konnect 2.4.1, Mar 13 25

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

konnect.GatewayPluginMtlsAuth

Explore with Pulumi AI

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

Example Usage

Coming soon!

Coming soon!

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.konnect.GatewayPluginMtlsAuth;
import com.pulumi.konnect.GatewayPluginMtlsAuthArgs;
import com.pulumi.konnect.inputs.GatewayPluginMtlsAuthConfigArgs;
import com.pulumi.konnect.inputs.GatewayPluginMtlsAuthOrderingArgs;
import com.pulumi.konnect.inputs.GatewayPluginMtlsAuthOrderingAfterArgs;
import com.pulumi.konnect.inputs.GatewayPluginMtlsAuthOrderingBeforeArgs;
import com.pulumi.konnect.inputs.GatewayPluginMtlsAuthRouteArgs;
import com.pulumi.konnect.inputs.GatewayPluginMtlsAuthServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myGatewaypluginmtlsauth = new GatewayPluginMtlsAuth("myGatewaypluginmtlsauth", GatewayPluginMtlsAuthArgs.builder()
            .config(GatewayPluginMtlsAuthConfigArgs.builder()
                .allow_partial_chain(false)
                .anonymous("...my_anonymous...")
                .authenticated_group_by("DN")
                .ca_certificates("...")
                .cache_ttl(5.53)
                .cert_cache_ttl(4.84)
                .consumer_by("username")
                .default_consumer("...my_default_consumer...")
                .http_proxy_host("...my_http_proxy_host...")
                .http_proxy_port(30482)
                .http_timeout(4.02)
                .https_proxy_host("...my_https_proxy_host...")
                .https_proxy_port(17238)
                .revocation_check_mode("STRICT")
                .send_ca_dn(true)
                .skip_consumer_lookup(true)
                .build())
            .controlPlaneId("9524ec7d-36d9-465d-a8c5-83a3c9390458")
            .enabled(false)
            .gatewayPluginMtlsAuthId("...my_id...")
            .instanceName("...my_instance_name...")
            .ordering(GatewayPluginMtlsAuthOrderingArgs.builder()
                .after(GatewayPluginMtlsAuthOrderingAfterArgs.builder()
                    .access("...")
                    .build())
                .before(GatewayPluginMtlsAuthOrderingBeforeArgs.builder()
                    .access("...")
                    .build())
                .build())
            .protocols("http")
            .route(GatewayPluginMtlsAuthRouteArgs.builder()
                .id("...my_id...")
                .build())
            .service(GatewayPluginMtlsAuthServiceArgs.builder()
                .id("...my_id...")
                .build())
            .tags("...")
            .build());

    }
}

resources:
  myGatewaypluginmtlsauth:
    type: konnect:GatewayPluginMtlsAuth
    properties:
      config:
        allow_partial_chain: false
        anonymous: '...my_anonymous...'
        authenticated_group_by: DN
        ca_certificates:
          - '...'
        cache_ttl: 5.53
        cert_cache_ttl: 4.84
        consumer_by:
          - username
        default_consumer: '...my_default_consumer...'
        http_proxy_host: '...my_http_proxy_host...'
        http_proxy_port: 30482
        http_timeout: 4.02
        https_proxy_host: '...my_https_proxy_host...'
        https_proxy_port: 17238
        revocation_check_mode: STRICT
        send_ca_dn: true
        skip_consumer_lookup: true
      controlPlaneId: 9524ec7d-36d9-465d-a8c5-83a3c9390458
      enabled: false
      gatewayPluginMtlsAuthId: '...my_id...'
      instanceName: '...my_instance_name...'
      ordering:
        after:
          access:
            - '...'
        before:
          access:
            - '...'
      protocols:
        - http
      route:
        id: '...my_id...'
      service:
        id: '...my_id...'
      tags:
        - '...'

Create GatewayPluginMtlsAuth Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new GatewayPluginMtlsAuth(name: string, args: GatewayPluginMtlsAuthArgs, opts?: CustomResourceOptions);

@overload
def GatewayPluginMtlsAuth(resource_name: str,
                          args: GatewayPluginMtlsAuthArgs,
                          opts: Optional[ResourceOptions] = None)

@overload
def GatewayPluginMtlsAuth(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          config: Optional[GatewayPluginMtlsAuthConfigArgs] = None,
                          control_plane_id: Optional[str] = None,
                          enabled: Optional[bool] = None,
                          gateway_plugin_mtls_auth_id: Optional[str] = None,
                          instance_name: Optional[str] = None,
                          ordering: Optional[GatewayPluginMtlsAuthOrderingArgs] = None,
                          protocols: Optional[Sequence[str]] = None,
                          route: Optional[GatewayPluginMtlsAuthRouteArgs] = None,
                          service: Optional[GatewayPluginMtlsAuthServiceArgs] = None,
                          tags: Optional[Sequence[str]] = None)

func NewGatewayPluginMtlsAuth(ctx *Context, name string, args GatewayPluginMtlsAuthArgs, opts ...ResourceOption) (*GatewayPluginMtlsAuth, error)

public GatewayPluginMtlsAuth(string name, GatewayPluginMtlsAuthArgs args, CustomResourceOptions? opts = null)

public GatewayPluginMtlsAuth(String name, GatewayPluginMtlsAuthArgs args)
public GatewayPluginMtlsAuth(String name, GatewayPluginMtlsAuthArgs args, CustomResourceOptions options)

type: konnect:GatewayPluginMtlsAuth
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args GatewayPluginMtlsAuthArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args GatewayPluginMtlsAuthArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args GatewayPluginMtlsAuthArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args GatewayPluginMtlsAuthArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args GatewayPluginMtlsAuthArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var gatewayPluginMtlsAuthResource = new Konnect.GatewayPluginMtlsAuth("gatewayPluginMtlsAuthResource", new()
{
    Config = new Konnect.Inputs.GatewayPluginMtlsAuthConfigArgs
    {
        AllowPartialChain = false,
        Anonymous = "string",
        AuthenticatedGroupBy = "string",
        CaCertificates = new[]
        {
            "string",
        },
        CacheTtl = 0,
        CertCacheTtl = 0,
        ConsumerBies = new[]
        {
            "string",
        },
        DefaultConsumer = "string",
        HttpProxyHost = "string",
        HttpProxyPort = 0,
        HttpTimeout = 0,
        HttpsProxyHost = "string",
        HttpsProxyPort = 0,
        RevocationCheckMode = "string",
        SendCaDn = false,
        SkipConsumerLookup = false,
    },
    ControlPlaneId = "string",
    Enabled = false,
    GatewayPluginMtlsAuthId = "string",
    InstanceName = "string",
    Ordering = new Konnect.Inputs.GatewayPluginMtlsAuthOrderingArgs
    {
        After = new Konnect.Inputs.GatewayPluginMtlsAuthOrderingAfterArgs
        {
            Accesses = new[]
            {
                "string",
            },
        },
        Before = new Konnect.Inputs.GatewayPluginMtlsAuthOrderingBeforeArgs
        {
            Accesses = new[]
            {
                "string",
            },
        },
    },
    Protocols = new[]
    {
        "string",
    },
    Route = new Konnect.Inputs.GatewayPluginMtlsAuthRouteArgs
    {
        Id = "string",
    },
    Service = new Konnect.Inputs.GatewayPluginMtlsAuthServiceArgs
    {
        Id = "string",
    },
    Tags = new[]
    {
        "string",
    },
});

example, err := konnect.NewGatewayPluginMtlsAuth(ctx, "gatewayPluginMtlsAuthResource", &konnect.GatewayPluginMtlsAuthArgs{
Config: &.GatewayPluginMtlsAuthConfigArgs{
AllowPartialChain: pulumi.Bool(false),
Anonymous: pulumi.String("string"),
AuthenticatedGroupBy: pulumi.String("string"),
CaCertificates: pulumi.StringArray{
pulumi.String("string"),
},
CacheTtl: pulumi.Float64(0),
CertCacheTtl: pulumi.Float64(0),
ConsumerBies: pulumi.StringArray{
pulumi.String("string"),
},
DefaultConsumer: pulumi.String("string"),
HttpProxyHost: pulumi.String("string"),
HttpProxyPort: pulumi.Float64(0),
HttpTimeout: pulumi.Float64(0),
HttpsProxyHost: pulumi.String("string"),
HttpsProxyPort: pulumi.Float64(0),
RevocationCheckMode: pulumi.String("string"),
SendCaDn: pulumi.Bool(false),
SkipConsumerLookup: pulumi.Bool(false),
},
ControlPlaneId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
GatewayPluginMtlsAuthId: pulumi.String("string"),
InstanceName: pulumi.String("string"),
Ordering: &.GatewayPluginMtlsAuthOrderingArgs{
After: &.GatewayPluginMtlsAuthOrderingAfterArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
Before: &.GatewayPluginMtlsAuthOrderingBeforeArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Protocols: pulumi.StringArray{
pulumi.String("string"),
},
Route: &.GatewayPluginMtlsAuthRouteArgs{
Id: pulumi.String("string"),
},
Service: &.GatewayPluginMtlsAuthServiceArgs{
Id: pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
})

var gatewayPluginMtlsAuthResource = new GatewayPluginMtlsAuth("gatewayPluginMtlsAuthResource", GatewayPluginMtlsAuthArgs.builder()
    .config(GatewayPluginMtlsAuthConfigArgs.builder()
        .allowPartialChain(false)
        .anonymous("string")
        .authenticatedGroupBy("string")
        .caCertificates("string")
        .cacheTtl(0)
        .certCacheTtl(0)
        .consumerBies("string")
        .defaultConsumer("string")
        .httpProxyHost("string")
        .httpProxyPort(0)
        .httpTimeout(0)
        .httpsProxyHost("string")
        .httpsProxyPort(0)
        .revocationCheckMode("string")
        .sendCaDn(false)
        .skipConsumerLookup(false)
        .build())
    .controlPlaneId("string")
    .enabled(false)
    .gatewayPluginMtlsAuthId("string")
    .instanceName("string")
    .ordering(GatewayPluginMtlsAuthOrderingArgs.builder()
        .after(GatewayPluginMtlsAuthOrderingAfterArgs.builder()
            .accesses("string")
            .build())
        .before(GatewayPluginMtlsAuthOrderingBeforeArgs.builder()
            .accesses("string")
            .build())
        .build())
    .protocols("string")
    .route(GatewayPluginMtlsAuthRouteArgs.builder()
        .id("string")
        .build())
    .service(GatewayPluginMtlsAuthServiceArgs.builder()
        .id("string")
        .build())
    .tags("string")
    .build());

gateway_plugin_mtls_auth_resource = konnect.GatewayPluginMtlsAuth("gatewayPluginMtlsAuthResource",
    config={
        "allow_partial_chain": False,
        "anonymous": "string",
        "authenticated_group_by": "string",
        "ca_certificates": ["string"],
        "cache_ttl": 0,
        "cert_cache_ttl": 0,
        "consumer_bies": ["string"],
        "default_consumer": "string",
        "http_proxy_host": "string",
        "http_proxy_port": 0,
        "http_timeout": 0,
        "https_proxy_host": "string",
        "https_proxy_port": 0,
        "revocation_check_mode": "string",
        "send_ca_dn": False,
        "skip_consumer_lookup": False,
    },
    control_plane_id="string",
    enabled=False,
    gateway_plugin_mtls_auth_id="string",
    instance_name="string",
    ordering={
        "after": {
            "accesses": ["string"],
        },
        "before": {
            "accesses": ["string"],
        },
    },
    protocols=["string"],
    route={
        "id": "string",
    },
    service={
        "id": "string",
    },
    tags=["string"])

const gatewayPluginMtlsAuthResource = new konnect.GatewayPluginMtlsAuth("gatewayPluginMtlsAuthResource", {
    config: {
        allowPartialChain: false,
        anonymous: "string",
        authenticatedGroupBy: "string",
        caCertificates: ["string"],
        cacheTtl: 0,
        certCacheTtl: 0,
        consumerBies: ["string"],
        defaultConsumer: "string",
        httpProxyHost: "string",
        httpProxyPort: 0,
        httpTimeout: 0,
        httpsProxyHost: "string",
        httpsProxyPort: 0,
        revocationCheckMode: "string",
        sendCaDn: false,
        skipConsumerLookup: false,
    },
    controlPlaneId: "string",
    enabled: false,
    gatewayPluginMtlsAuthId: "string",
    instanceName: "string",
    ordering: {
        after: {
            accesses: ["string"],
        },
        before: {
            accesses: ["string"],
        },
    },
    protocols: ["string"],
    route: {
        id: "string",
    },
    service: {
        id: "string",
    },
    tags: ["string"],
});

type: konnect:GatewayPluginMtlsAuth
properties:
    config:
        allowPartialChain: false
        anonymous: string
        authenticatedGroupBy: string
        caCertificates:
            - string
        cacheTtl: 0
        certCacheTtl: 0
        consumerBies:
            - string
        defaultConsumer: string
        httpProxyHost: string
        httpProxyPort: 0
        httpTimeout: 0
        httpsProxyHost: string
        httpsProxyPort: 0
        revocationCheckMode: string
        sendCaDn: false
        skipConsumerLookup: false
    controlPlaneId: string
    enabled: false
    gatewayPluginMtlsAuthId: string
    instanceName: string
    ordering:
        after:
            accesses:
                - string
        before:
            accesses:
                - string
    protocols:
        - string
    route:
        id: string
    service:
        id: string
    tags:
        - string

GatewayPluginMtlsAuth Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The GatewayPluginMtlsAuth resource accepts the following input properties:

Config GatewayPluginMtlsAuthConfig
ControlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
Enabled bool: Whether the plugin is applied.
GatewayPluginMtlsAuthId string: The ID of this resource.
InstanceName string
Ordering GatewayPluginMtlsAuthOrdering
Protocols List<string>: A set of strings representing HTTP protocols.
Route GatewayPluginMtlsAuthRoute: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginMtlsAuthService: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags List<string>: An optional set of strings associated with the Plugin for grouping and filtering.

Config GatewayPluginMtlsAuthConfigArgs
ControlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
Enabled bool: Whether the plugin is applied.
GatewayPluginMtlsAuthId string: The ID of this resource.
InstanceName string
Ordering GatewayPluginMtlsAuthOrderingArgs
Protocols []string: A set of strings representing HTTP protocols.
Route GatewayPluginMtlsAuthRouteArgs: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginMtlsAuthServiceArgs: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags []string: An optional set of strings associated with the Plugin for grouping and filtering.

config GatewayPluginMtlsAuthConfig
controlPlaneId String: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled Boolean: Whether the plugin is applied.
gatewayPluginMtlsAuthId String: The ID of this resource.
instanceName String
ordering GatewayPluginMtlsAuthOrdering
protocols List<String>: A set of strings representing HTTP protocols.
route GatewayPluginMtlsAuthRoute: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginMtlsAuthService: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>: An optional set of strings associated with the Plugin for grouping and filtering.

config GatewayPluginMtlsAuthConfig
controlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled boolean: Whether the plugin is applied.
gatewayPluginMtlsAuthId string: The ID of this resource.
instanceName string
ordering GatewayPluginMtlsAuthOrdering
protocols string[]: A set of strings representing HTTP protocols.
route GatewayPluginMtlsAuthRoute: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginMtlsAuthService: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags string[]: An optional set of strings associated with the Plugin for grouping and filtering.

config GatewayPluginMtlsAuthConfigArgs
control_plane_id str: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled bool: Whether the plugin is applied.
gateway_plugin_mtls_auth_id str: The ID of this resource.
instance_name str
ordering GatewayPluginMtlsAuthOrderingArgs
protocols Sequence[str]: A set of strings representing HTTP protocols.
route GatewayPluginMtlsAuthRouteArgs: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginMtlsAuthServiceArgs: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags Sequence[str]: An optional set of strings associated with the Plugin for grouping and filtering.

config Property Map
controlPlaneId String: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled Boolean: Whether the plugin is applied.
gatewayPluginMtlsAuthId String: The ID of this resource.
instanceName String
ordering Property Map
protocols List<String>: A set of strings representing HTTP protocols.
route Property Map: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service Property Map: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>: An optional set of strings associated with the Plugin for grouping and filtering.

Outputs

All input properties are implicitly available as output properties. Additionally, the GatewayPluginMtlsAuth resource produces the following output properties:

CreatedAt double: Unix epoch when the resource was created.
Id string: The provider-assigned unique ID for this managed resource.
UpdatedAt double: Unix epoch when the resource was last updated.

CreatedAt float64: Unix epoch when the resource was created.
Id string: The provider-assigned unique ID for this managed resource.
UpdatedAt float64: Unix epoch when the resource was last updated.

createdAt Double: Unix epoch when the resource was created.
id String: The provider-assigned unique ID for this managed resource.
updatedAt Double: Unix epoch when the resource was last updated.

createdAt number: Unix epoch when the resource was created.
id string: The provider-assigned unique ID for this managed resource.
updatedAt number: Unix epoch when the resource was last updated.

created_at float: Unix epoch when the resource was created.
id str: The provider-assigned unique ID for this managed resource.
updated_at float: Unix epoch when the resource was last updated.

createdAt Number: Unix epoch when the resource was created.
id String: The provider-assigned unique ID for this managed resource.
updatedAt Number: Unix epoch when the resource was last updated.

Look up Existing GatewayPluginMtlsAuth Resource

Get an existing GatewayPluginMtlsAuth resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: GatewayPluginMtlsAuthState, opts?: CustomResourceOptions): GatewayPluginMtlsAuth

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        config: Optional[GatewayPluginMtlsAuthConfigArgs] = None,
        control_plane_id: Optional[str] = None,
        created_at: Optional[float] = None,
        enabled: Optional[bool] = None,
        gateway_plugin_mtls_auth_id: Optional[str] = None,
        instance_name: Optional[str] = None,
        ordering: Optional[GatewayPluginMtlsAuthOrderingArgs] = None,
        protocols: Optional[Sequence[str]] = None,
        route: Optional[GatewayPluginMtlsAuthRouteArgs] = None,
        service: Optional[GatewayPluginMtlsAuthServiceArgs] = None,
        tags: Optional[Sequence[str]] = None,
        updated_at: Optional[float] = None) -> GatewayPluginMtlsAuth

func GetGatewayPluginMtlsAuth(ctx *Context, name string, id IDInput, state *GatewayPluginMtlsAuthState, opts ...ResourceOption) (*GatewayPluginMtlsAuth, error)

public static GatewayPluginMtlsAuth Get(string name, Input<string> id, GatewayPluginMtlsAuthState? state, CustomResourceOptions? opts = null)

public static GatewayPluginMtlsAuth get(String name, Output<String> id, GatewayPluginMtlsAuthState state, CustomResourceOptions options)

resources:  _:    type: konnect:GatewayPluginMtlsAuth    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Config GatewayPluginMtlsAuthConfig
ControlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
CreatedAt double: Unix epoch when the resource was created.
Enabled bool: Whether the plugin is applied.
GatewayPluginMtlsAuthId string: The ID of this resource.
InstanceName string
Ordering GatewayPluginMtlsAuthOrdering
Protocols List<string>: A set of strings representing HTTP protocols.
Route GatewayPluginMtlsAuthRoute: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginMtlsAuthService: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags List<string>: An optional set of strings associated with the Plugin for grouping and filtering.
UpdatedAt double: Unix epoch when the resource was last updated.

Config GatewayPluginMtlsAuthConfigArgs
ControlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
CreatedAt float64: Unix epoch when the resource was created.
Enabled bool: Whether the plugin is applied.
GatewayPluginMtlsAuthId string: The ID of this resource.
InstanceName string
Ordering GatewayPluginMtlsAuthOrderingArgs
Protocols []string: A set of strings representing HTTP protocols.
Route GatewayPluginMtlsAuthRouteArgs: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginMtlsAuthServiceArgs: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags []string: An optional set of strings associated with the Plugin for grouping and filtering.
UpdatedAt float64: Unix epoch when the resource was last updated.

config GatewayPluginMtlsAuthConfig
controlPlaneId String: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
createdAt Double: Unix epoch when the resource was created.
enabled Boolean: Whether the plugin is applied.
gatewayPluginMtlsAuthId String: The ID of this resource.
instanceName String
ordering GatewayPluginMtlsAuthOrdering
protocols List<String>: A set of strings representing HTTP protocols.
route GatewayPluginMtlsAuthRoute: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginMtlsAuthService: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>: An optional set of strings associated with the Plugin for grouping and filtering.
updatedAt Double: Unix epoch when the resource was last updated.

config GatewayPluginMtlsAuthConfig
controlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
createdAt number: Unix epoch when the resource was created.
enabled boolean: Whether the plugin is applied.
gatewayPluginMtlsAuthId string: The ID of this resource.
instanceName string
ordering GatewayPluginMtlsAuthOrdering
protocols string[]: A set of strings representing HTTP protocols.
route GatewayPluginMtlsAuthRoute: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginMtlsAuthService: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags string[]: An optional set of strings associated with the Plugin for grouping and filtering.
updatedAt number: Unix epoch when the resource was last updated.

config GatewayPluginMtlsAuthConfigArgs
control_plane_id str: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
created_at float: Unix epoch when the resource was created.
enabled bool: Whether the plugin is applied.
gateway_plugin_mtls_auth_id str: The ID of this resource.
instance_name str
ordering GatewayPluginMtlsAuthOrderingArgs
protocols Sequence[str]: A set of strings representing HTTP protocols.
route GatewayPluginMtlsAuthRouteArgs: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginMtlsAuthServiceArgs: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags Sequence[str]: An optional set of strings associated with the Plugin for grouping and filtering.
updated_at float: Unix epoch when the resource was last updated.

config Property Map
controlPlaneId String: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
createdAt Number: Unix epoch when the resource was created.
enabled Boolean: Whether the plugin is applied.
gatewayPluginMtlsAuthId String: The ID of this resource.
instanceName String
ordering Property Map
protocols List<String>: A set of strings representing HTTP protocols.
route Property Map: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service Property Map: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>: An optional set of strings associated with the Plugin for grouping and filtering.
updatedAt Number: Unix epoch when the resource was last updated.

Supporting Types

GatewayPluginMtlsAuthConfig, GatewayPluginMtlsAuthConfigArgs

AllowPartialChain bool: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
Anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
AuthenticatedGroupBy string: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users. must be one of ["CN", "DN"]
CaCertificates List<string>: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
CacheTtl double: Cache expiry time in seconds.
CertCacheTtl double: The length of time in seconds between refreshes of the revocation check status cache.
ConsumerBies List<string>: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
DefaultConsumer string: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
HttpProxyHost string: A string representing a host name, such as example.com.
HttpProxyPort double: An integer representing a port number between 0 and 65535, inclusive.
HttpTimeout double: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
HttpsProxyHost string: A string representing a host name, such as example.com.
HttpsProxyPort double: An integer representing a port number between 0 and 65535, inclusive.
RevocationCheckMode string: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status. must be one of ["IGNORECAERROR", "SKIP", "STRICT"]
SendCaDn bool: Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.
SkipConsumerLookup bool: Skip consumer lookup once certificate is trusted against the configured CA list.

AllowPartialChain bool: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
Anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
AuthenticatedGroupBy string: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users. must be one of ["CN", "DN"]
CaCertificates []string: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
CacheTtl float64: Cache expiry time in seconds.
CertCacheTtl float64: The length of time in seconds between refreshes of the revocation check status cache.
ConsumerBies []string: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
DefaultConsumer string: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
HttpProxyHost string: A string representing a host name, such as example.com.
HttpProxyPort float64: An integer representing a port number between 0 and 65535, inclusive.
HttpTimeout float64: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
HttpsProxyHost string: A string representing a host name, such as example.com.
HttpsProxyPort float64: An integer representing a port number between 0 and 65535, inclusive.
RevocationCheckMode string: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status. must be one of ["IGNORECAERROR", "SKIP", "STRICT"]
SendCaDn bool: Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.
SkipConsumerLookup bool: Skip consumer lookup once certificate is trusted against the configured CA list.

allowPartialChain Boolean: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
anonymous String: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
authenticatedGroupBy String: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users. must be one of ["CN", "DN"]
caCertificates List<String>: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
cacheTtl Double: Cache expiry time in seconds.
certCacheTtl Double: The length of time in seconds between refreshes of the revocation check status cache.
consumerBies List<String>: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
defaultConsumer String: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
httpProxyHost String: A string representing a host name, such as example.com.
httpProxyPort Double: An integer representing a port number between 0 and 65535, inclusive.
httpTimeout Double: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
httpsProxyHost String: A string representing a host name, such as example.com.
httpsProxyPort Double: An integer representing a port number between 0 and 65535, inclusive.
revocationCheckMode String: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status. must be one of ["IGNORECAERROR", "SKIP", "STRICT"]
sendCaDn Boolean: Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.
skipConsumerLookup Boolean: Skip consumer lookup once certificate is trusted against the configured CA list.

allowPartialChain boolean: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
authenticatedGroupBy string: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users. must be one of ["CN", "DN"]
caCertificates string[]: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
cacheTtl number: Cache expiry time in seconds.
certCacheTtl number: The length of time in seconds between refreshes of the revocation check status cache.
consumerBies string[]: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
defaultConsumer string: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
httpProxyHost string: A string representing a host name, such as example.com.
httpProxyPort number: An integer representing a port number between 0 and 65535, inclusive.
httpTimeout number: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
httpsProxyHost string: A string representing a host name, such as example.com.
httpsProxyPort number: An integer representing a port number between 0 and 65535, inclusive.
revocationCheckMode string: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status. must be one of ["IGNORECAERROR", "SKIP", "STRICT"]
sendCaDn boolean: Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.
skipConsumerLookup boolean: Skip consumer lookup once certificate is trusted against the configured CA list.

allow_partial_chain bool: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
anonymous str: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
authenticated_group_by str: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users. must be one of ["CN", "DN"]
ca_certificates Sequence[str]: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
cache_ttl float: Cache expiry time in seconds.
cert_cache_ttl float: The length of time in seconds between refreshes of the revocation check status cache.
consumer_bies Sequence[str]: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
default_consumer str: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
http_proxy_host str: A string representing a host name, such as example.com.
http_proxy_port float: An integer representing a port number between 0 and 65535, inclusive.
http_timeout float: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
https_proxy_host str: A string representing a host name, such as example.com.
https_proxy_port float: An integer representing a port number between 0 and 65535, inclusive.
revocation_check_mode str: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status. must be one of ["IGNORECAERROR", "SKIP", "STRICT"]
send_ca_dn bool: Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.
skip_consumer_lookup bool: Skip consumer lookup once certificate is trusted against the configured CA list.

allowPartialChain Boolean: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
anonymous String: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
authenticatedGroupBy String: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users. must be one of ["CN", "DN"]
caCertificates List<String>: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
cacheTtl Number: Cache expiry time in seconds.
certCacheTtl Number: The length of time in seconds between refreshes of the revocation check status cache.
consumerBies List<String>: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
defaultConsumer String: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
httpProxyHost String: A string representing a host name, such as example.com.
httpProxyPort Number: An integer representing a port number between 0 and 65535, inclusive.
httpTimeout Number: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
httpsProxyHost String: A string representing a host name, such as example.com.
httpsProxyPort Number: An integer representing a port number between 0 and 65535, inclusive.
revocationCheckMode String: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status. must be one of ["IGNORECAERROR", "SKIP", "STRICT"]
sendCaDn Boolean: Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.
skipConsumerLookup Boolean: Skip consumer lookup once certificate is trusted against the configured CA list.

GatewayPluginMtlsAuthOrdering, GatewayPluginMtlsAuthOrderingArgs

After GatewayPluginMtlsAuthOrderingAfter
Before GatewayPluginMtlsAuthOrderingBefore

After GatewayPluginMtlsAuthOrderingAfter
Before GatewayPluginMtlsAuthOrderingBefore

after GatewayPluginMtlsAuthOrderingAfter
before GatewayPluginMtlsAuthOrderingBefore

after GatewayPluginMtlsAuthOrderingAfter
before GatewayPluginMtlsAuthOrderingBefore

after GatewayPluginMtlsAuthOrderingAfter
before GatewayPluginMtlsAuthOrderingBefore

after Property Map
before Property Map

GatewayPluginMtlsAuthOrderingAfter, GatewayPluginMtlsAuthOrderingAfterArgs

Accesses List<string>

Accesses []string

accesses List<String>

accesses string[]

accesses Sequence[str]

accesses List<String>

GatewayPluginMtlsAuthOrderingBefore, GatewayPluginMtlsAuthOrderingBeforeArgs

Accesses List<string>

Accesses []string

accesses List<String>

accesses string[]

accesses Sequence[str]

accesses List<String>

GatewayPluginMtlsAuthRoute, GatewayPluginMtlsAuthRouteArgs

Id string

Id string

id String

id string

id str

id String

GatewayPluginMtlsAuthService, GatewayPluginMtlsAuthServiceArgs

Id string

Id string

id String

id string

id str

id String

Import

$ pulumi import konnect:index/gatewayPluginMtlsAuth:GatewayPluginMtlsAuth my_konnect_gateway_plugin_mtls_auth "{ \"control_plane_id\": \"9524ec7d-36d9-465d-a8c5-83a3c9390458\", \"plugin_id\": \"3473c251-5b6c-4f45-b1ff-7ede735a366d\"}"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: konnect kong/terraform-provider-konnect
License
Notes: This Pulumi package is based on the konnect Terraform Provider.

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

kong/terraform-provider-konnect

konnect.GatewayPluginMtlsAuth

On this page

On this page

Example Usage

Create GatewayPluginMtlsAuth Resource

Constructor syntax

Parameters

Constructor example

GatewayPluginMtlsAuth Resource Properties

Inputs

Outputs

Look up Existing GatewayPluginMtlsAuth Resource

Supporting Types

GatewayPluginMtlsAuthConfig, GatewayPluginMtlsAuthConfigArgs

GatewayPluginMtlsAuthOrdering, GatewayPluginMtlsAuthOrderingArgs

GatewayPluginMtlsAuthOrderingAfter, GatewayPluginMtlsAuthOrderingAfterArgs

GatewayPluginMtlsAuthOrderingBefore, GatewayPluginMtlsAuthOrderingBeforeArgs

GatewayPluginMtlsAuthRoute, GatewayPluginMtlsAuthRouteArgs

GatewayPluginMtlsAuthService, GatewayPluginMtlsAuthServiceArgs

Import

Package Details

On this page

On this page