clientChoiceInt.ClientNameMatcher = &ves_io_schema_policy.MatcherType{}
+								spec.ClientChoice = clientChoiceInt
+
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
+
+									if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
+
+										ls := make([]string, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										clientChoiceInt.ClientNameMatcher.ExactValues = ls
+
+									}
+
+									if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
+
+										ls := make([]string, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										clientChoiceInt.ClientNameMatcher.RegexValues = ls
+
+									}
+
+									if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
+
+										transformersList := []ves_io_schema_policy.Transformer{}
+										for _, j := range v.([]interface{}) {
+											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+										}
+										clientChoiceInt.ClientNameMatcher.Transformers = transformersList
+
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["client_selector"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
+
+								clientChoiceTypeFound = true
+								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_ClientSelector{}
+								clientChoiceInt.ClientSelector = &ves_io_schema.LabelSelectorType{}
+								spec.ClientChoice = clientChoiceInt
+
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
+
+									if v, ok := cs["expressions"]; ok && !isIntfNil(v) {
+
+										ls := make([]string, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										clientChoiceInt.ClientSelector.Expressions = ls
+
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["ip_threat_category_list"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
+
+								clientChoiceTypeFound = true
+								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_IpThreatCategoryList{}
+								clientChoiceInt.IpThreatCategoryList = &ves_io_schema_service_policy_rule.IPThreatCategoryListType{}
+								spec.ClientChoice = clientChoiceInt
+
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
+
+									if v, ok := cs["ip_threat_categories"]; ok && !isIntfNil(v) {
+
+										ip_threat_categoriesList := []ves_io_schema_policy.IPThreatCategory{}
+										for _, j := range v.([]interface{}) {
+											ip_threat_categoriesList = append(ip_threat_categoriesList, ves_io_schema_policy.IPThreatCategory(ves_io_schema_policy.IPThreatCategory_value[j.(string)]))
+										}
+										clientChoiceInt.IpThreatCategoryList.IpThreatCategories = ip_threat_categoriesList
+
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["client_role"]; ok && !isIntfNil(v) {
+
+								sl := v.(*schema.Set).List()
+								clientRole := &ves_io_schema_policy.RoleMatcherType{}
+								spec.ClientRole = clientRole
+								for _, set := range sl {
+									clientRoleMapStrToI := set.(map[string]interface{})
+
+									if w, ok := clientRoleMapStrToI["match"]; ok && !isIntfNil(w) {
+										clientRole.Match = w.(string)
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["content_rewrite_action"]; ok && !isIntfNil(v) {
+
+								sl := v.(*schema.Set).List()
+								contentRewriteAction := &ves_io_schema_policy.ContentRewriteAction{}
+								spec.ContentRewriteAction = contentRewriteAction
+								for _, set := range sl {
+									contentRewriteActionMapStrToI := set.(map[string]interface{})
+
+									if w, ok := contentRewriteActionMapStrToI["element_selector"]; ok && !isIntfNil(w) {
+										contentRewriteAction.ElementSelector = w.(string)
+									}
+
+									if w, ok := contentRewriteActionMapStrToI["insert_content"]; ok && !isIntfNil(w) {
+										contentRewriteAction.InsertContent = w.(string)
+									}
+
+									if v, ok := contentRewriteActionMapStrToI["position"]; ok && !isIntfNil(v) {
+
+										contentRewriteAction.Position = ves_io_schema_policy.HTMLPosition(ves_io_schema_policy.HTMLPosition_value[v.(string)])
+
+									}
+
+									if w, ok := contentRewriteActionMapStrToI["inserted_types"]; ok && !isIntfNil(w) {
+										ms := map[string]bool{}
+										for k, v := range w.(map[string]interface{}) {
+											if v.(string)=="true" {
+												ms[k] = true
+											}else {
+												ms[k] = false
+											}
+										}
+										contentRewriteAction.InsertedTypes = ms
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["cookie_matchers"]; ok && !isIntfNil(v) {
+
+								sl := v.([]interface{})
+								cookieMatchers := make([]*ves_io_schema_policy.CookieMatcherType, len(sl))
+								spec.CookieMatchers = cookieMatchers
+								for i, set := range sl {
+									cookieMatchers[i] = &ves_io_schema_policy.CookieMatcherType{}
+									cookieMatchersMapStrToI := set.(map[string]interface{})
+
+									if w, ok := cookieMatchersMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										cookieMatchers[i].InvertMatcher = w.(bool)
+									}
+
+									matchTypeFound := false
+
+									if v, ok := cookieMatchersMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+
+										matchTypeFound = true
+
+										if v.(bool) {
+											matchInt := &ves_io_schema_policy.CookieMatcherType_CheckNotPresent{}
+											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
+											cookieMatchers[i].Match = matchInt
+										}
+
+									}
+
+									if v, ok := cookieMatchersMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+
+										matchTypeFound = true
+
+										if v.(bool) {
+											matchInt := &ves_io_schema_policy.CookieMatcherType_CheckPresent{}
+											matchInt.CheckPresent = &ves_io_schema.Empty{}
+											cookieMatchers[i].Match = matchInt
+										}
+
+									}
+
+									if v, ok := cookieMatchersMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
+
+										matchTypeFound = true
+										matchInt := &ves_io_schema_policy.CookieMatcherType_Item{}
+										matchInt.Item = &ves_io_schema_policy.MatcherType{}
+										cookieMatchers[i].Match = matchInt
+
+										sl := v.(*schema.Set).List()
+										for _, set := range sl {
+											cs := set.(map[string]interface{})
+
+											if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
+
+												ls := make([]string, len(v.([]interface{})))
+												for i, v := range v.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												matchInt.Item.ExactValues = ls
+
+											}
+
+											if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
+
+												ls := make([]string, len(v.([]interface{})))
+												for i, v := range v.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												matchInt.Item.RegexValues = ls
+
+											}
+
+											if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
+
+												transformersList := []ves_io_schema_policy.Transformer{}
+												for _, j := range v.([]interface{}) {
+													transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+												}
+												matchInt.Item.Transformers = transformersList
+
+											}
+
+										}
+
+									}
+
+									if v, ok := cookieMatchersMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
+
+										matchTypeFound = true
+										matchInt := &ves_io_schema_policy.CookieMatcherType_Presence{}
+
+										cookieMatchers[i].Match = matchInt
+
+										matchInt.Presence = v.(bool)
+
+									}
+
+									if w, ok := cookieMatchersMapStrToI["name"]; ok && !isIntfNil(w) {
+										cookieMatchers[i].Name = w.(string)
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["domain_matcher"]; ok && !isIntfNil(v) {
+
+								sl := v.(*schema.Set).List()
+								domainMatcher := &ves_io_schema_policy.MatcherType{}
+								spec.DomainMatcher = domainMatcher
+								for _, set := range sl {
+									domainMatcherMapStrToI := set.(map[string]interface{})
+
+									if w, ok := domainMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										domainMatcher.ExactValues = ls
+									}
+
+									if w, ok := domainMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										domainMatcher.RegexValues = ls
+									}
+
+									if v, ok := domainMatcherMapStrToI["transformers"]; ok && !isIntfNil(v) {
+
+										transformersList := []ves_io_schema_policy.Transformer{}
+										for _, j := range v.([]interface{}) {
+											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+										}
+										domainMatcher.Transformers = transformersList
+
+									}
+
+								}
+
+							}
+
+							dstAsnChoiceTypeFound := false
+
+							if v, ok := specMapStrToI["any_dst_asn"]; ok && !isIntfNil(v) && !dstAsnChoiceTypeFound {
+
+								dstAsnChoiceTypeFound = true
+
+								if v.(bool) {
+									dstAsnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyDstAsn{}
+									dstAsnChoiceInt.AnyDstAsn = &ves_io_schema.Empty{}
+									spec.DstAsnChoice = dstAsnChoiceInt
+								}
+
+							}
+
+							if v, ok := specMapStrToI["dst_asn_list"]; ok && !isIntfNil(v) && !dstAsnChoiceTypeFound {
+
+								dstAsnChoiceTypeFound = true
+								dstAsnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstAsnList{}
+								dstAsnChoiceInt.DstAsnList = &ves_io_schema_policy.AsnMatchList{}
+								spec.DstAsnChoice = dstAsnChoiceInt
+
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
+
+									if v, ok := cs["as_numbers"]; ok && !isIntfNil(v) {
+
+										ls := make([]uint32, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = uint32(v.(int))
+										}
+										dstAsnChoiceInt.DstAsnList.AsNumbers = ls
+
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["dst_asn_matcher"]; ok && !isIntfNil(v) && !dstAsnChoiceTypeFound {
+
+								dstAsnChoiceTypeFound = true
+								dstAsnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstAsnMatcher{}
+								dstAsnChoiceInt.DstAsnMatcher = &ves_io_schema_policy.AsnMatcherType{}
+								spec.DstAsnChoice = dstAsnChoiceInt
+
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
+
+									if v, ok := cs["asn_sets"]; ok && !isIntfNil(v) {
+
+										sl := v.([]interface{})
+										asnSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+										dstAsnChoiceInt.DstAsnMatcher.AsnSets = asnSetsInt
+										for i, ps := range sl {
+
+											asMapToStrVal := ps.(map[string]interface{})
+											asnSetsInt[i] = &ves_io_schema.ObjectRefType{}
+
+											asnSetsInt[i].Kind = "bgp_asn_set"
+
+											if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Name = v.(string)
+											}
+
+											if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Namespace = v.(string)
+											}
+
+											if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Tenant = v.(string)
+											}
+
+											if v, ok := asMapToStrVal["uid"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Uid = v.(string)
+											}
+
+										}
+
+									}
+
+								}
+
+							}
+
+							dstIpChoiceTypeFound := false
+
+							if v, ok := specMapStrToI["any_dst_ip"]; ok && !isIntfNil(v) && !dstIpChoiceTypeFound {
+
+								dstIpChoiceTypeFound = true
+
+								if v.(bool) {
+									dstIpChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyDstIp{}
+									dstIpChoiceInt.AnyDstIp = &ves_io_schema.Empty{}
+									spec.DstIpChoice = dstIpChoiceInt
+								}
+
+							}
+
+							if v, ok := specMapStrToI["dst_ip_matcher"]; ok && !isIntfNil(v) && !dstIpChoiceTypeFound {
+
+								dstIpChoiceTypeFound = true
+								dstIpChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstIpMatcher{}
+								dstIpChoiceInt.DstIpMatcher = &ves_io_schema_policy.IpMatcherType{}
+								spec.DstIpChoice = dstIpChoiceInt
+
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
+
+									if v, ok := cs["invert_matcher"]; ok && !isIntfNil(v) {
+
+										dstIpChoiceInt.DstIpMatcher.InvertMatcher = v.(bool)
+
+									}
+
+									if v, ok := cs["prefix_sets"]; ok && !isIntfNil(v) {
+
+										sl := v.([]interface{})
+										prefixSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+										dstIpChoiceInt.DstIpMatcher.PrefixSets = prefixSetsInt
+										for i, ps := range sl {
+
+											psMapToStrVal := ps.(map[string]interface{})
+											prefixSetsInt[i] = &ves_io_schema.ObjectRefType{}
+
+											prefixSetsInt[i].Kind = "ip_prefix_set"
+
+											if v, ok := psMapToStrVal["name"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Name = v.(string)
+											}
+
+											if v, ok := psMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Namespace = v.(string)
+											}
+
+											if v, ok := psMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Tenant = v.(string)
+											}
+
+											if v, ok := psMapToStrVal["uid"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Uid = v.(string)
+											}
+
+										}
+
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["dst_ip_prefix_list"]; ok && !isIntfNil(v) && !dstIpChoiceTypeFound {
+
+								dstIpChoiceTypeFound = true
+								dstIpChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstIpPrefixList{}
+								dstIpChoiceInt.DstIpPrefixList = &ves_io_schema_policy.PrefixMatchList{}
+								spec.DstIpChoice = dstIpChoiceInt
+
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
+
+									if v, ok := cs["invert_match"]; ok && !isIntfNil(v) {
+
+										dstIpChoiceInt.DstIpPrefixList.InvertMatch = v.(bool)
+
+									}
+
+									if v, ok := cs["ip_prefixes"]; ok && !isIntfNil(v) {
+
+										ls := make([]string, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										dstIpChoiceInt.DstIpPrefixList.IpPrefixes = ls
+
+									}
+
+									if w, ok := cs["ipv6_prefixes"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										dstIpChoiceInt.DstIpPrefixList.Ipv6Prefixes = ls
+									}
+
+								}
+
+							}
+
+							if w, ok := specMapStrToI["expiration_timestamp"]; ok && !isIntfNil(w) {
+								ts, err := parseTime(w.(string))
+								if err != nil {
+									return fmt.Errorf("error creating ExpirationTimestamp, timestamp format is wrong: %s", err)
+								}
+								spec.ExpirationTimestamp = ts
+							}
+
+							if v, ok := specMapStrToI["forwarding_class"]; ok && !isIntfNil(v) {
+
+								sl := v.([]interface{})
+								forwardingClassInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+								spec.ForwardingClass = forwardingClassInt
+								for i, ps := range sl {
+
+									fcMapToStrVal := ps.(map[string]interface{})
+									forwardingClassInt[i] = &ves_io_schema.ObjectRefType{}
+
+									forwardingClassInt[i].Kind = "forwarding_class"
+
+									if v, ok := fcMapToStrVal["name"]; ok && !isIntfNil(v) {
+										forwardingClassInt[i].Name = v.(string)
+									}
+
+									if v, ok := fcMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+										forwardingClassInt[i].Namespace = v.(string)
+									}
+
+									if v, ok := fcMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+										forwardingClassInt[i].Tenant = v.(string)
+									}
+
+									if v, ok := fcMapToStrVal["uid"]; ok && !isIntfNil(v) {
+										forwardingClassInt[i].Uid = v.(string)
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["goto_policy"]; ok && !isIntfNil(v) {
+
+								sl := v.([]interface{})
+								gotoPolicyInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+								spec.GotoPolicy = gotoPolicyInt
+								for i, ps := range sl {
+
+									gpMapToStrVal := ps.(map[string]interface{})
+									gotoPolicyInt[i] = &ves_io_schema.ObjectRefType{}
+
+									gotoPolicyInt[i].Kind = "service_policy"
+
+									if v, ok := gpMapToStrVal["name"]; ok && !isIntfNil(v) {
+										gotoPolicyInt[i].Name = v.(string)
+									}
+
+									if v, ok := gpMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+										gotoPolicyInt[i].Namespace = v.(string)
+									}
+
+									if v, ok := gpMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+										gotoPolicyInt[i].Tenant = v.(string)
+									}
+
+									if v, ok := gpMapToStrVal["uid"]; ok && !isIntfNil(v) {
+										gotoPolicyInt[i].Uid = v.(string)
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["headers"]; ok && !isIntfNil(v) {
+
+								sl := v.([]interface{})
+								headers := make([]*ves_io_schema_policy.HeaderMatcherType, len(sl))
+								spec.Headers = headers
+								for i, set := range sl {
+									headers[i] = &ves_io_schema_policy.HeaderMatcherType{}
+									headersMapStrToI := set.(map[string]interface{})
+
+									if w, ok := headersMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										headers[i].InvertMatcher = w.(bool)
+									}
+
+									matchTypeFound := false
+
+									if v, ok := headersMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+
+										matchTypeFound = true
+
+										if v.(bool) {
+											matchInt := &ves_io_schema_policy.HeaderMatcherType_CheckNotPresent{}
+											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
+											headers[i].Match = matchInt
+										}
+
+									}
+
+									if v, ok := headersMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+
+										matchTypeFound = true
+
+										if v.(bool) {
+											matchInt := &ves_io_schema_policy.HeaderMatcherType_CheckPresent{}
+											matchInt.CheckPresent = &ves_io_schema.Empty{}
+											headers[i].Match = matchInt
+										}
 
-	if v, ok := d.GetOk("annotations"); ok && !isIntfNil(v) {
+									}
 
-		ms := map[string]string{}
+									if v, ok := headersMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-		for k, v := range v.(map[string]interface{}) {
-			val := v.(string)
-			ms[k] = val
-		}
-		createMeta.Annotations = ms
-	}
+										matchTypeFound = true
+										matchInt := &ves_io_schema_policy.HeaderMatcherType_Item{}
+										matchInt.Item = &ves_io_schema_policy.MatcherType{}
+										headers[i].Match = matchInt
 
-	if v, ok := d.GetOk("description"); ok && !isIntfNil(v) {
-		createMeta.Description =
-			v.(string)
-	}
+										sl := v.(*schema.Set).List()
+										for _, set := range sl {
+											cs := set.(map[string]interface{})
 
-	if v, ok := d.GetOk("disable"); ok && !isIntfNil(v) {
-		createMeta.Disable =
-			v.(bool)
-	}
+											if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
 
-	if v, ok := d.GetOk("labels"); ok && !isIntfNil(v) {
+												ls := make([]string, len(v.([]interface{})))
+												for i, v := range v.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												matchInt.Item.ExactValues = ls
 
-		ms := map[string]string{}
+											}
 
-		for k, v := range v.(map[string]interface{}) {
-			val := v.(string)
-			ms[k] = val
-		}
-		createMeta.Labels = ms
-	}
+											if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
 
-	if v, ok := d.GetOk("name"); ok && !isIntfNil(v) {
-		createMeta.Name =
-			v.(string)
-	}
+												ls := make([]string, len(v.([]interface{})))
+												for i, v := range v.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												matchInt.Item.RegexValues = ls
 
-	if v, ok := d.GetOk("namespace"); ok && !isIntfNil(v) {
-		createMeta.Namespace =
-			v.(string)
-	}
+											}
 
-	//algo
-	if v, ok := d.GetOk("algo"); ok && !isIntfNil(v) {
+											if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
 
-		createSpec.Algo = ves_io_schema_policy.RuleCombiningAlgorithm(ves_io_schema_policy.RuleCombiningAlgorithm_value[v.(string)])
+												transformersList := []ves_io_schema_policy.Transformer{}
+												for _, j := range v.([]interface{}) {
+													transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+												}
+												matchInt.Item.Transformers = transformersList
 
-	}
+											}
 
-	//port_matcher
-	if v, ok := d.GetOk("port_matcher"); ok && !isIntfNil(v) {
+										}
 
-		sl := v.(*schema.Set).List()
-		portMatcher := &ves_io_schema_policy.PortMatcherType{}
-		createSpec.PortMatcher = portMatcher
-		for _, set := range sl {
-			portMatcherMapStrToI := set.(map[string]interface{})
+									}
 
-			if w, ok := portMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-				portMatcher.InvertMatcher = w.(bool)
-			}
+									if v, ok := headersMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-			if w, ok := portMatcherMapStrToI["ports"]; ok && !isIntfNil(w) {
-				ls := make([]string, len(w.([]interface{})))
-				for i, v := range w.([]interface{}) {
-					ls[i] = v.(string)
-				}
-				portMatcher.Ports = ls
-			}
+										matchTypeFound = true
+										matchInt := &ves_io_schema_policy.HeaderMatcherType_Presence{}
 
-		}
+										headers[i].Match = matchInt
 
-	}
+										matchInt.Presence = v.(bool)
 
-	//rule_choice
+									}
 
-	ruleChoiceTypeFound := false
+									if w, ok := headersMapStrToI["name"]; ok && !isIntfNil(w) {
+										headers[i].Name = w.(string)
+									}
 
-	if v, ok := d.GetOk("allow_all_requests"); ok && !ruleChoiceTypeFound {
+								}
 
-		ruleChoiceTypeFound = true
+							}
 
-		if v.(bool) {
-			ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_AllowAllRequests{}
-			ruleChoiceInt.AllowAllRequests = &ves_io_schema.Empty{}
-			createSpec.RuleChoice = ruleChoiceInt
-		}
+							if v, ok := specMapStrToI["http_method"]; ok && !isIntfNil(v) {
 
-	}
+								sl := v.(*schema.Set).List()
+								httpMethod := &ves_io_schema_policy.HttpMethodMatcherType{}
+								spec.HttpMethod = httpMethod
+								for _, set := range sl {
+									httpMethodMapStrToI := set.(map[string]interface{})
 
-	if v, ok := d.GetOk("allow_list"); ok && !ruleChoiceTypeFound {
+									if w, ok := httpMethodMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										httpMethod.InvertMatcher = w.(bool)
+									}
 
-		ruleChoiceTypeFound = true
-		ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_AllowList{}
-		ruleChoiceInt.AllowList = &ves_io_schema_service_policy.SourceList{}
-		createSpec.RuleChoice = ruleChoiceInt
+									if v, ok := httpMethodMapStrToI["methods"]; ok && !isIntfNil(v) {
 
-		sl := v.(*schema.Set).List()
-		for _, set := range sl {
-			cs := set.(map[string]interface{})
+										methodsList := []ves_io_schema.HttpMethod{}
+										for _, j := range v.([]interface{}) {
+											methodsList = append(methodsList, ves_io_schema.HttpMethod(ves_io_schema.HttpMethod_value[j.(string)]))
+										}
+										httpMethod.Methods = methodsList
 
-			if v, ok := cs["asn_list"]; ok && !isIntfNil(v) {
+									}
 
-				sl := v.(*schema.Set).List()
-				asnList := &ves_io_schema_policy.AsnMatchList{}
-				ruleChoiceInt.AllowList.AsnList = asnList
-				for _, set := range sl {
-					asnListMapStrToI := set.(map[string]interface{})
+								}
 
-					if w, ok := asnListMapStrToI["as_numbers"]; ok && !isIntfNil(w) {
-						ls := make([]uint32, len(w.([]interface{})))
-						for i, v := range w.([]interface{}) {
-							ls[i] = uint32(v.(int))
-						}
-						asnList.AsNumbers = ls
-					}
+							}
 
-				}
+							ipChoiceTypeFound := false
 
-			}
+							if v, ok := specMapStrToI["any_ip"]; ok && !isIntfNil(v) && !ipChoiceTypeFound {
 
-			if v, ok := cs["asn_set"]; ok && !isIntfNil(v) {
+								ipChoiceTypeFound = true
 
-				sl := v.([]interface{})
-				asnSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
-				ruleChoiceInt.AllowList.AsnSet = asnSetInt
-				for i, ps := range sl {
+								if v.(bool) {
+									ipChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyIp{}
+									ipChoiceInt.AnyIp = &ves_io_schema.Empty{}
+									spec.IpChoice = ipChoiceInt
+								}
 
-					asMapToStrVal := ps.(map[string]interface{})
-					asnSetInt[i] = &ves_io_schema_views.ObjectRefType{}
+							}
 
-					if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
-						asnSetInt[i].Name = v.(string)
-					}
+							if v, ok := specMapStrToI["ip_matcher"]; ok && !isIntfNil(v) && !ipChoiceTypeFound {
 
-					if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-						asnSetInt[i].Namespace = v.(string)
-					}
+								ipChoiceTypeFound = true
+								ipChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_IpMatcher{}
+								ipChoiceInt.IpMatcher = &ves_io_schema_policy.IpMatcherType{}
+								spec.IpChoice = ipChoiceInt
 
-					if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-						asnSetInt[i].Tenant = v.(string)
-					}
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
+
+									if v, ok := cs["invert_matcher"]; ok && !isIntfNil(v) {
+
+										ipChoiceInt.IpMatcher.InvertMatcher = v.(bool)
+
+									}
+
+									if v, ok := cs["prefix_sets"]; ok && !isIntfNil(v) {
+
+										sl := v.([]interface{})
+										prefixSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+										ipChoiceInt.IpMatcher.PrefixSets = prefixSetsInt
+										for i, ps := range sl {
+
+											psMapToStrVal := ps.(map[string]interface{})
+											prefixSetsInt[i] = &ves_io_schema.ObjectRefType{}
+
+											prefixSetsInt[i].Kind = "ip_prefix_set"
+
+											if v, ok := psMapToStrVal["name"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Name = v.(string)
+											}
+
+											if v, ok := psMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Namespace = v.(string)
+											}
+
+											if v, ok := psMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Tenant = v.(string)
+											}
+
+											if v, ok := psMapToStrVal["uid"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Uid = v.(string)
+											}
+
+										}
+
+									}
+
+								}
+
+							}
+
+							if v, ok := specMapStrToI["ip_prefix_list"]; ok && !isIntfNil(v) && !ipChoiceTypeFound {
+
+								ipChoiceTypeFound = true
+								ipChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_IpPrefixList{}
+								ipChoiceInt.IpPrefixList = &ves_io_schema_policy.PrefixMatchList{}
+								spec.IpChoice = ipChoiceInt
+
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
+
+									if v, ok := cs["invert_match"]; ok && !isIntfNil(v) {
+
+										ipChoiceInt.IpPrefixList.InvertMatch = v.(bool)
+
+									}
+
+									if v, ok := cs["ip_prefixes"]; ok && !isIntfNil(v) {
+
+										ls := make([]string, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										ipChoiceInt.IpPrefixList.IpPrefixes = ls
+
+									}
+
+									if v, ok := cs["ipv6_prefixes"]; ok && !isIntfNil(v) {
+
+										ls := make([]string, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										ipChoiceInt.IpPrefixList.Ipv6Prefixes = ls
 
-				}
+									}
 
-			}
+								}
 
-			if v, ok := cs["country_list"]; ok && !isIntfNil(v) {
+							}
 
-				country_listList := []ves_io_schema_policy.CountryCode{}
-				for _, j := range v.([]interface{}) {
-					country_listList = append(country_listList, ves_io_schema_policy.CountryCode(ves_io_schema_policy.CountryCode_value[j.(string)]))
-				}
-				ruleChoiceInt.AllowList.CountryList = country_listList
+							if v, ok := specMapStrToI["l4_dest_matcher"]; ok && !isIntfNil(v) {
 
-			}
+								sl := v.(*schema.Set).List()
+								l4DestMatcher := &ves_io_schema_policy.L4DestMatcherType{}
+								spec.L4DestMatcher = l4DestMatcher
+								for _, set := range sl {
+									l4DestMatcherMapStrToI := set.(map[string]interface{})
 
-			defaultActionChoiceTypeFound := false
+									if w, ok := l4DestMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										l4DestMatcher.InvertMatcher = w.(bool)
+									}
 
-			if v, ok := cs["default_action_allow"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+									if v, ok := l4DestMatcherMapStrToI["l4_dests"]; ok && !isIntfNil(v) {
 
-				defaultActionChoiceTypeFound = true
+										sl := v.([]interface{})
+										l4Dests := make([]*ves_io_schema.L4DestType, len(sl))
+										l4DestMatcher.L4Dests = l4Dests
+										for i, set := range sl {
+											l4Dests[i] = &ves_io_schema.L4DestType{}
+											l4DestsMapStrToI := set.(map[string]interface{})
 
-				if v.(bool) {
-					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionAllow{}
-					defaultActionChoiceInt.DefaultActionAllow = &ves_io_schema.Empty{}
-					ruleChoiceInt.AllowList.DefaultActionChoice = defaultActionChoiceInt
-				}
+											if w, ok := l4DestsMapStrToI["port_ranges"]; ok && !isIntfNil(w) {
+												l4Dests[i].PortRanges = w.(string)
+											}
 
-			}
+											if w, ok := l4DestsMapStrToI["prefixes"]; ok && !isIntfNil(w) {
+												ls := make([]string, len(w.([]interface{})))
+												for i, v := range w.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												l4Dests[i].Prefixes = ls
+											}
 
-			if v, ok := cs["default_action_deny"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+										}
 
-				defaultActionChoiceTypeFound = true
+									}
 
-				if v.(bool) {
-					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionDeny{}
-					defaultActionChoiceInt.DefaultActionDeny = &ves_io_schema.Empty{}
-					ruleChoiceInt.AllowList.DefaultActionChoice = defaultActionChoiceInt
-				}
+								}
 
-			}
+							}
 
-			if v, ok := cs["default_action_next_policy"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+							if v, ok := specMapStrToI["label_matcher"]; ok && !isIntfNil(v) {
 
-				defaultActionChoiceTypeFound = true
+								sl := v.(*schema.Set).List()
+								labelMatcher := &ves_io_schema.LabelMatcherType{}
+								spec.LabelMatcher = labelMatcher
+								for _, set := range sl {
+									labelMatcherMapStrToI := set.(map[string]interface{})
 
-				if v.(bool) {
-					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionNextPolicy{}
-					defaultActionChoiceInt.DefaultActionNextPolicy = &ves_io_schema.Empty{}
-					ruleChoiceInt.AllowList.DefaultActionChoice = defaultActionChoiceInt
-				}
+									if w, ok := labelMatcherMapStrToI["keys"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										labelMatcher.Keys = ls
+									}
 
-			}
+								}
 
-			if v, ok := cs["ip_prefix_set"]; ok && !isIntfNil(v) {
+							}
 
-				sl := v.([]interface{})
-				ipPrefixSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
-				ruleChoiceInt.AllowList.IpPrefixSet = ipPrefixSetInt
-				for i, ps := range sl {
+							if v, ok := specMapStrToI["path"]; ok && !isIntfNil(v) {
 
-					ipsMapToStrVal := ps.(map[string]interface{})
-					ipPrefixSetInt[i] = &ves_io_schema_views.ObjectRefType{}
+								sl := v.(*schema.Set).List()
+								path := &ves_io_schema_policy.PathMatcherType{}
+								spec.Path = path
+								for _, set := range sl {
+									pathMapStrToI := set.(map[string]interface{})
 
-					if v, ok := ipsMapToStrVal["name"]; ok && !isIntfNil(v) {
-						ipPrefixSetInt[i].Name = v.(string)
-					}
+									if w, ok := pathMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										path.ExactValues = ls
+									}
 
-					if v, ok := ipsMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-						ipPrefixSetInt[i].Namespace = v.(string)
-					}
+									if w, ok := pathMapStrToI["prefix_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										path.PrefixValues = ls
+									}
 
-					if v, ok := ipsMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-						ipPrefixSetInt[i].Tenant = v.(string)
-					}
+									if w, ok := pathMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										path.RegexValues = ls
+									}
 
-				}
+									if w, ok := pathMapStrToI["suffix_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										path.SuffixValues = ls
+									}
 
-			}
+									if v, ok := pathMapStrToI["transformers"]; ok && !isIntfNil(v) {
 
-			if v, ok := cs["prefix_list"]; ok && !isIntfNil(v) {
+										transformersList := []ves_io_schema_policy.Transformer{}
+										for _, j := range v.([]interface{}) {
+											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+										}
+										path.Transformers = transformersList
 
-				sl := v.(*schema.Set).List()
-				prefixList := &ves_io_schema_views.PrefixStringListType{}
-				ruleChoiceInt.AllowList.PrefixList = prefixList
-				for _, set := range sl {
-					prefixListMapStrToI := set.(map[string]interface{})
+									}
 
-					if w, ok := prefixListMapStrToI["prefixes"]; ok && !isIntfNil(w) {
-						ls := make([]string, len(w.([]interface{})))
-						for i, v := range w.([]interface{}) {
-							ls[i] = v.(string)
-						}
-						prefixList.Prefixes = ls
-					}
+									if w, ok := pathMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										path.InvertMatcher = w.(bool)
+									}
 
-				}
+								}
 
-			}
+							}
 
-			if v, ok := cs["tls_fingerprint_classes"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["port_matcher"]; ok && !isIntfNil(v) {
 
-				tls_fingerprint_classesList := []ves_io_schema_policy.KnownTlsFingerprintClass{}
-				for _, j := range v.([]interface{}) {
-					tls_fingerprint_classesList = append(tls_fingerprint_classesList, ves_io_schema_policy.KnownTlsFingerprintClass(ves_io_schema_policy.KnownTlsFingerprintClass_value[j.(string)]))
-				}
-				ruleChoiceInt.AllowList.TlsFingerprintClasses = tls_fingerprint_classesList
+								sl := v.(*schema.Set).List()
+								portMatcher := &ves_io_schema_policy.PortMatcherType{}
+								spec.PortMatcher = portMatcher
+								for _, set := range sl {
+									portMatcherMapStrToI := set.(map[string]interface{})
 
-			}
+									if w, ok := portMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										portMatcher.InvertMatcher = w.(bool)
+									}
 
-			if v, ok := cs["tls_fingerprint_values"]; ok && !isIntfNil(v) {
+									if w, ok := portMatcherMapStrToI["ports"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										portMatcher.Ports = ls
+									}
 
-				ls := make([]string, len(v.([]interface{})))
-				for i, v := range v.([]interface{}) {
-					ls[i] = v.(string)
-				}
-				ruleChoiceInt.AllowList.TlsFingerprintValues = ls
+								}
 
-			}
+							}
 
-		}
+							if v, ok := specMapStrToI["query_params"]; ok && !isIntfNil(v) {
 
-	}
+								sl := v.([]interface{})
+								queryParams := make([]*ves_io_schema_policy.QueryParameterMatcherType, len(sl))
+								spec.QueryParams = queryParams
+								for i, set := range sl {
+									queryParams[i] = &ves_io_schema_policy.QueryParameterMatcherType{}
+									queryParamsMapStrToI := set.(map[string]interface{})
 
-	if v, ok := d.GetOk("deny_all_requests"); ok && !ruleChoiceTypeFound {
+									if w, ok := queryParamsMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										queryParams[i].InvertMatcher = w.(bool)
+									}
 
-		ruleChoiceTypeFound = true
+									if w, ok := queryParamsMapStrToI["key"]; ok && !isIntfNil(w) {
+										queryParams[i].Key = w.(string)
+									}
 
-		if v.(bool) {
-			ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_DenyAllRequests{}
-			ruleChoiceInt.DenyAllRequests = &ves_io_schema.Empty{}
-			createSpec.RuleChoice = ruleChoiceInt
-		}
+									matchTypeFound := false
 
-	}
+									if v, ok := queryParamsMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-	if v, ok := d.GetOk("deny_list"); ok && !ruleChoiceTypeFound {
+										matchTypeFound = true
 
-		ruleChoiceTypeFound = true
-		ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_DenyList{}
-		ruleChoiceInt.DenyList = &ves_io_schema_service_policy.SourceList{}
-		createSpec.RuleChoice = ruleChoiceInt
+										if v.(bool) {
+											matchInt := &ves_io_schema_policy.QueryParameterMatcherType_CheckNotPresent{}
+											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
+											queryParams[i].Match = matchInt
+										}
 
-		sl := v.(*schema.Set).List()
-		for _, set := range sl {
-			cs := set.(map[string]interface{})
+									}
 
-			if v, ok := cs["asn_list"]; ok && !isIntfNil(v) {
+									if v, ok := queryParamsMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-				sl := v.(*schema.Set).List()
-				asnList := &ves_io_schema_policy.AsnMatchList{}
-				ruleChoiceInt.DenyList.AsnList = asnList
-				for _, set := range sl {
-					asnListMapStrToI := set.(map[string]interface{})
+										matchTypeFound = true
 
-					if w, ok := asnListMapStrToI["as_numbers"]; ok && !isIntfNil(w) {
-						ls := make([]uint32, len(w.([]interface{})))
-						for i, v := range w.([]interface{}) {
-							ls[i] = uint32(v.(int))
-						}
-						asnList.AsNumbers = ls
-					}
+										if v.(bool) {
+											matchInt := &ves_io_schema_policy.QueryParameterMatcherType_CheckPresent{}
+											matchInt.CheckPresent = &ves_io_schema.Empty{}
+											queryParams[i].Match = matchInt
+										}
 
-				}
+									}
 
-			}
+									if v, ok := queryParamsMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-			if v, ok := cs["asn_set"]; ok && !isIntfNil(v) {
+										matchTypeFound = true
+										matchInt := &ves_io_schema_policy.QueryParameterMatcherType_Item{}
+										matchInt.Item = &ves_io_schema_policy.MatcherType{}
+										queryParams[i].Match = matchInt
 
-				sl := v.([]interface{})
-				asnSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
-				ruleChoiceInt.DenyList.AsnSet = asnSetInt
-				for i, ps := range sl {
+										sl := v.(*schema.Set).List()
+										for _, set := range sl {
+											cs := set.(map[string]interface{})
 
-					asMapToStrVal := ps.(map[string]interface{})
-					asnSetInt[i] = &ves_io_schema_views.ObjectRefType{}
+											if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
 
-					if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
-						asnSetInt[i].Name = v.(string)
-					}
+												ls := make([]string, len(v.([]interface{})))
+												for i, v := range v.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												matchInt.Item.ExactValues = ls
 
-					if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-						asnSetInt[i].Namespace = v.(string)
-					}
+											}
 
-					if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-						asnSetInt[i].Tenant = v.(string)
-					}
+											if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
 
-				}
+												ls := make([]string, len(v.([]interface{})))
+												for i, v := range v.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												matchInt.Item.RegexValues = ls
 
-			}
+											}
 
-			if v, ok := cs["country_list"]; ok && !isIntfNil(v) {
+											if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
 
-				country_listList := []ves_io_schema_policy.CountryCode{}
-				for _, j := range v.([]interface{}) {
-					country_listList = append(country_listList, ves_io_schema_policy.CountryCode(ves_io_schema_policy.CountryCode_value[j.(string)]))
-				}
-				ruleChoiceInt.DenyList.CountryList = country_listList
+												transformersList := []ves_io_schema_policy.Transformer{}
+												for _, j := range v.([]interface{}) {
+													transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+												}
+												matchInt.Item.Transformers = transformersList
 
-			}
+											}
 
-			defaultActionChoiceTypeFound := false
+										}
 
-			if v, ok := cs["default_action_allow"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+									}
 
-				defaultActionChoiceTypeFound = true
+									if v, ok := queryParamsMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-				if v.(bool) {
-					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionAllow{}
-					defaultActionChoiceInt.DefaultActionAllow = &ves_io_schema.Empty{}
-					ruleChoiceInt.DenyList.DefaultActionChoice = defaultActionChoiceInt
-				}
+										matchTypeFound = true
+										matchInt := &ves_io_schema_policy.QueryParameterMatcherType_Presence{}
 
-			}
+										queryParams[i].Match = matchInt
 
-			if v, ok := cs["default_action_deny"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+										matchInt.Presence = v.(bool)
 
-				defaultActionChoiceTypeFound = true
+									}
 
-				if v.(bool) {
-					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionDeny{}
-					defaultActionChoiceInt.DefaultActionDeny = &ves_io_schema.Empty{}
-					ruleChoiceInt.DenyList.DefaultActionChoice = defaultActionChoiceInt
-				}
+								}
 
-			}
+							}
 
-			if v, ok := cs["default_action_next_policy"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+							if v, ok := specMapStrToI["rate_limiter"]; ok && !isIntfNil(v) {
 
-				defaultActionChoiceTypeFound = true
+								sl := v.([]interface{})
+								rateLimiterInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+								spec.RateLimiter = rateLimiterInt
+								for i, ps := range sl {
 
-				if v.(bool) {
-					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionNextPolicy{}
-					defaultActionChoiceInt.DefaultActionNextPolicy = &ves_io_schema.Empty{}
-					ruleChoiceInt.DenyList.DefaultActionChoice = defaultActionChoiceInt
-				}
+									rlMapToStrVal := ps.(map[string]interface{})
+									rateLimiterInt[i] = &ves_io_schema.ObjectRefType{}
 
-			}
+									rateLimiterInt[i].Kind = "rate_limiter"
 
-			if v, ok := cs["ip_prefix_set"]; ok && !isIntfNil(v) {
+									if v, ok := rlMapToStrVal["name"]; ok && !isIntfNil(v) {
+										rateLimiterInt[i].Name = v.(string)
+									}
 
-				sl := v.([]interface{})
-				ipPrefixSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
-				ruleChoiceInt.DenyList.IpPrefixSet = ipPrefixSetInt
-				for i, ps := range sl {
+									if v, ok := rlMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+										rateLimiterInt[i].Namespace = v.(string)
+									}
 
-					ipsMapToStrVal := ps.(map[string]interface{})
-					ipPrefixSetInt[i] = &ves_io_schema_views.ObjectRefType{}
+									if v, ok := rlMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+										rateLimiterInt[i].Tenant = v.(string)
+									}
 
-					if v, ok := ipsMapToStrVal["name"]; ok && !isIntfNil(v) {
-						ipPrefixSetInt[i].Name = v.(string)
-					}
+									if v, ok := rlMapToStrVal["uid"]; ok && !isIntfNil(v) {
+										rateLimiterInt[i].Uid = v.(string)
+									}
 
-					if v, ok := ipsMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-						ipPrefixSetInt[i].Namespace = v.(string)
-					}
+								}
 
-					if v, ok := ipsMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-						ipPrefixSetInt[i].Tenant = v.(string)
-					}
+							}
 
-				}
+							if w, ok := specMapStrToI["scheme"]; ok && !isIntfNil(w) {
+								ls := make([]string, len(w.([]interface{})))
+								for i, v := range w.([]interface{}) {
+									ls[i] = v.(string)
+								}
+								spec.Scheme = ls
+							}
 
-			}
+							if v, ok := specMapStrToI["server_selector"]; ok && !isIntfNil(v) {
 
-			if v, ok := cs["prefix_list"]; ok && !isIntfNil(v) {
+								sl := v.(*schema.Set).List()
+								serverSelector := &ves_io_schema.LabelSelectorType{}
+								spec.ServerSelector = serverSelector
+								for _, set := range sl {
+									serverSelectorMapStrToI := set.(map[string]interface{})
 
-				sl := v.(*schema.Set).List()
-				prefixList := &ves_io_schema_views.PrefixStringListType{}
-				ruleChoiceInt.DenyList.PrefixList = prefixList
-				for _, set := range sl {
-					prefixListMapStrToI := set.(map[string]interface{})
+									if w, ok := serverSelectorMapStrToI["expressions"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										serverSelector.Expressions = ls
+									}
 
-					if w, ok := prefixListMapStrToI["prefixes"]; ok && !isIntfNil(w) {
-						ls := make([]string, len(w.([]interface{})))
-						for i, v := range w.([]interface{}) {
-							ls[i] = v.(string)
-						}
-						prefixList.Prefixes = ls
-					}
+								}
 
-				}
+							}
 
-			}
+							if v, ok := specMapStrToI["shape_protected_endpoint_action"]; ok && !isIntfNil(v) {
 
-			if v, ok := cs["tls_fingerprint_classes"]; ok && !isIntfNil(v) {
+								sl := v.([]interface{})
+								shapeProtectedEndpointAction := &ves_io_schema_policy.ShapeProtectedEndpointAction{}
+								spec.ShapeProtectedEndpointAction = shapeProtectedEndpointAction
+								for _, set := range sl {
+									shapeProtectedEndpointActionMapStrToI := set.(map[string]interface{})
 
-				tls_fingerprint_classesList := []ves_io_schema_policy.KnownTlsFingerprintClass{}
-				for _, j := range v.([]interface{}) {
-					tls_fingerprint_classesList = append(tls_fingerprint_classesList, ves_io_schema_policy.KnownTlsFingerprintClass(ves_io_schema_policy.KnownTlsFingerprintClass_value[j.(string)]))
-				}
-				ruleChoiceInt.DenyList.TlsFingerprintClasses = tls_fingerprint_classesList
+									if w, ok := shapeProtectedEndpointActionMapStrToI["allow_goodbot"]; ok && !isIntfNil(w) {
+										shapeProtectedEndpointAction.AllowGoodbot = w.(bool)
+									}
 
-			}
+									if v, ok := shapeProtectedEndpointActionMapStrToI["app_traffic_type"]; ok && !isIntfNil(v) {
 
-			if v, ok := cs["tls_fingerprint_values"]; ok && !isIntfNil(v) {
+										shapeProtectedEndpointAction.AppTrafficType = ves_io_schema_policy.AppTrafficType(ves_io_schema_policy.AppTrafficType_value[v.(string)])
 
-				ls := make([]string, len(v.([]interface{})))
-				for i, v := range v.([]interface{}) {
-					ls[i] = v.(string)
-				}
-				ruleChoiceInt.DenyList.TlsFingerprintValues = ls
+									}
 
-			}
+									if w, ok := shapeProtectedEndpointActionMapStrToI["flow_label"]; ok && !isIntfNil(w) {
+										shapeProtectedEndpointAction.FlowLabel = w.(string)
+									}
 
-		}
+									if v, ok := shapeProtectedEndpointActionMapStrToI["mitigation"]; ok && !isIntfNil(v) {
 
-	}
+										sl := v.([]interface{})
+										mitigation := &ves_io_schema_policy.ShapeBotMitigationAction{}
+										shapeProtectedEndpointAction.Mitigation = mitigation
+										for _, set := range sl {
+											mitigationMapStrToI := set.(map[string]interface{})
 
-	if v, ok := d.GetOk("internally_generated"); ok && !ruleChoiceTypeFound {
+											actionTypeTypeFound := false
 
-		ruleChoiceTypeFound = true
+											if v, ok := mitigationMapStrToI["block"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-		if v.(bool) {
-			ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_InternallyGenerated{}
-			ruleChoiceInt.InternallyGenerated = &ves_io_schema.Empty{}
-			createSpec.RuleChoice = ruleChoiceInt
-		}
+												actionTypeTypeFound = true
+												actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_Block{}
+												actionTypeInt.Block = &ves_io_schema_policy.ShapeBotBlockMitigationActionType{}
+												mitigation.ActionType = actionTypeInt
 
-	}
+												sl := v.([]interface{})
+												for _, set := range sl {
+													cs := set.(map[string]interface{})
 
-	if v, ok := d.GetOk("legacy_rule_list"); ok && !ruleChoiceTypeFound {
+													if v, ok := cs["body"]; ok && !isIntfNil(v) {
 
-		ruleChoiceTypeFound = true
-		ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_LegacyRuleList{}
-		ruleChoiceInt.LegacyRuleList = &ves_io_schema_service_policy.LegacyRuleList{}
-		createSpec.RuleChoice = ruleChoiceInt
+														actionTypeInt.Block.Body = v.(string)
 
-		sl := v.(*schema.Set).List()
-		for _, set := range sl {
-			cs := set.(map[string]interface{})
+													}
 
-			if v, ok := cs["rules"]; ok && !isIntfNil(v) {
+													if v, ok := cs["body_hash"]; ok && !isIntfNil(v) {
 
-				sl := v.([]interface{})
-				rulesInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-				ruleChoiceInt.LegacyRuleList.Rules = rulesInt
-				for i, ps := range sl {
+														actionTypeInt.Block.BodyHash = v.(string)
 
-					rMapToStrVal := ps.(map[string]interface{})
-					rulesInt[i] = &ves_io_schema.ObjectRefType{}
+													}
 
-					rulesInt[i].Kind = "service_policy_rule"
+													if v, ok := cs["status"]; ok && !isIntfNil(v) {
 
-					if v, ok := rMapToStrVal["name"]; ok && !isIntfNil(v) {
-						rulesInt[i].Name = v.(string)
-					}
+														actionTypeInt.Block.Status = ves_io_schema.HttpStatusCode(ves_io_schema.HttpStatusCode_value[v.(string)])
 
-					if v, ok := rMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-						rulesInt[i].Namespace = v.(string)
-					}
+													}
 
-					if v, ok := rMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-						rulesInt[i].Tenant = v.(string)
-					}
+												}
 
-					if v, ok := rMapToStrVal["uid"]; ok && !isIntfNil(v) {
-						rulesInt[i].Uid = v.(string)
-					}
+											}
 
-				}
+											if v, ok := mitigationMapStrToI["flag"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-			}
+												actionTypeTypeFound = true
+												actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_Flag{}
+												actionTypeInt.Flag = &ves_io_schema_policy.ShapeBotFlagMitigationActionChoiceType{}
+												mitigation.ActionType = actionTypeInt
 
-		}
+												sl := v.([]interface{})
+												for _, set := range sl {
+													cs := set.(map[string]interface{})
 
-	}
+													sendHeadersChoiceTypeFound := false
 
-	if v, ok := d.GetOk("rule_list"); ok && !ruleChoiceTypeFound {
+													if v, ok := cs["append_headers"]; ok && !isIntfNil(v) && !sendHeadersChoiceTypeFound {
 
-		ruleChoiceTypeFound = true
-		ruleChoiceInt := &ves_io_schema_service_policy.CreateSpecType_RuleList{}
-		ruleChoiceInt.RuleList = &ves_io_schema_service_policy.RuleList{}
-		createSpec.RuleChoice = ruleChoiceInt
+														sendHeadersChoiceTypeFound = true
+														sendHeadersChoiceInt := &ves_io_schema_policy.ShapeBotFlagMitigationActionChoiceType_AppendHeaders{}
+														sendHeadersChoiceInt.AppendHeaders = &ves_io_schema_policy.ShapeBotFlagMitigationActionType{}
+														actionTypeInt.Flag.SendHeadersChoice = sendHeadersChoiceInt
 
-		sl := v.(*schema.Set).List()
-		for _, set := range sl {
-			cs := set.(map[string]interface{})
+														sl := v.([]interface{})
+														for _, set := range sl {
+															cs := set.(map[string]interface{})
 
-			if v, ok := cs["rules"]; ok && !isIntfNil(v) {
+															if v, ok := cs["auto_type_header_name"]; ok && !isIntfNil(v) {
 
-				sl := v.([]interface{})
-				rules := make([]*ves_io_schema_service_policy.Rule, len(sl))
-				ruleChoiceInt.RuleList.Rules = rules
-				for i, set := range sl {
-					rules[i] = &ves_io_schema_service_policy.Rule{}
-					rulesMapStrToI := set.(map[string]interface{})
+																sendHeadersChoiceInt.AppendHeaders.AutoTypeHeaderName = v.(string)
 
-					if v, ok := rulesMapStrToI["metadata"]; ok && !isIntfNil(v) {
+															}
 
-						sl := v.(*schema.Set).List()
-						metadata := &ves_io_schema.MessageMetaType{}
-						rules[i].Metadata = metadata
-						for _, set := range sl {
-							metadataMapStrToI := set.(map[string]interface{})
+															if v, ok := cs["inference_header_name"]; ok && !isIntfNil(v) {
 
-							if w, ok := metadataMapStrToI["description"]; ok && !isIntfNil(w) {
-								metadata.Description = w.(string)
-							}
+																sendHeadersChoiceInt.AppendHeaders.InferenceHeaderName = v.(string)
 
-							if w, ok := metadataMapStrToI["disable"]; ok && !isIntfNil(w) {
-								metadata.Disable = w.(bool)
-							}
+															}
 
-							if w, ok := metadataMapStrToI["name"]; ok && !isIntfNil(w) {
-								metadata.Name = w.(string)
-							}
+														}
 
-						}
+													}
 
-					}
+													if v, ok := cs["no_headers"]; ok && !isIntfNil(v) && !sendHeadersChoiceTypeFound {
 
-					if v, ok := rulesMapStrToI["spec"]; ok && !isIntfNil(v) {
+														sendHeadersChoiceTypeFound = true
 
-						sl := v.(*schema.Set).List()
-						spec := &ves_io_schema_service_policy_rule.GlobalSpecType{}
-						rules[i].Spec = spec
-						for _, set := range sl {
-							specMapStrToI := set.(map[string]interface{})
+														if v.(bool) {
+															sendHeadersChoiceInt := &ves_io_schema_policy.ShapeBotFlagMitigationActionChoiceType_NoHeaders{}
+															sendHeadersChoiceInt.NoHeaders = &ves_io_schema.Empty{}
+															actionTypeInt.Flag.SendHeadersChoice = sendHeadersChoiceInt
+														}
 
-							if v, ok := specMapStrToI["action"]; ok && !isIntfNil(v) {
+													}
 
-								spec.Action = ves_io_schema_policy.RuleAction(ves_io_schema_policy.RuleAction_value[v.(string)])
+												}
 
-							}
+											}
 
-							if v, ok := specMapStrToI["api_group_matcher"]; ok && !isIntfNil(v) {
+											if v, ok := mitigationMapStrToI["none"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-								sl := v.(*schema.Set).List()
-								apiGroupMatcher := &ves_io_schema_policy.StringMatcherType{}
-								spec.ApiGroupMatcher = apiGroupMatcher
-								for _, set := range sl {
-									apiGroupMatcherMapStrToI := set.(map[string]interface{})
+												actionTypeTypeFound = true
 
-									if w, ok := apiGroupMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										apiGroupMatcher.InvertMatcher = w.(bool)
-									}
+												if v.(bool) {
+													actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_None{}
+													actionTypeInt.None = &ves_io_schema.Empty{}
+													mitigation.ActionType = actionTypeInt
+												}
 
-									if w, ok := apiGroupMatcherMapStrToI["match"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										apiGroupMatcher.Match = ls
-									}
+											}
 
-								}
+											if v, ok := mitigationMapStrToI["redirect"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-							}
+												actionTypeTypeFound = true
+												actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_Redirect{}
+												actionTypeInt.Redirect = &ves_io_schema_policy.ShapeBotRedirectMitigationActionType{}
+												mitigation.ActionType = actionTypeInt
 
-							if v, ok := specMapStrToI["arg_matchers"]; ok && !isIntfNil(v) {
+												sl := v.([]interface{})
+												for _, set := range sl {
+													cs := set.(map[string]interface{})
 
-								sl := v.([]interface{})
-								argMatchers := make([]*ves_io_schema_policy.ArgMatcherType, len(sl))
-								spec.ArgMatchers = argMatchers
-								for i, set := range sl {
-									argMatchers[i] = &ves_io_schema_policy.ArgMatcherType{}
-									argMatchersMapStrToI := set.(map[string]interface{})
+													if v, ok := cs["uri"]; ok && !isIntfNil(v) {
 
-									if w, ok := argMatchersMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										argMatchers[i].InvertMatcher = w.(bool)
-									}
+														actionTypeInt.Redirect.Uri = v.(string)
 
-									matchTypeFound := false
+													}
 
-									if v, ok := argMatchersMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+												}
 
-										matchTypeFound = true
+											}
 
-										if v.(bool) {
-											matchInt := &ves_io_schema_policy.ArgMatcherType_CheckNotPresent{}
-											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
-											argMatchers[i].Match = matchInt
 										}
 
 									}
 
-									if v, ok := argMatchersMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := shapeProtectedEndpointActionMapStrToI["transaction_result"]; ok && !isIntfNil(v) {
 
-										matchTypeFound = true
+										sl := v.(*schema.Set).List()
+										transactionResult := &ves_io_schema.BotDefenseTransactionResultType{}
+										shapeProtectedEndpointAction.TransactionResult = transactionResult
+										for _, set := range sl {
+											transactionResultMapStrToI := set.(map[string]interface{})
 
-										if v.(bool) {
-											matchInt := &ves_io_schema_policy.ArgMatcherType_CheckPresent{}
-											matchInt.CheckPresent = &ves_io_schema.Empty{}
-											argMatchers[i].Match = matchInt
-										}
+											if v, ok := transactionResultMapStrToI["failure_conditions"]; ok && !isIntfNil(v) {
 
-									}
+												sl := v.([]interface{})
+												failureConditions := make([]*ves_io_schema.BotDefenseTransactionResultCondition, len(sl))
+												transactionResult.FailureConditions = failureConditions
+												for i, set := range sl {
+													failureConditions[i] = &ves_io_schema.BotDefenseTransactionResultCondition{}
+													failureConditionsMapStrToI := set.(map[string]interface{})
 
-									if v, ok := argMatchersMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
+													if w, ok := failureConditionsMapStrToI["name"]; ok && !isIntfNil(w) {
+														failureConditions[i].Name = w.(string)
+													}
 
-										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.ArgMatcherType_Item{}
-										matchInt.Item = &ves_io_schema_policy.MatcherType{}
-										argMatchers[i].Match = matchInt
+													if w, ok := failureConditionsMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+														ls := make([]string, len(w.([]interface{})))
+														for i, v := range w.([]interface{}) {
+															ls[i] = v.(string)
+														}
+														failureConditions[i].RegexValues = ls
+													}
 
-										sl := v.(*schema.Set).List()
-										for _, set := range sl {
-											cs := set.(map[string]interface{})
+													if v, ok := failureConditionsMapStrToI["status"]; ok && !isIntfNil(v) {
 
-											if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
+														failureConditions[i].Status = ves_io_schema.HttpStatusCode(ves_io_schema.HttpStatusCode_value[v.(string)])
+
+													}
 
-												ls := make([]string, len(v.([]interface{})))
-												for i, v := range v.([]interface{}) {
-													ls[i] = v.(string)
 												}
-												matchInt.Item.ExactValues = ls
 
 											}
 
-											if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
+											if v, ok := transactionResultMapStrToI["success_conditions"]; ok && !isIntfNil(v) {
 
-												ls := make([]string, len(v.([]interface{})))
-												for i, v := range v.([]interface{}) {
-													ls[i] = v.(string)
-												}
-												matchInt.Item.RegexValues = ls
+												sl := v.([]interface{})
+												successConditions := make([]*ves_io_schema.BotDefenseTransactionResultCondition, len(sl))
+												transactionResult.SuccessConditions = successConditions
+												for i, set := range sl {
+													successConditions[i] = &ves_io_schema.BotDefenseTransactionResultCondition{}
+													successConditionsMapStrToI := set.(map[string]interface{})
 
-											}
+													if w, ok := successConditionsMapStrToI["name"]; ok && !isIntfNil(w) {
+														successConditions[i].Name = w.(string)
+													}
 
-											if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
+													if w, ok := successConditionsMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+														ls := make([]string, len(w.([]interface{})))
+														for i, v := range w.([]interface{}) {
+															ls[i] = v.(string)
+														}
+														successConditions[i].RegexValues = ls
+													}
+
+													if v, ok := successConditionsMapStrToI["status"]; ok && !isIntfNil(v) {
+
+														successConditions[i].Status = ves_io_schema.HttpStatusCode(ves_io_schema.HttpStatusCode_value[v.(string)])
+
+													}
 
-												transformersList := []ves_io_schema_policy.Transformer{}
-												for _, j := range v.([]interface{}) {
-													transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
 												}
-												matchInt.Item.Transformers = transformersList
 
 											}
 
@@ -2677,101 +4804,130 @@ func resourceVolterraServicePolicyCreate(d *schema.ResourceData, meta interface{
 
 									}
 
-									if v, ok := argMatchersMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if w, ok := shapeProtectedEndpointActionMapStrToI["web_scraping"]; ok && !isIntfNil(w) {
+										shapeProtectedEndpointAction.WebScraping = w.(bool)
+									}
 
-										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.ArgMatcherType_Presence{}
+								}
 
-										argMatchers[i].Match = matchInt
+							}
 
-										matchInt.Presence = v.(bool)
+							if v, ok := specMapStrToI["tls_fingerprint_matcher"]; ok && !isIntfNil(v) {
+
+								sl := v.(*schema.Set).List()
+								tlsFingerprintMatcher := &ves_io_schema_policy.TlsFingerprintMatcherType{}
+								spec.TlsFingerprintMatcher = tlsFingerprintMatcher
+								for _, set := range sl {
+									tlsFingerprintMatcherMapStrToI := set.(map[string]interface{})
+
+									if v, ok := tlsFingerprintMatcherMapStrToI["classes"]; ok && !isIntfNil(v) {
+
+										classesList := []ves_io_schema_policy.KnownTlsFingerprintClass{}
+										for _, j := range v.([]interface{}) {
+											classesList = append(classesList, ves_io_schema_policy.KnownTlsFingerprintClass(ves_io_schema_policy.KnownTlsFingerprintClass_value[j.(string)]))
+										}
+										tlsFingerprintMatcher.Classes = classesList
 
 									}
 
-									if w, ok := argMatchersMapStrToI["name"]; ok && !isIntfNil(w) {
-										argMatchers[i].Name = w.(string)
+									if w, ok := tlsFingerprintMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										tlsFingerprintMatcher.ExactValues = ls
+									}
+
+									if w, ok := tlsFingerprintMatcherMapStrToI["excluded_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										tlsFingerprintMatcher.ExcludedValues = ls
 									}
 
 								}
 
 							}
 
-							asnChoiceTypeFound := false
+							if v, ok := specMapStrToI["url_matcher"]; ok && !isIntfNil(v) {
 
-							if v, ok := specMapStrToI["any_asn"]; ok && !isIntfNil(v) && !asnChoiceTypeFound {
+								sl := v.(*schema.Set).List()
+								urlMatcher := &ves_io_schema_policy.URLMatcherType{}
+								spec.UrlMatcher = urlMatcher
+								for _, set := range sl {
+									urlMatcherMapStrToI := set.(map[string]interface{})
 
-								asnChoiceTypeFound = true
+									if w, ok := urlMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										urlMatcher.InvertMatcher = w.(bool)
+									}
 
-								if v.(bool) {
-									asnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyAsn{}
-									asnChoiceInt.AnyAsn = &ves_io_schema.Empty{}
-									spec.AsnChoice = asnChoiceInt
-								}
+									if v, ok := urlMatcherMapStrToI["url_items"]; ok && !isIntfNil(v) {
 
-							}
+										sl := v.([]interface{})
+										urlItems := make([]*ves_io_schema_policy.URLItem, len(sl))
+										urlMatcher.UrlItems = urlItems
+										for i, set := range sl {
+											urlItems[i] = &ves_io_schema_policy.URLItem{}
+											urlItemsMapStrToI := set.(map[string]interface{})
 
-							if v, ok := specMapStrToI["asn_list"]; ok && !isIntfNil(v) && !asnChoiceTypeFound {
+											domainChoiceTypeFound := false
 
-								asnChoiceTypeFound = true
-								asnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AsnList{}
-								asnChoiceInt.AsnList = &ves_io_schema_policy.AsnMatchList{}
-								spec.AsnChoice = asnChoiceInt
+											if v, ok := urlItemsMapStrToI["domain_regex"]; ok && !isIntfNil(v) && !domainChoiceTypeFound {
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+												domainChoiceTypeFound = true
+												domainChoiceInt := &ves_io_schema_policy.URLItem_DomainRegex{}
 
-									if v, ok := cs["as_numbers"]; ok && !isIntfNil(v) {
+												urlItems[i].DomainChoice = domainChoiceInt
 
-										ls := make([]uint32, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = uint32(v.(int))
-										}
-										asnChoiceInt.AsnList.AsNumbers = ls
+												domainChoiceInt.DomainRegex = v.(string)
 
-									}
+											}
+
+											if v, ok := urlItemsMapStrToI["domain_value"]; ok && !isIntfNil(v) && !domainChoiceTypeFound {
+
+												domainChoiceTypeFound = true
+												domainChoiceInt := &ves_io_schema_policy.URLItem_DomainValue{}
+
+												urlItems[i].DomainChoice = domainChoiceInt
+
+												domainChoiceInt.DomainValue = v.(string)
+
+											}
+
+											pathChoiceTypeFound := false
 
-								}
+											if v, ok := urlItemsMapStrToI["path_prefix"]; ok && !isIntfNil(v) && !pathChoiceTypeFound {
 
-							}
+												pathChoiceTypeFound = true
+												pathChoiceInt := &ves_io_schema_policy.URLItem_PathPrefix{}
 
-							if v, ok := specMapStrToI["asn_matcher"]; ok && !isIntfNil(v) && !asnChoiceTypeFound {
+												urlItems[i].PathChoice = pathChoiceInt
 
-								asnChoiceTypeFound = true
-								asnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AsnMatcher{}
-								asnChoiceInt.AsnMatcher = &ves_io_schema_policy.AsnMatcherType{}
-								spec.AsnChoice = asnChoiceInt
+												pathChoiceInt.PathPrefix = v.(string)
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+											}
 
-									if v, ok := cs["asn_sets"]; ok && !isIntfNil(v) {
+											if v, ok := urlItemsMapStrToI["path_regex"]; ok && !isIntfNil(v) && !pathChoiceTypeFound {
 
-										sl := v.([]interface{})
-										asnSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-										asnChoiceInt.AsnMatcher.AsnSets = asnSetsInt
-										for i, ps := range sl {
+												pathChoiceTypeFound = true
+												pathChoiceInt := &ves_io_schema_policy.URLItem_PathRegex{}
 
-											asMapToStrVal := ps.(map[string]interface{})
-											asnSetsInt[i] = &ves_io_schema.ObjectRefType{}
+												urlItems[i].PathChoice = pathChoiceInt
 
-											asnSetsInt[i].Kind = "bgp_asn_set"
+												pathChoiceInt.PathRegex = v.(string)
 
-											if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Name = v.(string)
 											}
 
-											if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Namespace = v.(string)
-											}
+											if v, ok := urlItemsMapStrToI["path_value"]; ok && !isIntfNil(v) && !pathChoiceTypeFound {
 
-											if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Tenant = v.(string)
-											}
+												pathChoiceTypeFound = true
+												pathChoiceInt := &ves_io_schema_policy.URLItem_PathValue{}
+
+												urlItems[i].PathChoice = pathChoiceInt
+
+												pathChoiceInt.PathValue = v.(string)
 
-											if v, ok := asMapToStrVal["uid"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Uid = v.(string)
 											}
 
 										}
@@ -2782,37 +4938,37 @@ func resourceVolterraServicePolicyCreate(d *schema.ResourceData, meta interface{
 
 							}
 
-							if v, ok := specMapStrToI["body_matcher"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["virtual_host_matcher"]; ok && !isIntfNil(v) {
 
 								sl := v.(*schema.Set).List()
-								bodyMatcher := &ves_io_schema_policy.MatcherType{}
-								spec.BodyMatcher = bodyMatcher
+								virtualHostMatcher := &ves_io_schema_policy.MatcherType{}
+								spec.VirtualHostMatcher = virtualHostMatcher
 								for _, set := range sl {
-									bodyMatcherMapStrToI := set.(map[string]interface{})
+									virtualHostMatcherMapStrToI := set.(map[string]interface{})
 
-									if w, ok := bodyMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+									if w, ok := virtualHostMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
 										ls := make([]string, len(w.([]interface{})))
 										for i, v := range w.([]interface{}) {
 											ls[i] = v.(string)
 										}
-										bodyMatcher.ExactValues = ls
+										virtualHostMatcher.ExactValues = ls
 									}
 
-									if w, ok := bodyMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+									if w, ok := virtualHostMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
 										ls := make([]string, len(w.([]interface{})))
 										for i, v := range w.([]interface{}) {
 											ls[i] = v.(string)
 										}
-										bodyMatcher.RegexValues = ls
+										virtualHostMatcher.RegexValues = ls
 									}
 
-									if v, ok := bodyMatcherMapStrToI["transformers"]; ok && !isIntfNil(v) {
+									if v, ok := virtualHostMatcherMapStrToI["transformers"]; ok && !isIntfNil(v) {
 
 										transformersList := []ves_io_schema_policy.Transformer{}
 										for _, j := range v.([]interface{}) {
 											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
 										}
-										bodyMatcher.Transformers = transformersList
+										virtualHostMatcher.Transformers = transformersList
 
 									}
 
@@ -2820,205 +4976,177 @@ func resourceVolterraServicePolicyCreate(d *schema.ResourceData, meta interface{
 
 							}
 
-							if v, ok := specMapStrToI["bot_action"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["waf_action"]; ok && !isIntfNil(v) {
 
 								sl := v.(*schema.Set).List()
-								botAction := &ves_io_schema_policy.BotAction{}
-								spec.BotAction = botAction
+								wafAction := &ves_io_schema_policy.WafAction{}
+								spec.WafAction = wafAction
 								for _, set := range sl {
-									botActionMapStrToI := set.(map[string]interface{})
+									wafActionMapStrToI := set.(map[string]interface{})
 
 									actionTypeTypeFound := false
 
-									if v, ok := botActionMapStrToI["bot_skip_processing"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+									if v, ok := wafActionMapStrToI["app_firewall_detection_control"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
 										actionTypeTypeFound = true
+										actionTypeInt := &ves_io_schema_policy.WafAction_AppFirewallDetectionControl{}
+										actionTypeInt.AppFirewallDetectionControl = &ves_io_schema_policy.AppFirewallDetectionControl{}
+										wafAction.ActionType = actionTypeInt
 
-										if v.(bool) {
-											actionTypeInt := &ves_io_schema_policy.BotAction_BotSkipProcessing{}
-											actionTypeInt.BotSkipProcessing = &ves_io_schema.Empty{}
-											botAction.ActionType = actionTypeInt
-										}
+										sl := v.(*schema.Set).List()
+										for _, set := range sl {
+											cs := set.(map[string]interface{})
 
-									}
+											if v, ok := cs["exclude_attack_type_contexts"]; ok && !isIntfNil(v) {
 
-									if v, ok := botActionMapStrToI["none"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+												sl := v.([]interface{})
+												excludeAttackTypeContexts := make([]*ves_io_schema_policy.AppFirewallAttackTypeContext, len(sl))
+												actionTypeInt.AppFirewallDetectionControl.ExcludeAttackTypeContexts = excludeAttackTypeContexts
+												for i, set := range sl {
+													excludeAttackTypeContexts[i] = &ves_io_schema_policy.AppFirewallAttackTypeContext{}
+													excludeAttackTypeContextsMapStrToI := set.(map[string]interface{})
 
-										actionTypeTypeFound = true
+													if v, ok := excludeAttackTypeContextsMapStrToI["exclude_attack_type"]; ok && !isIntfNil(v) {
 
-										if v.(bool) {
-											actionTypeInt := &ves_io_schema_policy.BotAction_None{}
-											actionTypeInt.None = &ves_io_schema.Empty{}
-											botAction.ActionType = actionTypeInt
-										}
+														excludeAttackTypeContexts[i].ExcludeAttackType = ves_io_schema_app_firewall.AttackType(ves_io_schema_app_firewall.AttackType_value[v.(string)])
 
-									}
+													}
 
-								}
+													if v, ok := excludeAttackTypeContextsMapStrToI["context"]; ok && !isIntfNil(v) {
 
-							}
+														excludeAttackTypeContexts[i].Context = ves_io_schema_policy.DetectionContext(ves_io_schema_policy.DetectionContext_value[v.(string)])
 
-							if v, ok := specMapStrToI["challenge_action"]; ok && !isIntfNil(v) {
+													}
 
-								spec.ChallengeAction = ves_io_schema_policy.ChallengeAction(ves_io_schema_policy.ChallengeAction_value[v.(string)])
+													if v, ok := excludeAttackTypeContextsMapStrToI["context_name"]; ok && !isIntfNil(v) {
 
-							}
+														excludeAttackTypeContexts[i].ContextName = v.(string)
 
-							clientChoiceTypeFound := false
+													}
 
-							if v, ok := specMapStrToI["any_client"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
 
-								clientChoiceTypeFound = true
+												}
 
-								if v.(bool) {
-									clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyClient{}
-									clientChoiceInt.AnyClient = &ves_io_schema.Empty{}
-									spec.ClientChoice = clientChoiceInt
-								}
+											}
 
-							}
+											if v, ok := cs["exclude_signature_contexts"]; ok && !isIntfNil(v) {
 
-							if v, ok := specMapStrToI["client_name"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
+												sl := v.([]interface{})
+												excludeSignatureContexts := make([]*ves_io_schema_policy.AppFirewallSignatureContext, len(sl))
+												actionTypeInt.AppFirewallDetectionControl.ExcludeSignatureContexts = excludeSignatureContexts
+												for i, set := range sl {
+													excludeSignatureContexts[i] = &ves_io_schema_policy.AppFirewallSignatureContext{}
+													excludeSignatureContextsMapStrToI := set.(map[string]interface{})
 
-								clientChoiceTypeFound = true
-								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_ClientName{}
+													if w, ok := excludeSignatureContextsMapStrToI["signature_id"]; ok && !isIntfNil(w) {
+														excludeSignatureContexts[i].SignatureId = uint32(w.(int))
+													}
 
-								spec.ClientChoice = clientChoiceInt
+													if v, ok := excludeSignatureContextsMapStrToI["context"]; ok && !isIntfNil(v) {
 
-								clientChoiceInt.ClientName = v.(string)
+														excludeSignatureContexts[i].Context = ves_io_schema_policy.DetectionContext(ves_io_schema_policy.DetectionContext_value[v.(string)])
 
-							}
+													}
 
-							if v, ok := specMapStrToI["client_name_matcher"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
+													if v, ok := excludeSignatureContextsMapStrToI["context_name"]; ok && !isIntfNil(v) {
 
-								clientChoiceTypeFound = true
-								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_ClientNameMatcher{}
-								clientChoiceInt.ClientNameMatcher = &ves_io_schema_policy.MatcherType{}
-								spec.ClientChoice = clientChoiceInt
+														excludeSignatureContexts[i].ContextName = v.(string)
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+													}
 
-									if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
 
-										ls := make([]string, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										clientChoiceInt.ClientNameMatcher.ExactValues = ls
+												}
 
-									}
+											}
 
-									if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
+											if v, ok := cs["exclude_violation_contexts"]; ok && !isIntfNil(v) {
 
-										ls := make([]string, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										clientChoiceInt.ClientNameMatcher.RegexValues = ls
+												sl := v.([]interface{})
+												excludeViolationContexts := make([]*ves_io_schema_policy.AppFirewallViolationContext, len(sl))
+												actionTypeInt.AppFirewallDetectionControl.ExcludeViolationContexts = excludeViolationContexts
+												for i, set := range sl {
+													excludeViolationContexts[i] = &ves_io_schema_policy.AppFirewallViolationContext{}
+													excludeViolationContextsMapStrToI := set.(map[string]interface{})
 
-									}
+													if v, ok := excludeViolationContextsMapStrToI["exclude_violation"]; ok && !isIntfNil(v) {
 
-									if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
+														excludeViolationContexts[i].ExcludeViolation = ves_io_schema_app_firewall.AppFirewallViolationType(ves_io_schema_app_firewall.AppFirewallViolationType_value[v.(string)])
 
-										transformersList := []ves_io_schema_policy.Transformer{}
-										for _, j := range v.([]interface{}) {
-											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
-										}
-										clientChoiceInt.ClientNameMatcher.Transformers = transformersList
+													}
+													
+													if v, ok := excludeViolationContextsMapStrToI["context"]; ok && !isIntfNil(v) {
 
-									}
+														excludeViolationContexts[i].Context = ves_io_schema_policy.DetectionContext(ves_io_schema_policy.DetectionContext_value[v.(string)])
 
-								}
+													}
 
-							}
+													if v, ok := excludeViolationContextsMapStrToI["context_name"]; ok && !isIntfNil(v) {
 
-							if v, ok := specMapStrToI["client_selector"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
+														excludeViolationContexts[i].ContextName = v.(string)
 
-								clientChoiceTypeFound = true
-								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_ClientSelector{}
-								clientChoiceInt.ClientSelector = &ves_io_schema.LabelSelectorType{}
-								spec.ClientChoice = clientChoiceInt
+													}
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+												}
 
-									if v, ok := cs["expressions"]; ok && !isIntfNil(v) {
+											}
 
-										ls := make([]string, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										clientChoiceInt.ClientSelector.Expressions = ls
+											if v, ok := cs["exclude_bot_names"]; ok && !isIntfNil(v) {
 
-									}
+												sl := v.([]interface{})
+												excludeBotNameContexts := make([]*ves_io_schema_policy.BotNameContext , len(sl))
+												actionTypeInt.AppFirewallDetectionControl.ExcludeBotNameContexts = excludeBotNameContexts
+												for i, set := range sl {
+													excludeBotNameContexts[i] = &ves_io_schema_policy.BotNameContext{}
+													excludeViolationContextsMapStrToI := set.(map[string]interface{})
 
-								}
+													if v, ok := excludeViolationContextsMapStrToI["bot_name"]; ok && !isIntfNil(v) {
 
-							}
+														excludeBotNameContexts[i].BotName =  v.(string)
 
-							if v, ok := specMapStrToI["ip_threat_category_list"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
+													}
 
-								clientChoiceTypeFound = true
-								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_IpThreatCategoryList{}
-								clientChoiceInt.IpThreatCategoryList = &ves_io_schema_service_policy_rule.IPThreatCategoryListType{}
-								spec.ClientChoice = clientChoiceInt
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+												}
 
-									if v, ok := cs["ip_threat_categories"]; ok && !isIntfNil(v) {
+											}
 
-										ip_threat_categoriesList := []ves_io_schema_policy.IPThreatCategory{}
-										for _, j := range v.([]interface{}) {
-											ip_threat_categoriesList = append(ip_threat_categoriesList, ves_io_schema_policy.IPThreatCategory(ves_io_schema_policy.IPThreatCategory_value[j.(string)]))
-										}
-										clientChoiceInt.IpThreatCategoryList.IpThreatCategories = ip_threat_categoriesList
+										}	
 
 									}
 
-								}
-
-							}
+									if v, ok := wafActionMapStrToI["none"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-							if v, ok := specMapStrToI["client_role"]; ok && !isIntfNil(v) {
+										actionTypeTypeFound = true
 
-								sl := v.(*schema.Set).List()
-								clientRole := &ves_io_schema_policy.RoleMatcherType{}
-								spec.ClientRole = clientRole
-								for _, set := range sl {
-									clientRoleMapStrToI := set.(map[string]interface{})
+										if v.(bool) {
+											actionTypeInt := &ves_io_schema_policy.WafAction_None{}
+											actionTypeInt.None = &ves_io_schema.Empty{}
+											wafAction.ActionType = actionTypeInt
+										}
 
-									if w, ok := clientRoleMapStrToI["match"]; ok && !isIntfNil(w) {
-										clientRole.Match = w.(string)
 									}
 
-								}
-
-							}
-
-							if v, ok := specMapStrToI["content_rewrite_action"]; ok && !isIntfNil(v) {
+									if v, ok := wafActionMapStrToI["waf_in_monitoring_mode"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-								sl := v.(*schema.Set).List()
-								contentRewriteAction := &ves_io_schema_policy.ContentRewriteAction{}
-								spec.ContentRewriteAction = contentRewriteAction
-								for _, set := range sl {
-									contentRewriteActionMapStrToI := set.(map[string]interface{})
+										actionTypeTypeFound = true
 
-									if w, ok := contentRewriteActionMapStrToI["element_selector"]; ok && !isIntfNil(w) {
-										contentRewriteAction.ElementSelector = w.(string)
-									}
+										if v.(bool) {
+											actionTypeInt := &ves_io_schema_policy.WafAction_WafInMonitoringMode{}
+											actionTypeInt.WafInMonitoringMode = &ves_io_schema.Empty{}
+											wafAction.ActionType = actionTypeInt
+										}
 
-									if w, ok := contentRewriteActionMapStrToI["insert_content"]; ok && !isIntfNil(w) {
-										contentRewriteAction.InsertContent = w.(string)
 									}
 
-									if v, ok := contentRewriteActionMapStrToI["position"]; ok && !isIntfNil(v) {
+									if v, ok := wafActionMapStrToI["waf_skip_processing"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-										contentRewriteAction.Position = ves_io_schema_policy.HTMLPosition(ves_io_schema_policy.HTMLPosition_value[v.(string)])
+										actionTypeTypeFound = true
+
+										if v.(bool) {
+											actionTypeInt := &ves_io_schema_policy.WafAction_WafSkipProcessing{}
+											actionTypeInt.WafSkipProcessing = &ves_io_schema.Empty{}
+											wafAction.ActionType = actionTypeInt
+										}
 
 									}
 
@@ -3026,53 +5154,54 @@ func resourceVolterraServicePolicyCreate(d *schema.ResourceData, meta interface{
 
 							}
 
-							if v, ok := specMapStrToI["cookie_matchers"]; ok && !isIntfNil(v) {
+
+							if v, ok := specMapStrToI["jwt_claims"]; ok && !isIntfNil(v) {
 
 								sl := v.([]interface{})
-								cookieMatchers := make([]*ves_io_schema_policy.CookieMatcherType, len(sl))
-								spec.CookieMatchers = cookieMatchers
+								jwtClaims := make([]*ves_io_schema_policy.JWTClaimMatcherType, len(sl))
+								spec.JwtClaims = jwtClaims
 								for i, set := range sl {
-									cookieMatchers[i] = &ves_io_schema_policy.CookieMatcherType{}
-									cookieMatchersMapStrToI := set.(map[string]interface{})
+									jwtClaims[i] = &ves_io_schema_policy.JWTClaimMatcherType{}
+									jwtClaimsMapStrToI := set.(map[string]interface{})
 
-									if w, ok := cookieMatchersMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										cookieMatchers[i].InvertMatcher = w.(bool)
+									if w, ok := jwtClaimsMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										jwtClaims[i].InvertMatcher = w.(bool)
 									}
 
 									matchTypeFound := false
 
-									if v, ok := cookieMatchersMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := jwtClaimsMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
 
 										if v.(bool) {
-											matchInt := &ves_io_schema_policy.CookieMatcherType_CheckNotPresent{}
+											matchInt := &ves_io_schema_policy.JWTClaimMatcherType_CheckNotPresent{}
 											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
-											cookieMatchers[i].Match = matchInt
+											jwtClaims[i].Match = matchInt
 										}
 
 									}
 
-									if v, ok := cookieMatchersMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := jwtClaimsMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
 
 										if v.(bool) {
-											matchInt := &ves_io_schema_policy.CookieMatcherType_CheckPresent{}
+											matchInt := &ves_io_schema_policy.JWTClaimMatcherType_CheckPresent{}
 											matchInt.CheckPresent = &ves_io_schema.Empty{}
-											cookieMatchers[i].Match = matchInt
+											jwtClaims[i].Match = matchInt
 										}
 
 									}
 
-									if v, ok := cookieMatchersMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := jwtClaimsMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.CookieMatcherType_Item{}
+										matchInt := &ves_io_schema_policy.JWTClaimMatcherType_Item{}
 										matchInt.Item = &ves_io_schema_policy.MatcherType{}
-										cookieMatchers[i].Match = matchInt
+										jwtClaims[i].Match = matchInt
 
-										sl := v.(*schema.Set).List()
+										sl := v.([]interface{})
 										for _, set := range sl {
 											cs := set.(map[string]interface{})
 
@@ -3110,1177 +5239,1279 @@ func resourceVolterraServicePolicyCreate(d *schema.ResourceData, meta interface{
 
 									}
 
-									if v, ok := cookieMatchersMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if w, ok := jwtClaimsMapStrToI["name"]; ok && !isIntfNil(w) {
+										jwtClaims[i].Name = w.(string)
+									}
 
-										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.CookieMatcherType_Presence{}
+								}
 
-										cookieMatchers[i].Match = matchInt
+							}
 
-										matchInt.Presence = v.(bool)
+							if v, ok := specMapStrToI["request_constraints"]; ok && !isIntfNil(v) {
+
+								sl := v.([]interface{})
+								requestConstraints := &ves_io_schema_policy.RequestConstraintType{}
+								spec.RequestConstraints = requestConstraints
+								for _, set := range sl {
+									requestConstraintsMapStrToI := set.(map[string]interface{})
+
+									maxCookieCountChoiceTypeFound := false
+
+									if v, ok := requestConstraintsMapStrToI["max_cookie_count_exceeds"]; ok && !isIntfNil(v) && !maxCookieCountChoiceTypeFound {
+
+										maxCookieCountChoiceTypeFound = true
+										maxCookieCountChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxCookieCountExceeds{}
+
+										requestConstraints.MaxCookieCountChoice = maxCookieCountChoiceInt
+
+										maxCookieCountChoiceInt.MaxCookieCountExceeds = uint32(v.(int))
 
 									}
 
-									if w, ok := cookieMatchersMapStrToI["name"]; ok && !isIntfNil(w) {
-										cookieMatchers[i].Name = w.(string)
+									if v, ok := requestConstraintsMapStrToI["max_cookie_count_none"]; ok && !isIntfNil(v) && !maxCookieCountChoiceTypeFound {
+
+										maxCookieCountChoiceTypeFound = true
+
+										if v.(bool) {
+											maxCookieCountChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxCookieCountNone{}
+											maxCookieCountChoiceInt.MaxCookieCountNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxCookieCountChoice = maxCookieCountChoiceInt
+										}
+
 									}
 
-								}
+									maxCookieKeySizeChoiceTypeFound := false
 
-							}
+									if v, ok := requestConstraintsMapStrToI["max_cookie_key_size_exceeds"]; ok && !isIntfNil(v) && !maxCookieKeySizeChoiceTypeFound {
 
-							if v, ok := specMapStrToI["domain_matcher"]; ok && !isIntfNil(v) {
+										maxCookieKeySizeChoiceTypeFound = true
+										maxCookieKeySizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxCookieKeySizeExceeds{}
 
-								sl := v.(*schema.Set).List()
-								domainMatcher := &ves_io_schema_policy.MatcherType{}
-								spec.DomainMatcher = domainMatcher
-								for _, set := range sl {
-									domainMatcherMapStrToI := set.(map[string]interface{})
+										requestConstraints.MaxCookieKeySizeChoice = maxCookieKeySizeChoiceInt
+
+										maxCookieKeySizeChoiceInt.MaxCookieKeySizeExceeds = uint32(v.(int))
 
-									if w, ok := domainMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										domainMatcher.ExactValues = ls
 									}
 
-									if w, ok := domainMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
+									if v, ok := requestConstraintsMapStrToI["max_cookie_key_size_none"]; ok && !isIntfNil(v) && !maxCookieKeySizeChoiceTypeFound {
+
+										maxCookieKeySizeChoiceTypeFound = true
+
+										if v.(bool) {
+											maxCookieKeySizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxCookieKeySizeNone{}
+											maxCookieKeySizeChoiceInt.MaxCookieKeySizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxCookieKeySizeChoice = maxCookieKeySizeChoiceInt
 										}
-										domainMatcher.RegexValues = ls
+
 									}
 
-									if v, ok := domainMatcherMapStrToI["transformers"]; ok && !isIntfNil(v) {
+									maxCookieValueSizeChoiceTypeFound := false
 
-										transformersList := []ves_io_schema_policy.Transformer{}
-										for _, j := range v.([]interface{}) {
-											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
-										}
-										domainMatcher.Transformers = transformersList
+									if v, ok := requestConstraintsMapStrToI["max_cookie_value_size_exceeds"]; ok && !isIntfNil(v) && !maxCookieValueSizeChoiceTypeFound {
+
+										maxCookieValueSizeChoiceTypeFound = true
+										maxCookieValueSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxCookieValueSizeExceeds{}
+
+										requestConstraints.MaxCookieValueSizeChoice = maxCookieValueSizeChoiceInt
+
+										maxCookieValueSizeChoiceInt.MaxCookieValueSizeExceeds = uint32(v.(int))
 
 									}
 
-								}
+									if v, ok := requestConstraintsMapStrToI["max_cookie_value_size_none"]; ok && !isIntfNil(v) && !maxCookieValueSizeChoiceTypeFound {
 
-							}
+										maxCookieValueSizeChoiceTypeFound = true
 
-							dstAsnChoiceTypeFound := false
+										if v.(bool) {
+											maxCookieValueSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxCookieValueSizeNone{}
+											maxCookieValueSizeChoiceInt.MaxCookieValueSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxCookieValueSizeChoice = maxCookieValueSizeChoiceInt
+										}
 
-							if v, ok := specMapStrToI["any_dst_asn"]; ok && !isIntfNil(v) && !dstAsnChoiceTypeFound {
+									}
 
-								dstAsnChoiceTypeFound = true
+									maxHeaderCountChoiceTypeFound := false
 
-								if v.(bool) {
-									dstAsnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyDstAsn{}
-									dstAsnChoiceInt.AnyDstAsn = &ves_io_schema.Empty{}
-									spec.DstAsnChoice = dstAsnChoiceInt
-								}
+									if v, ok := requestConstraintsMapStrToI["max_header_count_exceeds"]; ok && !isIntfNil(v) && !maxHeaderCountChoiceTypeFound {
 
-							}
+										maxHeaderCountChoiceTypeFound = true
+										maxHeaderCountChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxHeaderCountExceeds{}
 
-							if v, ok := specMapStrToI["dst_asn_list"]; ok && !isIntfNil(v) && !dstAsnChoiceTypeFound {
+										requestConstraints.MaxHeaderCountChoice = maxHeaderCountChoiceInt
 
-								dstAsnChoiceTypeFound = true
-								dstAsnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstAsnList{}
-								dstAsnChoiceInt.DstAsnList = &ves_io_schema_policy.AsnMatchList{}
-								spec.DstAsnChoice = dstAsnChoiceInt
+										maxHeaderCountChoiceInt.MaxHeaderCountExceeds = uint32(v.(int))
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+									}
 
-									if v, ok := cs["as_numbers"]; ok && !isIntfNil(v) {
+									if v, ok := requestConstraintsMapStrToI["max_header_count_none"]; ok && !isIntfNil(v) && !maxHeaderCountChoiceTypeFound {
 
-										ls := make([]uint32, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = uint32(v.(int))
+										maxHeaderCountChoiceTypeFound = true
+
+										if v.(bool) {
+											maxHeaderCountChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxHeaderCountNone{}
+											maxHeaderCountChoiceInt.MaxHeaderCountNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxHeaderCountChoice = maxHeaderCountChoiceInt
 										}
-										dstAsnChoiceInt.DstAsnList.AsNumbers = ls
 
 									}
 
-								}
+									maxHeaderKeySizeChoiceTypeFound := false
 
-							}
+									if v, ok := requestConstraintsMapStrToI["max_header_key_size_exceeds"]; ok && !isIntfNil(v) && !maxHeaderKeySizeChoiceTypeFound {
 
-							if v, ok := specMapStrToI["dst_asn_matcher"]; ok && !isIntfNil(v) && !dstAsnChoiceTypeFound {
+										maxHeaderKeySizeChoiceTypeFound = true
+										maxHeaderKeySizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxHeaderKeySizeExceeds{}
 
-								dstAsnChoiceTypeFound = true
-								dstAsnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstAsnMatcher{}
-								dstAsnChoiceInt.DstAsnMatcher = &ves_io_schema_policy.AsnMatcherType{}
-								spec.DstAsnChoice = dstAsnChoiceInt
+										requestConstraints.MaxHeaderKeySizeChoice = maxHeaderKeySizeChoiceInt
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+										maxHeaderKeySizeChoiceInt.MaxHeaderKeySizeExceeds = uint32(v.(int))
 
-									if v, ok := cs["asn_sets"]; ok && !isIntfNil(v) {
+									}
 
-										sl := v.([]interface{})
-										asnSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-										dstAsnChoiceInt.DstAsnMatcher.AsnSets = asnSetsInt
-										for i, ps := range sl {
+									if v, ok := requestConstraintsMapStrToI["max_header_key_size_none"]; ok && !isIntfNil(v) && !maxHeaderKeySizeChoiceTypeFound {
 
-											asMapToStrVal := ps.(map[string]interface{})
-											asnSetsInt[i] = &ves_io_schema.ObjectRefType{}
+										maxHeaderKeySizeChoiceTypeFound = true
 
-											asnSetsInt[i].Kind = "bgp_asn_set"
+										if v.(bool) {
+											maxHeaderKeySizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxHeaderKeySizeNone{}
+											maxHeaderKeySizeChoiceInt.MaxHeaderKeySizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxHeaderKeySizeChoice = maxHeaderKeySizeChoiceInt
+										}
 
-											if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Name = v.(string)
-											}
+									}
 
-											if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Namespace = v.(string)
-											}
+									maxHeaderValueSizeChoiceTypeFound := false
 
-											if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Tenant = v.(string)
-											}
+									if v, ok := requestConstraintsMapStrToI["max_header_value_size_exceeds"]; ok && !isIntfNil(v) && !maxHeaderValueSizeChoiceTypeFound {
 
-											if v, ok := asMapToStrVal["uid"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Uid = v.(string)
-											}
+										maxHeaderValueSizeChoiceTypeFound = true
+										maxHeaderValueSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxHeaderValueSizeExceeds{}
 
-										}
+										requestConstraints.MaxHeaderValueSizeChoice = maxHeaderValueSizeChoiceInt
+
+										maxHeaderValueSizeChoiceInt.MaxHeaderValueSizeExceeds = uint32(v.(int))
 
 									}
 
-								}
+									if v, ok := requestConstraintsMapStrToI["max_header_value_size_none"]; ok && !isIntfNil(v) && !maxHeaderValueSizeChoiceTypeFound {
 
-							}
+										maxHeaderValueSizeChoiceTypeFound = true
 
-							dstIpChoiceTypeFound := false
+										if v.(bool) {
+											maxHeaderValueSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxHeaderValueSizeNone{}
+											maxHeaderValueSizeChoiceInt.MaxHeaderValueSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxHeaderValueSizeChoice = maxHeaderValueSizeChoiceInt
+										}
 
-							if v, ok := specMapStrToI["any_dst_ip"]; ok && !isIntfNil(v) && !dstIpChoiceTypeFound {
+									}
 
-								dstIpChoiceTypeFound = true
+									maxParameterCountChoiceTypeFound := false
 
-								if v.(bool) {
-									dstIpChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyDstIp{}
-									dstIpChoiceInt.AnyDstIp = &ves_io_schema.Empty{}
-									spec.DstIpChoice = dstIpChoiceInt
-								}
+									if v, ok := requestConstraintsMapStrToI["max_parameter_count_exceeds"]; ok && !isIntfNil(v) && !maxParameterCountChoiceTypeFound {
 
-							}
+										maxParameterCountChoiceTypeFound = true
+										maxParameterCountChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxParameterCountExceeds{}
 
-							if v, ok := specMapStrToI["dst_ip_matcher"]; ok && !isIntfNil(v) && !dstIpChoiceTypeFound {
+										requestConstraints.MaxParameterCountChoice = maxParameterCountChoiceInt
 
-								dstIpChoiceTypeFound = true
-								dstIpChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstIpMatcher{}
-								dstIpChoiceInt.DstIpMatcher = &ves_io_schema_policy.IpMatcherType{}
-								spec.DstIpChoice = dstIpChoiceInt
+										maxParameterCountChoiceInt.MaxParameterCountExceeds = uint32(v.(int))
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+									}
 
-									if v, ok := cs["invert_matcher"]; ok && !isIntfNil(v) {
+									if v, ok := requestConstraintsMapStrToI["max_parameter_count_none"]; ok && !isIntfNil(v) && !maxParameterCountChoiceTypeFound {
 
-										dstIpChoiceInt.DstIpMatcher.InvertMatcher = v.(bool)
+										maxParameterCountChoiceTypeFound = true
+
+										if v.(bool) {
+											maxParameterCountChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxParameterCountNone{}
+											maxParameterCountChoiceInt.MaxParameterCountNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxParameterCountChoice = maxParameterCountChoiceInt
+										}
 
 									}
 
-									if v, ok := cs["prefix_sets"]; ok && !isIntfNil(v) {
+									maxParameterNameSizeChoiceTypeFound := false
 
-										sl := v.([]interface{})
-										prefixSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-										dstIpChoiceInt.DstIpMatcher.PrefixSets = prefixSetsInt
-										for i, ps := range sl {
+									if v, ok := requestConstraintsMapStrToI["max_parameter_name_size_exceeds"]; ok && !isIntfNil(v) && !maxParameterNameSizeChoiceTypeFound {
 
-											psMapToStrVal := ps.(map[string]interface{})
-											prefixSetsInt[i] = &ves_io_schema.ObjectRefType{}
+										maxParameterNameSizeChoiceTypeFound = true
+										maxParameterNameSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxParameterNameSizeExceeds{}
 
-											prefixSetsInt[i].Kind = "ip_prefix_set"
+										requestConstraints.MaxParameterNameSizeChoice = maxParameterNameSizeChoiceInt
 
-											if v, ok := psMapToStrVal["name"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Name = v.(string)
-											}
+										maxParameterNameSizeChoiceInt.MaxParameterNameSizeExceeds = uint32(v.(int))
 
-											if v, ok := psMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Namespace = v.(string)
-											}
+									}
 
-											if v, ok := psMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Tenant = v.(string)
-											}
+									if v, ok := requestConstraintsMapStrToI["max_parameter_name_size_none"]; ok && !isIntfNil(v) && !maxParameterNameSizeChoiceTypeFound {
 
-											if v, ok := psMapToStrVal["uid"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Uid = v.(string)
-											}
+										maxParameterNameSizeChoiceTypeFound = true
 
+										if v.(bool) {
+											maxParameterNameSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxParameterNameSizeNone{}
+											maxParameterNameSizeChoiceInt.MaxParameterNameSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxParameterNameSizeChoice = maxParameterNameSizeChoiceInt
 										}
 
 									}
 
-								}
+									maxParameterValueSizeChoiceTypeFound := false
 
-							}
+									if v, ok := requestConstraintsMapStrToI["max_parameter_value_size_exceeds"]; ok && !isIntfNil(v) && !maxParameterValueSizeChoiceTypeFound {
 
-							if v, ok := specMapStrToI["dst_ip_prefix_list"]; ok && !isIntfNil(v) && !dstIpChoiceTypeFound {
+										maxParameterValueSizeChoiceTypeFound = true
+										maxParameterValueSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxParameterValueSizeExceeds{}
 
-								dstIpChoiceTypeFound = true
-								dstIpChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstIpPrefixList{}
-								dstIpChoiceInt.DstIpPrefixList = &ves_io_schema_policy.PrefixMatchList{}
-								spec.DstIpChoice = dstIpChoiceInt
+										requestConstraints.MaxParameterValueSizeChoice = maxParameterValueSizeChoiceInt
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+										maxParameterValueSizeChoiceInt.MaxParameterValueSizeExceeds = uint32(v.(int))
 
-									if v, ok := cs["invert_match"]; ok && !isIntfNil(v) {
+									}
 
-										dstIpChoiceInt.DstIpPrefixList.InvertMatch = v.(bool)
+									if v, ok := requestConstraintsMapStrToI["max_parameter_value_size_none"]; ok && !isIntfNil(v) && !maxParameterValueSizeChoiceTypeFound {
+
+										maxParameterValueSizeChoiceTypeFound = true
+
+										if v.(bool) {
+											maxParameterValueSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxParameterValueSizeNone{}
+											maxParameterValueSizeChoiceInt.MaxParameterValueSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxParameterValueSizeChoice = maxParameterValueSizeChoiceInt
+										}
 
 									}
 
-									if v, ok := cs["ip_prefixes"]; ok && !isIntfNil(v) {
+									maxQuerySizeChoiceTypeFound := false
 
-										ls := make([]string, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = v.(string)
+									if v, ok := requestConstraintsMapStrToI["max_query_size_exceeds"]; ok && !isIntfNil(v) && !maxQuerySizeChoiceTypeFound {
+
+										maxQuerySizeChoiceTypeFound = true
+										maxQuerySizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxQuerySizeExceeds{}
+
+										requestConstraints.MaxQuerySizeChoice = maxQuerySizeChoiceInt
+
+										maxQuerySizeChoiceInt.MaxQuerySizeExceeds = uint32(v.(int))
+
+									}
+
+									if v, ok := requestConstraintsMapStrToI["max_query_size_none"]; ok && !isIntfNil(v) && !maxQuerySizeChoiceTypeFound {
+
+										maxQuerySizeChoiceTypeFound = true
+
+										if v.(bool) {
+											maxQuerySizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxQuerySizeNone{}
+											maxQuerySizeChoiceInt.MaxQuerySizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxQuerySizeChoice = maxQuerySizeChoiceInt
 										}
-										dstIpChoiceInt.DstIpPrefixList.IpPrefixes = ls
 
 									}
 
-								}
+									maxRequestLineSizeChoiceTypeFound := false
 
-							}
+									if v, ok := requestConstraintsMapStrToI["max_request_line_size_exceeds"]; ok && !isIntfNil(v) && !maxRequestLineSizeChoiceTypeFound {
+
+										maxRequestLineSizeChoiceTypeFound = true
+										maxRequestLineSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxRequestLineSizeExceeds{}
+
+										requestConstraints.MaxRequestLineSizeChoice = maxRequestLineSizeChoiceInt
+
+										maxRequestLineSizeChoiceInt.MaxRequestLineSizeExceeds = uint32(v.(int))
+
+									}
+
+									if v, ok := requestConstraintsMapStrToI["max_request_line_size_none"]; ok && !isIntfNil(v) && !maxRequestLineSizeChoiceTypeFound {
+
+										maxRequestLineSizeChoiceTypeFound = true
+
+										if v.(bool) {
+											maxRequestLineSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxRequestLineSizeNone{}
+											maxRequestLineSizeChoiceInt.MaxRequestLineSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxRequestLineSizeChoice = maxRequestLineSizeChoiceInt
+										}
+
+									}
 
-							if w, ok := specMapStrToI["expiration_timestamp"]; ok && !isIntfNil(w) {
-								ts, err := parseTime(w.(string))
-								if err != nil {
-									return fmt.Errorf("error creating ExpirationTimestamp, timestamp format is wrong: %s", err)
-								}
-								spec.ExpirationTimestamp = ts
-							}
+									maxRequestSizeChoiceTypeFound := false
 
-							if v, ok := specMapStrToI["forwarding_class"]; ok && !isIntfNil(v) {
+									if v, ok := requestConstraintsMapStrToI["max_request_size_exceeds"]; ok && !isIntfNil(v) && !maxRequestSizeChoiceTypeFound {
 
-								sl := v.([]interface{})
-								forwardingClassInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-								spec.ForwardingClass = forwardingClassInt
-								for i, ps := range sl {
+										maxRequestSizeChoiceTypeFound = true
+										maxRequestSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxRequestSizeExceeds{}
 
-									fcMapToStrVal := ps.(map[string]interface{})
-									forwardingClassInt[i] = &ves_io_schema.ObjectRefType{}
+										requestConstraints.MaxRequestSizeChoice = maxRequestSizeChoiceInt
 
-									forwardingClassInt[i].Kind = "forwarding_class"
+										maxRequestSizeChoiceInt.MaxRequestSizeExceeds = uint32(v.(int))
 
-									if v, ok := fcMapToStrVal["name"]; ok && !isIntfNil(v) {
-										forwardingClassInt[i].Name = v.(string)
 									}
 
-									if v, ok := fcMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-										forwardingClassInt[i].Namespace = v.(string)
-									}
+									if v, ok := requestConstraintsMapStrToI["max_request_size_none"]; ok && !isIntfNil(v) && !maxRequestSizeChoiceTypeFound {
 
-									if v, ok := fcMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-										forwardingClassInt[i].Tenant = v.(string)
-									}
+										maxRequestSizeChoiceTypeFound = true
 
-									if v, ok := fcMapToStrVal["uid"]; ok && !isIntfNil(v) {
-										forwardingClassInt[i].Uid = v.(string)
-									}
+										if v.(bool) {
+											maxRequestSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxRequestSizeNone{}
+											maxRequestSizeChoiceInt.MaxRequestSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxRequestSizeChoice = maxRequestSizeChoiceInt
+										}
 
-								}
+									}
 
-							}
+									maxUrlSizeChoiceTypeFound := false
 
-							if v, ok := specMapStrToI["goto_policy"]; ok && !isIntfNil(v) {
+									if v, ok := requestConstraintsMapStrToI["max_url_size_exceeds"]; ok && !isIntfNil(v) && !maxUrlSizeChoiceTypeFound {
 
-								sl := v.([]interface{})
-								gotoPolicyInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-								spec.GotoPolicy = gotoPolicyInt
-								for i, ps := range sl {
+										maxUrlSizeChoiceTypeFound = true
+										maxUrlSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxUrlSizeExceeds{}
 
-									gpMapToStrVal := ps.(map[string]interface{})
-									gotoPolicyInt[i] = &ves_io_schema.ObjectRefType{}
+										requestConstraints.MaxUrlSizeChoice = maxUrlSizeChoiceInt
 
-									gotoPolicyInt[i].Kind = "service_policy"
+										maxUrlSizeChoiceInt.MaxUrlSizeExceeds = uint32(v.(int))
 
-									if v, ok := gpMapToStrVal["name"]; ok && !isIntfNil(v) {
-										gotoPolicyInt[i].Name = v.(string)
 									}
 
-									if v, ok := gpMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-										gotoPolicyInt[i].Namespace = v.(string)
-									}
+									if v, ok := requestConstraintsMapStrToI["max_url_size_none"]; ok && !isIntfNil(v) && !maxUrlSizeChoiceTypeFound {
 
-									if v, ok := gpMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-										gotoPolicyInt[i].Tenant = v.(string)
-									}
+										maxUrlSizeChoiceTypeFound = true
+
+										if v.(bool) {
+											maxUrlSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxUrlSizeNone{}
+											maxUrlSizeChoiceInt.MaxUrlSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxUrlSizeChoice = maxUrlSizeChoiceInt
+										}
 
-									if v, ok := gpMapToStrVal["uid"]; ok && !isIntfNil(v) {
-										gotoPolicyInt[i].Uid = v.(string)
 									}
 
 								}
 
 							}
 
-							if v, ok := specMapStrToI["headers"]; ok && !isIntfNil(v) {
+
+							if v, ok := specMapStrToI["user_identity_matcher"]; ok && !isIntfNil(v) {
 
 								sl := v.([]interface{})
-								headers := make([]*ves_io_schema_policy.HeaderMatcherType, len(sl))
-								spec.Headers = headers
-								for i, set := range sl {
-									headers[i] = &ves_io_schema_policy.HeaderMatcherType{}
-									headersMapStrToI := set.(map[string]interface{})
+								userIdentityMatcher := &ves_io_schema_policy.MatcherTypeBasic{}
+								spec.UserIdentityMatcher = userIdentityMatcher
 
-									if w, ok := headersMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										headers[i].InvertMatcher = w.(bool)
+								for _, set := range sl {
+									userIdentityMatcherMapStrToI := set.(map[string]interface{})
+
+									if w, ok := userIdentityMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+												for i, v := range w.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												userIdentityMatcher.ExactValues = ls
 									}
 
-									matchTypeFound := false
+									if w, ok := userIdentityMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+												for i, v := range w.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												userIdentityMatcher.RegexValues = ls
+									}
+								}
 
-									if v, ok := headersMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+							}
 
-										matchTypeFound = true
+							if v, ok := specMapStrToI["segment_policy"]; ok && !isIntfNil(v) {
 
-										if v.(bool) {
-											matchInt := &ves_io_schema_policy.HeaderMatcherType_CheckNotPresent{}
-											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
-											headers[i].Match = matchInt
-										}
+								sl := v.([]interface{})
+								segmentChoice := &ves_io_schema_policy.SegmentPolicyType{}
 
-									}
+								spec.SegmentPolicy = segmentChoice
+								for _, set := range sl {
+									segmentChoiceMapStrToI := set.(map[string]interface{})
 
-									if v, ok := headersMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+									srcSegmentChoiceTypeFound := false
 
-										matchTypeFound = true
+									if w, ok := segmentChoiceMapStrToI["src_any"]; ok && !isIntfNil(w) && !srcSegmentChoiceTypeFound {
+										srcSegmentChoiceTypeFound = true 
+										if w.(bool) {
+											SrcAnyInt := &ves_io_schema_policy.SegmentPolicyType_SrcAny{}
+											SrcAnyInt.SrcAny = &ves_io_schema.Empty{}
 
-										if v.(bool) {
-											matchInt := &ves_io_schema_policy.HeaderMatcherType_CheckPresent{}
-											matchInt.CheckPresent = &ves_io_schema.Empty{}
-											headers[i].Match = matchInt
+											segmentChoice.SrcSegmentChoice = SrcAnyInt
 										}
-
 									}
 
-									if v, ok := headersMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if w, ok := segmentChoiceMapStrToI["src_segments"]; ok && !isIntfNil(w) && !srcSegmentChoiceTypeFound{
 
-										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.HeaderMatcherType_Item{}
-										matchInt.Item = &ves_io_schema_policy.MatcherType{}
-										headers[i].Match = matchInt
+										srcSegmentChoiceTypeFound = true 
+										sl := w.([]interface{})
 
-										sl := v.(*schema.Set).List()
+										srcSegments := &ves_io_schema_policy.SegmentPolicyType_SrcSegments{}
+										srcSegments.SrcSegments= &ves_io_schema_views.SegmentRefList{}
+										segmentChoice.SrcSegmentChoice = srcSegments
 										for _, set := range sl {
-											cs := set.(map[string]interface{})
+											srcSegmentMapStrToI := set.(map[string]interface{})
+											if w, ok := srcSegmentMapStrToI["segments"]; ok && !isIntfNil(w) {
+												sl := w.([]interface{})
+												segmentsInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
+												srcSegments.SrcSegments.Segments = segmentsInt
 
-											if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
+												for i, set := range sl {
+													publicIpMapStrToI := set.(map[string]interface{})
+													segmentsInt[i] = &ves_io_schema_views.ObjectRefType{}
 
-												ls := make([]string, len(v.([]interface{})))
-												for i, v := range v.([]interface{}) {
-													ls[i] = v.(string)
-												}
-												matchInt.Item.ExactValues = ls
+													if w, ok := publicIpMapStrToI["name"]; ok && !isIntfNil(w) {
+														segmentsInt[i].Name = w.(string)
+													}
 
-											}
+													if w, ok := publicIpMapStrToI["namespace"]; ok && !isIntfNil(w) {
+														segmentsInt[i].Namespace = w.(string)
+													}
 
-											if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
+													if w, ok := publicIpMapStrToI["tenant"]; ok && !isIntfNil(w) {
+														segmentsInt[i].Tenant = w.(string)
+													}
 
-												ls := make([]string, len(v.([]interface{})))
-												for i, v := range v.([]interface{}) {
-													ls[i] = v.(string)
 												}
-												matchInt.Item.RegexValues = ls
-
 											}
 
-											if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
+										}
 
-												transformersList := []ves_io_schema_policy.Transformer{}
-												for _, j := range v.([]interface{}) {
-													transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
-												}
-												matchInt.Item.Transformers = transformersList
+									}
+								}
+							}
 
-											}
+						}
 
-										}
+				}
+			}
 
-									}
+			}
 
-									if v, ok := headersMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
+		}
 
-										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.HeaderMatcherType_Presence{}
+	}
 
-										headers[i].Match = matchInt
+	//server_choice
 
-										matchInt.Presence = v.(bool)
+	serverChoiceTypeFound := false
 
-									}
+	if v, ok := d.GetOk("any_server"); ok && !serverChoiceTypeFound {
 
-									if w, ok := headersMapStrToI["name"]; ok && !isIntfNil(w) {
-										headers[i].Name = w.(string)
-									}
+		serverChoiceTypeFound = true
 
-								}
+		if v.(bool) {
+			serverChoiceInt := &ves_io_schema_service_policy.CreateSpecType_AnyServer{}
+			serverChoiceInt.AnyServer = &ves_io_schema.Empty{}
+			createSpec.ServerChoice = serverChoiceInt
+		}
 
-							}
+	}
 
-							if v, ok := specMapStrToI["http_method"]; ok && !isIntfNil(v) {
+	if v, ok := d.GetOk("server_name"); ok && !serverChoiceTypeFound {
 
-								sl := v.(*schema.Set).List()
-								httpMethod := &ves_io_schema_policy.HttpMethodMatcherType{}
-								spec.HttpMethod = httpMethod
-								for _, set := range sl {
-									httpMethodMapStrToI := set.(map[string]interface{})
+		serverChoiceTypeFound = true
+		serverChoiceInt := &ves_io_schema_service_policy.CreateSpecType_ServerName{}
 
-									if w, ok := httpMethodMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										httpMethod.InvertMatcher = w.(bool)
-									}
+		createSpec.ServerChoice = serverChoiceInt
 
-									if v, ok := httpMethodMapStrToI["methods"]; ok && !isIntfNil(v) {
+		serverChoiceInt.ServerName = v.(string)
 
-										methodsList := []ves_io_schema.HttpMethod{}
-										for _, j := range v.([]interface{}) {
-											methodsList = append(methodsList, ves_io_schema.HttpMethod(ves_io_schema.HttpMethod_value[j.(string)]))
-										}
-										httpMethod.Methods = methodsList
+	}
 
-									}
+	if v, ok := d.GetOk("server_name_matcher"); ok && !serverChoiceTypeFound {
 
-								}
+		serverChoiceTypeFound = true
+		serverChoiceInt := &ves_io_schema_service_policy.CreateSpecType_ServerNameMatcher{}
+		serverChoiceInt.ServerNameMatcher = &ves_io_schema_policy.MatcherTypeBasic{}
+		createSpec.ServerChoice = serverChoiceInt
 
-							}
+		sl := v.(*schema.Set).List()
+		for _, set := range sl {
+			cs := set.(map[string]interface{})
 
-							ipChoiceTypeFound := false
+			if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
 
-							if v, ok := specMapStrToI["any_ip"]; ok && !isIntfNil(v) && !ipChoiceTypeFound {
+				ls := make([]string, len(v.([]interface{})))
+				for i, v := range v.([]interface{}) {
+					ls[i] = v.(string)
+				}
+				serverChoiceInt.ServerNameMatcher.ExactValues = ls
 
-								ipChoiceTypeFound = true
+			}
 
-								if v.(bool) {
-									ipChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyIp{}
-									ipChoiceInt.AnyIp = &ves_io_schema.Empty{}
-									spec.IpChoice = ipChoiceInt
-								}
+			if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
 
-							}
+				ls := make([]string, len(v.([]interface{})))
+				for i, v := range v.([]interface{}) {
+					ls[i] = v.(string)
+				}
+				serverChoiceInt.ServerNameMatcher.RegexValues = ls
 
-							if v, ok := specMapStrToI["ip_matcher"]; ok && !isIntfNil(v) && !ipChoiceTypeFound {
+			}
 
-								ipChoiceTypeFound = true
-								ipChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_IpMatcher{}
-								ipChoiceInt.IpMatcher = &ves_io_schema_policy.IpMatcherType{}
-								spec.IpChoice = ipChoiceInt
+		}
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+	}
 
-									if v, ok := cs["invert_matcher"]; ok && !isIntfNil(v) {
+	if v, ok := d.GetOk("server_selector"); ok && !serverChoiceTypeFound {
 
-										ipChoiceInt.IpMatcher.InvertMatcher = v.(bool)
+		serverChoiceTypeFound = true
+		serverChoiceInt := &ves_io_schema_service_policy.CreateSpecType_ServerSelector{}
+		serverChoiceInt.ServerSelector = &ves_io_schema.LabelSelectorType{}
+		createSpec.ServerChoice = serverChoiceInt
 
-									}
+		sl := v.(*schema.Set).List()
+		for _, set := range sl {
+			cs := set.(map[string]interface{})
 
-									if v, ok := cs["prefix_sets"]; ok && !isIntfNil(v) {
+			if v, ok := cs["expressions"]; ok && !isIntfNil(v) {
 
-										sl := v.([]interface{})
-										prefixSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-										ipChoiceInt.IpMatcher.PrefixSets = prefixSetsInt
-										for i, ps := range sl {
+				ls := make([]string, len(v.([]interface{})))
+				for i, v := range v.([]interface{}) {
+					ls[i] = v.(string)
+				}
+				serverChoiceInt.ServerSelector.Expressions = ls
+
+			}
+
+		}
+
+	}
+
+	log.Printf("[DEBUG] Creating Volterra ServicePolicy object with struct: %+v", createReq)
+
+	createServicePolicyResp, err := client.CreateObject(context.Background(), ves_io_schema_service_policy.ObjectType, createReq)
+	if err != nil {
+		return fmt.Errorf("error creating ServicePolicy: %s", err)
+	}
+	d.SetId(createServicePolicyResp.GetObjSystemMetadata().GetUid())
 
-											psMapToStrVal := ps.(map[string]interface{})
-											prefixSetsInt[i] = &ves_io_schema.ObjectRefType{}
+	return resourceVolterraServicePolicyRead(d, meta)
+}
 
-											prefixSetsInt[i].Kind = "ip_prefix_set"
+func resourceVolterraServicePolicyRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*APIClient)
+	name := d.Get("name").(string)
+	namespace := d.Get("namespace").(string)
 
-											if v, ok := psMapToStrVal["name"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Name = v.(string)
-											}
+	resp, err := client.GetObject(context.Background(), ves_io_schema_service_policy.ObjectType, namespace, name)
+	if err != nil {
+		if strings.Contains(err.Error(), "status code 404") {
+			log.Printf("[INFO] ServicePolicy %s no longer exists", d.Id())
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf("Error finding Volterra ServicePolicy %q: %s", d.Id(), err)
+	}
+	return setServicePolicyFields(client, d, resp)
+}
 
-											if v, ok := psMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Namespace = v.(string)
-											}
+func setServicePolicyFields(client *APIClient, d *schema.ResourceData, resp vesapi.GetObjectResponse) error {
+	metadata := resp.GetObjMetadata()
 
-											if v, ok := psMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Tenant = v.(string)
-											}
+	d.Set("annotations", metadata.GetAnnotations())
 
-											if v, ok := psMapToStrVal["uid"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Uid = v.(string)
-											}
+	d.Set("description", metadata.GetDescription())
 
-										}
+	d.Set("disable", metadata.GetDisable())
 
-									}
+	d.Set("labels", metadata.GetLabels())
 
-								}
+	d.Set("name", metadata.GetName())
 
-							}
+	d.Set("namespace", metadata.GetNamespace())
 
-							if v, ok := specMapStrToI["ip_prefix_list"]; ok && !isIntfNil(v) && !ipChoiceTypeFound {
+	drift.DriftDetectionSpecServicePolicy(d, resp)
 
-								ipChoiceTypeFound = true
-								ipChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_IpPrefixList{}
-								ipChoiceInt.IpPrefixList = &ves_io_schema_policy.PrefixMatchList{}
-								spec.IpChoice = ipChoiceInt
+	return nil
+}
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+// resourceVolterraServicePolicyUpdate updates ServicePolicy resource
+func resourceVolterraServicePolicyUpdate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*APIClient)
 
-									if v, ok := cs["invert_match"]; ok && !isIntfNil(v) {
+	updateMeta := &ves_io_schema.ObjectReplaceMetaType{}
+	updateSpec := &ves_io_schema_service_policy.ReplaceSpecType{}
+	updateReq := &ves_io_schema_service_policy.ReplaceRequest{
+		Metadata: updateMeta,
+		Spec:     updateSpec,
+	}
+	if v, ok := d.GetOk("annotations"); ok && !isIntfNil(v) {
 
-										ipChoiceInt.IpPrefixList.InvertMatch = v.(bool)
+		ms := map[string]string{}
 
-									}
+		for k, v := range v.(map[string]interface{}) {
+			val := v.(string)
+			ms[k] = val
+		}
+		updateMeta.Annotations = ms
+	}
 
-									if v, ok := cs["ip_prefixes"]; ok && !isIntfNil(v) {
+	if v, ok := d.GetOk("description"); ok && !isIntfNil(v) {
+		updateMeta.Description =
+			v.(string)
+	}
 
-										ls := make([]string, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										ipChoiceInt.IpPrefixList.IpPrefixes = ls
+	if v, ok := d.GetOk("disable"); ok && !isIntfNil(v) {
+		updateMeta.Disable =
+			v.(bool)
+	}
 
-									}
+	if v, ok := d.GetOk("labels"); ok && !isIntfNil(v) {
 
-								}
+		ms := map[string]string{}
 
-							}
+		for k, v := range v.(map[string]interface{}) {
+			val := v.(string)
+			ms[k] = val
+		}
+		updateMeta.Labels = ms
+	}
 
-							if v, ok := specMapStrToI["l4_dest_matcher"]; ok && !isIntfNil(v) {
+	if v, ok := d.GetOk("name"); ok && !isIntfNil(v) {
+		updateMeta.Name =
+			v.(string)
+	}
 
-								sl := v.(*schema.Set).List()
-								l4DestMatcher := &ves_io_schema_policy.L4DestMatcherType{}
-								spec.L4DestMatcher = l4DestMatcher
-								for _, set := range sl {
-									l4DestMatcherMapStrToI := set.(map[string]interface{})
+	if v, ok := d.GetOk("namespace"); ok && !isIntfNil(v) {
+		updateMeta.Namespace =
+			v.(string)
+	}
 
-									if w, ok := l4DestMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										l4DestMatcher.InvertMatcher = w.(bool)
-									}
+	if v, ok := d.GetOk("algo"); ok && !isIntfNil(v) {
 
-									if v, ok := l4DestMatcherMapStrToI["l4_dests"]; ok && !isIntfNil(v) {
+		updateSpec.Algo = ves_io_schema_policy.RuleCombiningAlgorithm(ves_io_schema_policy.RuleCombiningAlgorithm_value[v.(string)])
 
-										sl := v.([]interface{})
-										l4Dests := make([]*ves_io_schema.L4DestType, len(sl))
-										l4DestMatcher.L4Dests = l4Dests
-										for i, set := range sl {
-											l4Dests[i] = &ves_io_schema.L4DestType{}
-											l4DestsMapStrToI := set.(map[string]interface{})
+	}
 
-											if w, ok := l4DestsMapStrToI["port_ranges"]; ok && !isIntfNil(w) {
-												l4Dests[i].PortRanges = w.(string)
-											}
+	if v, ok := d.GetOk("port_matcher"); ok && !isIntfNil(v) {
 
-											if w, ok := l4DestsMapStrToI["prefixes"]; ok && !isIntfNil(w) {
-												ls := make([]string, len(w.([]interface{})))
-												for i, v := range w.([]interface{}) {
-													ls[i] = v.(string)
-												}
-												l4Dests[i].Prefixes = ls
-											}
+		sl := v.(*schema.Set).List()
+		portMatcher := &ves_io_schema_policy.PortMatcherType{}
+		updateSpec.PortMatcher = portMatcher
+		for _, set := range sl {
+			portMatcherMapStrToI := set.(map[string]interface{})
 
-										}
+			if w, ok := portMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+				portMatcher.InvertMatcher = w.(bool)
+			}
 
-									}
+			if w, ok := portMatcherMapStrToI["ports"]; ok && !isIntfNil(w) {
+				ls := make([]string, len(w.([]interface{})))
+				for i, v := range w.([]interface{}) {
+					ls[i] = v.(string)
+				}
+				portMatcher.Ports = ls
+			}
 
-								}
+		}
 
-							}
+	}
 
-							if v, ok := specMapStrToI["label_matcher"]; ok && !isIntfNil(v) {
+	ruleChoiceTypeFound := false
 
-								sl := v.(*schema.Set).List()
-								labelMatcher := &ves_io_schema.LabelMatcherType{}
-								spec.LabelMatcher = labelMatcher
-								for _, set := range sl {
-									labelMatcherMapStrToI := set.(map[string]interface{})
+	if v, ok := d.GetOk("allow_all_requests"); ok && !ruleChoiceTypeFound {
 
-									if w, ok := labelMatcherMapStrToI["keys"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										labelMatcher.Keys = ls
-									}
+		ruleChoiceTypeFound = true
 
-								}
+		if v.(bool) {
+			ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_AllowAllRequests{}
+			ruleChoiceInt.AllowAllRequests = &ves_io_schema.Empty{}
+			updateSpec.RuleChoice = ruleChoiceInt
+		}
 
-							}
+	}
 
-							if v, ok := specMapStrToI["path"]; ok && !isIntfNil(v) {
+	if v, ok := d.GetOk("allow_list"); ok && !ruleChoiceTypeFound {
 
-								sl := v.(*schema.Set).List()
-								path := &ves_io_schema_policy.PathMatcherType{}
-								spec.Path = path
-								for _, set := range sl {
-									pathMapStrToI := set.(map[string]interface{})
+		ruleChoiceTypeFound = true
+		ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_AllowList{}
+		ruleChoiceInt.AllowList = &ves_io_schema_service_policy.SourceList{}
+		updateSpec.RuleChoice = ruleChoiceInt
 
-									if w, ok := pathMapStrToI["exact_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										path.ExactValues = ls
-									}
+		sl := v.(*schema.Set).List()
+		for _, set := range sl {
+			cs := set.(map[string]interface{})
 
-									if w, ok := pathMapStrToI["prefix_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										path.PrefixValues = ls
-									}
+			if v, ok := cs["asn_list"]; ok && !isIntfNil(v) {
 
-									if w, ok := pathMapStrToI["regex_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										path.RegexValues = ls
-									}
+				sl := v.(*schema.Set).List()
+				asnList := &ves_io_schema_policy.AsnMatchList{}
+				ruleChoiceInt.AllowList.AsnList = asnList
+				for _, set := range sl {
+					asnListMapStrToI := set.(map[string]interface{})
 
-									if w, ok := pathMapStrToI["suffix_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										path.SuffixValues = ls
-									}
+					if w, ok := asnListMapStrToI["as_numbers"]; ok && !isIntfNil(w) {
+						ls := make([]uint32, len(w.([]interface{})))
+						for i, v := range w.([]interface{}) {
+							ls[i] = uint32(v.(int))
+						}
+						asnList.AsNumbers = ls
+					}
 
-									if v, ok := pathMapStrToI["transformers"]; ok && !isIntfNil(v) {
+				}
 
-										transformersList := []ves_io_schema_policy.Transformer{}
-										for _, j := range v.([]interface{}) {
-											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
-										}
-										path.Transformers = transformersList
+			}
 
-									}
+			if v, ok := cs["asn_set"]; ok && !isIntfNil(v) {
 
-								}
+				sl := v.([]interface{})
+				asnSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
+				ruleChoiceInt.AllowList.AsnSet = asnSetInt
+				for i, ps := range sl {
 
-							}
+					asMapToStrVal := ps.(map[string]interface{})
+					asnSetInt[i] = &ves_io_schema_views.ObjectRefType{}
 
-							if v, ok := specMapStrToI["port_matcher"]; ok && !isIntfNil(v) {
+					if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
+						asnSetInt[i].Name = v.(string)
+					}
 
-								sl := v.(*schema.Set).List()
-								portMatcher := &ves_io_schema_policy.PortMatcherType{}
-								spec.PortMatcher = portMatcher
-								for _, set := range sl {
-									portMatcherMapStrToI := set.(map[string]interface{})
+					if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+						asnSetInt[i].Namespace = v.(string)
+					}
 
-									if w, ok := portMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										portMatcher.InvertMatcher = w.(bool)
-									}
+					if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+						asnSetInt[i].Tenant = v.(string)
+					}
 
-									if w, ok := portMatcherMapStrToI["ports"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										portMatcher.Ports = ls
-									}
+				}
 
-								}
+			}
 
-							}
+			if v, ok := cs["country_list"]; ok && !isIntfNil(v) {
 
-							if v, ok := specMapStrToI["query_params"]; ok && !isIntfNil(v) {
+				country_listList := []ves_io_schema_policy.CountryCode{}
+				for _, j := range v.([]interface{}) {
+					country_listList = append(country_listList, ves_io_schema_policy.CountryCode(ves_io_schema_policy.CountryCode_value[j.(string)]))
+				}
+				ruleChoiceInt.AllowList.CountryList = country_listList
 
-								sl := v.([]interface{})
-								queryParams := make([]*ves_io_schema_policy.QueryParameterMatcherType, len(sl))
-								spec.QueryParams = queryParams
-								for i, set := range sl {
-									queryParams[i] = &ves_io_schema_policy.QueryParameterMatcherType{}
-									queryParamsMapStrToI := set.(map[string]interface{})
+			}
 
-									if w, ok := queryParamsMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										queryParams[i].InvertMatcher = w.(bool)
-									}
+			defaultActionChoiceTypeFound := false
 
-									if w, ok := queryParamsMapStrToI["key"]; ok && !isIntfNil(w) {
-										queryParams[i].Key = w.(string)
-									}
+			if v, ok := cs["default_action_allow"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
 
-									matchTypeFound := false
+				defaultActionChoiceTypeFound = true
 
-									if v, ok := queryParamsMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+				if v.(bool) {
+					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionAllow{}
+					defaultActionChoiceInt.DefaultActionAllow = &ves_io_schema.Empty{}
+					ruleChoiceInt.AllowList.DefaultActionChoice = defaultActionChoiceInt
+				}
 
-										matchTypeFound = true
+			}
 
-										if v.(bool) {
-											matchInt := &ves_io_schema_policy.QueryParameterMatcherType_CheckNotPresent{}
-											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
-											queryParams[i].Match = matchInt
-										}
+			if v, ok := cs["default_action_deny"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
 
-									}
+				defaultActionChoiceTypeFound = true
 
-									if v, ok := queryParamsMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+				if v.(bool) {
+					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionDeny{}
+					defaultActionChoiceInt.DefaultActionDeny = &ves_io_schema.Empty{}
+					ruleChoiceInt.AllowList.DefaultActionChoice = defaultActionChoiceInt
+				}
 
-										matchTypeFound = true
+			}
 
-										if v.(bool) {
-											matchInt := &ves_io_schema_policy.QueryParameterMatcherType_CheckPresent{}
-											matchInt.CheckPresent = &ves_io_schema.Empty{}
-											queryParams[i].Match = matchInt
-										}
+			if v, ok := cs["default_action_next_policy"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
 
-									}
+				defaultActionChoiceTypeFound = true
 
-									if v, ok := queryParamsMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
+				if v.(bool) {
+					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionNextPolicy{}
+					defaultActionChoiceInt.DefaultActionNextPolicy = &ves_io_schema.Empty{}
+					ruleChoiceInt.AllowList.DefaultActionChoice = defaultActionChoiceInt
+				}
 
-										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.QueryParameterMatcherType_Item{}
-										matchInt.Item = &ves_io_schema_policy.MatcherType{}
-										queryParams[i].Match = matchInt
+			}
 
-										sl := v.(*schema.Set).List()
-										for _, set := range sl {
-											cs := set.(map[string]interface{})
+			if v, ok := cs["ip_prefix_set"]; ok && !isIntfNil(v) {
 
-											if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
+				sl := v.([]interface{})
+				ipPrefixSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
+				ruleChoiceInt.AllowList.IpPrefixSet = ipPrefixSetInt
+				for i, ps := range sl {
 
-												ls := make([]string, len(v.([]interface{})))
-												for i, v := range v.([]interface{}) {
-													ls[i] = v.(string)
-												}
-												matchInt.Item.ExactValues = ls
+					ipsMapToStrVal := ps.(map[string]interface{})
+					ipPrefixSetInt[i] = &ves_io_schema_views.ObjectRefType{}
 
-											}
+					if v, ok := ipsMapToStrVal["name"]; ok && !isIntfNil(v) {
+						ipPrefixSetInt[i].Name = v.(string)
+					}
 
-											if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
+					if v, ok := ipsMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+						ipPrefixSetInt[i].Namespace = v.(string)
+					}
 
-												ls := make([]string, len(v.([]interface{})))
-												for i, v := range v.([]interface{}) {
-													ls[i] = v.(string)
-												}
-												matchInt.Item.RegexValues = ls
+					if v, ok := ipsMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+						ipPrefixSetInt[i].Tenant = v.(string)
+					}
 
-											}
+				}
 
-											if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
+			}
 
-												transformersList := []ves_io_schema_policy.Transformer{}
-												for _, j := range v.([]interface{}) {
-													transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
-												}
-												matchInt.Item.Transformers = transformersList
+			if v, ok := cs["prefix_list"]; ok && !isIntfNil(v) {
 
-											}
+				sl := v.(*schema.Set).List()
+				prefixList := &ves_io_schema_views.PrefixStringListType{}
+				ruleChoiceInt.AllowList.PrefixList = prefixList
+				for _, set := range sl {
+					prefixListMapStrToI := set.(map[string]interface{})
 
-										}
+					if w, ok := prefixListMapStrToI["prefixes"]; ok && !isIntfNil(w) {
+						ls := make([]string, len(w.([]interface{})))
+						for i, v := range w.([]interface{}) {
+							ls[i] = v.(string)
+						}
+						prefixList.Prefixes = ls
+					}
 
-									}
+					if w, ok := prefixListMapStrToI["ipv6_prefixes"]; ok && !isIntfNil(w) {
+						ls := make([]string, len(w.([]interface{})))
+						for i, v := range w.([]interface{}) {
+							ls[i] = v.(string)
+						}
+						prefixList.Ipv6Prefixes = ls
+					}
 
-									if v, ok := queryParamsMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
+				}
 
-										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.QueryParameterMatcherType_Presence{}
+			}
 
-										queryParams[i].Match = matchInt
+			if v, ok := cs["tls_fingerprint_classes"]; ok && !isIntfNil(v) {
 
-										matchInt.Presence = v.(bool)
+				tls_fingerprint_classesList := []ves_io_schema_policy.KnownTlsFingerprintClass{}
+				for _, j := range v.([]interface{}) {
+					tls_fingerprint_classesList = append(tls_fingerprint_classesList, ves_io_schema_policy.KnownTlsFingerprintClass(ves_io_schema_policy.KnownTlsFingerprintClass_value[j.(string)]))
+				}
+				ruleChoiceInt.AllowList.TlsFingerprintClasses = tls_fingerprint_classesList
 
-									}
+			}
 
-								}
+			if v, ok := cs["tls_fingerprint_values"]; ok && !isIntfNil(v) {
 
-							}
+				ls := make([]string, len(v.([]interface{})))
+				for i, v := range v.([]interface{}) {
+					ls[i] = v.(string)
+				}
+				ruleChoiceInt.AllowList.TlsFingerprintValues = ls
 
-							if v, ok := specMapStrToI["rate_limiter"]; ok && !isIntfNil(v) {
+			}
 
-								sl := v.([]interface{})
-								rateLimiterInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-								spec.RateLimiter = rateLimiterInt
-								for i, ps := range sl {
+		}
 
-									rlMapToStrVal := ps.(map[string]interface{})
-									rateLimiterInt[i] = &ves_io_schema.ObjectRefType{}
+	}
 
-									rateLimiterInt[i].Kind = "rate_limiter"
+	if v, ok := d.GetOk("deny_all_requests"); ok && !ruleChoiceTypeFound {
 
-									if v, ok := rlMapToStrVal["name"]; ok && !isIntfNil(v) {
-										rateLimiterInt[i].Name = v.(string)
-									}
+		ruleChoiceTypeFound = true
 
-									if v, ok := rlMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-										rateLimiterInt[i].Namespace = v.(string)
-									}
+		if v.(bool) {
+			ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_DenyAllRequests{}
+			ruleChoiceInt.DenyAllRequests = &ves_io_schema.Empty{}
+			updateSpec.RuleChoice = ruleChoiceInt
+		}
 
-									if v, ok := rlMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-										rateLimiterInt[i].Tenant = v.(string)
-									}
+	}
 
-									if v, ok := rlMapToStrVal["uid"]; ok && !isIntfNil(v) {
-										rateLimiterInt[i].Uid = v.(string)
-									}
+	if v, ok := d.GetOk("deny_list"); ok && !ruleChoiceTypeFound {
 
-								}
+		ruleChoiceTypeFound = true
+		ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_DenyList{}
+		ruleChoiceInt.DenyList = &ves_io_schema_service_policy.SourceList{}
+		updateSpec.RuleChoice = ruleChoiceInt
 
-							}
+		sl := v.(*schema.Set).List()
+		for _, set := range sl {
+			cs := set.(map[string]interface{})
 
-							if w, ok := specMapStrToI["scheme"]; ok && !isIntfNil(w) {
-								ls := make([]string, len(w.([]interface{})))
-								for i, v := range w.([]interface{}) {
-									ls[i] = v.(string)
-								}
-								spec.Scheme = ls
-							}
+			if v, ok := cs["asn_list"]; ok && !isIntfNil(v) {
 
-							if v, ok := specMapStrToI["server_selector"]; ok && !isIntfNil(v) {
+				sl := v.(*schema.Set).List()
+				asnList := &ves_io_schema_policy.AsnMatchList{}
+				ruleChoiceInt.DenyList.AsnList = asnList
+				for _, set := range sl {
+					asnListMapStrToI := set.(map[string]interface{})
 
-								sl := v.(*schema.Set).List()
-								serverSelector := &ves_io_schema.LabelSelectorType{}
-								spec.ServerSelector = serverSelector
-								for _, set := range sl {
-									serverSelectorMapStrToI := set.(map[string]interface{})
+					if w, ok := asnListMapStrToI["as_numbers"]; ok && !isIntfNil(w) {
+						ls := make([]uint32, len(w.([]interface{})))
+						for i, v := range w.([]interface{}) {
+							ls[i] = uint32(v.(int))
+						}
+						asnList.AsNumbers = ls
+					}
 
-									if w, ok := serverSelectorMapStrToI["expressions"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										serverSelector.Expressions = ls
-									}
+				}
 
-								}
+			}
 
-							}
+			if v, ok := cs["asn_set"]; ok && !isIntfNil(v) {
 
-							if v, ok := specMapStrToI["shape_protected_endpoint_action"]; ok && !isIntfNil(v) {
+				sl := v.([]interface{})
+				asnSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
+				ruleChoiceInt.DenyList.AsnSet = asnSetInt
+				for i, ps := range sl {
 
-								sl := v.(*schema.Set).List()
-								shapeProtectedEndpointAction := &ves_io_schema_policy.ShapeProtectedEndpointAction{}
-								spec.ShapeProtectedEndpointAction = shapeProtectedEndpointAction
-								for _, set := range sl {
-									shapeProtectedEndpointActionMapStrToI := set.(map[string]interface{})
+					asMapToStrVal := ps.(map[string]interface{})
+					asnSetInt[i] = &ves_io_schema_views.ObjectRefType{}
 
-									if v, ok := shapeProtectedEndpointActionMapStrToI["app_traffic_type"]; ok && !isIntfNil(v) {
+					if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
+						asnSetInt[i].Name = v.(string)
+					}
 
-										shapeProtectedEndpointAction.AppTrafficType = ves_io_schema_policy.AppTrafficType(ves_io_schema_policy.AppTrafficType_value[v.(string)])
+					if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+						asnSetInt[i].Namespace = v.(string)
+					}
 
-									}
+					if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+						asnSetInt[i].Tenant = v.(string)
+					}
 
-									if v, ok := shapeProtectedEndpointActionMapStrToI["mitigation"]; ok && !isIntfNil(v) {
+				}
 
-										sl := v.(*schema.Set).List()
-										mitigation := &ves_io_schema_policy.ShapeBotMitigationAction{}
-										shapeProtectedEndpointAction.Mitigation = mitigation
-										for _, set := range sl {
-											mitigationMapStrToI := set.(map[string]interface{})
+			}
 
-											actionTypeTypeFound := false
+			if v, ok := cs["country_list"]; ok && !isIntfNil(v) {
 
-											if v, ok := mitigationMapStrToI["block"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+				country_listList := []ves_io_schema_policy.CountryCode{}
+				for _, j := range v.([]interface{}) {
+					country_listList = append(country_listList, ves_io_schema_policy.CountryCode(ves_io_schema_policy.CountryCode_value[j.(string)]))
+				}
+				ruleChoiceInt.DenyList.CountryList = country_listList
 
-												actionTypeTypeFound = true
-												actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_Block{}
-												actionTypeInt.Block = &ves_io_schema_policy.ShapeBotBlockMitigationActionType{}
-												mitigation.ActionType = actionTypeInt
+			}
 
-												sl := v.(*schema.Set).List()
-												for _, set := range sl {
-													cs := set.(map[string]interface{})
+			defaultActionChoiceTypeFound := false
 
-													if v, ok := cs["body"]; ok && !isIntfNil(v) {
+			if v, ok := cs["default_action_allow"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
 
-														actionTypeInt.Block.Body = v.(string)
+				defaultActionChoiceTypeFound = true
 
-													}
+				if v.(bool) {
+					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionAllow{}
+					defaultActionChoiceInt.DefaultActionAllow = &ves_io_schema.Empty{}
+					ruleChoiceInt.DenyList.DefaultActionChoice = defaultActionChoiceInt
+				}
 
-													if v, ok := cs["status"]; ok && !isIntfNil(v) {
+			}
 
-														actionTypeInt.Block.Status = ves_io_schema.HttpStatusCode(ves_io_schema.HttpStatusCode_value[v.(string)])
+			if v, ok := cs["default_action_deny"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
 
-													}
+				defaultActionChoiceTypeFound = true
 
-												}
+				if v.(bool) {
+					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionDeny{}
+					defaultActionChoiceInt.DefaultActionDeny = &ves_io_schema.Empty{}
+					ruleChoiceInt.DenyList.DefaultActionChoice = defaultActionChoiceInt
+				}
 
-											}
+			}
 
-											if v, ok := mitigationMapStrToI["none"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+			if v, ok := cs["default_action_next_policy"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
 
-												actionTypeTypeFound = true
+				defaultActionChoiceTypeFound = true
 
-												if v.(bool) {
-													actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_None{}
-													actionTypeInt.None = &ves_io_schema.Empty{}
-													mitigation.ActionType = actionTypeInt
-												}
+				if v.(bool) {
+					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionNextPolicy{}
+					defaultActionChoiceInt.DefaultActionNextPolicy = &ves_io_schema.Empty{}
+					ruleChoiceInt.DenyList.DefaultActionChoice = defaultActionChoiceInt
+				}
 
-											}
+			}
 
-											if v, ok := mitigationMapStrToI["redirect"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+			if v, ok := cs["ip_prefix_set"]; ok && !isIntfNil(v) {
 
-												actionTypeTypeFound = true
-												actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_Redirect{}
-												actionTypeInt.Redirect = &ves_io_schema_policy.ShapeBotRedirectMitigationActionType{}
-												mitigation.ActionType = actionTypeInt
+				sl := v.([]interface{})
+				ipPrefixSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
+				ruleChoiceInt.DenyList.IpPrefixSet = ipPrefixSetInt
+				for i, ps := range sl {
 
-												sl := v.(*schema.Set).List()
-												for _, set := range sl {
-													cs := set.(map[string]interface{})
+					ipsMapToStrVal := ps.(map[string]interface{})
+					ipPrefixSetInt[i] = &ves_io_schema_views.ObjectRefType{}
 
-													if v, ok := cs["uri"]; ok && !isIntfNil(v) {
+					if v, ok := ipsMapToStrVal["name"]; ok && !isIntfNil(v) {
+						ipPrefixSetInt[i].Name = v.(string)
+					}
 
-														actionTypeInt.Redirect.Uri = v.(string)
+					if v, ok := ipsMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+						ipPrefixSetInt[i].Namespace = v.(string)
+					}
 
-													}
+					if v, ok := ipsMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+						ipPrefixSetInt[i].Tenant = v.(string)
+					}
 
-												}
+				}
 
-											}
+			}
 
-										}
+			if v, ok := cs["prefix_list"]; ok && !isIntfNil(v) {
 
-									}
+				sl := v.(*schema.Set).List()
+				prefixList := &ves_io_schema_views.PrefixStringListType{}
+				ruleChoiceInt.DenyList.PrefixList = prefixList
+				for _, set := range sl {
+					prefixListMapStrToI := set.(map[string]interface{})
 
-								}
+					if w, ok := prefixListMapStrToI["prefixes"]; ok && !isIntfNil(w) {
+						ls := make([]string, len(w.([]interface{})))
+						for i, v := range w.([]interface{}) {
+							ls[i] = v.(string)
+						}
+						prefixList.Prefixes = ls
+					}
 
-							}
+					if w, ok := prefixListMapStrToI["ipv6_prefixes"]; ok && !isIntfNil(w) {
+						ls := make([]string, len(w.([]interface{})))
+						for i, v := range w.([]interface{}) {
+							ls[i] = v.(string)
+						}
+						prefixList.Ipv6Prefixes = ls
+					}
 
-							if v, ok := specMapStrToI["tls_fingerprint_matcher"]; ok && !isIntfNil(v) {
+				}
 
-								sl := v.(*schema.Set).List()
-								tlsFingerprintMatcher := &ves_io_schema_policy.TlsFingerprintMatcherType{}
-								spec.TlsFingerprintMatcher = tlsFingerprintMatcher
-								for _, set := range sl {
-									tlsFingerprintMatcherMapStrToI := set.(map[string]interface{})
+			}
 
-									if v, ok := tlsFingerprintMatcherMapStrToI["classes"]; ok && !isIntfNil(v) {
+			if v, ok := cs["tls_fingerprint_classes"]; ok && !isIntfNil(v) {
 
-										classesList := []ves_io_schema_policy.KnownTlsFingerprintClass{}
-										for _, j := range v.([]interface{}) {
-											classesList = append(classesList, ves_io_schema_policy.KnownTlsFingerprintClass(ves_io_schema_policy.KnownTlsFingerprintClass_value[j.(string)]))
-										}
-										tlsFingerprintMatcher.Classes = classesList
+				tls_fingerprint_classesList := []ves_io_schema_policy.KnownTlsFingerprintClass{}
+				for _, j := range v.([]interface{}) {
+					tls_fingerprint_classesList = append(tls_fingerprint_classesList, ves_io_schema_policy.KnownTlsFingerprintClass(ves_io_schema_policy.KnownTlsFingerprintClass_value[j.(string)]))
+				}
+				ruleChoiceInt.DenyList.TlsFingerprintClasses = tls_fingerprint_classesList
 
-									}
+			}
 
-									if w, ok := tlsFingerprintMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										tlsFingerprintMatcher.ExactValues = ls
-									}
+			if v, ok := cs["tls_fingerprint_values"]; ok && !isIntfNil(v) {
 
-									if w, ok := tlsFingerprintMatcherMapStrToI["excluded_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										tlsFingerprintMatcher.ExcludedValues = ls
-									}
+				ls := make([]string, len(v.([]interface{})))
+				for i, v := range v.([]interface{}) {
+					ls[i] = v.(string)
+				}
+				ruleChoiceInt.DenyList.TlsFingerprintValues = ls
 
-								}
+			}
 
-							}
+		}
 
-							if v, ok := specMapStrToI["url_matcher"]; ok && !isIntfNil(v) {
+	}
 
-								sl := v.(*schema.Set).List()
-								urlMatcher := &ves_io_schema_policy.URLMatcherType{}
-								spec.UrlMatcher = urlMatcher
-								for _, set := range sl {
-									urlMatcherMapStrToI := set.(map[string]interface{})
+	if v, ok := d.GetOk("internally_generated"); ok && !ruleChoiceTypeFound {
 
-									if w, ok := urlMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										urlMatcher.InvertMatcher = w.(bool)
-									}
+		ruleChoiceTypeFound = true
 
-									if v, ok := urlMatcherMapStrToI["url_items"]; ok && !isIntfNil(v) {
+		if v.(bool) {
+			ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_InternallyGenerated{}
+			ruleChoiceInt.InternallyGenerated = &ves_io_schema.Empty{}
+			updateSpec.RuleChoice = ruleChoiceInt
+		}
 
-										sl := v.([]interface{})
-										urlItems := make([]*ves_io_schema_policy.URLItem, len(sl))
-										urlMatcher.UrlItems = urlItems
-										for i, set := range sl {
-											urlItems[i] = &ves_io_schema_policy.URLItem{}
-											urlItemsMapStrToI := set.(map[string]interface{})
+	}
 
-											domainChoiceTypeFound := false
+	if v, ok := d.GetOk("legacy_rule_list"); ok && !ruleChoiceTypeFound {
 
-											if v, ok := urlItemsMapStrToI["domain_regex"]; ok && !isIntfNil(v) && !domainChoiceTypeFound {
+		ruleChoiceTypeFound = true
+		ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_LegacyRuleList{}
+		ruleChoiceInt.LegacyRuleList = &ves_io_schema_service_policy.LegacyRuleList{}
+		updateSpec.RuleChoice = ruleChoiceInt
 
-												domainChoiceTypeFound = true
-												domainChoiceInt := &ves_io_schema_policy.URLItem_DomainRegex{}
+		sl := v.(*schema.Set).List()
+		for _, set := range sl {
+			cs := set.(map[string]interface{})
 
-												urlItems[i].DomainChoice = domainChoiceInt
+			if v, ok := cs["rules"]; ok && !isIntfNil(v) {
 
-												domainChoiceInt.DomainRegex = v.(string)
+				sl := v.([]interface{})
+				rulesInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+				ruleChoiceInt.LegacyRuleList.Rules = rulesInt
+				for i, ps := range sl {
 
-											}
+					rMapToStrVal := ps.(map[string]interface{})
+					rulesInt[i] = &ves_io_schema.ObjectRefType{}
 
-											if v, ok := urlItemsMapStrToI["domain_value"]; ok && !isIntfNil(v) && !domainChoiceTypeFound {
+					rulesInt[i].Kind = "service_policy_rule"
 
-												domainChoiceTypeFound = true
-												domainChoiceInt := &ves_io_schema_policy.URLItem_DomainValue{}
+					if v, ok := rMapToStrVal["name"]; ok && !isIntfNil(v) {
+						rulesInt[i].Name = v.(string)
+					}
 
-												urlItems[i].DomainChoice = domainChoiceInt
+					if v, ok := rMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+						rulesInt[i].Namespace = v.(string)
+					}
 
-												domainChoiceInt.DomainValue = v.(string)
+					if v, ok := rMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+						rulesInt[i].Tenant = v.(string)
+					}
+
+					if v, ok := rMapToStrVal["uid"]; ok && !isIntfNil(v) {
+						rulesInt[i].Uid = v.(string)
+					}
 
-											}
+				}
 
-											pathChoiceTypeFound := false
+			}
 
-											if v, ok := urlItemsMapStrToI["path_prefix"]; ok && !isIntfNil(v) && !pathChoiceTypeFound {
+		}
 
-												pathChoiceTypeFound = true
-												pathChoiceInt := &ves_io_schema_policy.URLItem_PathPrefix{}
+	}
 
-												urlItems[i].PathChoice = pathChoiceInt
+	if v, ok := d.GetOk("rule_list"); ok && !ruleChoiceTypeFound {
 
-												pathChoiceInt.PathPrefix = v.(string)
+		ruleChoiceTypeFound = true
+		ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_RuleList{}
+		ruleChoiceInt.RuleList = &ves_io_schema_service_policy.RuleList{}
+		updateSpec.RuleChoice = ruleChoiceInt
 
-											}
+		sl := v.(*schema.Set).List()
+		for _, set := range sl {
+			cs := set.(map[string]interface{})
 
-											if v, ok := urlItemsMapStrToI["path_regex"]; ok && !isIntfNil(v) && !pathChoiceTypeFound {
+			if v, ok := cs["rules"]; ok && !isIntfNil(v) {
 
-												pathChoiceTypeFound = true
-												pathChoiceInt := &ves_io_schema_policy.URLItem_PathRegex{}
+				sl := v.([]interface{})
+				rules := make([]*ves_io_schema_service_policy.Rule, len(sl))
+				ruleChoiceInt.RuleList.Rules = rules
+				for i, set := range sl {
+					rules[i] = &ves_io_schema_service_policy.Rule{}
+					rulesMapStrToI := set.(map[string]interface{})
 
-												urlItems[i].PathChoice = pathChoiceInt
+					if v, ok := rulesMapStrToI["metadata"]; ok && !isIntfNil(v) {
 
-												pathChoiceInt.PathRegex = v.(string)
+						sl := v.(*schema.Set).List()
+						metadata := &ves_io_schema.MessageMetaType{}
+						rules[i].Metadata = metadata
+						for _, set := range sl {
+							metadataMapStrToI := set.(map[string]interface{})
 
-											}
+							if w, ok := metadataMapStrToI["description"]; ok && !isIntfNil(w) {
+								metadata.Description = w.(string)
+							}
 
-											if v, ok := urlItemsMapStrToI["path_value"]; ok && !isIntfNil(v) && !pathChoiceTypeFound {
+							if w, ok := metadataMapStrToI["disable"]; ok && !isIntfNil(w) {
+								metadata.Disable = w.(bool)
+							}
 
-												pathChoiceTypeFound = true
-												pathChoiceInt := &ves_io_schema_policy.URLItem_PathValue{}
+							if w, ok := metadataMapStrToI["name"]; ok && !isIntfNil(w) {
+								metadata.Name = w.(string)
+							}
 
-												urlItems[i].PathChoice = pathChoiceInt
+						}
 
-												pathChoiceInt.PathValue = v.(string)
+					}
 
-											}
+					if v, ok := rulesMapStrToI["spec"]; ok && !isIntfNil(v) {
 
-										}
+						sl := v.(*schema.Set).List()
+						spec := &ves_io_schema_service_policy_rule.GlobalSpecType{}
+						rules[i].Spec = spec
+						for _, set := range sl {
+							specMapStrToI := set.(map[string]interface{})
 
-									}
+							if v, ok := specMapStrToI["action"]; ok && !isIntfNil(v) {
 
-								}
+								spec.Action = ves_io_schema_policy.RuleAction(ves_io_schema_policy.RuleAction_value[v.(string)])
 
 							}
 
-							if v, ok := specMapStrToI["virtual_host_matcher"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["api_group_matcher"]; ok && !isIntfNil(v) {
 
 								sl := v.(*schema.Set).List()
-								virtualHostMatcher := &ves_io_schema_policy.MatcherType{}
-								spec.VirtualHostMatcher = virtualHostMatcher
+								apiGroupMatcher := &ves_io_schema_policy.StringMatcherType{}
+								spec.ApiGroupMatcher = apiGroupMatcher
 								for _, set := range sl {
-									virtualHostMatcherMapStrToI := set.(map[string]interface{})
+									apiGroupMatcherMapStrToI := set.(map[string]interface{})
 
-									if w, ok := virtualHostMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										virtualHostMatcher.ExactValues = ls
+									if w, ok := apiGroupMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										apiGroupMatcher.InvertMatcher = w.(bool)
 									}
 
-									if w, ok := virtualHostMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+									if w, ok := apiGroupMatcherMapStrToI["match"]; ok && !isIntfNil(w) {
 										ls := make([]string, len(w.([]interface{})))
 										for i, v := range w.([]interface{}) {
 											ls[i] = v.(string)
 										}
-										virtualHostMatcher.RegexValues = ls
-									}
-
-									if v, ok := virtualHostMatcherMapStrToI["transformers"]; ok && !isIntfNil(v) {
-
-										transformersList := []ves_io_schema_policy.Transformer{}
-										for _, j := range v.([]interface{}) {
-											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
-										}
-										virtualHostMatcher.Transformers = transformersList
-
+										apiGroupMatcher.Match = ls
 									}
 
 								}
 
 							}
 
-							if v, ok := specMapStrToI["waf_action"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["arg_matchers"]; ok && !isIntfNil(v) {
 
-								sl := v.(*schema.Set).List()
-								wafAction := &ves_io_schema_policy.WafAction{}
-								spec.WafAction = wafAction
-								for _, set := range sl {
-									wafActionMapStrToI := set.(map[string]interface{})
+								sl := v.([]interface{})
+								argMatchers := make([]*ves_io_schema_policy.ArgMatcherType, len(sl))
+								spec.ArgMatchers = argMatchers
+								for i, set := range sl {
+									argMatchers[i] = &ves_io_schema_policy.ArgMatcherType{}
+									argMatchersMapStrToI := set.(map[string]interface{})
 
-									actionTypeTypeFound := false
+									if w, ok := argMatchersMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										argMatchers[i].InvertMatcher = w.(bool)
+									}
 
-									if v, ok := wafActionMapStrToI["app_firewall_detection_control"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+									matchTypeFound := false
 
-										actionTypeTypeFound = true
-										actionTypeInt := &ves_io_schema_policy.WafAction_AppFirewallDetectionControl{}
-										actionTypeInt.AppFirewallDetectionControl = &ves_io_schema_policy.AppFirewallDetectionControl{}
-										wafAction.ActionType = actionTypeInt
+									if v, ok := argMatchersMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-										sl := v.(*schema.Set).List()
-										for _, set := range sl {
-											cs := set.(map[string]interface{})
+										matchTypeFound = true
 
-											if v, ok := cs["exclude_attack_type_contexts"]; ok && !isIntfNil(v) {
+										if v.(bool) {
+											matchInt := &ves_io_schema_policy.ArgMatcherType_CheckNotPresent{}
+											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
+											argMatchers[i].Match = matchInt
+										}
 
-												sl := v.([]interface{})
-												excludeAttackTypeContexts := make([]*ves_io_schema_policy.AppFirewallAttackTypeContext, len(sl))
-												actionTypeInt.AppFirewallDetectionControl.ExcludeAttackTypeContexts = excludeAttackTypeContexts
-												for i, set := range sl {
-													excludeAttackTypeContexts[i] = &ves_io_schema_policy.AppFirewallAttackTypeContext{}
-													excludeAttackTypeContextsMapStrToI := set.(map[string]interface{})
+									}
 
-													if v, ok := excludeAttackTypeContextsMapStrToI["exclude_attack_type"]; ok && !isIntfNil(v) {
+									if v, ok := argMatchersMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-														excludeAttackTypeContexts[i].ExcludeAttackType = ves_io_schema_app_firewall.AttackType(ves_io_schema_app_firewall.AttackType_value[v.(string)])
+										matchTypeFound = true
 
-													}
+										if v.(bool) {
+											matchInt := &ves_io_schema_policy.ArgMatcherType_CheckPresent{}
+											matchInt.CheckPresent = &ves_io_schema.Empty{}
+											argMatchers[i].Match = matchInt
+										}
 
-												}
+									}
 
-											}
+									if v, ok := argMatchersMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-											if v, ok := cs["exclude_signature_contexts"]; ok && !isIntfNil(v) {
+										matchTypeFound = true
+										matchInt := &ves_io_schema_policy.ArgMatcherType_Item{}
+										matchInt.Item = &ves_io_schema_policy.MatcherType{}
+										argMatchers[i].Match = matchInt
 
-												sl := v.([]interface{})
-												excludeSignatureContexts := make([]*ves_io_schema_policy.AppFirewallSignatureContext, len(sl))
-												actionTypeInt.AppFirewallDetectionControl.ExcludeSignatureContexts = excludeSignatureContexts
-												for i, set := range sl {
-													excludeSignatureContexts[i] = &ves_io_schema_policy.AppFirewallSignatureContext{}
-													excludeSignatureContextsMapStrToI := set.(map[string]interface{})
+										sl := v.(*schema.Set).List()
+										for _, set := range sl {
+											cs := set.(map[string]interface{})
 
-													if w, ok := excludeSignatureContextsMapStrToI["signature_id"]; ok && !isIntfNil(w) {
-														excludeSignatureContexts[i].SignatureId = uint32(w.(int))
-													}
+											if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
 
+												ls := make([]string, len(v.([]interface{})))
+												for i, v := range v.([]interface{}) {
+													ls[i] = v.(string)
 												}
+												matchInt.Item.ExactValues = ls
 
 											}
 
-											if v, ok := cs["exclude_violation_contexts"]; ok && !isIntfNil(v) {
-
-												sl := v.([]interface{})
-												excludeViolationContexts := make([]*ves_io_schema_policy.AppFirewallViolationContext, len(sl))
-												actionTypeInt.AppFirewallDetectionControl.ExcludeViolationContexts = excludeViolationContexts
-												for i, set := range sl {
-													excludeViolationContexts[i] = &ves_io_schema_policy.AppFirewallViolationContext{}
-													excludeViolationContextsMapStrToI := set.(map[string]interface{})
+											if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
 
-													if v, ok := excludeViolationContextsMapStrToI["exclude_violation"]; ok && !isIntfNil(v) {
+												ls := make([]string, len(v.([]interface{})))
+												for i, v := range v.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												matchInt.Item.RegexValues = ls
 
-														excludeViolationContexts[i].ExcludeViolation = ves_io_schema_app_firewall.AppFirewallViolationType(ves_io_schema_app_firewall.AppFirewallViolationType_value[v.(string)])
+											}
 
-													}
+											if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
 
+												transformersList := []ves_io_schema_policy.Transformer{}
+												for _, j := range v.([]interface{}) {
+													transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
 												}
+												matchInt.Item.Transformers = transformersList
 
 											}
 
@@ -4288,39 +6519,57 @@ func resourceVolterraServicePolicyCreate(d *schema.ResourceData, meta interface{
 
 									}
 
-									if v, ok := wafActionMapStrToI["none"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+									if v, ok := argMatchersMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-										actionTypeTypeFound = true
+										matchTypeFound = true
+										matchInt := &ves_io_schema_policy.ArgMatcherType_Presence{}
 
-										if v.(bool) {
-											actionTypeInt := &ves_io_schema_policy.WafAction_None{}
-											actionTypeInt.None = &ves_io_schema.Empty{}
-											wafAction.ActionType = actionTypeInt
-										}
+										argMatchers[i].Match = matchInt
+
+										matchInt.Presence = v.(bool)
 
 									}
 
-									if v, ok := wafActionMapStrToI["waf_in_monitoring_mode"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+									if w, ok := argMatchersMapStrToI["name"]; ok && !isIntfNil(w) {
+										argMatchers[i].Name = w.(string)
+									}
 
-										actionTypeTypeFound = true
+								}
 
-										if v.(bool) {
-											actionTypeInt := &ves_io_schema_policy.WafAction_WafInMonitoringMode{}
-											actionTypeInt.WafInMonitoringMode = &ves_io_schema.Empty{}
-											wafAction.ActionType = actionTypeInt
-										}
+							}
 
-									}
+							asnChoiceTypeFound := false
 
-									if v, ok := wafActionMapStrToI["waf_skip_processing"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+							if v, ok := specMapStrToI["any_asn"]; ok && !isIntfNil(v) && !asnChoiceTypeFound {
 
-										actionTypeTypeFound = true
+								asnChoiceTypeFound = true
 
-										if v.(bool) {
-											actionTypeInt := &ves_io_schema_policy.WafAction_WafSkipProcessing{}
-											actionTypeInt.WafSkipProcessing = &ves_io_schema.Empty{}
-											wafAction.ActionType = actionTypeInt
+								if v.(bool) {
+									asnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyAsn{}
+									asnChoiceInt.AnyAsn = &ves_io_schema.Empty{}
+									spec.AsnChoice = asnChoiceInt
+								}
+
+							}
+
+							if v, ok := specMapStrToI["asn_list"]; ok && !isIntfNil(v) && !asnChoiceTypeFound {
+
+								asnChoiceTypeFound = true
+								asnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AsnList{}
+								asnChoiceInt.AsnList = &ves_io_schema_policy.AsnMatchList{}
+								spec.AsnChoice = asnChoiceInt
+
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
+
+									if v, ok := cs["as_numbers"]; ok && !isIntfNil(v) {
+
+										ls := make([]uint32, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = uint32(v.(int))
 										}
+										asnChoiceInt.AsnList.AsNumbers = ls
 
 									}
 
@@ -4328,797 +6577,790 @@ func resourceVolterraServicePolicyCreate(d *schema.ResourceData, meta interface{
 
 							}
 
-						}
-
-					}
-
-				}
-
-			}
+							if v, ok := specMapStrToI["asn_matcher"]; ok && !isIntfNil(v) && !asnChoiceTypeFound {
 
-		}
+								asnChoiceTypeFound = true
+								asnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AsnMatcher{}
+								asnChoiceInt.AsnMatcher = &ves_io_schema_policy.AsnMatcherType{}
+								spec.AsnChoice = asnChoiceInt
 
-	}
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
 
-	//server_choice
+									if v, ok := cs["asn_sets"]; ok && !isIntfNil(v) {
 
-	serverChoiceTypeFound := false
+										sl := v.([]interface{})
+										asnSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+										asnChoiceInt.AsnMatcher.AsnSets = asnSetsInt
+										for i, ps := range sl {
 
-	if v, ok := d.GetOk("any_server"); ok && !serverChoiceTypeFound {
+											asMapToStrVal := ps.(map[string]interface{})
+											asnSetsInt[i] = &ves_io_schema.ObjectRefType{}
 
-		serverChoiceTypeFound = true
+											asnSetsInt[i].Kind = "bgp_asn_set"
 
-		if v.(bool) {
-			serverChoiceInt := &ves_io_schema_service_policy.CreateSpecType_AnyServer{}
-			serverChoiceInt.AnyServer = &ves_io_schema.Empty{}
-			createSpec.ServerChoice = serverChoiceInt
-		}
+											if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Name = v.(string)
+											}
 
-	}
+											if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Namespace = v.(string)
+											}
 
-	if v, ok := d.GetOk("server_name"); ok && !serverChoiceTypeFound {
+											if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Tenant = v.(string)
+											}
 
-		serverChoiceTypeFound = true
-		serverChoiceInt := &ves_io_schema_service_policy.CreateSpecType_ServerName{}
+											if v, ok := asMapToStrVal["uid"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Uid = v.(string)
+											}
 
-		createSpec.ServerChoice = serverChoiceInt
+										}
 
-		serverChoiceInt.ServerName = v.(string)
+									}
 
-	}
+								}
 
-	if v, ok := d.GetOk("server_name_matcher"); ok && !serverChoiceTypeFound {
+							}
 
-		serverChoiceTypeFound = true
-		serverChoiceInt := &ves_io_schema_service_policy.CreateSpecType_ServerNameMatcher{}
-		serverChoiceInt.ServerNameMatcher = &ves_io_schema_policy.MatcherTypeBasic{}
-		createSpec.ServerChoice = serverChoiceInt
+							if v, ok := specMapStrToI["body_matcher"]; ok && !isIntfNil(v) {
 
-		sl := v.(*schema.Set).List()
-		for _, set := range sl {
-			cs := set.(map[string]interface{})
+								sl := v.(*schema.Set).List()
+								bodyMatcher := &ves_io_schema_policy.MatcherType{}
+								spec.BodyMatcher = bodyMatcher
+								for _, set := range sl {
+									bodyMatcherMapStrToI := set.(map[string]interface{})
 
-			if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
+									if w, ok := bodyMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										bodyMatcher.ExactValues = ls
+									}
 
-				ls := make([]string, len(v.([]interface{})))
-				for i, v := range v.([]interface{}) {
-					ls[i] = v.(string)
-				}
-				serverChoiceInt.ServerNameMatcher.ExactValues = ls
+									if w, ok := bodyMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										bodyMatcher.RegexValues = ls
+									}
 
-			}
+									if v, ok := bodyMatcherMapStrToI["transformers"]; ok && !isIntfNil(v) {
 
-			if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
+										transformersList := []ves_io_schema_policy.Transformer{}
+										for _, j := range v.([]interface{}) {
+											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+										}
+										bodyMatcher.Transformers = transformersList
 
-				ls := make([]string, len(v.([]interface{})))
-				for i, v := range v.([]interface{}) {
-					ls[i] = v.(string)
-				}
-				serverChoiceInt.ServerNameMatcher.RegexValues = ls
+									}
 
-			}
+								}
 
-		}
+							}
 
-	}
+							if v, ok := specMapStrToI["bot_action"]; ok && !isIntfNil(v) {
 
-	if v, ok := d.GetOk("server_selector"); ok && !serverChoiceTypeFound {
+								sl := v.(*schema.Set).List()
+								botAction := &ves_io_schema_policy.BotAction{}
+								spec.BotAction = botAction
+								for _, set := range sl {
+									botActionMapStrToI := set.(map[string]interface{})
 
-		serverChoiceTypeFound = true
-		serverChoiceInt := &ves_io_schema_service_policy.CreateSpecType_ServerSelector{}
-		serverChoiceInt.ServerSelector = &ves_io_schema.LabelSelectorType{}
-		createSpec.ServerChoice = serverChoiceInt
+									actionTypeTypeFound := false
 
-		sl := v.(*schema.Set).List()
-		for _, set := range sl {
-			cs := set.(map[string]interface{})
+									if v, ok := botActionMapStrToI["bot_skip_processing"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-			if v, ok := cs["expressions"]; ok && !isIntfNil(v) {
+										actionTypeTypeFound = true
 
-				ls := make([]string, len(v.([]interface{})))
-				for i, v := range v.([]interface{}) {
-					ls[i] = v.(string)
-				}
-				serverChoiceInt.ServerSelector.Expressions = ls
+										if v.(bool) {
+											actionTypeInt := &ves_io_schema_policy.BotAction_BotSkipProcessing{}
+											actionTypeInt.BotSkipProcessing = &ves_io_schema.Empty{}
+											botAction.ActionType = actionTypeInt
+										}
 
-			}
+									}
 
-		}
+									if v, ok := botActionMapStrToI["none"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-	}
+										actionTypeTypeFound = true
 
-	log.Printf("[DEBUG] Creating Volterra ServicePolicy object with struct: %+v", createReq)
+										if v.(bool) {
+											actionTypeInt := &ves_io_schema_policy.BotAction_None{}
+											actionTypeInt.None = &ves_io_schema.Empty{}
+											botAction.ActionType = actionTypeInt
+										}
 
-	createServicePolicyResp, err := client.CreateObject(context.Background(), ves_io_schema_service_policy.ObjectType, createReq)
-	if err != nil {
-		return fmt.Errorf("error creating ServicePolicy: %s", err)
-	}
-	d.SetId(createServicePolicyResp.GetObjSystemMetadata().GetUid())
+									}
 
-	return resourceVolterraServicePolicyRead(d, meta)
-}
+								}
 
-func resourceVolterraServicePolicyRead(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*APIClient)
-	name := d.Get("name").(string)
-	namespace := d.Get("namespace").(string)
+							}
 
-	resp, err := client.GetObject(context.Background(), ves_io_schema_service_policy.ObjectType, namespace, name)
-	if err != nil {
-		if strings.Contains(err.Error(), "status code 404") {
-			log.Printf("[INFO] ServicePolicy %s no longer exists", d.Id())
-			d.SetId("")
-			return nil
-		}
-		return fmt.Errorf("Error finding Volterra ServicePolicy %q: %s", d.Id(), err)
-	}
-	return setServicePolicyFields(client, d, resp)
-}
+							if v, ok := specMapStrToI["mum_action"]; ok && !isIntfNil(v) {
 
-func setServicePolicyFields(client *APIClient, d *schema.ResourceData, resp vesapi.GetObjectResponse) error {
-	metadata := resp.GetObjMetadata()
+								sl := v.([]interface{})
+								mumAction := &ves_io_schema_policy.ModifyAction{}
+								spec.MumAction = mumAction
+								for _, set := range sl {
+									mumActionMapStrToI := set.(map[string]interface{})
 
-	d.Set("annotations", metadata.GetAnnotations())
+									if w, ok := mumActionMapStrToI["skip_processing"]; ok && !isIntfNil(w) {
+										if w.(bool) {
+											SkipProcessingInt := &ves_io_schema_policy.ModifyAction_SkipProcessing{}
+											SkipProcessingInt.SkipProcessing = &ves_io_schema.Empty{}
 
-	d.Set("description", metadata.GetDescription())
+											mumAction.ActionType = SkipProcessingInt
+										}
+									}
 
-	d.Set("disable", metadata.GetDisable())
+									if w, ok := mumActionMapStrToI["none"]; ok && !isIntfNil(w) {
+										if w.(bool) {
+											SkipProcessingInt := &ves_io_schema_policy.ModifyAction_Default{}
+											SkipProcessingInt.Default = &ves_io_schema.Empty{}
+											mumAction.ActionType = SkipProcessingInt
+										}
+									}
 
-	d.Set("labels", metadata.GetLabels())
+								}
 
-	d.Set("name", metadata.GetName())
+							}
 
-	d.Set("namespace", metadata.GetNamespace())
 
-	drift.DriftDetectionSpecServicePolicy(d, resp)
 
-	return nil
-}
+							if v, ok := specMapStrToI["challenge_action"]; ok && !isIntfNil(v) {
 
-// resourceVolterraServicePolicyUpdate updates ServicePolicy resource
-func resourceVolterraServicePolicyUpdate(d *schema.ResourceData, meta interface{}) error {
-	client := meta.(*APIClient)
+								spec.ChallengeAction = ves_io_schema_policy.ChallengeAction(ves_io_schema_policy.ChallengeAction_value[v.(string)])
 
-	updateMeta := &ves_io_schema.ObjectReplaceMetaType{}
-	updateSpec := &ves_io_schema_service_policy.ReplaceSpecType{}
-	updateReq := &ves_io_schema_service_policy.ReplaceRequest{
-		Metadata: updateMeta,
-		Spec:     updateSpec,
-	}
-	if v, ok := d.GetOk("annotations"); ok && !isIntfNil(v) {
+							}
 
-		ms := map[string]string{}
+							clientChoiceTypeFound := false
 
-		for k, v := range v.(map[string]interface{}) {
-			val := v.(string)
-			ms[k] = val
-		}
-		updateMeta.Annotations = ms
-	}
+							if v, ok := specMapStrToI["any_client"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
 
-	if v, ok := d.GetOk("description"); ok && !isIntfNil(v) {
-		updateMeta.Description =
-			v.(string)
-	}
+								clientChoiceTypeFound = true
 
-	if v, ok := d.GetOk("disable"); ok && !isIntfNil(v) {
-		updateMeta.Disable =
-			v.(bool)
-	}
+								if v.(bool) {
+									clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyClient{}
+									clientChoiceInt.AnyClient = &ves_io_schema.Empty{}
+									spec.ClientChoice = clientChoiceInt
+								}
 
-	if v, ok := d.GetOk("labels"); ok && !isIntfNil(v) {
+							}
 
-		ms := map[string]string{}
+							if v, ok := specMapStrToI["client_name"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
 
-		for k, v := range v.(map[string]interface{}) {
-			val := v.(string)
-			ms[k] = val
-		}
-		updateMeta.Labels = ms
-	}
+								clientChoiceTypeFound = true
+								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_ClientName{}
 
-	if v, ok := d.GetOk("name"); ok && !isIntfNil(v) {
-		updateMeta.Name =
-			v.(string)
-	}
+								spec.ClientChoice = clientChoiceInt
 
-	if v, ok := d.GetOk("namespace"); ok && !isIntfNil(v) {
-		updateMeta.Namespace =
-			v.(string)
-	}
+								clientChoiceInt.ClientName = v.(string)
 
-	if v, ok := d.GetOk("algo"); ok && !isIntfNil(v) {
+							}
 
-		updateSpec.Algo = ves_io_schema_policy.RuleCombiningAlgorithm(ves_io_schema_policy.RuleCombiningAlgorithm_value[v.(string)])
+							if v, ok := specMapStrToI["client_name_matcher"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
 
-	}
+								clientChoiceTypeFound = true
+								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_ClientNameMatcher{}
+								clientChoiceInt.ClientNameMatcher = &ves_io_schema_policy.MatcherType{}
+								spec.ClientChoice = clientChoiceInt
 
-	if v, ok := d.GetOk("port_matcher"); ok && !isIntfNil(v) {
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
 
-		sl := v.(*schema.Set).List()
-		portMatcher := &ves_io_schema_policy.PortMatcherType{}
-		updateSpec.PortMatcher = portMatcher
-		for _, set := range sl {
-			portMatcherMapStrToI := set.(map[string]interface{})
+									if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
 
-			if w, ok := portMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-				portMatcher.InvertMatcher = w.(bool)
-			}
+										ls := make([]string, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										clientChoiceInt.ClientNameMatcher.ExactValues = ls
 
-			if w, ok := portMatcherMapStrToI["ports"]; ok && !isIntfNil(w) {
-				ls := make([]string, len(w.([]interface{})))
-				for i, v := range w.([]interface{}) {
-					ls[i] = v.(string)
-				}
-				portMatcher.Ports = ls
-			}
+									}
 
-		}
+									if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
 
-	}
+										ls := make([]string, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										clientChoiceInt.ClientNameMatcher.RegexValues = ls
 
-	ruleChoiceTypeFound := false
+									}
 
-	if v, ok := d.GetOk("allow_all_requests"); ok && !ruleChoiceTypeFound {
+									if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
 
-		ruleChoiceTypeFound = true
+										transformersList := []ves_io_schema_policy.Transformer{}
+										for _, j := range v.([]interface{}) {
+											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+										}
+										clientChoiceInt.ClientNameMatcher.Transformers = transformersList
 
-		if v.(bool) {
-			ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_AllowAllRequests{}
-			ruleChoiceInt.AllowAllRequests = &ves_io_schema.Empty{}
-			updateSpec.RuleChoice = ruleChoiceInt
-		}
+									}
 
-	}
+								}
 
-	if v, ok := d.GetOk("allow_list"); ok && !ruleChoiceTypeFound {
+							}
 
-		ruleChoiceTypeFound = true
-		ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_AllowList{}
-		ruleChoiceInt.AllowList = &ves_io_schema_service_policy.SourceList{}
-		updateSpec.RuleChoice = ruleChoiceInt
+							if v, ok := specMapStrToI["client_selector"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
 
-		sl := v.(*schema.Set).List()
-		for _, set := range sl {
-			cs := set.(map[string]interface{})
+								clientChoiceTypeFound = true
+								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_ClientSelector{}
+								clientChoiceInt.ClientSelector = &ves_io_schema.LabelSelectorType{}
+								spec.ClientChoice = clientChoiceInt
 
-			if v, ok := cs["asn_list"]; ok && !isIntfNil(v) {
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
 
-				sl := v.(*schema.Set).List()
-				asnList := &ves_io_schema_policy.AsnMatchList{}
-				ruleChoiceInt.AllowList.AsnList = asnList
-				for _, set := range sl {
-					asnListMapStrToI := set.(map[string]interface{})
+									if v, ok := cs["expressions"]; ok && !isIntfNil(v) {
 
-					if w, ok := asnListMapStrToI["as_numbers"]; ok && !isIntfNil(w) {
-						ls := make([]uint32, len(w.([]interface{})))
-						for i, v := range w.([]interface{}) {
-							ls[i] = uint32(v.(int))
-						}
-						asnList.AsNumbers = ls
-					}
+										ls := make([]string, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										clientChoiceInt.ClientSelector.Expressions = ls
 
-				}
+									}
 
-			}
+								}
 
-			if v, ok := cs["asn_set"]; ok && !isIntfNil(v) {
+							}
 
-				sl := v.([]interface{})
-				asnSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
-				ruleChoiceInt.AllowList.AsnSet = asnSetInt
-				for i, ps := range sl {
+							if v, ok := specMapStrToI["ip_threat_category_list"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
 
-					asMapToStrVal := ps.(map[string]interface{})
-					asnSetInt[i] = &ves_io_schema_views.ObjectRefType{}
+								clientChoiceTypeFound = true
+								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_IpThreatCategoryList{}
+								clientChoiceInt.IpThreatCategoryList = &ves_io_schema_service_policy_rule.IPThreatCategoryListType{}
+								spec.ClientChoice = clientChoiceInt
 
-					if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
-						asnSetInt[i].Name = v.(string)
-					}
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
 
-					if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-						asnSetInt[i].Namespace = v.(string)
-					}
+									if v, ok := cs["ip_threat_categories"]; ok && !isIntfNil(v) {
 
-					if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-						asnSetInt[i].Tenant = v.(string)
-					}
+										ip_threat_categoriesList := []ves_io_schema_policy.IPThreatCategory{}
+										for _, j := range v.([]interface{}) {
+											ip_threat_categoriesList = append(ip_threat_categoriesList, ves_io_schema_policy.IPThreatCategory(ves_io_schema_policy.IPThreatCategory_value[j.(string)]))
+										}
+										clientChoiceInt.IpThreatCategoryList.IpThreatCategories = ip_threat_categoriesList
 
-				}
+									}
 
-			}
+								}
 
-			if v, ok := cs["country_list"]; ok && !isIntfNil(v) {
+							}
 
-				country_listList := []ves_io_schema_policy.CountryCode{}
-				for _, j := range v.([]interface{}) {
-					country_listList = append(country_listList, ves_io_schema_policy.CountryCode(ves_io_schema_policy.CountryCode_value[j.(string)]))
-				}
-				ruleChoiceInt.AllowList.CountryList = country_listList
+							if v, ok := specMapStrToI["client_role"]; ok && !isIntfNil(v) {
 
-			}
+								sl := v.(*schema.Set).List()
+								clientRole := &ves_io_schema_policy.RoleMatcherType{}
+								spec.ClientRole = clientRole
+								for _, set := range sl {
+									clientRoleMapStrToI := set.(map[string]interface{})
 
-			defaultActionChoiceTypeFound := false
+									if w, ok := clientRoleMapStrToI["match"]; ok && !isIntfNil(w) {
+										clientRole.Match = w.(string)
+									}
 
-			if v, ok := cs["default_action_allow"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+								}
 
-				defaultActionChoiceTypeFound = true
+							}
 
-				if v.(bool) {
-					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionAllow{}
-					defaultActionChoiceInt.DefaultActionAllow = &ves_io_schema.Empty{}
-					ruleChoiceInt.AllowList.DefaultActionChoice = defaultActionChoiceInt
-				}
+							if v, ok := specMapStrToI["content_rewrite_action"]; ok && !isIntfNil(v) {
 
-			}
+								sl := v.(*schema.Set).List()
+								contentRewriteAction := &ves_io_schema_policy.ContentRewriteAction{}
+								spec.ContentRewriteAction = contentRewriteAction
+								for _, set := range sl {
+									contentRewriteActionMapStrToI := set.(map[string]interface{})
 
-			if v, ok := cs["default_action_deny"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+									if w, ok := contentRewriteActionMapStrToI["element_selector"]; ok && !isIntfNil(w) {
+										contentRewriteAction.ElementSelector = w.(string)
+									}
 
-				defaultActionChoiceTypeFound = true
+									if w, ok := contentRewriteActionMapStrToI["insert_content"]; ok && !isIntfNil(w) {
+										contentRewriteAction.InsertContent = w.(string)
+									}
 
-				if v.(bool) {
-					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionDeny{}
-					defaultActionChoiceInt.DefaultActionDeny = &ves_io_schema.Empty{}
-					ruleChoiceInt.AllowList.DefaultActionChoice = defaultActionChoiceInt
-				}
+									if v, ok := contentRewriteActionMapStrToI["position"]; ok && !isIntfNil(v) {
 
-			}
+										contentRewriteAction.Position = ves_io_schema_policy.HTMLPosition(ves_io_schema_policy.HTMLPosition_value[v.(string)])
 
-			if v, ok := cs["default_action_next_policy"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+									}
 
-				defaultActionChoiceTypeFound = true
+									if w, ok := contentRewriteActionMapStrToI["inserted_types"]; ok && !isIntfNil(w) {
+										ms := map[string]bool{}
+										for k, v := range w.(map[string]interface{}) {
+											if v.(string)=="true" {
+												ms[k] = true
+											}else {
+												ms[k] = false
+											}
+										}
+										contentRewriteAction.InsertedTypes = ms
+									}
 
-				if v.(bool) {
-					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionNextPolicy{}
-					defaultActionChoiceInt.DefaultActionNextPolicy = &ves_io_schema.Empty{}
-					ruleChoiceInt.AllowList.DefaultActionChoice = defaultActionChoiceInt
-				}
+								}
 
-			}
+							}
 
-			if v, ok := cs["ip_prefix_set"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["cookie_matchers"]; ok && !isIntfNil(v) {
 
-				sl := v.([]interface{})
-				ipPrefixSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
-				ruleChoiceInt.AllowList.IpPrefixSet = ipPrefixSetInt
-				for i, ps := range sl {
+								sl := v.([]interface{})
+								cookieMatchers := make([]*ves_io_schema_policy.CookieMatcherType, len(sl))
+								spec.CookieMatchers = cookieMatchers
+								for i, set := range sl {
+									cookieMatchers[i] = &ves_io_schema_policy.CookieMatcherType{}
+									cookieMatchersMapStrToI := set.(map[string]interface{})
 
-					ipsMapToStrVal := ps.(map[string]interface{})
-					ipPrefixSetInt[i] = &ves_io_schema_views.ObjectRefType{}
+									if w, ok := cookieMatchersMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										cookieMatchers[i].InvertMatcher = w.(bool)
+									}
 
-					if v, ok := ipsMapToStrVal["name"]; ok && !isIntfNil(v) {
-						ipPrefixSetInt[i].Name = v.(string)
-					}
+									matchTypeFound := false
 
-					if v, ok := ipsMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-						ipPrefixSetInt[i].Namespace = v.(string)
-					}
+									if v, ok := cookieMatchersMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-					if v, ok := ipsMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-						ipPrefixSetInt[i].Tenant = v.(string)
-					}
+										matchTypeFound = true
 
-				}
+										if v.(bool) {
+											matchInt := &ves_io_schema_policy.CookieMatcherType_CheckNotPresent{}
+											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
+											cookieMatchers[i].Match = matchInt
+										}
 
-			}
+									}
 
-			if v, ok := cs["prefix_list"]; ok && !isIntfNil(v) {
+									if v, ok := cookieMatchersMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-				sl := v.(*schema.Set).List()
-				prefixList := &ves_io_schema_views.PrefixStringListType{}
-				ruleChoiceInt.AllowList.PrefixList = prefixList
-				for _, set := range sl {
-					prefixListMapStrToI := set.(map[string]interface{})
+										matchTypeFound = true
 
-					if w, ok := prefixListMapStrToI["prefixes"]; ok && !isIntfNil(w) {
-						ls := make([]string, len(w.([]interface{})))
-						for i, v := range w.([]interface{}) {
-							ls[i] = v.(string)
-						}
-						prefixList.Prefixes = ls
-					}
+										if v.(bool) {
+											matchInt := &ves_io_schema_policy.CookieMatcherType_CheckPresent{}
+											matchInt.CheckPresent = &ves_io_schema.Empty{}
+											cookieMatchers[i].Match = matchInt
+										}
 
-				}
+									}
 
-			}
+									if v, ok := cookieMatchersMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-			if v, ok := cs["tls_fingerprint_classes"]; ok && !isIntfNil(v) {
+										matchTypeFound = true
+										matchInt := &ves_io_schema_policy.CookieMatcherType_Item{}
+										matchInt.Item = &ves_io_schema_policy.MatcherType{}
+										cookieMatchers[i].Match = matchInt
 
-				tls_fingerprint_classesList := []ves_io_schema_policy.KnownTlsFingerprintClass{}
-				for _, j := range v.([]interface{}) {
-					tls_fingerprint_classesList = append(tls_fingerprint_classesList, ves_io_schema_policy.KnownTlsFingerprintClass(ves_io_schema_policy.KnownTlsFingerprintClass_value[j.(string)]))
-				}
-				ruleChoiceInt.AllowList.TlsFingerprintClasses = tls_fingerprint_classesList
+										sl := v.(*schema.Set).List()
+										for _, set := range sl {
+											cs := set.(map[string]interface{})
 
-			}
+											if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
 
-			if v, ok := cs["tls_fingerprint_values"]; ok && !isIntfNil(v) {
+												ls := make([]string, len(v.([]interface{})))
+												for i, v := range v.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												matchInt.Item.ExactValues = ls
 
-				ls := make([]string, len(v.([]interface{})))
-				for i, v := range v.([]interface{}) {
-					ls[i] = v.(string)
-				}
-				ruleChoiceInt.AllowList.TlsFingerprintValues = ls
+											}
 
-			}
+											if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
 
-		}
+												ls := make([]string, len(v.([]interface{})))
+												for i, v := range v.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												matchInt.Item.RegexValues = ls
 
-	}
+											}
 
-	if v, ok := d.GetOk("deny_all_requests"); ok && !ruleChoiceTypeFound {
+											if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
 
-		ruleChoiceTypeFound = true
+												transformersList := []ves_io_schema_policy.Transformer{}
+												for _, j := range v.([]interface{}) {
+													transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+												}
+												matchInt.Item.Transformers = transformersList
 
-		if v.(bool) {
-			ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_DenyAllRequests{}
-			ruleChoiceInt.DenyAllRequests = &ves_io_schema.Empty{}
-			updateSpec.RuleChoice = ruleChoiceInt
-		}
+											}
 
-	}
+										}
 
-	if v, ok := d.GetOk("deny_list"); ok && !ruleChoiceTypeFound {
+									}
 
-		ruleChoiceTypeFound = true
-		ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_DenyList{}
-		ruleChoiceInt.DenyList = &ves_io_schema_service_policy.SourceList{}
-		updateSpec.RuleChoice = ruleChoiceInt
+									if v, ok := cookieMatchersMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
 
-		sl := v.(*schema.Set).List()
-		for _, set := range sl {
-			cs := set.(map[string]interface{})
+										matchTypeFound = true
+										matchInt := &ves_io_schema_policy.CookieMatcherType_Presence{}
 
-			if v, ok := cs["asn_list"]; ok && !isIntfNil(v) {
+										cookieMatchers[i].Match = matchInt
 
-				sl := v.(*schema.Set).List()
-				asnList := &ves_io_schema_policy.AsnMatchList{}
-				ruleChoiceInt.DenyList.AsnList = asnList
-				for _, set := range sl {
-					asnListMapStrToI := set.(map[string]interface{})
+										matchInt.Presence = v.(bool)
 
-					if w, ok := asnListMapStrToI["as_numbers"]; ok && !isIntfNil(w) {
-						ls := make([]uint32, len(w.([]interface{})))
-						for i, v := range w.([]interface{}) {
-							ls[i] = uint32(v.(int))
-						}
-						asnList.AsNumbers = ls
-					}
+									}
 
-				}
+									if w, ok := cookieMatchersMapStrToI["name"]; ok && !isIntfNil(w) {
+										cookieMatchers[i].Name = w.(string)
+									}
 
-			}
+								}
 
-			if v, ok := cs["asn_set"]; ok && !isIntfNil(v) {
+							}
 
-				sl := v.([]interface{})
-				asnSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
-				ruleChoiceInt.DenyList.AsnSet = asnSetInt
-				for i, ps := range sl {
+							if v, ok := specMapStrToI["domain_matcher"]; ok && !isIntfNil(v) {
 
-					asMapToStrVal := ps.(map[string]interface{})
-					asnSetInt[i] = &ves_io_schema_views.ObjectRefType{}
+								sl := v.(*schema.Set).List()
+								domainMatcher := &ves_io_schema_policy.MatcherType{}
+								spec.DomainMatcher = domainMatcher
+								for _, set := range sl {
+									domainMatcherMapStrToI := set.(map[string]interface{})
 
-					if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
-						asnSetInt[i].Name = v.(string)
-					}
+									if w, ok := domainMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										domainMatcher.ExactValues = ls
+									}
 
-					if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-						asnSetInt[i].Namespace = v.(string)
-					}
+									if w, ok := domainMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										domainMatcher.RegexValues = ls
+									}
 
-					if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-						asnSetInt[i].Tenant = v.(string)
-					}
+									if v, ok := domainMatcherMapStrToI["transformers"]; ok && !isIntfNil(v) {
 
-				}
+										transformersList := []ves_io_schema_policy.Transformer{}
+										for _, j := range v.([]interface{}) {
+											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+										}
+										domainMatcher.Transformers = transformersList
 
-			}
+									}
 
-			if v, ok := cs["country_list"]; ok && !isIntfNil(v) {
+								}
 
-				country_listList := []ves_io_schema_policy.CountryCode{}
-				for _, j := range v.([]interface{}) {
-					country_listList = append(country_listList, ves_io_schema_policy.CountryCode(ves_io_schema_policy.CountryCode_value[j.(string)]))
-				}
-				ruleChoiceInt.DenyList.CountryList = country_listList
+							}
 
-			}
+							dstAsnChoiceTypeFound := false
 
-			defaultActionChoiceTypeFound := false
+							if v, ok := specMapStrToI["any_dst_asn"]; ok && !isIntfNil(v) && !dstAsnChoiceTypeFound {
 
-			if v, ok := cs["default_action_allow"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+								dstAsnChoiceTypeFound = true
 
-				defaultActionChoiceTypeFound = true
+								if v.(bool) {
+									dstAsnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyDstAsn{}
+									dstAsnChoiceInt.AnyDstAsn = &ves_io_schema.Empty{}
+									spec.DstAsnChoice = dstAsnChoiceInt
+								}
 
-				if v.(bool) {
-					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionAllow{}
-					defaultActionChoiceInt.DefaultActionAllow = &ves_io_schema.Empty{}
-					ruleChoiceInt.DenyList.DefaultActionChoice = defaultActionChoiceInt
-				}
+							}
 
-			}
+							if v, ok := specMapStrToI["dst_asn_list"]; ok && !isIntfNil(v) && !dstAsnChoiceTypeFound {
 
-			if v, ok := cs["default_action_deny"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+								dstAsnChoiceTypeFound = true
+								dstAsnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstAsnList{}
+								dstAsnChoiceInt.DstAsnList = &ves_io_schema_policy.AsnMatchList{}
+								spec.DstAsnChoice = dstAsnChoiceInt
 
-				defaultActionChoiceTypeFound = true
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
 
-				if v.(bool) {
-					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionDeny{}
-					defaultActionChoiceInt.DefaultActionDeny = &ves_io_schema.Empty{}
-					ruleChoiceInt.DenyList.DefaultActionChoice = defaultActionChoiceInt
-				}
+									if v, ok := cs["as_numbers"]; ok && !isIntfNil(v) {
 
-			}
+										ls := make([]uint32, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = uint32(v.(int))
+										}
+										dstAsnChoiceInt.DstAsnList.AsNumbers = ls
 
-			if v, ok := cs["default_action_next_policy"]; ok && !isIntfNil(v) && !defaultActionChoiceTypeFound {
+									}
 
-				defaultActionChoiceTypeFound = true
+								}
 
-				if v.(bool) {
-					defaultActionChoiceInt := &ves_io_schema_service_policy.SourceList_DefaultActionNextPolicy{}
-					defaultActionChoiceInt.DefaultActionNextPolicy = &ves_io_schema.Empty{}
-					ruleChoiceInt.DenyList.DefaultActionChoice = defaultActionChoiceInt
-				}
+							}
 
-			}
+							if v, ok := specMapStrToI["dst_asn_matcher"]; ok && !isIntfNil(v) && !dstAsnChoiceTypeFound {
 
-			if v, ok := cs["ip_prefix_set"]; ok && !isIntfNil(v) {
+								dstAsnChoiceTypeFound = true
+								dstAsnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstAsnMatcher{}
+								dstAsnChoiceInt.DstAsnMatcher = &ves_io_schema_policy.AsnMatcherType{}
+								spec.DstAsnChoice = dstAsnChoiceInt
 
-				sl := v.([]interface{})
-				ipPrefixSetInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
-				ruleChoiceInt.DenyList.IpPrefixSet = ipPrefixSetInt
-				for i, ps := range sl {
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
 
-					ipsMapToStrVal := ps.(map[string]interface{})
-					ipPrefixSetInt[i] = &ves_io_schema_views.ObjectRefType{}
+									if v, ok := cs["asn_sets"]; ok && !isIntfNil(v) {
 
-					if v, ok := ipsMapToStrVal["name"]; ok && !isIntfNil(v) {
-						ipPrefixSetInt[i].Name = v.(string)
-					}
+										sl := v.([]interface{})
+										asnSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+										dstAsnChoiceInt.DstAsnMatcher.AsnSets = asnSetsInt
+										for i, ps := range sl {
 
-					if v, ok := ipsMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-						ipPrefixSetInt[i].Namespace = v.(string)
-					}
+											asMapToStrVal := ps.(map[string]interface{})
+											asnSetsInt[i] = &ves_io_schema.ObjectRefType{}
 
-					if v, ok := ipsMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-						ipPrefixSetInt[i].Tenant = v.(string)
-					}
+											asnSetsInt[i].Kind = "bgp_asn_set"
 
-				}
+											if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Name = v.(string)
+											}
 
-			}
+											if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Namespace = v.(string)
+											}
 
-			if v, ok := cs["prefix_list"]; ok && !isIntfNil(v) {
+											if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Tenant = v.(string)
+											}
 
-				sl := v.(*schema.Set).List()
-				prefixList := &ves_io_schema_views.PrefixStringListType{}
-				ruleChoiceInt.DenyList.PrefixList = prefixList
-				for _, set := range sl {
-					prefixListMapStrToI := set.(map[string]interface{})
+											if v, ok := asMapToStrVal["uid"]; ok && !isIntfNil(v) {
+												asnSetsInt[i].Uid = v.(string)
+											}
 
-					if w, ok := prefixListMapStrToI["prefixes"]; ok && !isIntfNil(w) {
-						ls := make([]string, len(w.([]interface{})))
-						for i, v := range w.([]interface{}) {
-							ls[i] = v.(string)
-						}
-						prefixList.Prefixes = ls
-					}
+										}
 
-				}
+									}
 
-			}
+								}
 
-			if v, ok := cs["tls_fingerprint_classes"]; ok && !isIntfNil(v) {
+							}
 
-				tls_fingerprint_classesList := []ves_io_schema_policy.KnownTlsFingerprintClass{}
-				for _, j := range v.([]interface{}) {
-					tls_fingerprint_classesList = append(tls_fingerprint_classesList, ves_io_schema_policy.KnownTlsFingerprintClass(ves_io_schema_policy.KnownTlsFingerprintClass_value[j.(string)]))
-				}
-				ruleChoiceInt.DenyList.TlsFingerprintClasses = tls_fingerprint_classesList
+							dstIpChoiceTypeFound := false
 
-			}
+							if v, ok := specMapStrToI["any_dst_ip"]; ok && !isIntfNil(v) && !dstIpChoiceTypeFound {
 
-			if v, ok := cs["tls_fingerprint_values"]; ok && !isIntfNil(v) {
+								dstIpChoiceTypeFound = true
 
-				ls := make([]string, len(v.([]interface{})))
-				for i, v := range v.([]interface{}) {
-					ls[i] = v.(string)
-				}
-				ruleChoiceInt.DenyList.TlsFingerprintValues = ls
+								if v.(bool) {
+									dstIpChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyDstIp{}
+									dstIpChoiceInt.AnyDstIp = &ves_io_schema.Empty{}
+									spec.DstIpChoice = dstIpChoiceInt
+								}
 
-			}
+							}
 
-		}
+							if v, ok := specMapStrToI["dst_ip_matcher"]; ok && !isIntfNil(v) && !dstIpChoiceTypeFound {
 
-	}
+								dstIpChoiceTypeFound = true
+								dstIpChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstIpMatcher{}
+								dstIpChoiceInt.DstIpMatcher = &ves_io_schema_policy.IpMatcherType{}
+								spec.DstIpChoice = dstIpChoiceInt
 
-	if v, ok := d.GetOk("internally_generated"); ok && !ruleChoiceTypeFound {
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
 
-		ruleChoiceTypeFound = true
+									if v, ok := cs["invert_matcher"]; ok && !isIntfNil(v) {
 
-		if v.(bool) {
-			ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_InternallyGenerated{}
-			ruleChoiceInt.InternallyGenerated = &ves_io_schema.Empty{}
-			updateSpec.RuleChoice = ruleChoiceInt
-		}
+										dstIpChoiceInt.DstIpMatcher.InvertMatcher = v.(bool)
 
-	}
+									}
 
-	if v, ok := d.GetOk("legacy_rule_list"); ok && !ruleChoiceTypeFound {
+									if v, ok := cs["prefix_sets"]; ok && !isIntfNil(v) {
 
-		ruleChoiceTypeFound = true
-		ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_LegacyRuleList{}
-		ruleChoiceInt.LegacyRuleList = &ves_io_schema_service_policy.LegacyRuleList{}
-		updateSpec.RuleChoice = ruleChoiceInt
+										sl := v.([]interface{})
+										prefixSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+										dstIpChoiceInt.DstIpMatcher.PrefixSets = prefixSetsInt
+										for i, ps := range sl {
 
-		sl := v.(*schema.Set).List()
-		for _, set := range sl {
-			cs := set.(map[string]interface{})
+											psMapToStrVal := ps.(map[string]interface{})
+											prefixSetsInt[i] = &ves_io_schema.ObjectRefType{}
 
-			if v, ok := cs["rules"]; ok && !isIntfNil(v) {
+											prefixSetsInt[i].Kind = "ip_prefix_set"
 
-				sl := v.([]interface{})
-				rulesInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-				ruleChoiceInt.LegacyRuleList.Rules = rulesInt
-				for i, ps := range sl {
+											if v, ok := psMapToStrVal["name"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Name = v.(string)
+											}
 
-					rMapToStrVal := ps.(map[string]interface{})
-					rulesInt[i] = &ves_io_schema.ObjectRefType{}
+											if v, ok := psMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Namespace = v.(string)
+											}
 
-					rulesInt[i].Kind = "service_policy_rule"
+											if v, ok := psMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Tenant = v.(string)
+											}
 
-					if v, ok := rMapToStrVal["name"]; ok && !isIntfNil(v) {
-						rulesInt[i].Name = v.(string)
-					}
+											if v, ok := psMapToStrVal["uid"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Uid = v.(string)
+											}
 
-					if v, ok := rMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-						rulesInt[i].Namespace = v.(string)
-					}
+										}
 
-					if v, ok := rMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-						rulesInt[i].Tenant = v.(string)
-					}
+									}
 
-					if v, ok := rMapToStrVal["uid"]; ok && !isIntfNil(v) {
-						rulesInt[i].Uid = v.(string)
-					}
+								}
 
-				}
+							}
 
-			}
+							if v, ok := specMapStrToI["dst_ip_prefix_list"]; ok && !isIntfNil(v) && !dstIpChoiceTypeFound {
 
-		}
+								dstIpChoiceTypeFound = true
+								dstIpChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstIpPrefixList{}
+								dstIpChoiceInt.DstIpPrefixList = &ves_io_schema_policy.PrefixMatchList{}
+								spec.DstIpChoice = dstIpChoiceInt
 
-	}
+								sl := v.(*schema.Set).List()
+								for _, set := range sl {
+									cs := set.(map[string]interface{})
 
-	if v, ok := d.GetOk("rule_list"); ok && !ruleChoiceTypeFound {
+									if v, ok := cs["invert_match"]; ok && !isIntfNil(v) {
 
-		ruleChoiceTypeFound = true
-		ruleChoiceInt := &ves_io_schema_service_policy.ReplaceSpecType_RuleList{}
-		ruleChoiceInt.RuleList = &ves_io_schema_service_policy.RuleList{}
-		updateSpec.RuleChoice = ruleChoiceInt
+										dstIpChoiceInt.DstIpPrefixList.InvertMatch = v.(bool)
 
-		sl := v.(*schema.Set).List()
-		for _, set := range sl {
-			cs := set.(map[string]interface{})
+									}
 
-			if v, ok := cs["rules"]; ok && !isIntfNil(v) {
+									if v, ok := cs["ip_prefixes"]; ok && !isIntfNil(v) {
 
-				sl := v.([]interface{})
-				rules := make([]*ves_io_schema_service_policy.Rule, len(sl))
-				ruleChoiceInt.RuleList.Rules = rules
-				for i, set := range sl {
-					rules[i] = &ves_io_schema_service_policy.Rule{}
-					rulesMapStrToI := set.(map[string]interface{})
+										ls := make([]string, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										dstIpChoiceInt.DstIpPrefixList.IpPrefixes = ls
 
-					if v, ok := rulesMapStrToI["metadata"]; ok && !isIntfNil(v) {
+									}
 
-						sl := v.(*schema.Set).List()
-						metadata := &ves_io_schema.MessageMetaType{}
-						rules[i].Metadata = metadata
-						for _, set := range sl {
-							metadataMapStrToI := set.(map[string]interface{})
+									if w, ok := cs["ipv6_prefixes"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										dstIpChoiceInt.DstIpPrefixList.Ipv6Prefixes = ls
+									}
 
-							if w, ok := metadataMapStrToI["description"]; ok && !isIntfNil(w) {
-								metadata.Description = w.(string)
-							}
+								}
 
-							if w, ok := metadataMapStrToI["disable"]; ok && !isIntfNil(w) {
-								metadata.Disable = w.(bool)
 							}
 
-							if w, ok := metadataMapStrToI["name"]; ok && !isIntfNil(w) {
-								metadata.Name = w.(string)
+							if w, ok := specMapStrToI["expiration_timestamp"]; ok && !isIntfNil(w) {
+								ts, err := parseTime(w.(string))
+								if err != nil {
+									return fmt.Errorf("error creating ExpirationTimestamp, timestamp format is wrong: %s", err)
+								}
+								spec.ExpirationTimestamp = ts
 							}
 
-						}
+							if v, ok := specMapStrToI["forwarding_class"]; ok && !isIntfNil(v) {
 
-					}
+								sl := v.([]interface{})
+								forwardingClassInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+								spec.ForwardingClass = forwardingClassInt
+								for i, ps := range sl {
 
-					if v, ok := rulesMapStrToI["spec"]; ok && !isIntfNil(v) {
+									fcMapToStrVal := ps.(map[string]interface{})
+									forwardingClassInt[i] = &ves_io_schema.ObjectRefType{}
 
-						sl := v.(*schema.Set).List()
-						spec := &ves_io_schema_service_policy_rule.GlobalSpecType{}
-						rules[i].Spec = spec
-						for _, set := range sl {
-							specMapStrToI := set.(map[string]interface{})
+									forwardingClassInt[i].Kind = "forwarding_class"
 
-							if v, ok := specMapStrToI["action"]; ok && !isIntfNil(v) {
+									if v, ok := fcMapToStrVal["name"]; ok && !isIntfNil(v) {
+										forwardingClassInt[i].Name = v.(string)
+									}
 
-								spec.Action = ves_io_schema_policy.RuleAction(ves_io_schema_policy.RuleAction_value[v.(string)])
+									if v, ok := fcMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+										forwardingClassInt[i].Namespace = v.(string)
+									}
+
+									if v, ok := fcMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+										forwardingClassInt[i].Tenant = v.(string)
+									}
+
+									if v, ok := fcMapToStrVal["uid"]; ok && !isIntfNil(v) {
+										forwardingClassInt[i].Uid = v.(string)
+									}
+
+								}
 
 							}
 
-							if v, ok := specMapStrToI["api_group_matcher"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["goto_policy"]; ok && !isIntfNil(v) {
 
-								sl := v.(*schema.Set).List()
-								apiGroupMatcher := &ves_io_schema_policy.StringMatcherType{}
-								spec.ApiGroupMatcher = apiGroupMatcher
-								for _, set := range sl {
-									apiGroupMatcherMapStrToI := set.(map[string]interface{})
+								sl := v.([]interface{})
+								gotoPolicyInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+								spec.GotoPolicy = gotoPolicyInt
+								for i, ps := range sl {
 
-									if w, ok := apiGroupMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										apiGroupMatcher.InvertMatcher = w.(bool)
+									gpMapToStrVal := ps.(map[string]interface{})
+									gotoPolicyInt[i] = &ves_io_schema.ObjectRefType{}
+
+									gotoPolicyInt[i].Kind = "service_policy"
+
+									if v, ok := gpMapToStrVal["name"]; ok && !isIntfNil(v) {
+										gotoPolicyInt[i].Name = v.(string)
 									}
 
-									if w, ok := apiGroupMatcherMapStrToI["match"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										apiGroupMatcher.Match = ls
+									if v, ok := gpMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+										gotoPolicyInt[i].Namespace = v.(string)
+									}
+
+									if v, ok := gpMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+										gotoPolicyInt[i].Tenant = v.(string)
+									}
+
+									if v, ok := gpMapToStrVal["uid"]; ok && !isIntfNil(v) {
+										gotoPolicyInt[i].Uid = v.(string)
 									}
 
 								}
 
 							}
 
-							if v, ok := specMapStrToI["arg_matchers"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["headers"]; ok && !isIntfNil(v) {
 
 								sl := v.([]interface{})
-								argMatchers := make([]*ves_io_schema_policy.ArgMatcherType, len(sl))
-								spec.ArgMatchers = argMatchers
+								headers := make([]*ves_io_schema_policy.HeaderMatcherType, len(sl))
+								spec.Headers = headers
 								for i, set := range sl {
-									argMatchers[i] = &ves_io_schema_policy.ArgMatcherType{}
-									argMatchersMapStrToI := set.(map[string]interface{})
+									headers[i] = &ves_io_schema_policy.HeaderMatcherType{}
+									headersMapStrToI := set.(map[string]interface{})
 
-									if w, ok := argMatchersMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										argMatchers[i].InvertMatcher = w.(bool)
+									if w, ok := headersMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										headers[i].InvertMatcher = w.(bool)
 									}
 
 									matchTypeFound := false
 
-									if v, ok := argMatchersMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := headersMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
 
 										if v.(bool) {
-											matchInt := &ves_io_schema_policy.ArgMatcherType_CheckNotPresent{}
+											matchInt := &ves_io_schema_policy.HeaderMatcherType_CheckNotPresent{}
 											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
-											argMatchers[i].Match = matchInt
+											headers[i].Match = matchInt
 										}
 
 									}
 
-									if v, ok := argMatchersMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := headersMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
 
 										if v.(bool) {
-											matchInt := &ves_io_schema_policy.ArgMatcherType_CheckPresent{}
+											matchInt := &ves_io_schema_policy.HeaderMatcherType_CheckPresent{}
 											matchInt.CheckPresent = &ves_io_schema.Empty{}
-											argMatchers[i].Match = matchInt
+											headers[i].Match = matchInt
 										}
 
 									}
 
-									if v, ok := argMatchersMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := headersMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.ArgMatcherType_Item{}
+										matchInt := &ves_io_schema_policy.HeaderMatcherType_Item{}
 										matchInt.Item = &ves_io_schema_policy.MatcherType{}
-										argMatchers[i].Match = matchInt
+										headers[i].Match = matchInt
 
 										sl := v.(*schema.Set).List()
 										for _, set := range sl {
@@ -5158,101 +7400,108 @@ func resourceVolterraServicePolicyUpdate(d *schema.ResourceData, meta interface{
 
 									}
 
-									if v, ok := argMatchersMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := headersMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.ArgMatcherType_Presence{}
+										matchInt := &ves_io_schema_policy.HeaderMatcherType_Presence{}
 
-										argMatchers[i].Match = matchInt
+										headers[i].Match = matchInt
 
 										matchInt.Presence = v.(bool)
 
 									}
 
-									if w, ok := argMatchersMapStrToI["name"]; ok && !isIntfNil(w) {
-										argMatchers[i].Name = w.(string)
+									if w, ok := headersMapStrToI["name"]; ok && !isIntfNil(w) {
+										headers[i].Name = w.(string)
 									}
 
 								}
 
 							}
 
-							asnChoiceTypeFound := false
+							if v, ok := specMapStrToI["http_method"]; ok && !isIntfNil(v) {
 
-							if v, ok := specMapStrToI["any_asn"]; ok && !isIntfNil(v) && !asnChoiceTypeFound {
+								sl := v.(*schema.Set).List()
+								httpMethod := &ves_io_schema_policy.HttpMethodMatcherType{}
+								spec.HttpMethod = httpMethod
+								for _, set := range sl {
+									httpMethodMapStrToI := set.(map[string]interface{})
 
-								asnChoiceTypeFound = true
+									if w, ok := httpMethodMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										httpMethod.InvertMatcher = w.(bool)
+									}
 
-								if v.(bool) {
-									asnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyAsn{}
-									asnChoiceInt.AnyAsn = &ves_io_schema.Empty{}
-									spec.AsnChoice = asnChoiceInt
-								}
+									if v, ok := httpMethodMapStrToI["methods"]; ok && !isIntfNil(v) {
 
-							}
+										methodsList := []ves_io_schema.HttpMethod{}
+										for _, j := range v.([]interface{}) {
+											methodsList = append(methodsList, ves_io_schema.HttpMethod(ves_io_schema.HttpMethod_value[j.(string)]))
+										}
+										httpMethod.Methods = methodsList
 
-							if v, ok := specMapStrToI["asn_list"]; ok && !isIntfNil(v) && !asnChoiceTypeFound {
+									}
 
-								asnChoiceTypeFound = true
-								asnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AsnList{}
-								asnChoiceInt.AsnList = &ves_io_schema_policy.AsnMatchList{}
-								spec.AsnChoice = asnChoiceInt
+								}
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+							}
 
-									if v, ok := cs["as_numbers"]; ok && !isIntfNil(v) {
+							ipChoiceTypeFound := false
 
-										ls := make([]uint32, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = uint32(v.(int))
-										}
-										asnChoiceInt.AsnList.AsNumbers = ls
+							if v, ok := specMapStrToI["any_ip"]; ok && !isIntfNil(v) && !ipChoiceTypeFound {
 
-									}
+								ipChoiceTypeFound = true
 
+								if v.(bool) {
+									ipChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyIp{}
+									ipChoiceInt.AnyIp = &ves_io_schema.Empty{}
+									spec.IpChoice = ipChoiceInt
 								}
 
 							}
 
-							if v, ok := specMapStrToI["asn_matcher"]; ok && !isIntfNil(v) && !asnChoiceTypeFound {
+							if v, ok := specMapStrToI["ip_matcher"]; ok && !isIntfNil(v) && !ipChoiceTypeFound {
 
-								asnChoiceTypeFound = true
-								asnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AsnMatcher{}
-								asnChoiceInt.AsnMatcher = &ves_io_schema_policy.AsnMatcherType{}
-								spec.AsnChoice = asnChoiceInt
+								ipChoiceTypeFound = true
+								ipChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_IpMatcher{}
+								ipChoiceInt.IpMatcher = &ves_io_schema_policy.IpMatcherType{}
+								spec.IpChoice = ipChoiceInt
 
 								sl := v.(*schema.Set).List()
 								for _, set := range sl {
 									cs := set.(map[string]interface{})
 
-									if v, ok := cs["asn_sets"]; ok && !isIntfNil(v) {
+									if v, ok := cs["invert_matcher"]; ok && !isIntfNil(v) {
+
+										ipChoiceInt.IpMatcher.InvertMatcher = v.(bool)
+
+									}
+
+									if v, ok := cs["prefix_sets"]; ok && !isIntfNil(v) {
 
 										sl := v.([]interface{})
-										asnSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-										asnChoiceInt.AsnMatcher.AsnSets = asnSetsInt
+										prefixSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+										ipChoiceInt.IpMatcher.PrefixSets = prefixSetsInt
 										for i, ps := range sl {
 
-											asMapToStrVal := ps.(map[string]interface{})
-											asnSetsInt[i] = &ves_io_schema.ObjectRefType{}
+											psMapToStrVal := ps.(map[string]interface{})
+											prefixSetsInt[i] = &ves_io_schema.ObjectRefType{}
 
-											asnSetsInt[i].Kind = "bgp_asn_set"
+											prefixSetsInt[i].Kind = "ip_prefix_set"
 
-											if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Name = v.(string)
+											if v, ok := psMapToStrVal["name"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Name = v.(string)
 											}
 
-											if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Namespace = v.(string)
+											if v, ok := psMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Namespace = v.(string)
 											}
 
-											if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Tenant = v.(string)
+											if v, ok := psMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Tenant = v.(string)
 											}
 
-											if v, ok := asMapToStrVal["uid"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Uid = v.(string)
+											if v, ok := psMapToStrVal["uid"]; ok && !isIntfNil(v) {
+												prefixSetsInt[i].Uid = v.(string)
 											}
 
 										}
@@ -5263,75 +7512,40 @@ func resourceVolterraServicePolicyUpdate(d *schema.ResourceData, meta interface{
 
 							}
 
-							if v, ok := specMapStrToI["body_matcher"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["ip_prefix_list"]; ok && !isIntfNil(v) && !ipChoiceTypeFound {
+
+								ipChoiceTypeFound = true
+								ipChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_IpPrefixList{}
+								ipChoiceInt.IpPrefixList = &ves_io_schema_policy.PrefixMatchList{}
+								spec.IpChoice = ipChoiceInt
 
 								sl := v.(*schema.Set).List()
-								bodyMatcher := &ves_io_schema_policy.MatcherType{}
-								spec.BodyMatcher = bodyMatcher
 								for _, set := range sl {
-									bodyMatcherMapStrToI := set.(map[string]interface{})
-
-									if w, ok := bodyMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										bodyMatcher.ExactValues = ls
-									}
-
-									if w, ok := bodyMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										bodyMatcher.RegexValues = ls
-									}
+									cs := set.(map[string]interface{})
 
-									if v, ok := bodyMatcherMapStrToI["transformers"]; ok && !isIntfNil(v) {
+									if v, ok := cs["invert_match"]; ok && !isIntfNil(v) {
 
-										transformersList := []ves_io_schema_policy.Transformer{}
-										for _, j := range v.([]interface{}) {
-											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
-										}
-										bodyMatcher.Transformers = transformersList
+										ipChoiceInt.IpPrefixList.InvertMatch = v.(bool)
 
 									}
 
-								}
-
-							}
-
-							if v, ok := specMapStrToI["bot_action"]; ok && !isIntfNil(v) {
-
-								sl := v.(*schema.Set).List()
-								botAction := &ves_io_schema_policy.BotAction{}
-								spec.BotAction = botAction
-								for _, set := range sl {
-									botActionMapStrToI := set.(map[string]interface{})
-
-									actionTypeTypeFound := false
-
-									if v, ok := botActionMapStrToI["bot_skip_processing"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
-
-										actionTypeTypeFound = true
+									if v, ok := cs["ip_prefixes"]; ok && !isIntfNil(v) {
 
-										if v.(bool) {
-											actionTypeInt := &ves_io_schema_policy.BotAction_BotSkipProcessing{}
-											actionTypeInt.BotSkipProcessing = &ves_io_schema.Empty{}
-											botAction.ActionType = actionTypeInt
+										ls := make([]string, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = v.(string)
 										}
+										ipChoiceInt.IpPrefixList.IpPrefixes = ls
 
 									}
 
-									if v, ok := botActionMapStrToI["none"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
-
-										actionTypeTypeFound = true
+									if v, ok := cs["ipv6_prefixes"]; ok && !isIntfNil(v) {
 
-										if v.(bool) {
-											actionTypeInt := &ves_io_schema_policy.BotAction_None{}
-											actionTypeInt.None = &ves_io_schema.Empty{}
-											botAction.ActionType = actionTypeInt
+										ls := make([]string, len(v.([]interface{})))
+										for i, v := range v.([]interface{}) {
+											ls[i] = v.(string)
 										}
+										ipChoiceInt.IpPrefixList.Ipv6Prefixes = ls
 
 									}
 
@@ -5339,75 +7553,40 @@ func resourceVolterraServicePolicyUpdate(d *schema.ResourceData, meta interface{
 
 							}
 
-							if v, ok := specMapStrToI["challenge_action"]; ok && !isIntfNil(v) {
-
-								spec.ChallengeAction = ves_io_schema_policy.ChallengeAction(ves_io_schema_policy.ChallengeAction_value[v.(string)])
-
-							}
-
-							clientChoiceTypeFound := false
-
-							if v, ok := specMapStrToI["any_client"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
-
-								clientChoiceTypeFound = true
-
-								if v.(bool) {
-									clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyClient{}
-									clientChoiceInt.AnyClient = &ves_io_schema.Empty{}
-									spec.ClientChoice = clientChoiceInt
-								}
-
-							}
-
-							if v, ok := specMapStrToI["client_name"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
-
-								clientChoiceTypeFound = true
-								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_ClientName{}
-
-								spec.ClientChoice = clientChoiceInt
-
-								clientChoiceInt.ClientName = v.(string)
-
-							}
-
-							if v, ok := specMapStrToI["client_name_matcher"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
-
-								clientChoiceTypeFound = true
-								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_ClientNameMatcher{}
-								clientChoiceInt.ClientNameMatcher = &ves_io_schema_policy.MatcherType{}
-								spec.ClientChoice = clientChoiceInt
+							if v, ok := specMapStrToI["l4_dest_matcher"]; ok && !isIntfNil(v) {
 
 								sl := v.(*schema.Set).List()
+								l4DestMatcher := &ves_io_schema_policy.L4DestMatcherType{}
+								spec.L4DestMatcher = l4DestMatcher
 								for _, set := range sl {
-									cs := set.(map[string]interface{})
-
-									if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
-
-										ls := make([]string, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										clientChoiceInt.ClientNameMatcher.ExactValues = ls
+									l4DestMatcherMapStrToI := set.(map[string]interface{})
 
+									if w, ok := l4DestMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										l4DestMatcher.InvertMatcher = w.(bool)
 									}
 
-									if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
+									if v, ok := l4DestMatcherMapStrToI["l4_dests"]; ok && !isIntfNil(v) {
 
-										ls := make([]string, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										clientChoiceInt.ClientNameMatcher.RegexValues = ls
+										sl := v.([]interface{})
+										l4Dests := make([]*ves_io_schema.L4DestType, len(sl))
+										l4DestMatcher.L4Dests = l4Dests
+										for i, set := range sl {
+											l4Dests[i] = &ves_io_schema.L4DestType{}
+											l4DestsMapStrToI := set.(map[string]interface{})
 
-									}
+											if w, ok := l4DestsMapStrToI["port_ranges"]; ok && !isIntfNil(w) {
+												l4Dests[i].PortRanges = w.(string)
+											}
 
-									if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
+											if w, ok := l4DestsMapStrToI["prefixes"]; ok && !isIntfNil(w) {
+												ls := make([]string, len(w.([]interface{})))
+												for i, v := range w.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												l4Dests[i].Prefixes = ls
+											}
 
-										transformersList := []ves_io_schema_policy.Transformer{}
-										for _, j := range v.([]interface{}) {
-											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
 										}
-										clientChoiceInt.ClientNameMatcher.Transformers = transformersList
 
 									}
 
@@ -5415,143 +7594,157 @@ func resourceVolterraServicePolicyUpdate(d *schema.ResourceData, meta interface{
 
 							}
 
-							if v, ok := specMapStrToI["client_selector"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
-
-								clientChoiceTypeFound = true
-								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_ClientSelector{}
-								clientChoiceInt.ClientSelector = &ves_io_schema.LabelSelectorType{}
-								spec.ClientChoice = clientChoiceInt
+							if v, ok := specMapStrToI["label_matcher"]; ok && !isIntfNil(v) {
 
 								sl := v.(*schema.Set).List()
+								labelMatcher := &ves_io_schema.LabelMatcherType{}
+								spec.LabelMatcher = labelMatcher
 								for _, set := range sl {
-									cs := set.(map[string]interface{})
-
-									if v, ok := cs["expressions"]; ok && !isIntfNil(v) {
+									labelMatcherMapStrToI := set.(map[string]interface{})
 
-										ls := make([]string, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
+									if w, ok := labelMatcherMapStrToI["keys"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
 											ls[i] = v.(string)
 										}
-										clientChoiceInt.ClientSelector.Expressions = ls
-
+										labelMatcher.Keys = ls
 									}
 
 								}
 
 							}
 
-							if v, ok := specMapStrToI["ip_threat_category_list"]; ok && !isIntfNil(v) && !clientChoiceTypeFound {
-
-								clientChoiceTypeFound = true
-								clientChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_IpThreatCategoryList{}
-								clientChoiceInt.IpThreatCategoryList = &ves_io_schema_service_policy_rule.IPThreatCategoryListType{}
-								spec.ClientChoice = clientChoiceInt
+							if v, ok := specMapStrToI["path"]; ok && !isIntfNil(v) {
 
 								sl := v.(*schema.Set).List()
+								path := &ves_io_schema_policy.PathMatcherType{}
+								spec.Path = path
 								for _, set := range sl {
-									cs := set.(map[string]interface{})
+									pathMapStrToI := set.(map[string]interface{})
 
-									if v, ok := cs["ip_threat_categories"]; ok && !isIntfNil(v) {
+									if w, ok := pathMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										path.ExactValues = ls
+									}
 
-										ip_threat_categoriesList := []ves_io_schema_policy.IPThreatCategory{}
-										for _, j := range v.([]interface{}) {
-											ip_threat_categoriesList = append(ip_threat_categoriesList, ves_io_schema_policy.IPThreatCategory(ves_io_schema_policy.IPThreatCategory_value[j.(string)]))
+									if w, ok := pathMapStrToI["prefix_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
 										}
-										clientChoiceInt.IpThreatCategoryList.IpThreatCategories = ip_threat_categoriesList
+										path.PrefixValues = ls
+									}
 
+									if w, ok := pathMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										path.RegexValues = ls
 									}
 
-								}
+									if w, ok := pathMapStrToI["suffix_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										path.SuffixValues = ls
+									}
 
-							}
+									if v, ok := pathMapStrToI["transformers"]; ok && !isIntfNil(v) {
 
-							if v, ok := specMapStrToI["client_role"]; ok && !isIntfNil(v) {
+										transformersList := []ves_io_schema_policy.Transformer{}
+										for _, j := range v.([]interface{}) {
+											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+										}
+										path.Transformers = transformersList
 
-								sl := v.(*schema.Set).List()
-								clientRole := &ves_io_schema_policy.RoleMatcherType{}
-								spec.ClientRole = clientRole
-								for _, set := range sl {
-									clientRoleMapStrToI := set.(map[string]interface{})
+									}
 
-									if w, ok := clientRoleMapStrToI["match"]; ok && !isIntfNil(w) {
-										clientRole.Match = w.(string)
+									if w, ok := pathMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										path.InvertMatcher = w.(bool)
 									}
 
 								}
 
 							}
 
-							if v, ok := specMapStrToI["content_rewrite_action"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["port_matcher"]; ok && !isIntfNil(v) {
 
 								sl := v.(*schema.Set).List()
-								contentRewriteAction := &ves_io_schema_policy.ContentRewriteAction{}
-								spec.ContentRewriteAction = contentRewriteAction
+								portMatcher := &ves_io_schema_policy.PortMatcherType{}
+								spec.PortMatcher = portMatcher
 								for _, set := range sl {
-									contentRewriteActionMapStrToI := set.(map[string]interface{})
-
-									if w, ok := contentRewriteActionMapStrToI["element_selector"]; ok && !isIntfNil(w) {
-										contentRewriteAction.ElementSelector = w.(string)
-									}
+									portMatcherMapStrToI := set.(map[string]interface{})
 
-									if w, ok := contentRewriteActionMapStrToI["insert_content"]; ok && !isIntfNil(w) {
-										contentRewriteAction.InsertContent = w.(string)
+									if w, ok := portMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										portMatcher.InvertMatcher = w.(bool)
 									}
 
-									if v, ok := contentRewriteActionMapStrToI["position"]; ok && !isIntfNil(v) {
-
-										contentRewriteAction.Position = ves_io_schema_policy.HTMLPosition(ves_io_schema_policy.HTMLPosition_value[v.(string)])
-
+									if w, ok := portMatcherMapStrToI["ports"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										portMatcher.Ports = ls
 									}
 
 								}
 
 							}
 
-							if v, ok := specMapStrToI["cookie_matchers"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["query_params"]; ok && !isIntfNil(v) {
 
 								sl := v.([]interface{})
-								cookieMatchers := make([]*ves_io_schema_policy.CookieMatcherType, len(sl))
-								spec.CookieMatchers = cookieMatchers
+								queryParams := make([]*ves_io_schema_policy.QueryParameterMatcherType, len(sl))
+								spec.QueryParams = queryParams
 								for i, set := range sl {
-									cookieMatchers[i] = &ves_io_schema_policy.CookieMatcherType{}
-									cookieMatchersMapStrToI := set.(map[string]interface{})
+									queryParams[i] = &ves_io_schema_policy.QueryParameterMatcherType{}
+									queryParamsMapStrToI := set.(map[string]interface{})
 
-									if w, ok := cookieMatchersMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										cookieMatchers[i].InvertMatcher = w.(bool)
+									if w, ok := queryParamsMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										queryParams[i].InvertMatcher = w.(bool)
+									}
+
+									if w, ok := queryParamsMapStrToI["key"]; ok && !isIntfNil(w) {
+										queryParams[i].Key = w.(string)
 									}
 
 									matchTypeFound := false
 
-									if v, ok := cookieMatchersMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := queryParamsMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
 
 										if v.(bool) {
-											matchInt := &ves_io_schema_policy.CookieMatcherType_CheckNotPresent{}
+											matchInt := &ves_io_schema_policy.QueryParameterMatcherType_CheckNotPresent{}
 											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
-											cookieMatchers[i].Match = matchInt
+											queryParams[i].Match = matchInt
 										}
 
 									}
 
-									if v, ok := cookieMatchersMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := queryParamsMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
 
 										if v.(bool) {
-											matchInt := &ves_io_schema_policy.CookieMatcherType_CheckPresent{}
+											matchInt := &ves_io_schema_policy.QueryParameterMatcherType_CheckPresent{}
 											matchInt.CheckPresent = &ves_io_schema.Empty{}
-											cookieMatchers[i].Match = matchInt
+											queryParams[i].Match = matchInt
 										}
 
 									}
 
-									if v, ok := cookieMatchersMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := queryParamsMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.CookieMatcherType_Item{}
+										matchInt := &ves_io_schema_policy.QueryParameterMatcherType_Item{}
 										matchInt.Item = &ves_io_schema_policy.MatcherType{}
-										cookieMatchers[i].Match = matchInt
+										queryParams[i].Match = matchInt
 
 										sl := v.(*schema.Set).List()
 										for _, set := range sl {
@@ -5591,441 +7784,478 @@ func resourceVolterraServicePolicyUpdate(d *schema.ResourceData, meta interface{
 
 									}
 
-									if v, ok := cookieMatchersMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := queryParamsMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.CookieMatcherType_Presence{}
+										matchInt := &ves_io_schema_policy.QueryParameterMatcherType_Presence{}
 
-										cookieMatchers[i].Match = matchInt
+										queryParams[i].Match = matchInt
 
 										matchInt.Presence = v.(bool)
 
 									}
 
-									if w, ok := cookieMatchersMapStrToI["name"]; ok && !isIntfNil(w) {
-										cookieMatchers[i].Name = w.(string)
+								}
+
+							}
+
+							if v, ok := specMapStrToI["rate_limiter"]; ok && !isIntfNil(v) {
+
+								sl := v.([]interface{})
+								rateLimiterInt := make([]*ves_io_schema.ObjectRefType, len(sl))
+								spec.RateLimiter = rateLimiterInt
+								for i, ps := range sl {
+
+									rlMapToStrVal := ps.(map[string]interface{})
+									rateLimiterInt[i] = &ves_io_schema.ObjectRefType{}
+
+									rateLimiterInt[i].Kind = "rate_limiter"
+
+									if v, ok := rlMapToStrVal["name"]; ok && !isIntfNil(v) {
+										rateLimiterInt[i].Name = v.(string)
+									}
+
+									if v, ok := rlMapToStrVal["namespace"]; ok && !isIntfNil(v) {
+										rateLimiterInt[i].Namespace = v.(string)
+									}
+
+									if v, ok := rlMapToStrVal["tenant"]; ok && !isIntfNil(v) {
+										rateLimiterInt[i].Tenant = v.(string)
+									}
+
+									if v, ok := rlMapToStrVal["uid"]; ok && !isIntfNil(v) {
+										rateLimiterInt[i].Uid = v.(string)
 									}
 
 								}
 
 							}
 
-							if v, ok := specMapStrToI["domain_matcher"]; ok && !isIntfNil(v) {
+							if w, ok := specMapStrToI["scheme"]; ok && !isIntfNil(w) {
+								ls := make([]string, len(w.([]interface{})))
+								for i, v := range w.([]interface{}) {
+									ls[i] = v.(string)
+								}
+								spec.Scheme = ls
+							}
+
+							if v, ok := specMapStrToI["server_selector"]; ok && !isIntfNil(v) {
 
 								sl := v.(*schema.Set).List()
-								domainMatcher := &ves_io_schema_policy.MatcherType{}
-								spec.DomainMatcher = domainMatcher
+								serverSelector := &ves_io_schema.LabelSelectorType{}
+								spec.ServerSelector = serverSelector
 								for _, set := range sl {
-									domainMatcherMapStrToI := set.(map[string]interface{})
+									serverSelectorMapStrToI := set.(map[string]interface{})
 
-									if w, ok := domainMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+									if w, ok := serverSelectorMapStrToI["expressions"]; ok && !isIntfNil(w) {
 										ls := make([]string, len(w.([]interface{})))
 										for i, v := range w.([]interface{}) {
 											ls[i] = v.(string)
 										}
-										domainMatcher.ExactValues = ls
+										serverSelector.Expressions = ls
 									}
 
-									if w, ok := domainMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										domainMatcher.RegexValues = ls
+								}
+
+							}
+
+							if v, ok := specMapStrToI["shape_protected_endpoint_action"]; ok && !isIntfNil(v) {
+
+								sl := v.([]interface{})
+								shapeProtectedEndpointAction := &ves_io_schema_policy.ShapeProtectedEndpointAction{}
+								spec.ShapeProtectedEndpointAction = shapeProtectedEndpointAction
+								for _, set := range sl {
+									shapeProtectedEndpointActionMapStrToI := set.(map[string]interface{})
+
+									if w, ok := shapeProtectedEndpointActionMapStrToI["allow_goodbot"]; ok && !isIntfNil(w) {
+										shapeProtectedEndpointAction.AllowGoodbot = w.(bool)
 									}
 
-									if v, ok := domainMatcherMapStrToI["transformers"]; ok && !isIntfNil(v) {
+									if v, ok := shapeProtectedEndpointActionMapStrToI["app_traffic_type"]; ok && !isIntfNil(v) {
 
-										transformersList := []ves_io_schema_policy.Transformer{}
-										for _, j := range v.([]interface{}) {
-											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
-										}
-										domainMatcher.Transformers = transformersList
+										shapeProtectedEndpointAction.AppTrafficType = ves_io_schema_policy.AppTrafficType(ves_io_schema_policy.AppTrafficType_value[v.(string)])
 
 									}
 
-								}
+									if w, ok := shapeProtectedEndpointActionMapStrToI["flow_label"]; ok && !isIntfNil(w) {
+										shapeProtectedEndpointAction.FlowLabel = w.(string)
+									}
 
-							}
+									if v, ok := shapeProtectedEndpointActionMapStrToI["mitigation"]; ok && !isIntfNil(v) {
 
-							dstAsnChoiceTypeFound := false
+										sl := v.([]interface{})
+										mitigation := &ves_io_schema_policy.ShapeBotMitigationAction{}
+										shapeProtectedEndpointAction.Mitigation = mitigation
+										for _, set := range sl {
+											mitigationMapStrToI := set.(map[string]interface{})
 
-							if v, ok := specMapStrToI["any_dst_asn"]; ok && !isIntfNil(v) && !dstAsnChoiceTypeFound {
+											actionTypeTypeFound := false
 
-								dstAsnChoiceTypeFound = true
+											if v, ok := mitigationMapStrToI["block"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+
+												actionTypeTypeFound = true
+												actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_Block{}
+												actionTypeInt.Block = &ves_io_schema_policy.ShapeBotBlockMitigationActionType{}
+												mitigation.ActionType = actionTypeInt
+
+												sl := v.([]interface{})
+												for _, set := range sl {
+													cs := set.(map[string]interface{})
 
-								if v.(bool) {
-									dstAsnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyDstAsn{}
-									dstAsnChoiceInt.AnyDstAsn = &ves_io_schema.Empty{}
-									spec.DstAsnChoice = dstAsnChoiceInt
-								}
+													if v, ok := cs["body"]; ok && !isIntfNil(v) {
 
-							}
+														actionTypeInt.Block.Body = v.(string)
 
-							if v, ok := specMapStrToI["dst_asn_list"]; ok && !isIntfNil(v) && !dstAsnChoiceTypeFound {
+													}
 
-								dstAsnChoiceTypeFound = true
-								dstAsnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstAsnList{}
-								dstAsnChoiceInt.DstAsnList = &ves_io_schema_policy.AsnMatchList{}
-								spec.DstAsnChoice = dstAsnChoiceInt
+													if v, ok := cs["body_hash"]; ok && !isIntfNil(v) {
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+														actionTypeInt.Block.BodyHash = v.(string)
 
-									if v, ok := cs["as_numbers"]; ok && !isIntfNil(v) {
+													}
 
-										ls := make([]uint32, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = uint32(v.(int))
-										}
-										dstAsnChoiceInt.DstAsnList.AsNumbers = ls
+													if v, ok := cs["status"]; ok && !isIntfNil(v) {
 
-									}
+														actionTypeInt.Block.Status = ves_io_schema.HttpStatusCode(ves_io_schema.HttpStatusCode_value[v.(string)])
 
-								}
+													}
 
-							}
+												}
 
-							if v, ok := specMapStrToI["dst_asn_matcher"]; ok && !isIntfNil(v) && !dstAsnChoiceTypeFound {
+											}
 
-								dstAsnChoiceTypeFound = true
-								dstAsnChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstAsnMatcher{}
-								dstAsnChoiceInt.DstAsnMatcher = &ves_io_schema_policy.AsnMatcherType{}
-								spec.DstAsnChoice = dstAsnChoiceInt
+											if v, ok := mitigationMapStrToI["flag"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+												actionTypeTypeFound = true
+												actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_Flag{}
+												actionTypeInt.Flag = &ves_io_schema_policy.ShapeBotFlagMitigationActionChoiceType{}
+												mitigation.ActionType = actionTypeInt
 
-									if v, ok := cs["asn_sets"]; ok && !isIntfNil(v) {
+												sl := v.([]interface{})
+												for _, set := range sl {
+													cs := set.(map[string]interface{})
 
-										sl := v.([]interface{})
-										asnSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-										dstAsnChoiceInt.DstAsnMatcher.AsnSets = asnSetsInt
-										for i, ps := range sl {
+													sendHeadersChoiceTypeFound := false
 
-											asMapToStrVal := ps.(map[string]interface{})
-											asnSetsInt[i] = &ves_io_schema.ObjectRefType{}
+													if v, ok := cs["append_headers"]; ok && !isIntfNil(v) && !sendHeadersChoiceTypeFound {
 
-											asnSetsInt[i].Kind = "bgp_asn_set"
+														sendHeadersChoiceTypeFound = true
+														sendHeadersChoiceInt := &ves_io_schema_policy.ShapeBotFlagMitigationActionChoiceType_AppendHeaders{}
+														sendHeadersChoiceInt.AppendHeaders = &ves_io_schema_policy.ShapeBotFlagMitigationActionType{}
+														actionTypeInt.Flag.SendHeadersChoice = sendHeadersChoiceInt
 
-											if v, ok := asMapToStrVal["name"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Name = v.(string)
-											}
+														sl := v.([]interface{})
+														for _, set := range sl {
+															cs := set.(map[string]interface{})
 
-											if v, ok := asMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Namespace = v.(string)
-											}
+															if v, ok := cs["auto_type_header_name"]; ok && !isIntfNil(v) {
 
-											if v, ok := asMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Tenant = v.(string)
-											}
+																sendHeadersChoiceInt.AppendHeaders.AutoTypeHeaderName = v.(string)
 
-											if v, ok := asMapToStrVal["uid"]; ok && !isIntfNil(v) {
-												asnSetsInt[i].Uid = v.(string)
-											}
+															}
 
-										}
+															if v, ok := cs["inference_header_name"]; ok && !isIntfNil(v) {
 
-									}
+																sendHeadersChoiceInt.AppendHeaders.InferenceHeaderName = v.(string)
 
-								}
+															}
 
-							}
+														}
 
-							dstIpChoiceTypeFound := false
+													}
 
-							if v, ok := specMapStrToI["any_dst_ip"]; ok && !isIntfNil(v) && !dstIpChoiceTypeFound {
+													if v, ok := cs["no_headers"]; ok && !isIntfNil(v) && !sendHeadersChoiceTypeFound {
 
-								dstIpChoiceTypeFound = true
+														sendHeadersChoiceTypeFound = true
 
-								if v.(bool) {
-									dstIpChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyDstIp{}
-									dstIpChoiceInt.AnyDstIp = &ves_io_schema.Empty{}
-									spec.DstIpChoice = dstIpChoiceInt
-								}
+														if v.(bool) {
+															sendHeadersChoiceInt := &ves_io_schema_policy.ShapeBotFlagMitigationActionChoiceType_NoHeaders{}
+															sendHeadersChoiceInt.NoHeaders = &ves_io_schema.Empty{}
+															actionTypeInt.Flag.SendHeadersChoice = sendHeadersChoiceInt
+														}
 
-							}
+													}
 
-							if v, ok := specMapStrToI["dst_ip_matcher"]; ok && !isIntfNil(v) && !dstIpChoiceTypeFound {
+												}
 
-								dstIpChoiceTypeFound = true
-								dstIpChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstIpMatcher{}
-								dstIpChoiceInt.DstIpMatcher = &ves_io_schema_policy.IpMatcherType{}
-								spec.DstIpChoice = dstIpChoiceInt
+											}
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+											if v, ok := mitigationMapStrToI["none"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-									if v, ok := cs["invert_matcher"]; ok && !isIntfNil(v) {
+												actionTypeTypeFound = true
 
-										dstIpChoiceInt.DstIpMatcher.InvertMatcher = v.(bool)
+												if v.(bool) {
+													actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_None{}
+													actionTypeInt.None = &ves_io_schema.Empty{}
+													mitigation.ActionType = actionTypeInt
+												}
 
-									}
+											}
 
-									if v, ok := cs["prefix_sets"]; ok && !isIntfNil(v) {
+											if v, ok := mitigationMapStrToI["redirect"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-										sl := v.([]interface{})
-										prefixSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-										dstIpChoiceInt.DstIpMatcher.PrefixSets = prefixSetsInt
-										for i, ps := range sl {
+												actionTypeTypeFound = true
+												actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_Redirect{}
+												actionTypeInt.Redirect = &ves_io_schema_policy.ShapeBotRedirectMitigationActionType{}
+												mitigation.ActionType = actionTypeInt
 
-											psMapToStrVal := ps.(map[string]interface{})
-											prefixSetsInt[i] = &ves_io_schema.ObjectRefType{}
+												sl := v.([]interface{})
+												for _, set := range sl {
+													cs := set.(map[string]interface{})
 
-											prefixSetsInt[i].Kind = "ip_prefix_set"
+													if v, ok := cs["uri"]; ok && !isIntfNil(v) {
 
-											if v, ok := psMapToStrVal["name"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Name = v.(string)
-											}
+														actionTypeInt.Redirect.Uri = v.(string)
 
-											if v, ok := psMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Namespace = v.(string)
-											}
+													}
 
-											if v, ok := psMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Tenant = v.(string)
-											}
+												}
 
-											if v, ok := psMapToStrVal["uid"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Uid = v.(string)
 											}
 
 										}
 
 									}
 
-								}
+									if v, ok := shapeProtectedEndpointActionMapStrToI["transaction_result"]; ok && !isIntfNil(v) {
 
-							}
+										sl := v.(*schema.Set).List()
+										transactionResult := &ves_io_schema.BotDefenseTransactionResultType{}
+										shapeProtectedEndpointAction.TransactionResult = transactionResult
+										for _, set := range sl {
+											transactionResultMapStrToI := set.(map[string]interface{})
 
-							if v, ok := specMapStrToI["dst_ip_prefix_list"]; ok && !isIntfNil(v) && !dstIpChoiceTypeFound {
+											if v, ok := transactionResultMapStrToI["failure_conditions"]; ok && !isIntfNil(v) {
 
-								dstIpChoiceTypeFound = true
-								dstIpChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_DstIpPrefixList{}
-								dstIpChoiceInt.DstIpPrefixList = &ves_io_schema_policy.PrefixMatchList{}
-								spec.DstIpChoice = dstIpChoiceInt
+												sl := v.([]interface{})
+												failureConditions := make([]*ves_io_schema.BotDefenseTransactionResultCondition, len(sl))
+												transactionResult.FailureConditions = failureConditions
+												for i, set := range sl {
+													failureConditions[i] = &ves_io_schema.BotDefenseTransactionResultCondition{}
+													failureConditionsMapStrToI := set.(map[string]interface{})
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+													if w, ok := failureConditionsMapStrToI["name"]; ok && !isIntfNil(w) {
+														failureConditions[i].Name = w.(string)
+													}
 
-									if v, ok := cs["invert_match"]; ok && !isIntfNil(v) {
+													if w, ok := failureConditionsMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+														ls := make([]string, len(w.([]interface{})))
+														for i, v := range w.([]interface{}) {
+															ls[i] = v.(string)
+														}
+														failureConditions[i].RegexValues = ls
+													}
 
-										dstIpChoiceInt.DstIpPrefixList.InvertMatch = v.(bool)
+													if v, ok := failureConditionsMapStrToI["status"]; ok && !isIntfNil(v) {
 
-									}
+														failureConditions[i].Status = ves_io_schema.HttpStatusCode(ves_io_schema.HttpStatusCode_value[v.(string)])
 
-									if v, ok := cs["ip_prefixes"]; ok && !isIntfNil(v) {
+													}
 
-										ls := make([]string, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										dstIpChoiceInt.DstIpPrefixList.IpPrefixes = ls
+												}
 
-									}
+											}
 
-								}
+											if v, ok := transactionResultMapStrToI["success_conditions"]; ok && !isIntfNil(v) {
 
-							}
+												sl := v.([]interface{})
+												successConditions := make([]*ves_io_schema.BotDefenseTransactionResultCondition, len(sl))
+												transactionResult.SuccessConditions = successConditions
+												for i, set := range sl {
+													successConditions[i] = &ves_io_schema.BotDefenseTransactionResultCondition{}
+													successConditionsMapStrToI := set.(map[string]interface{})
 
-							if w, ok := specMapStrToI["expiration_timestamp"]; ok && !isIntfNil(w) {
-								ts, err := parseTime(w.(string))
-								if err != nil {
-									return fmt.Errorf("error creating ExpirationTimestamp, timestamp format is wrong: %s", err)
-								}
-								spec.ExpirationTimestamp = ts
-							}
+													if w, ok := successConditionsMapStrToI["name"]; ok && !isIntfNil(w) {
+														successConditions[i].Name = w.(string)
+													}
 
-							if v, ok := specMapStrToI["forwarding_class"]; ok && !isIntfNil(v) {
+													if w, ok := successConditionsMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+														ls := make([]string, len(w.([]interface{})))
+														for i, v := range w.([]interface{}) {
+															ls[i] = v.(string)
+														}
+														successConditions[i].RegexValues = ls
+													}
 
-								sl := v.([]interface{})
-								forwardingClassInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-								spec.ForwardingClass = forwardingClassInt
-								for i, ps := range sl {
+													if v, ok := successConditionsMapStrToI["status"]; ok && !isIntfNil(v) {
 
-									fcMapToStrVal := ps.(map[string]interface{})
-									forwardingClassInt[i] = &ves_io_schema.ObjectRefType{}
+														successConditions[i].Status = ves_io_schema.HttpStatusCode(ves_io_schema.HttpStatusCode_value[v.(string)])
 
-									forwardingClassInt[i].Kind = "forwarding_class"
+													}
 
-									if v, ok := fcMapToStrVal["name"]; ok && !isIntfNil(v) {
-										forwardingClassInt[i].Name = v.(string)
-									}
+												}
 
-									if v, ok := fcMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-										forwardingClassInt[i].Namespace = v.(string)
-									}
+											}
+
+										}
 
-									if v, ok := fcMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-										forwardingClassInt[i].Tenant = v.(string)
 									}
 
-									if v, ok := fcMapToStrVal["uid"]; ok && !isIntfNil(v) {
-										forwardingClassInt[i].Uid = v.(string)
+									if w, ok := shapeProtectedEndpointActionMapStrToI["web_scraping"]; ok && !isIntfNil(w) {
+										shapeProtectedEndpointAction.WebScraping = w.(bool)
 									}
 
 								}
 
 							}
 
-							if v, ok := specMapStrToI["goto_policy"]; ok && !isIntfNil(v) {
-
-								sl := v.([]interface{})
-								gotoPolicyInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-								spec.GotoPolicy = gotoPolicyInt
-								for i, ps := range sl {
+							if v, ok := specMapStrToI["tls_fingerprint_matcher"]; ok && !isIntfNil(v) {
 
-									gpMapToStrVal := ps.(map[string]interface{})
-									gotoPolicyInt[i] = &ves_io_schema.ObjectRefType{}
+								sl := v.(*schema.Set).List()
+								tlsFingerprintMatcher := &ves_io_schema_policy.TlsFingerprintMatcherType{}
+								spec.TlsFingerprintMatcher = tlsFingerprintMatcher
+								for _, set := range sl {
+									tlsFingerprintMatcherMapStrToI := set.(map[string]interface{})
 
-									gotoPolicyInt[i].Kind = "service_policy"
+									if v, ok := tlsFingerprintMatcherMapStrToI["classes"]; ok && !isIntfNil(v) {
 
-									if v, ok := gpMapToStrVal["name"]; ok && !isIntfNil(v) {
-										gotoPolicyInt[i].Name = v.(string)
-									}
+										classesList := []ves_io_schema_policy.KnownTlsFingerprintClass{}
+										for _, j := range v.([]interface{}) {
+											classesList = append(classesList, ves_io_schema_policy.KnownTlsFingerprintClass(ves_io_schema_policy.KnownTlsFingerprintClass_value[j.(string)]))
+										}
+										tlsFingerprintMatcher.Classes = classesList
 
-									if v, ok := gpMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-										gotoPolicyInt[i].Namespace = v.(string)
 									}
 
-									if v, ok := gpMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-										gotoPolicyInt[i].Tenant = v.(string)
+									if w, ok := tlsFingerprintMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										tlsFingerprintMatcher.ExactValues = ls
 									}
 
-									if v, ok := gpMapToStrVal["uid"]; ok && !isIntfNil(v) {
-										gotoPolicyInt[i].Uid = v.(string)
+									if w, ok := tlsFingerprintMatcherMapStrToI["excluded_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										tlsFingerprintMatcher.ExcludedValues = ls
 									}
 
 								}
 
 							}
 
-							if v, ok := specMapStrToI["headers"]; ok && !isIntfNil(v) {
-
-								sl := v.([]interface{})
-								headers := make([]*ves_io_schema_policy.HeaderMatcherType, len(sl))
-								spec.Headers = headers
-								for i, set := range sl {
-									headers[i] = &ves_io_schema_policy.HeaderMatcherType{}
-									headersMapStrToI := set.(map[string]interface{})
+							if v, ok := specMapStrToI["url_matcher"]; ok && !isIntfNil(v) {
 
-									if w, ok := headersMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										headers[i].InvertMatcher = w.(bool)
+								sl := v.(*schema.Set).List()
+								urlMatcher := &ves_io_schema_policy.URLMatcherType{}
+								spec.UrlMatcher = urlMatcher
+								for _, set := range sl {
+									urlMatcherMapStrToI := set.(map[string]interface{})
+
+									if w, ok := urlMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										urlMatcher.InvertMatcher = w.(bool)
 									}
 
-									matchTypeFound := false
+									if v, ok := urlMatcherMapStrToI["url_items"]; ok && !isIntfNil(v) {
 
-									if v, ok := headersMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+										sl := v.([]interface{})
+										urlItems := make([]*ves_io_schema_policy.URLItem, len(sl))
+										urlMatcher.UrlItems = urlItems
+										for i, set := range sl {
+											urlItems[i] = &ves_io_schema_policy.URLItem{}
+											urlItemsMapStrToI := set.(map[string]interface{})
 
-										matchTypeFound = true
+											domainChoiceTypeFound := false
 
-										if v.(bool) {
-											matchInt := &ves_io_schema_policy.HeaderMatcherType_CheckNotPresent{}
-											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
-											headers[i].Match = matchInt
-										}
+											if v, ok := urlItemsMapStrToI["domain_regex"]; ok && !isIntfNil(v) && !domainChoiceTypeFound {
 
-									}
+												domainChoiceTypeFound = true
+												domainChoiceInt := &ves_io_schema_policy.URLItem_DomainRegex{}
 
-									if v, ok := headersMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+												urlItems[i].DomainChoice = domainChoiceInt
 
-										matchTypeFound = true
+												domainChoiceInt.DomainRegex = v.(string)
 
-										if v.(bool) {
-											matchInt := &ves_io_schema_policy.HeaderMatcherType_CheckPresent{}
-											matchInt.CheckPresent = &ves_io_schema.Empty{}
-											headers[i].Match = matchInt
-										}
+											}
 
-									}
+											if v, ok := urlItemsMapStrToI["domain_value"]; ok && !isIntfNil(v) && !domainChoiceTypeFound {
 
-									if v, ok := headersMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
+												domainChoiceTypeFound = true
+												domainChoiceInt := &ves_io_schema_policy.URLItem_DomainValue{}
 
-										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.HeaderMatcherType_Item{}
-										matchInt.Item = &ves_io_schema_policy.MatcherType{}
-										headers[i].Match = matchInt
+												urlItems[i].DomainChoice = domainChoiceInt
 
-										sl := v.(*schema.Set).List()
-										for _, set := range sl {
-											cs := set.(map[string]interface{})
+												domainChoiceInt.DomainValue = v.(string)
 
-											if v, ok := cs["exact_values"]; ok && !isIntfNil(v) {
+											}
 
-												ls := make([]string, len(v.([]interface{})))
-												for i, v := range v.([]interface{}) {
-													ls[i] = v.(string)
-												}
-												matchInt.Item.ExactValues = ls
+											pathChoiceTypeFound := false
 
-											}
+											if v, ok := urlItemsMapStrToI["path_prefix"]; ok && !isIntfNil(v) && !pathChoiceTypeFound {
 
-											if v, ok := cs["regex_values"]; ok && !isIntfNil(v) {
+												pathChoiceTypeFound = true
+												pathChoiceInt := &ves_io_schema_policy.URLItem_PathPrefix{}
 
-												ls := make([]string, len(v.([]interface{})))
-												for i, v := range v.([]interface{}) {
-													ls[i] = v.(string)
-												}
-												matchInt.Item.RegexValues = ls
+												urlItems[i].PathChoice = pathChoiceInt
+
+												pathChoiceInt.PathPrefix = v.(string)
 
 											}
 
-											if v, ok := cs["transformers"]; ok && !isIntfNil(v) {
+											if v, ok := urlItemsMapStrToI["path_regex"]; ok && !isIntfNil(v) && !pathChoiceTypeFound {
 
-												transformersList := []ves_io_schema_policy.Transformer{}
-												for _, j := range v.([]interface{}) {
-													transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
-												}
-												matchInt.Item.Transformers = transformersList
+												pathChoiceTypeFound = true
+												pathChoiceInt := &ves_io_schema_policy.URLItem_PathRegex{}
 
-											}
+												urlItems[i].PathChoice = pathChoiceInt
 
-										}
+												pathChoiceInt.PathRegex = v.(string)
 
-									}
+											}
 
-									if v, ok := headersMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
+											if v, ok := urlItemsMapStrToI["path_value"]; ok && !isIntfNil(v) && !pathChoiceTypeFound {
 
-										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.HeaderMatcherType_Presence{}
+												pathChoiceTypeFound = true
+												pathChoiceInt := &ves_io_schema_policy.URLItem_PathValue{}
 
-										headers[i].Match = matchInt
+												urlItems[i].PathChoice = pathChoiceInt
 
-										matchInt.Presence = v.(bool)
+												pathChoiceInt.PathValue = v.(string)
 
-									}
+											}
+
+										}
 
-									if w, ok := headersMapStrToI["name"]; ok && !isIntfNil(w) {
-										headers[i].Name = w.(string)
 									}
 
 								}
 
 							}
 
-							if v, ok := specMapStrToI["http_method"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["virtual_host_matcher"]; ok && !isIntfNil(v) {
 
 								sl := v.(*schema.Set).List()
-								httpMethod := &ves_io_schema_policy.HttpMethodMatcherType{}
-								spec.HttpMethod = httpMethod
+								virtualHostMatcher := &ves_io_schema_policy.MatcherType{}
+								spec.VirtualHostMatcher = virtualHostMatcher
 								for _, set := range sl {
-									httpMethodMapStrToI := set.(map[string]interface{})
+									virtualHostMatcherMapStrToI := set.(map[string]interface{})
 
-									if w, ok := httpMethodMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										httpMethod.InvertMatcher = w.(bool)
+									if w, ok := virtualHostMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										virtualHostMatcher.ExactValues = ls
 									}
 
-									if v, ok := httpMethodMapStrToI["methods"]; ok && !isIntfNil(v) {
+									if w, ok := virtualHostMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+										for i, v := range w.([]interface{}) {
+											ls[i] = v.(string)
+										}
+										virtualHostMatcher.RegexValues = ls
+									}
 
-										methodsList := []ves_io_schema.HttpMethod{}
+									if v, ok := virtualHostMatcherMapStrToI["transformers"]; ok && !isIntfNil(v) {
+
+										transformersList := []ves_io_schema_policy.Transformer{}
 										for _, j := range v.([]interface{}) {
-											methodsList = append(methodsList, ves_io_schema.HttpMethod(ves_io_schema.HttpMethod_value[j.(string)]))
+											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
 										}
-										httpMethod.Methods = methodsList
+										virtualHostMatcher.Transformers = transformersList
 
 									}
 
@@ -6033,294 +8263,230 @@ func resourceVolterraServicePolicyUpdate(d *schema.ResourceData, meta interface{
 
 							}
 
-							ipChoiceTypeFound := false
+							if v, ok := specMapStrToI["waf_action"]; ok && !isIntfNil(v) {
 
-							if v, ok := specMapStrToI["any_ip"]; ok && !isIntfNil(v) && !ipChoiceTypeFound {
+								sl := v.(*schema.Set).List()
+								wafAction := &ves_io_schema_policy.WafAction{}
+								spec.WafAction = wafAction
+								for _, set := range sl {
+									wafActionMapStrToI := set.(map[string]interface{})
 
-								ipChoiceTypeFound = true
+									actionTypeTypeFound := false
 
-								if v.(bool) {
-									ipChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_AnyIp{}
-									ipChoiceInt.AnyIp = &ves_io_schema.Empty{}
-									spec.IpChoice = ipChoiceInt
-								}
+									if v, ok := wafActionMapStrToI["app_firewall_detection_control"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-							}
+										actionTypeTypeFound = true
+										actionTypeInt := &ves_io_schema_policy.WafAction_AppFirewallDetectionControl{}
+										actionTypeInt.AppFirewallDetectionControl = &ves_io_schema_policy.AppFirewallDetectionControl{}
+										wafAction.ActionType = actionTypeInt
 
-							if v, ok := specMapStrToI["ip_matcher"]; ok && !isIntfNil(v) && !ipChoiceTypeFound {
+										sl := v.(*schema.Set).List()
+										for _, set := range sl {
+											cs := set.(map[string]interface{})
 
-								ipChoiceTypeFound = true
-								ipChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_IpMatcher{}
-								ipChoiceInt.IpMatcher = &ves_io_schema_policy.IpMatcherType{}
-								spec.IpChoice = ipChoiceInt
+											if v, ok := cs["exclude_attack_type_contexts"]; ok && !isIntfNil(v) {
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+												sl := v.([]interface{})
+												excludeAttackTypeContexts := make([]*ves_io_schema_policy.AppFirewallAttackTypeContext, len(sl))
+												actionTypeInt.AppFirewallDetectionControl.ExcludeAttackTypeContexts = excludeAttackTypeContexts
+												for i, set := range sl {
+													excludeAttackTypeContexts[i] = &ves_io_schema_policy.AppFirewallAttackTypeContext{}
+													excludeAttackTypeContextsMapStrToI := set.(map[string]interface{})
 
-									if v, ok := cs["invert_matcher"]; ok && !isIntfNil(v) {
+													if v, ok := excludeAttackTypeContextsMapStrToI["exclude_attack_type"]; ok && !isIntfNil(v) {
 
-										ipChoiceInt.IpMatcher.InvertMatcher = v.(bool)
+														excludeAttackTypeContexts[i].ExcludeAttackType = ves_io_schema_app_firewall.AttackType(ves_io_schema_app_firewall.AttackType_value[v.(string)])
 
-									}
+													}
 
-									if v, ok := cs["prefix_sets"]; ok && !isIntfNil(v) {
+													if v, ok := excludeAttackTypeContextsMapStrToI["context"]; ok && !isIntfNil(v) {
 
-										sl := v.([]interface{})
-										prefixSetsInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-										ipChoiceInt.IpMatcher.PrefixSets = prefixSetsInt
-										for i, ps := range sl {
+														excludeAttackTypeContexts[i].Context = ves_io_schema_policy.DetectionContext(ves_io_schema_policy.DetectionContext_value[v.(string)])
 
-											psMapToStrVal := ps.(map[string]interface{})
-											prefixSetsInt[i] = &ves_io_schema.ObjectRefType{}
+													}
 
-											prefixSetsInt[i].Kind = "ip_prefix_set"
+													if v, ok := excludeAttackTypeContextsMapStrToI["context_name"]; ok && !isIntfNil(v) {
 
-											if v, ok := psMapToStrVal["name"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Name = v.(string)
-											}
+														excludeAttackTypeContexts[i].ContextName = v.(string)
 
-											if v, ok := psMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Namespace = v.(string)
-											}
+													}
 
-											if v, ok := psMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Tenant = v.(string)
-											}
+												}
 
-											if v, ok := psMapToStrVal["uid"]; ok && !isIntfNil(v) {
-												prefixSetsInt[i].Uid = v.(string)
 											}
 
-										}
-
-									}
-
-								}
+											if v, ok := cs["exclude_signature_contexts"]; ok && !isIntfNil(v) {
 
-							}
+												sl := v.([]interface{})
+												excludeSignatureContexts := make([]*ves_io_schema_policy.AppFirewallSignatureContext, len(sl))
+												actionTypeInt.AppFirewallDetectionControl.ExcludeSignatureContexts = excludeSignatureContexts
+												for i, set := range sl {
+													excludeSignatureContexts[i] = &ves_io_schema_policy.AppFirewallSignatureContext{}
+													excludeSignatureContextsMapStrToI := set.(map[string]interface{})
 
-							if v, ok := specMapStrToI["ip_prefix_list"]; ok && !isIntfNil(v) && !ipChoiceTypeFound {
+													if w, ok := excludeSignatureContextsMapStrToI["signature_id"]; ok && !isIntfNil(w) {
+														excludeSignatureContexts[i].SignatureId = uint32(w.(int))
+													}
 
-								ipChoiceTypeFound = true
-								ipChoiceInt := &ves_io_schema_service_policy_rule.GlobalSpecType_IpPrefixList{}
-								ipChoiceInt.IpPrefixList = &ves_io_schema_policy.PrefixMatchList{}
-								spec.IpChoice = ipChoiceInt
+													if v, ok := excludeSignatureContextsMapStrToI["context"]; ok && !isIntfNil(v) {
 
-								sl := v.(*schema.Set).List()
-								for _, set := range sl {
-									cs := set.(map[string]interface{})
+														excludeSignatureContexts[i].Context = ves_io_schema_policy.DetectionContext(ves_io_schema_policy.DetectionContext_value[v.(string)])
 
-									if v, ok := cs["invert_match"]; ok && !isIntfNil(v) {
+													}
 
-										ipChoiceInt.IpPrefixList.InvertMatch = v.(bool)
+													if v, ok := excludeSignatureContextsMapStrToI["context_name"]; ok && !isIntfNil(v) {
 
-									}
+														excludeSignatureContexts[i].ContextName = v.(string)
 
-									if v, ok := cs["ip_prefixes"]; ok && !isIntfNil(v) {
+													}
 
-										ls := make([]string, len(v.([]interface{})))
-										for i, v := range v.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										ipChoiceInt.IpPrefixList.IpPrefixes = ls
+												}
 
-									}
+											}
 
-								}
+											if v, ok := cs["exclude_violation_contexts"]; ok && !isIntfNil(v) {
 
-							}
+												sl := v.([]interface{})
+												excludeViolationContexts := make([]*ves_io_schema_policy.AppFirewallViolationContext, len(sl))
+												actionTypeInt.AppFirewallDetectionControl.ExcludeViolationContexts = excludeViolationContexts
+												for i, set := range sl {
+													excludeViolationContexts[i] = &ves_io_schema_policy.AppFirewallViolationContext{}
+													excludeViolationContextsMapStrToI := set.(map[string]interface{})
 
-							if v, ok := specMapStrToI["l4_dest_matcher"]; ok && !isIntfNil(v) {
+													if v, ok := excludeViolationContextsMapStrToI["exclude_violation"]; ok && !isIntfNil(v) {
 
-								sl := v.(*schema.Set).List()
-								l4DestMatcher := &ves_io_schema_policy.L4DestMatcherType{}
-								spec.L4DestMatcher = l4DestMatcher
-								for _, set := range sl {
-									l4DestMatcherMapStrToI := set.(map[string]interface{})
+														excludeViolationContexts[i].ExcludeViolation = ves_io_schema_app_firewall.AppFirewallViolationType(ves_io_schema_app_firewall.AppFirewallViolationType_value[v.(string)])
 
-									if w, ok := l4DestMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										l4DestMatcher.InvertMatcher = w.(bool)
-									}
+													}
 
-									if v, ok := l4DestMatcherMapStrToI["l4_dests"]; ok && !isIntfNil(v) {
+													if v, ok := excludeViolationContextsMapStrToI["context"]; ok && !isIntfNil(v) {
 
-										sl := v.([]interface{})
-										l4Dests := make([]*ves_io_schema.L4DestType, len(sl))
-										l4DestMatcher.L4Dests = l4Dests
-										for i, set := range sl {
-											l4Dests[i] = &ves_io_schema.L4DestType{}
-											l4DestsMapStrToI := set.(map[string]interface{})
+														excludeViolationContexts[i].Context = ves_io_schema_policy.DetectionContext(ves_io_schema_policy.DetectionContext_value[v.(string)])
 
-											if w, ok := l4DestsMapStrToI["port_ranges"]; ok && !isIntfNil(w) {
-												l4Dests[i].PortRanges = w.(string)
-											}
+													}
 
-											if w, ok := l4DestsMapStrToI["prefixes"]; ok && !isIntfNil(w) {
-												ls := make([]string, len(w.([]interface{})))
-												for i, v := range w.([]interface{}) {
-													ls[i] = v.(string)
-												}
-												l4Dests[i].Prefixes = ls
-											}
+													if v, ok := excludeViolationContextsMapStrToI["context_name"]; ok && !isIntfNil(v) {
 
-										}
+														excludeViolationContexts[i].ContextName = v.(string)
 
-									}
+													}
 
-								}
+												}
 
-							}
+											}
 
-							if v, ok := specMapStrToI["label_matcher"]; ok && !isIntfNil(v) {
+											if v, ok := cs["exclude_bot_names"]; ok && !isIntfNil(v) {
 
-								sl := v.(*schema.Set).List()
-								labelMatcher := &ves_io_schema.LabelMatcherType{}
-								spec.LabelMatcher = labelMatcher
-								for _, set := range sl {
-									labelMatcherMapStrToI := set.(map[string]interface{})
+												sl := v.([]interface{})
+												excludeBotNameContexts := make([]*ves_io_schema_policy.BotNameContext , len(sl))
+												actionTypeInt.AppFirewallDetectionControl.ExcludeBotNameContexts = excludeBotNameContexts
+												for i, set := range sl {
+													excludeBotNameContexts[i] = &ves_io_schema_policy.BotNameContext{}
+													excludeViolationContextsMapStrToI := set.(map[string]interface{})
 
-									if w, ok := labelMatcherMapStrToI["keys"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										labelMatcher.Keys = ls
-									}
+													if v, ok := excludeViolationContextsMapStrToI["bot_name"]; ok && !isIntfNil(v) {
 
-								}
+														excludeBotNameContexts[i].BotName =  v.(string)
 
-							}
+													}
 
-							if v, ok := specMapStrToI["path"]; ok && !isIntfNil(v) {
 
-								sl := v.(*schema.Set).List()
-								path := &ves_io_schema_policy.PathMatcherType{}
-								spec.Path = path
-								for _, set := range sl {
-									pathMapStrToI := set.(map[string]interface{})
+												}
 
-									if w, ok := pathMapStrToI["exact_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										path.ExactValues = ls
-									}
+											}
 
-									if w, ok := pathMapStrToI["prefix_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
 										}
-										path.PrefixValues = ls
-									}
 
-									if w, ok := pathMapStrToI["regex_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										path.RegexValues = ls
 									}
 
-									if w, ok := pathMapStrToI["suffix_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										path.SuffixValues = ls
-									}
+									if v, ok := wafActionMapStrToI["none"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-									if v, ok := pathMapStrToI["transformers"]; ok && !isIntfNil(v) {
+										actionTypeTypeFound = true
 
-										transformersList := []ves_io_schema_policy.Transformer{}
-										for _, j := range v.([]interface{}) {
-											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+										if v.(bool) {
+											actionTypeInt := &ves_io_schema_policy.WafAction_None{}
+											actionTypeInt.None = &ves_io_schema.Empty{}
+											wafAction.ActionType = actionTypeInt
 										}
-										path.Transformers = transformersList
 
 									}
 
-								}
-
-							}
+									if v, ok := wafActionMapStrToI["waf_in_monitoring_mode"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
 
-							if v, ok := specMapStrToI["port_matcher"]; ok && !isIntfNil(v) {
+										actionTypeTypeFound = true
 
-								sl := v.(*schema.Set).List()
-								portMatcher := &ves_io_schema_policy.PortMatcherType{}
-								spec.PortMatcher = portMatcher
-								for _, set := range sl {
-									portMatcherMapStrToI := set.(map[string]interface{})
+										if v.(bool) {
+											actionTypeInt := &ves_io_schema_policy.WafAction_WafInMonitoringMode{}
+											actionTypeInt.WafInMonitoringMode = &ves_io_schema.Empty{}
+											wafAction.ActionType = actionTypeInt
+										}
 
-									if w, ok := portMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										portMatcher.InvertMatcher = w.(bool)
 									}
 
-									if w, ok := portMatcherMapStrToI["ports"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
+									if v, ok := wafActionMapStrToI["waf_skip_processing"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+
+										actionTypeTypeFound = true
+
+										if v.(bool) {
+											actionTypeInt := &ves_io_schema_policy.WafAction_WafSkipProcessing{}
+											actionTypeInt.WafSkipProcessing = &ves_io_schema.Empty{}
+											wafAction.ActionType = actionTypeInt
 										}
-										portMatcher.Ports = ls
+
 									}
 
 								}
 
 							}
 
-							if v, ok := specMapStrToI["query_params"]; ok && !isIntfNil(v) {
+							
+							if v, ok := specMapStrToI["jwt_claims"]; ok && !isIntfNil(v) {
 
 								sl := v.([]interface{})
-								queryParams := make([]*ves_io_schema_policy.QueryParameterMatcherType, len(sl))
-								spec.QueryParams = queryParams
+								jwtClaims := make([]*ves_io_schema_policy.JWTClaimMatcherType, len(sl))
+								spec.JwtClaims = jwtClaims
 								for i, set := range sl {
-									queryParams[i] = &ves_io_schema_policy.QueryParameterMatcherType{}
-									queryParamsMapStrToI := set.(map[string]interface{})
-
-									if w, ok := queryParamsMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										queryParams[i].InvertMatcher = w.(bool)
-									}
+									jwtClaims[i] = &ves_io_schema_policy.JWTClaimMatcherType{}
+									jwtClaimsMapStrToI := set.(map[string]interface{})
 
-									if w, ok := queryParamsMapStrToI["key"]; ok && !isIntfNil(w) {
-										queryParams[i].Key = w.(string)
+									if w, ok := jwtClaimsMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
+										jwtClaims[i].InvertMatcher = w.(bool)
 									}
 
 									matchTypeFound := false
 
-									if v, ok := queryParamsMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := jwtClaimsMapStrToI["check_not_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
 
 										if v.(bool) {
-											matchInt := &ves_io_schema_policy.QueryParameterMatcherType_CheckNotPresent{}
+											matchInt := &ves_io_schema_policy.JWTClaimMatcherType_CheckNotPresent{}
 											matchInt.CheckNotPresent = &ves_io_schema.Empty{}
-											queryParams[i].Match = matchInt
+											jwtClaims[i].Match = matchInt
 										}
 
 									}
 
-									if v, ok := queryParamsMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := jwtClaimsMapStrToI["check_present"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
 
 										if v.(bool) {
-											matchInt := &ves_io_schema_policy.QueryParameterMatcherType_CheckPresent{}
+											matchInt := &ves_io_schema_policy.JWTClaimMatcherType_CheckPresent{}
 											matchInt.CheckPresent = &ves_io_schema.Empty{}
-											queryParams[i].Match = matchInt
+											jwtClaims[i].Match = matchInt
 										}
 
 									}
 
-									if v, ok := queryParamsMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
+									if v, ok := jwtClaimsMapStrToI["item"]; ok && !isIntfNil(v) && !matchTypeFound {
 
 										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.QueryParameterMatcherType_Item{}
+										matchInt := &ves_io_schema_policy.JWTClaimMatcherType_Item{}
 										matchInt.Item = &ves_io_schema_policy.MatcherType{}
-										queryParams[i].Match = matchInt
+										jwtClaims[i].Match = matchInt
 
-										sl := v.(*schema.Set).List()
+										sl := v.([]interface{})
 										for _, set := range sl {
 											cs := set.(map[string]interface{})
 
@@ -6358,455 +8524,438 @@ func resourceVolterraServicePolicyUpdate(d *schema.ResourceData, meta interface{
 
 									}
 
-									if v, ok := queryParamsMapStrToI["presence"]; ok && !isIntfNil(v) && !matchTypeFound {
-
-										matchTypeFound = true
-										matchInt := &ves_io_schema_policy.QueryParameterMatcherType_Presence{}
-
-										queryParams[i].Match = matchInt
-
-										matchInt.Presence = v.(bool)
-
+									if w, ok := jwtClaimsMapStrToI["name"]; ok && !isIntfNil(w) {
+										jwtClaims[i].Name = w.(string)
 									}
 
 								}
 
 							}
 
-							if v, ok := specMapStrToI["rate_limiter"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["request_constraints"]; ok && !isIntfNil(v) {
 
 								sl := v.([]interface{})
-								rateLimiterInt := make([]*ves_io_schema.ObjectRefType, len(sl))
-								spec.RateLimiter = rateLimiterInt
-								for i, ps := range sl {
+								requestConstraints := &ves_io_schema_policy.RequestConstraintType{}
+								spec.RequestConstraints = requestConstraints
+								for _, set := range sl {
+									requestConstraintsMapStrToI := set.(map[string]interface{})
 
-									rlMapToStrVal := ps.(map[string]interface{})
-									rateLimiterInt[i] = &ves_io_schema.ObjectRefType{}
+									maxCookieCountChoiceTypeFound := false
 
-									rateLimiterInt[i].Kind = "rate_limiter"
+									if v, ok := requestConstraintsMapStrToI["max_cookie_count_exceeds"]; ok && !isIntfNil(v) && !maxCookieCountChoiceTypeFound {
 
-									if v, ok := rlMapToStrVal["name"]; ok && !isIntfNil(v) {
-										rateLimiterInt[i].Name = v.(string)
-									}
+										maxCookieCountChoiceTypeFound = true
+										maxCookieCountChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxCookieCountExceeds{}
 
-									if v, ok := rlMapToStrVal["namespace"]; ok && !isIntfNil(v) {
-										rateLimiterInt[i].Namespace = v.(string)
-									}
+										requestConstraints.MaxCookieCountChoice = maxCookieCountChoiceInt
 
-									if v, ok := rlMapToStrVal["tenant"]; ok && !isIntfNil(v) {
-										rateLimiterInt[i].Tenant = v.(string)
-									}
+										maxCookieCountChoiceInt.MaxCookieCountExceeds = uint32(v.(int))
 
-									if v, ok := rlMapToStrVal["uid"]; ok && !isIntfNil(v) {
-										rateLimiterInt[i].Uid = v.(string)
 									}
 
-								}
-
-							}
-
-							if w, ok := specMapStrToI["scheme"]; ok && !isIntfNil(w) {
-								ls := make([]string, len(w.([]interface{})))
-								for i, v := range w.([]interface{}) {
-									ls[i] = v.(string)
-								}
-								spec.Scheme = ls
-							}
-
-							if v, ok := specMapStrToI["server_selector"]; ok && !isIntfNil(v) {
+									if v, ok := requestConstraintsMapStrToI["max_cookie_count_none"]; ok && !isIntfNil(v) && !maxCookieCountChoiceTypeFound {
 
-								sl := v.(*schema.Set).List()
-								serverSelector := &ves_io_schema.LabelSelectorType{}
-								spec.ServerSelector = serverSelector
-								for _, set := range sl {
-									serverSelectorMapStrToI := set.(map[string]interface{})
+										maxCookieCountChoiceTypeFound = true
 
-									if w, ok := serverSelectorMapStrToI["expressions"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
+										if v.(bool) {
+											maxCookieCountChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxCookieCountNone{}
+											maxCookieCountChoiceInt.MaxCookieCountNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxCookieCountChoice = maxCookieCountChoiceInt
 										}
-										serverSelector.Expressions = ls
-									}
-
-								}
-
-							}
-
-							if v, ok := specMapStrToI["shape_protected_endpoint_action"]; ok && !isIntfNil(v) {
-
-								sl := v.(*schema.Set).List()
-								shapeProtectedEndpointAction := &ves_io_schema_policy.ShapeProtectedEndpointAction{}
-								spec.ShapeProtectedEndpointAction = shapeProtectedEndpointAction
-								for _, set := range sl {
-									shapeProtectedEndpointActionMapStrToI := set.(map[string]interface{})
-
-									if v, ok := shapeProtectedEndpointActionMapStrToI["app_traffic_type"]; ok && !isIntfNil(v) {
-
-										shapeProtectedEndpointAction.AppTrafficType = ves_io_schema_policy.AppTrafficType(ves_io_schema_policy.AppTrafficType_value[v.(string)])
 
 									}
 
-									if v, ok := shapeProtectedEndpointActionMapStrToI["mitigation"]; ok && !isIntfNil(v) {
+									maxCookieKeySizeChoiceTypeFound := false
 
-										sl := v.(*schema.Set).List()
-										mitigation := &ves_io_schema_policy.ShapeBotMitigationAction{}
-										shapeProtectedEndpointAction.Mitigation = mitigation
-										for _, set := range sl {
-											mitigationMapStrToI := set.(map[string]interface{})
+									if v, ok := requestConstraintsMapStrToI["max_cookie_key_size_exceeds"]; ok && !isIntfNil(v) && !maxCookieKeySizeChoiceTypeFound {
 
-											actionTypeTypeFound := false
+										maxCookieKeySizeChoiceTypeFound = true
+										maxCookieKeySizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxCookieKeySizeExceeds{}
 
-											if v, ok := mitigationMapStrToI["block"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+										requestConstraints.MaxCookieKeySizeChoice = maxCookieKeySizeChoiceInt
 
-												actionTypeTypeFound = true
-												actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_Block{}
-												actionTypeInt.Block = &ves_io_schema_policy.ShapeBotBlockMitigationActionType{}
-												mitigation.ActionType = actionTypeInt
+										maxCookieKeySizeChoiceInt.MaxCookieKeySizeExceeds = uint32(v.(int))
 
-												sl := v.(*schema.Set).List()
-												for _, set := range sl {
-													cs := set.(map[string]interface{})
+									}
 
-													if v, ok := cs["body"]; ok && !isIntfNil(v) {
+									if v, ok := requestConstraintsMapStrToI["max_cookie_key_size_none"]; ok && !isIntfNil(v) && !maxCookieKeySizeChoiceTypeFound {
 
-														actionTypeInt.Block.Body = v.(string)
+										maxCookieKeySizeChoiceTypeFound = true
 
-													}
+										if v.(bool) {
+											maxCookieKeySizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxCookieKeySizeNone{}
+											maxCookieKeySizeChoiceInt.MaxCookieKeySizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxCookieKeySizeChoice = maxCookieKeySizeChoiceInt
+										}
 
-													if v, ok := cs["status"]; ok && !isIntfNil(v) {
+									}
 
-														actionTypeInt.Block.Status = ves_io_schema.HttpStatusCode(ves_io_schema.HttpStatusCode_value[v.(string)])
+									maxCookieValueSizeChoiceTypeFound := false
 
-													}
+									if v, ok := requestConstraintsMapStrToI["max_cookie_value_size_exceeds"]; ok && !isIntfNil(v) && !maxCookieValueSizeChoiceTypeFound {
 
-												}
+										maxCookieValueSizeChoiceTypeFound = true
+										maxCookieValueSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxCookieValueSizeExceeds{}
 
-											}
+										requestConstraints.MaxCookieValueSizeChoice = maxCookieValueSizeChoiceInt
 
-											if v, ok := mitigationMapStrToI["none"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+										maxCookieValueSizeChoiceInt.MaxCookieValueSizeExceeds = uint32(v.(int))
 
-												actionTypeTypeFound = true
+									}
 
-												if v.(bool) {
-													actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_None{}
-													actionTypeInt.None = &ves_io_schema.Empty{}
-													mitigation.ActionType = actionTypeInt
-												}
+									if v, ok := requestConstraintsMapStrToI["max_cookie_value_size_none"]; ok && !isIntfNil(v) && !maxCookieValueSizeChoiceTypeFound {
 
-											}
+										maxCookieValueSizeChoiceTypeFound = true
 
-											if v, ok := mitigationMapStrToI["redirect"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+										if v.(bool) {
+											maxCookieValueSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxCookieValueSizeNone{}
+											maxCookieValueSizeChoiceInt.MaxCookieValueSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxCookieValueSizeChoice = maxCookieValueSizeChoiceInt
+										}
 
-												actionTypeTypeFound = true
-												actionTypeInt := &ves_io_schema_policy.ShapeBotMitigationAction_Redirect{}
-												actionTypeInt.Redirect = &ves_io_schema_policy.ShapeBotRedirectMitigationActionType{}
-												mitigation.ActionType = actionTypeInt
+									}
 
-												sl := v.(*schema.Set).List()
-												for _, set := range sl {
-													cs := set.(map[string]interface{})
+									maxHeaderCountChoiceTypeFound := false
 
-													if v, ok := cs["uri"]; ok && !isIntfNil(v) {
+									if v, ok := requestConstraintsMapStrToI["max_header_count_exceeds"]; ok && !isIntfNil(v) && !maxHeaderCountChoiceTypeFound {
 
-														actionTypeInt.Redirect.Uri = v.(string)
+										maxHeaderCountChoiceTypeFound = true
+										maxHeaderCountChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxHeaderCountExceeds{}
 
-													}
+										requestConstraints.MaxHeaderCountChoice = maxHeaderCountChoiceInt
 
-												}
+										maxHeaderCountChoiceInt.MaxHeaderCountExceeds = uint32(v.(int))
 
-											}
+									}
 
+									if v, ok := requestConstraintsMapStrToI["max_header_count_none"]; ok && !isIntfNil(v) && !maxHeaderCountChoiceTypeFound {
+
+										maxHeaderCountChoiceTypeFound = true
+
+										if v.(bool) {
+											maxHeaderCountChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxHeaderCountNone{}
+											maxHeaderCountChoiceInt.MaxHeaderCountNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxHeaderCountChoice = maxHeaderCountChoiceInt
 										}
 
 									}
 
-								}
+									maxHeaderKeySizeChoiceTypeFound := false
 
-							}
+									if v, ok := requestConstraintsMapStrToI["max_header_key_size_exceeds"]; ok && !isIntfNil(v) && !maxHeaderKeySizeChoiceTypeFound {
 
-							if v, ok := specMapStrToI["tls_fingerprint_matcher"]; ok && !isIntfNil(v) {
+										maxHeaderKeySizeChoiceTypeFound = true
+										maxHeaderKeySizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxHeaderKeySizeExceeds{}
 
-								sl := v.(*schema.Set).List()
-								tlsFingerprintMatcher := &ves_io_schema_policy.TlsFingerprintMatcherType{}
-								spec.TlsFingerprintMatcher = tlsFingerprintMatcher
-								for _, set := range sl {
-									tlsFingerprintMatcherMapStrToI := set.(map[string]interface{})
+										requestConstraints.MaxHeaderKeySizeChoice = maxHeaderKeySizeChoiceInt
 
-									if v, ok := tlsFingerprintMatcherMapStrToI["classes"]; ok && !isIntfNil(v) {
+										maxHeaderKeySizeChoiceInt.MaxHeaderKeySizeExceeds = uint32(v.(int))
 
-										classesList := []ves_io_schema_policy.KnownTlsFingerprintClass{}
-										for _, j := range v.([]interface{}) {
-											classesList = append(classesList, ves_io_schema_policy.KnownTlsFingerprintClass(ves_io_schema_policy.KnownTlsFingerprintClass_value[j.(string)]))
+									}
+
+									if v, ok := requestConstraintsMapStrToI["max_header_key_size_none"]; ok && !isIntfNil(v) && !maxHeaderKeySizeChoiceTypeFound {
+
+										maxHeaderKeySizeChoiceTypeFound = true
+
+										if v.(bool) {
+											maxHeaderKeySizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxHeaderKeySizeNone{}
+											maxHeaderKeySizeChoiceInt.MaxHeaderKeySizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxHeaderKeySizeChoice = maxHeaderKeySizeChoiceInt
 										}
-										tlsFingerprintMatcher.Classes = classesList
 
 									}
 
-									if w, ok := tlsFingerprintMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										tlsFingerprintMatcher.ExactValues = ls
+									maxHeaderValueSizeChoiceTypeFound := false
+
+									if v, ok := requestConstraintsMapStrToI["max_header_value_size_exceeds"]; ok && !isIntfNil(v) && !maxHeaderValueSizeChoiceTypeFound {
+
+										maxHeaderValueSizeChoiceTypeFound = true
+										maxHeaderValueSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxHeaderValueSizeExceeds{}
+
+										requestConstraints.MaxHeaderValueSizeChoice = maxHeaderValueSizeChoiceInt
+
+										maxHeaderValueSizeChoiceInt.MaxHeaderValueSizeExceeds = uint32(v.(int))
+
 									}
 
-									if w, ok := tlsFingerprintMatcherMapStrToI["excluded_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
+									if v, ok := requestConstraintsMapStrToI["max_header_value_size_none"]; ok && !isIntfNil(v) && !maxHeaderValueSizeChoiceTypeFound {
+
+										maxHeaderValueSizeChoiceTypeFound = true
+
+										if v.(bool) {
+											maxHeaderValueSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxHeaderValueSizeNone{}
+											maxHeaderValueSizeChoiceInt.MaxHeaderValueSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxHeaderValueSizeChoice = maxHeaderValueSizeChoiceInt
 										}
-										tlsFingerprintMatcher.ExcludedValues = ls
+
 									}
 
-								}
+									maxParameterCountChoiceTypeFound := false
 
-							}
+									if v, ok := requestConstraintsMapStrToI["max_parameter_count_exceeds"]; ok && !isIntfNil(v) && !maxParameterCountChoiceTypeFound {
 
-							if v, ok := specMapStrToI["url_matcher"]; ok && !isIntfNil(v) {
+										maxParameterCountChoiceTypeFound = true
+										maxParameterCountChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxParameterCountExceeds{}
 
-								sl := v.(*schema.Set).List()
-								urlMatcher := &ves_io_schema_policy.URLMatcherType{}
-								spec.UrlMatcher = urlMatcher
-								for _, set := range sl {
-									urlMatcherMapStrToI := set.(map[string]interface{})
+										requestConstraints.MaxParameterCountChoice = maxParameterCountChoiceInt
+
+										maxParameterCountChoiceInt.MaxParameterCountExceeds = uint32(v.(int))
 
-									if w, ok := urlMatcherMapStrToI["invert_matcher"]; ok && !isIntfNil(w) {
-										urlMatcher.InvertMatcher = w.(bool)
 									}
 
-									if v, ok := urlMatcherMapStrToI["url_items"]; ok && !isIntfNil(v) {
+									if v, ok := requestConstraintsMapStrToI["max_parameter_count_none"]; ok && !isIntfNil(v) && !maxParameterCountChoiceTypeFound {
 
-										sl := v.([]interface{})
-										urlItems := make([]*ves_io_schema_policy.URLItem, len(sl))
-										urlMatcher.UrlItems = urlItems
-										for i, set := range sl {
-											urlItems[i] = &ves_io_schema_policy.URLItem{}
-											urlItemsMapStrToI := set.(map[string]interface{})
+										maxParameterCountChoiceTypeFound = true
 
-											domainChoiceTypeFound := false
+										if v.(bool) {
+											maxParameterCountChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxParameterCountNone{}
+											maxParameterCountChoiceInt.MaxParameterCountNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxParameterCountChoice = maxParameterCountChoiceInt
+										}
 
-											if v, ok := urlItemsMapStrToI["domain_regex"]; ok && !isIntfNil(v) && !domainChoiceTypeFound {
+									}
 
-												domainChoiceTypeFound = true
-												domainChoiceInt := &ves_io_schema_policy.URLItem_DomainRegex{}
+									maxParameterNameSizeChoiceTypeFound := false
 
-												urlItems[i].DomainChoice = domainChoiceInt
+									if v, ok := requestConstraintsMapStrToI["max_parameter_name_size_exceeds"]; ok && !isIntfNil(v) && !maxParameterNameSizeChoiceTypeFound {
 
-												domainChoiceInt.DomainRegex = v.(string)
+										maxParameterNameSizeChoiceTypeFound = true
+										maxParameterNameSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxParameterNameSizeExceeds{}
 
-											}
+										requestConstraints.MaxParameterNameSizeChoice = maxParameterNameSizeChoiceInt
 
-											if v, ok := urlItemsMapStrToI["domain_value"]; ok && !isIntfNil(v) && !domainChoiceTypeFound {
+										maxParameterNameSizeChoiceInt.MaxParameterNameSizeExceeds = uint32(v.(int))
 
-												domainChoiceTypeFound = true
-												domainChoiceInt := &ves_io_schema_policy.URLItem_DomainValue{}
+									}
 
-												urlItems[i].DomainChoice = domainChoiceInt
+									if v, ok := requestConstraintsMapStrToI["max_parameter_name_size_none"]; ok && !isIntfNil(v) && !maxParameterNameSizeChoiceTypeFound {
 
-												domainChoiceInt.DomainValue = v.(string)
+										maxParameterNameSizeChoiceTypeFound = true
 
-											}
+										if v.(bool) {
+											maxParameterNameSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxParameterNameSizeNone{}
+											maxParameterNameSizeChoiceInt.MaxParameterNameSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxParameterNameSizeChoice = maxParameterNameSizeChoiceInt
+										}
 
-											pathChoiceTypeFound := false
+									}
 
-											if v, ok := urlItemsMapStrToI["path_prefix"]; ok && !isIntfNil(v) && !pathChoiceTypeFound {
+									maxParameterValueSizeChoiceTypeFound := false
 
-												pathChoiceTypeFound = true
-												pathChoiceInt := &ves_io_schema_policy.URLItem_PathPrefix{}
+									if v, ok := requestConstraintsMapStrToI["max_parameter_value_size_exceeds"]; ok && !isIntfNil(v) && !maxParameterValueSizeChoiceTypeFound {
 
-												urlItems[i].PathChoice = pathChoiceInt
+										maxParameterValueSizeChoiceTypeFound = true
+										maxParameterValueSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxParameterValueSizeExceeds{}
 
-												pathChoiceInt.PathPrefix = v.(string)
+										requestConstraints.MaxParameterValueSizeChoice = maxParameterValueSizeChoiceInt
 
-											}
+										maxParameterValueSizeChoiceInt.MaxParameterValueSizeExceeds = uint32(v.(int))
 
-											if v, ok := urlItemsMapStrToI["path_regex"]; ok && !isIntfNil(v) && !pathChoiceTypeFound {
+									}
 
-												pathChoiceTypeFound = true
-												pathChoiceInt := &ves_io_schema_policy.URLItem_PathRegex{}
+									if v, ok := requestConstraintsMapStrToI["max_parameter_value_size_none"]; ok && !isIntfNil(v) && !maxParameterValueSizeChoiceTypeFound {
 
-												urlItems[i].PathChoice = pathChoiceInt
+										maxParameterValueSizeChoiceTypeFound = true
 
-												pathChoiceInt.PathRegex = v.(string)
+										if v.(bool) {
+											maxParameterValueSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxParameterValueSizeNone{}
+											maxParameterValueSizeChoiceInt.MaxParameterValueSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxParameterValueSizeChoice = maxParameterValueSizeChoiceInt
+										}
 
-											}
+									}
 
-											if v, ok := urlItemsMapStrToI["path_value"]; ok && !isIntfNil(v) && !pathChoiceTypeFound {
+									maxQuerySizeChoiceTypeFound := false
 
-												pathChoiceTypeFound = true
-												pathChoiceInt := &ves_io_schema_policy.URLItem_PathValue{}
+									if v, ok := requestConstraintsMapStrToI["max_query_size_exceeds"]; ok && !isIntfNil(v) && !maxQuerySizeChoiceTypeFound {
 
-												urlItems[i].PathChoice = pathChoiceInt
+										maxQuerySizeChoiceTypeFound = true
+										maxQuerySizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxQuerySizeExceeds{}
 
-												pathChoiceInt.PathValue = v.(string)
+										requestConstraints.MaxQuerySizeChoice = maxQuerySizeChoiceInt
 
-											}
+										maxQuerySizeChoiceInt.MaxQuerySizeExceeds = uint32(v.(int))
+
+									}
 
+									if v, ok := requestConstraintsMapStrToI["max_query_size_none"]; ok && !isIntfNil(v) && !maxQuerySizeChoiceTypeFound {
+
+										maxQuerySizeChoiceTypeFound = true
+
+										if v.(bool) {
+											maxQuerySizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxQuerySizeNone{}
+											maxQuerySizeChoiceInt.MaxQuerySizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxQuerySizeChoice = maxQuerySizeChoiceInt
 										}
 
 									}
 
-								}
+									maxRequestLineSizeChoiceTypeFound := false
 
-							}
+									if v, ok := requestConstraintsMapStrToI["max_request_line_size_exceeds"]; ok && !isIntfNil(v) && !maxRequestLineSizeChoiceTypeFound {
 
-							if v, ok := specMapStrToI["virtual_host_matcher"]; ok && !isIntfNil(v) {
+										maxRequestLineSizeChoiceTypeFound = true
+										maxRequestLineSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxRequestLineSizeExceeds{}
 
-								sl := v.(*schema.Set).List()
-								virtualHostMatcher := &ves_io_schema_policy.MatcherType{}
-								spec.VirtualHostMatcher = virtualHostMatcher
-								for _, set := range sl {
-									virtualHostMatcherMapStrToI := set.(map[string]interface{})
+										requestConstraints.MaxRequestLineSizeChoice = maxRequestLineSizeChoiceInt
 
-									if w, ok := virtualHostMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										virtualHostMatcher.ExactValues = ls
-									}
+										maxRequestLineSizeChoiceInt.MaxRequestLineSizeExceeds = uint32(v.(int))
 
-									if w, ok := virtualHostMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
-										ls := make([]string, len(w.([]interface{})))
-										for i, v := range w.([]interface{}) {
-											ls[i] = v.(string)
-										}
-										virtualHostMatcher.RegexValues = ls
 									}
 
-									if v, ok := virtualHostMatcherMapStrToI["transformers"]; ok && !isIntfNil(v) {
+									if v, ok := requestConstraintsMapStrToI["max_request_line_size_none"]; ok && !isIntfNil(v) && !maxRequestLineSizeChoiceTypeFound {
 
-										transformersList := []ves_io_schema_policy.Transformer{}
-										for _, j := range v.([]interface{}) {
-											transformersList = append(transformersList, ves_io_schema_policy.Transformer(ves_io_schema_policy.Transformer_value[j.(string)]))
+										maxRequestLineSizeChoiceTypeFound = true
+
+										if v.(bool) {
+											maxRequestLineSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxRequestLineSizeNone{}
+											maxRequestLineSizeChoiceInt.MaxRequestLineSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxRequestLineSizeChoice = maxRequestLineSizeChoiceInt
 										}
-										virtualHostMatcher.Transformers = transformersList
 
 									}
 
-								}
+									maxRequestSizeChoiceTypeFound := false
 
-							}
+									if v, ok := requestConstraintsMapStrToI["max_request_size_exceeds"]; ok && !isIntfNil(v) && !maxRequestSizeChoiceTypeFound {
 
-							if v, ok := specMapStrToI["waf_action"]; ok && !isIntfNil(v) {
+										maxRequestSizeChoiceTypeFound = true
+										maxRequestSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxRequestSizeExceeds{}
 
-								sl := v.(*schema.Set).List()
-								wafAction := &ves_io_schema_policy.WafAction{}
-								spec.WafAction = wafAction
-								for _, set := range sl {
-									wafActionMapStrToI := set.(map[string]interface{})
+										requestConstraints.MaxRequestSizeChoice = maxRequestSizeChoiceInt
 
-									actionTypeTypeFound := false
+										maxRequestSizeChoiceInt.MaxRequestSizeExceeds = uint32(v.(int))
 
-									if v, ok := wafActionMapStrToI["app_firewall_detection_control"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+									}
 
-										actionTypeTypeFound = true
-										actionTypeInt := &ves_io_schema_policy.WafAction_AppFirewallDetectionControl{}
-										actionTypeInt.AppFirewallDetectionControl = &ves_io_schema_policy.AppFirewallDetectionControl{}
-										wafAction.ActionType = actionTypeInt
+									if v, ok := requestConstraintsMapStrToI["max_request_size_none"]; ok && !isIntfNil(v) && !maxRequestSizeChoiceTypeFound {
 
-										sl := v.(*schema.Set).List()
-										for _, set := range sl {
-											cs := set.(map[string]interface{})
+										maxRequestSizeChoiceTypeFound = true
 
-											if v, ok := cs["exclude_attack_type_contexts"]; ok && !isIntfNil(v) {
+										if v.(bool) {
+											maxRequestSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxRequestSizeNone{}
+											maxRequestSizeChoiceInt.MaxRequestSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxRequestSizeChoice = maxRequestSizeChoiceInt
+										}
 
-												sl := v.([]interface{})
-												excludeAttackTypeContexts := make([]*ves_io_schema_policy.AppFirewallAttackTypeContext, len(sl))
-												actionTypeInt.AppFirewallDetectionControl.ExcludeAttackTypeContexts = excludeAttackTypeContexts
-												for i, set := range sl {
-													excludeAttackTypeContexts[i] = &ves_io_schema_policy.AppFirewallAttackTypeContext{}
-													excludeAttackTypeContextsMapStrToI := set.(map[string]interface{})
+									}
 
-													if v, ok := excludeAttackTypeContextsMapStrToI["exclude_attack_type"]; ok && !isIntfNil(v) {
+									maxUrlSizeChoiceTypeFound := false
 
-														excludeAttackTypeContexts[i].ExcludeAttackType = ves_io_schema_app_firewall.AttackType(ves_io_schema_app_firewall.AttackType_value[v.(string)])
+									if v, ok := requestConstraintsMapStrToI["max_url_size_exceeds"]; ok && !isIntfNil(v) && !maxUrlSizeChoiceTypeFound {
 
-													}
+										maxUrlSizeChoiceTypeFound = true
+										maxUrlSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxUrlSizeExceeds{}
 
-												}
+										requestConstraints.MaxUrlSizeChoice = maxUrlSizeChoiceInt
 
-											}
+										maxUrlSizeChoiceInt.MaxUrlSizeExceeds = uint32(v.(int))
 
-											if v, ok := cs["exclude_signature_contexts"]; ok && !isIntfNil(v) {
+									}
 
-												sl := v.([]interface{})
-												excludeSignatureContexts := make([]*ves_io_schema_policy.AppFirewallSignatureContext, len(sl))
-												actionTypeInt.AppFirewallDetectionControl.ExcludeSignatureContexts = excludeSignatureContexts
-												for i, set := range sl {
-													excludeSignatureContexts[i] = &ves_io_schema_policy.AppFirewallSignatureContext{}
-													excludeSignatureContextsMapStrToI := set.(map[string]interface{})
+									if v, ok := requestConstraintsMapStrToI["max_url_size_none"]; ok && !isIntfNil(v) && !maxUrlSizeChoiceTypeFound {
 
-													if w, ok := excludeSignatureContextsMapStrToI["signature_id"]; ok && !isIntfNil(w) {
-														excludeSignatureContexts[i].SignatureId = uint32(w.(int))
-													}
+										maxUrlSizeChoiceTypeFound = true
 
-												}
+										if v.(bool) {
+											maxUrlSizeChoiceInt := &ves_io_schema_policy.RequestConstraintType_MaxUrlSizeNone{}
+											maxUrlSizeChoiceInt.MaxUrlSizeNone = &ves_io_schema.Empty{}
+											requestConstraints.MaxUrlSizeChoice = maxUrlSizeChoiceInt
+										}
 
-											}
+									}
 
-											if v, ok := cs["exclude_violation_contexts"]; ok && !isIntfNil(v) {
+								}
 
-												sl := v.([]interface{})
-												excludeViolationContexts := make([]*ves_io_schema_policy.AppFirewallViolationContext, len(sl))
-												actionTypeInt.AppFirewallDetectionControl.ExcludeViolationContexts = excludeViolationContexts
-												for i, set := range sl {
-													excludeViolationContexts[i] = &ves_io_schema_policy.AppFirewallViolationContext{}
-													excludeViolationContextsMapStrToI := set.(map[string]interface{})
+							}
 
-													if v, ok := excludeViolationContextsMapStrToI["exclude_violation"]; ok && !isIntfNil(v) {
+							if v, ok := specMapStrToI["user_identity_matcher"]; ok && !isIntfNil(v) {
 
-														excludeViolationContexts[i].ExcludeViolation = ves_io_schema_app_firewall.AppFirewallViolationType(ves_io_schema_app_firewall.AppFirewallViolationType_value[v.(string)])
+								sl := v.([]interface{})
+								userIdentityMatcher := &ves_io_schema_policy.MatcherTypeBasic{}
+								spec.UserIdentityMatcher = userIdentityMatcher
 
-													}
+								for _, set := range sl {
+									userIdentityMatcherMapStrToI := set.(map[string]interface{})
 
+									if w, ok := userIdentityMatcherMapStrToI["exact_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+												for i, v := range w.([]interface{}) {
+													ls[i] = v.(string)
 												}
+												userIdentityMatcher.ExactValues = ls
+									}
 
-											}
+									if w, ok := userIdentityMatcherMapStrToI["regex_values"]; ok && !isIntfNil(w) {
+										ls := make([]string, len(w.([]interface{})))
+												for i, v := range w.([]interface{}) {
+													ls[i] = v.(string)
+												}
+												userIdentityMatcher.RegexValues = ls
+									}
+								}
 
-										}
+							}
 
-									}
+							if v, ok := specMapStrToI["segment_policy"]; ok && !isIntfNil(v) {
 
-									if v, ok := wafActionMapStrToI["none"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+								sl := v.([]interface{})
+								segmentChoice := &ves_io_schema_policy.SegmentPolicyType{}
 
-										actionTypeTypeFound = true
+								spec.SegmentPolicy = segmentChoice
+								for _, set := range sl {
+									segmentChoiceMapStrToI := set.(map[string]interface{})
 
-										if v.(bool) {
-											actionTypeInt := &ves_io_schema_policy.WafAction_None{}
-											actionTypeInt.None = &ves_io_schema.Empty{}
-											wafAction.ActionType = actionTypeInt
-										}
+									srcSegmentChoiceTypeFound := false
+
+									if w, ok := segmentChoiceMapStrToI["src_any"]; ok && !isIntfNil(w) && !srcSegmentChoiceTypeFound {
+										srcSegmentChoiceTypeFound = true 
+										if w.(bool) {
+											SrcAnyInt := &ves_io_schema_policy.SegmentPolicyType_SrcAny{}
+											SrcAnyInt.SrcAny = &ves_io_schema.Empty{}
 
+											segmentChoice.SrcSegmentChoice = SrcAnyInt
+										}
 									}
 
-									if v, ok := wafActionMapStrToI["waf_in_monitoring_mode"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+									if w, ok := segmentChoiceMapStrToI["src_segments"]; ok && !isIntfNil(w) && !srcSegmentChoiceTypeFound{
 
-										actionTypeTypeFound = true
+										srcSegmentChoiceTypeFound = true 
+										sl := w.([]interface{})
 
-										if v.(bool) {
-											actionTypeInt := &ves_io_schema_policy.WafAction_WafInMonitoringMode{}
-											actionTypeInt.WafInMonitoringMode = &ves_io_schema.Empty{}
-											wafAction.ActionType = actionTypeInt
-										}
+										srcSegments := &ves_io_schema_policy.SegmentPolicyType_SrcSegments{}
+										srcSegments.SrcSegments= &ves_io_schema_views.SegmentRefList{}
+										segmentChoice.SrcSegmentChoice = srcSegments
+										for _, set := range sl {
+											srcSegmentMapStrToI := set.(map[string]interface{})
+											if w, ok := srcSegmentMapStrToI["segments"]; ok && !isIntfNil(w) {
+												sl := w.([]interface{})
+												segmentsInt := make([]*ves_io_schema_views.ObjectRefType, len(sl))
+												srcSegments.SrcSegments.Segments = segmentsInt
 
-									}
+												for i, set := range sl {
+													publicIpMapStrToI := set.(map[string]interface{})
+													segmentsInt[i] = &ves_io_schema_views.ObjectRefType{}
 
-									if v, ok := wafActionMapStrToI["waf_skip_processing"]; ok && !isIntfNil(v) && !actionTypeTypeFound {
+													if w, ok := publicIpMapStrToI["name"]; ok && !isIntfNil(w) {
+														segmentsInt[i].Name = w.(string)
+													}
 
-										actionTypeTypeFound = true
+													if w, ok := publicIpMapStrToI["namespace"]; ok && !isIntfNil(w) {
+														segmentsInt[i].Namespace = w.(string)
+													}
+
+													if w, ok := publicIpMapStrToI["tenant"]; ok && !isIntfNil(w) {
+														segmentsInt[i].Tenant = w.(string)
+													}
+
+												}
+											}
 
-										if v.(bool) {
-											actionTypeInt := &ves_io_schema_policy.WafAction_WafSkipProcessing{}
-											actionTypeInt.WafSkipProcessing = &ves_io_schema.Empty{}
-											wafAction.ActionType = actionTypeInt
 										}
 
 									}
-
 								}
-
 							}
 
 						}
diff --git a/volterra/resource_volterra_token.go b/volterra/resource_volterra_token.go
index 479a58a6f..27b300bfc 100644
--- a/volterra/resource_volterra_token.go
+++ b/volterra/resource_volterra_token.go
@@ -70,6 +70,8 @@ func resourceVolterraToken() *schema.Resource {
 func resourceVolterraTokenCreate(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*APIClient)
 	var name, namespace string
+	var token *ves_io_schema_token.ListResponseItem
+	token = nil
 	if v, ok := d.GetOk("name"); ok && !isIntfNil(v) {
 		name = v.(string)
 	}
@@ -79,7 +81,16 @@ func resourceVolterraTokenCreate(d *schema.ResourceData, meta interface{}) error
 	}
 
 	tokenListResp, err := client.ListObjects(context.Background(), ves_io_schema_token.ObjectType, namespace)
-	if err != nil || len(tokenListResp) == 0 {
+	if err == nil {
+		for _, item := range tokenListResp {
+			tok := item.(*ves_io_schema_token.ListResponseItem)
+			if tok.GetSpec == nil || tok.GetSpec.Type == ves_io_schema_token.NORMAL {
+				token = tok
+				break
+			}
+		}
+	}
+	if token == nil {
 		createMeta := &ves_io_schema.ObjectCreateMetaType{
 			Name:      name,
 			Namespace: namespace,
@@ -127,7 +138,6 @@ func resourceVolterraTokenCreate(d *schema.ResourceData, meta interface{}) error
 		d.Set("tenant_name", createTokenResp.GetObjSystemMetadata().GetTenant())
 		return resourceVolterraTokenRead(d, meta)
 	}
-	token := tokenListResp[0].(*ves_io_schema_token.ListResponseItem)
 	d.SetId(token.GetUid())
 	d.Set("tenant_name", token.GetTenant())
 	d.Set("created_by_tf", false)
@@ -160,8 +170,18 @@ func resourceVolterraTokenRead(d *schema.ResourceData, meta interface{}) error {
 	if err != nil {
 		return fmt.Errorf("Error getting list of Volterra Tokens during read %q: %s", d.Id(), err)
 	}
-	token := tokenListResp[0].(*ves_io_schema_token.ListResponseItem)
-	d.Set("tenant_name", token.GetTenant())
+	var token *ves_io_schema_token.ListResponseItem
+	token = nil
+	for _, item := range tokenListResp {
+		tok := item.(*ves_io_schema_token.ListResponseItem)
+		if tok.GetSpec == nil || tok.GetSpec.Type == ves_io_schema_token.NORMAL {
+			token = tok
+			break
+		}
+	}
+	if token != nil {
+		d.Set("tenant_name", token.GetTenant())
+	}
 	return nil
 }