Docs Home
konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong
konnect.GatewayPluginUpstreamOauth
Explore with Pulumi AI
GatewayPluginUpstreamOauth Resource
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.konnect.GatewayPluginUpstreamOauth;
import com.pulumi.konnect.GatewayPluginUpstreamOauthArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthConfigArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthConfigBehaviorArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthConfigCacheArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthConfigCacheMemoryArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthConfigCacheRedisArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthConfigClientArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthConfigOauthArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthConsumerArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthConsumerGroupArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthOrderingArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthOrderingAfterArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthOrderingBeforeArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthRouteArgs;
import com.pulumi.konnect.inputs.GatewayPluginUpstreamOauthServiceArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myGatewaypluginupstreamoauth = new GatewayPluginUpstreamOauth("myGatewaypluginupstreamoauth", GatewayPluginUpstreamOauthArgs.builder()
.config(GatewayPluginUpstreamOauthConfigArgs.builder()
.behavior(GatewayPluginUpstreamOauthConfigBehaviorArgs.builder()
.idpErrorResponseBodyTemplate("...my_idp_error_response_body_template...")
.idpErrorResponseContentType("...my_idp_error_response_content_type...")
.idpErrorResponseMessage("...my_idp_error_response_message...")
.idpErrorResponseStatusCode(576)
.purgeTokenOnUpstreamStatusCodes(373)
.upstreamAccessTokenHeaderName("...my_upstream_access_token_header_name...")
.build())
.cache(GatewayPluginUpstreamOauthConfigCacheArgs.builder()
.defaultTtl(7.94)
.eagerlyExpire(9)
.memory(GatewayPluginUpstreamOauthConfigCacheMemoryArgs.builder()
.dictionaryName("...my_dictionary_name...")
.build())
.redis(GatewayPluginUpstreamOauthConfigCacheRedisArgs.builder()
.clusterMaxRedirections(10)
.clusterNodes(GatewayPluginUpstreamOauthConfigCacheRedisClusterNodeArgs.builder()
.ip("...my_ip...")
.port(20643)
.build())
.connectTimeout(305131733)
.connectionIsProxied(true)
.database(10)
.host("...my_host...")
.keepaliveBacklog(1047987263)
.keepalivePoolSize(459234090)
.password("...my_password...")
.port(35119)
.readTimeout(245223357)
.sendTimeout(1142057358)
.sentinelMaster("...my_sentinel_master...")
.sentinelNodes(GatewayPluginUpstreamOauthConfigCacheRedisSentinelNodeArgs.builder()
.host("...my_host...")
.port(31719)
.build())
.sentinelPassword("...my_sentinel_password...")
.sentinelRole("any")
.sentinelUsername("...my_sentinel_username...")
.serverName("...my_server_name...")
.ssl(true)
.sslVerify(true)
.username("...my_username...")
.build())
.strategy("memory")
.build())
.client(GatewayPluginUpstreamOauthConfigClientArgs.builder()
.authMethod("none")
.clientSecretJwtAlg("HS256")
.httpProxy("...my_http_proxy...")
.httpProxyAuthorization("...my_http_proxy_authorization...")
.httpVersion(6.12)
.httpsProxy("...my_https_proxy...")
.httpsProxyAuthorization("...my_https_proxy_authorization...")
.keepAlive(true)
.noProxy("...my_no_proxy...")
.sslVerify(false)
.timeout(1421616738)
.build())
.oauth(GatewayPluginUpstreamOauthConfigOauthArgs.builder()
.audience("...")
.clientId("...my_client_id...")
.clientSecret("...my_client_secret...")
.grantType("password")
.password("...my_password...")
.scopes("...")
.tokenEndpoint("...my_token_endpoint...")
.tokenHeaders(Map.of("key", serializeJson(
"value")))
.tokenPostArgs(Map.of("key", serializeJson(
"value")))
.username("...my_username...")
.build())
.build())
.consumer(GatewayPluginUpstreamOauthConsumerArgs.builder()
.id("...my_id...")
.build())
.consumerGroup(GatewayPluginUpstreamOauthConsumerGroupArgs.builder()
.id("...my_id...")
.build())
.controlPlaneId("9524ec7d-36d9-465d-a8c5-83a3c9390458")
.enabled(false)
.gatewayPluginUpstreamOauthId("...my_id...")
.instanceName("...my_instance_name...")
.ordering(GatewayPluginUpstreamOauthOrderingArgs.builder()
.after(GatewayPluginUpstreamOauthOrderingAfterArgs.builder()
.access("...")
.build())
.before(GatewayPluginUpstreamOauthOrderingBeforeArgs.builder()
.access("...")
.build())
.build())
.protocols("http")
.route(GatewayPluginUpstreamOauthRouteArgs.builder()
.id("...my_id...")
.build())
.service(GatewayPluginUpstreamOauthServiceArgs.builder()
.id("...my_id...")
.build())
.tags("...")
.build());
}
}
resources:
myGatewaypluginupstreamoauth:
type: konnect:GatewayPluginUpstreamOauth
properties:
config:
behavior:
idpErrorResponseBodyTemplate: '...my_idp_error_response_body_template...'
idpErrorResponseContentType: '...my_idp_error_response_content_type...'
idpErrorResponseMessage: '...my_idp_error_response_message...'
idpErrorResponseStatusCode: 576
purgeTokenOnUpstreamStatusCodes:
- 373
upstreamAccessTokenHeaderName: '...my_upstream_access_token_header_name...'
cache:
defaultTtl: 7.94
eagerlyExpire: 9
memory:
dictionaryName: '...my_dictionary_name...'
redis:
clusterMaxRedirections: 10
clusterNodes:
- ip: '...my_ip...'
port: 20643
connectTimeout: 3.05131733e+08
connectionIsProxied: true
database: 10
host: '...my_host...'
keepaliveBacklog: 1.047987263e+09
keepalivePoolSize: 4.5923409e+08
password: '...my_password...'
port: 35119
readTimeout: 2.45223357e+08
sendTimeout: 1.142057358e+09
sentinelMaster: '...my_sentinel_master...'
sentinelNodes:
- host: '...my_host...'
port: 31719
sentinelPassword: '...my_sentinel_password...'
sentinelRole: any
sentinelUsername: '...my_sentinel_username...'
serverName: '...my_server_name...'
ssl: true
sslVerify: true
username: '...my_username...'
strategy: memory
client:
authMethod: none
clientSecretJwtAlg: HS256
httpProxy: '...my_http_proxy...'
httpProxyAuthorization: '...my_http_proxy_authorization...'
httpVersion: 6.12
httpsProxy: '...my_https_proxy...'
httpsProxyAuthorization: '...my_https_proxy_authorization...'
keepAlive: true
noProxy: '...my_no_proxy...'
sslVerify: false
timeout: 1.421616738e+09
oauth:
audience:
- '...'
clientId: '...my_client_id...'
clientSecret: '...my_client_secret...'
grantType: password
password: '...my_password...'
scopes:
- '...'
tokenEndpoint: '...my_token_endpoint...'
tokenHeaders:
key:
fn::toJSON: value
tokenPostArgs:
key:
fn::toJSON: value
username: '...my_username...'
consumer:
id: '...my_id...'
consumerGroup:
id: '...my_id...'
controlPlaneId: 9524ec7d-36d9-465d-a8c5-83a3c9390458
enabled: false
gatewayPluginUpstreamOauthId: '...my_id...'
instanceName: '...my_instance_name...'
ordering:
after:
access:
- '...'
before:
access:
- '...'
protocols:
- http
route:
id: '...my_id...'
service:
id: '...my_id...'
tags:
- '...'
Create GatewayPluginUpstreamOauth Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GatewayPluginUpstreamOauth(name: string, args: GatewayPluginUpstreamOauthArgs, opts?: CustomResourceOptions);@overload
def GatewayPluginUpstreamOauth(resource_name: str,
args: GatewayPluginUpstreamOauthArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GatewayPluginUpstreamOauth(resource_name: str,
opts: Optional[ResourceOptions] = None,
config: Optional[GatewayPluginUpstreamOauthConfigArgs] = None,
control_plane_id: Optional[str] = None,
consumer: Optional[GatewayPluginUpstreamOauthConsumerArgs] = None,
consumer_group: Optional[GatewayPluginUpstreamOauthConsumerGroupArgs] = None,
enabled: Optional[bool] = None,
gateway_plugin_upstream_oauth_id: Optional[str] = None,
instance_name: Optional[str] = None,
ordering: Optional[GatewayPluginUpstreamOauthOrderingArgs] = None,
protocols: Optional[Sequence[str]] = None,
route: Optional[GatewayPluginUpstreamOauthRouteArgs] = None,
service: Optional[GatewayPluginUpstreamOauthServiceArgs] = None,
tags: Optional[Sequence[str]] = None)func NewGatewayPluginUpstreamOauth(ctx *Context, name string, args GatewayPluginUpstreamOauthArgs, opts ...ResourceOption) (*GatewayPluginUpstreamOauth, error)public GatewayPluginUpstreamOauth(string name, GatewayPluginUpstreamOauthArgs args, CustomResourceOptions? opts = null)
public GatewayPluginUpstreamOauth(String name, GatewayPluginUpstreamOauthArgs args)
public GatewayPluginUpstreamOauth(String name, GatewayPluginUpstreamOauthArgs args, CustomResourceOptions options)
type: konnect:GatewayPluginUpstreamOauth
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GatewayPluginUpstreamOauthArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GatewayPluginUpstreamOauthArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GatewayPluginUpstreamOauthArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GatewayPluginUpstreamOauthArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GatewayPluginUpstreamOauthArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var gatewayPluginUpstreamOauthResource = new Konnect.GatewayPluginUpstreamOauth("gatewayPluginUpstreamOauthResource", new()
{
Config = new Konnect.Inputs.GatewayPluginUpstreamOauthConfigArgs
{
Behavior = new Konnect.Inputs.GatewayPluginUpstreamOauthConfigBehaviorArgs
{
IdpErrorResponseBodyTemplate = "string",
IdpErrorResponseContentType = "string",
IdpErrorResponseMessage = "string",
IdpErrorResponseStatusCode = 0,
PurgeTokenOnUpstreamStatusCodes = new[]
{
0,
},
UpstreamAccessTokenHeaderName = "string",
},
Cache = new Konnect.Inputs.GatewayPluginUpstreamOauthConfigCacheArgs
{
DefaultTtl = 0,
EagerlyExpire = 0,
Memory = new Konnect.Inputs.GatewayPluginUpstreamOauthConfigCacheMemoryArgs
{
DictionaryName = "string",
},
Redis = new Konnect.Inputs.GatewayPluginUpstreamOauthConfigCacheRedisArgs
{
ClusterMaxRedirections = 0,
ClusterNodes = new[]
{
new Konnect.Inputs.GatewayPluginUpstreamOauthConfigCacheRedisClusterNodeArgs
{
Ip = "string",
Port = 0,
},
},
ConnectTimeout = 0,
ConnectionIsProxied = false,
Database = 0,
Host = "string",
KeepaliveBacklog = 0,
KeepalivePoolSize = 0,
Password = "string",
Port = 0,
ReadTimeout = 0,
SendTimeout = 0,
SentinelMaster = "string",
SentinelNodes = new[]
{
new Konnect.Inputs.GatewayPluginUpstreamOauthConfigCacheRedisSentinelNodeArgs
{
Host = "string",
Port = 0,
},
},
SentinelPassword = "string",
SentinelRole = "string",
SentinelUsername = "string",
ServerName = "string",
Ssl = false,
SslVerify = false,
Username = "string",
},
Strategy = "string",
},
Client = new Konnect.Inputs.GatewayPluginUpstreamOauthConfigClientArgs
{
AuthMethod = "string",
ClientSecretJwtAlg = "string",
HttpProxy = "string",
HttpProxyAuthorization = "string",
HttpVersion = 0,
HttpsProxy = "string",
HttpsProxyAuthorization = "string",
KeepAlive = false,
NoProxy = "string",
SslVerify = false,
Timeout = 0,
},
Oauth = new Konnect.Inputs.GatewayPluginUpstreamOauthConfigOauthArgs
{
Audiences = new[]
{
"string",
},
ClientId = "string",
ClientSecret = "string",
GrantType = "string",
Password = "string",
Scopes = new[]
{
"string",
},
TokenEndpoint = "string",
TokenHeaders =
{
{ "string", "string" },
},
TokenPostArgs =
{
{ "string", "string" },
},
Username = "string",
},
},
ControlPlaneId = "string",
Consumer = new Konnect.Inputs.GatewayPluginUpstreamOauthConsumerArgs
{
Id = "string",
},
ConsumerGroup = new Konnect.Inputs.GatewayPluginUpstreamOauthConsumerGroupArgs
{
Id = "string",
},
Enabled = false,
GatewayPluginUpstreamOauthId = "string",
InstanceName = "string",
Ordering = new Konnect.Inputs.GatewayPluginUpstreamOauthOrderingArgs
{
After = new Konnect.Inputs.GatewayPluginUpstreamOauthOrderingAfterArgs
{
Accesses = new[]
{
"string",
},
},
Before = new Konnect.Inputs.GatewayPluginUpstreamOauthOrderingBeforeArgs
{
Accesses = new[]
{
"string",
},
},
},
Protocols = new[]
{
"string",
},
Route = new Konnect.Inputs.GatewayPluginUpstreamOauthRouteArgs
{
Id = "string",
},
Service = new Konnect.Inputs.GatewayPluginUpstreamOauthServiceArgs
{
Id = "string",
},
Tags = new[]
{
"string",
},
});
example, err := konnect.NewGatewayPluginUpstreamOauth(ctx, "gatewayPluginUpstreamOauthResource", &konnect.GatewayPluginUpstreamOauthArgs{
Config: &.GatewayPluginUpstreamOauthConfigArgs{
Behavior: &.GatewayPluginUpstreamOauthConfigBehaviorArgs{
IdpErrorResponseBodyTemplate: pulumi.String("string"),
IdpErrorResponseContentType: pulumi.String("string"),
IdpErrorResponseMessage: pulumi.String("string"),
IdpErrorResponseStatusCode: pulumi.Float64(0),
PurgeTokenOnUpstreamStatusCodes: pulumi.Float64Array{
pulumi.Float64(0),
},
UpstreamAccessTokenHeaderName: pulumi.String("string"),
},
Cache: &.GatewayPluginUpstreamOauthConfigCacheArgs{
DefaultTtl: pulumi.Float64(0),
EagerlyExpire: pulumi.Float64(0),
Memory: &.GatewayPluginUpstreamOauthConfigCacheMemoryArgs{
DictionaryName: pulumi.String("string"),
},
Redis: &.GatewayPluginUpstreamOauthConfigCacheRedisArgs{
ClusterMaxRedirections: pulumi.Float64(0),
ClusterNodes: .GatewayPluginUpstreamOauthConfigCacheRedisClusterNodeArray{
&.GatewayPluginUpstreamOauthConfigCacheRedisClusterNodeArgs{
Ip: pulumi.String("string"),
Port: pulumi.Float64(0),
},
},
ConnectTimeout: pulumi.Float64(0),
ConnectionIsProxied: pulumi.Bool(false),
Database: pulumi.Float64(0),
Host: pulumi.String("string"),
KeepaliveBacklog: pulumi.Float64(0),
KeepalivePoolSize: pulumi.Float64(0),
Password: pulumi.String("string"),
Port: pulumi.Float64(0),
ReadTimeout: pulumi.Float64(0),
SendTimeout: pulumi.Float64(0),
SentinelMaster: pulumi.String("string"),
SentinelNodes: .GatewayPluginUpstreamOauthConfigCacheRedisSentinelNodeArray{
&.GatewayPluginUpstreamOauthConfigCacheRedisSentinelNodeArgs{
Host: pulumi.String("string"),
Port: pulumi.Float64(0),
},
},
SentinelPassword: pulumi.String("string"),
SentinelRole: pulumi.String("string"),
SentinelUsername: pulumi.String("string"),
ServerName: pulumi.String("string"),
Ssl: pulumi.Bool(false),
SslVerify: pulumi.Bool(false),
Username: pulumi.String("string"),
},
Strategy: pulumi.String("string"),
},
Client: &.GatewayPluginUpstreamOauthConfigClientArgs{
AuthMethod: pulumi.String("string"),
ClientSecretJwtAlg: pulumi.String("string"),
HttpProxy: pulumi.String("string"),
HttpProxyAuthorization: pulumi.String("string"),
HttpVersion: pulumi.Float64(0),
HttpsProxy: pulumi.String("string"),
HttpsProxyAuthorization: pulumi.String("string"),
KeepAlive: pulumi.Bool(false),
NoProxy: pulumi.String("string"),
SslVerify: pulumi.Bool(false),
Timeout: pulumi.Float64(0),
},
Oauth: &.GatewayPluginUpstreamOauthConfigOauthArgs{
Audiences: pulumi.StringArray{
pulumi.String("string"),
},
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
GrantType: pulumi.String("string"),
Password: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
TokenEndpoint: pulumi.String("string"),
TokenHeaders: pulumi.StringMap{
"string": pulumi.String("string"),
},
TokenPostArgs: pulumi.StringMap{
"string": pulumi.String("string"),
},
Username: pulumi.String("string"),
},
},
ControlPlaneId: pulumi.String("string"),
Consumer: &.GatewayPluginUpstreamOauthConsumerArgs{
Id: pulumi.String("string"),
},
ConsumerGroup: &.GatewayPluginUpstreamOauthConsumerGroupArgs{
Id: pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
GatewayPluginUpstreamOauthId: pulumi.String("string"),
InstanceName: pulumi.String("string"),
Ordering: &.GatewayPluginUpstreamOauthOrderingArgs{
After: &.GatewayPluginUpstreamOauthOrderingAfterArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
Before: &.GatewayPluginUpstreamOauthOrderingBeforeArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Protocols: pulumi.StringArray{
pulumi.String("string"),
},
Route: &.GatewayPluginUpstreamOauthRouteArgs{
Id: pulumi.String("string"),
},
Service: &.GatewayPluginUpstreamOauthServiceArgs{
Id: pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
})
var gatewayPluginUpstreamOauthResource = new GatewayPluginUpstreamOauth("gatewayPluginUpstreamOauthResource", GatewayPluginUpstreamOauthArgs.builder()
.config(GatewayPluginUpstreamOauthConfigArgs.builder()
.behavior(GatewayPluginUpstreamOauthConfigBehaviorArgs.builder()
.idpErrorResponseBodyTemplate("string")
.idpErrorResponseContentType("string")
.idpErrorResponseMessage("string")
.idpErrorResponseStatusCode(0)
.purgeTokenOnUpstreamStatusCodes(0)
.upstreamAccessTokenHeaderName("string")
.build())
.cache(GatewayPluginUpstreamOauthConfigCacheArgs.builder()
.defaultTtl(0)
.eagerlyExpire(0)
.memory(GatewayPluginUpstreamOauthConfigCacheMemoryArgs.builder()
.dictionaryName("string")
.build())
.redis(GatewayPluginUpstreamOauthConfigCacheRedisArgs.builder()
.clusterMaxRedirections(0)
.clusterNodes(GatewayPluginUpstreamOauthConfigCacheRedisClusterNodeArgs.builder()
.ip("string")
.port(0)
.build())
.connectTimeout(0)
.connectionIsProxied(false)
.database(0)
.host("string")
.keepaliveBacklog(0)
.keepalivePoolSize(0)
.password("string")
.port(0)
.readTimeout(0)
.sendTimeout(0)
.sentinelMaster("string")
.sentinelNodes(GatewayPluginUpstreamOauthConfigCacheRedisSentinelNodeArgs.builder()
.host("string")
.port(0)
.build())
.sentinelPassword("string")
.sentinelRole("string")
.sentinelUsername("string")
.serverName("string")
.ssl(false)
.sslVerify(false)
.username("string")
.build())
.strategy("string")
.build())
.client(GatewayPluginUpstreamOauthConfigClientArgs.builder()
.authMethod("string")
.clientSecretJwtAlg("string")
.httpProxy("string")
.httpProxyAuthorization("string")
.httpVersion(0)
.httpsProxy("string")
.httpsProxyAuthorization("string")
.keepAlive(false)
.noProxy("string")
.sslVerify(false)
.timeout(0)
.build())
.oauth(GatewayPluginUpstreamOauthConfigOauthArgs.builder()
.audiences("string")
.clientId("string")
.clientSecret("string")
.grantType("string")
.password("string")
.scopes("string")
.tokenEndpoint("string")
.tokenHeaders(Map.of("string", "string"))
.tokenPostArgs(Map.of("string", "string"))
.username("string")
.build())
.build())
.controlPlaneId("string")
.consumer(GatewayPluginUpstreamOauthConsumerArgs.builder()
.id("string")
.build())
.consumerGroup(GatewayPluginUpstreamOauthConsumerGroupArgs.builder()
.id("string")
.build())
.enabled(false)
.gatewayPluginUpstreamOauthId("string")
.instanceName("string")
.ordering(GatewayPluginUpstreamOauthOrderingArgs.builder()
.after(GatewayPluginUpstreamOauthOrderingAfterArgs.builder()
.accesses("string")
.build())
.before(GatewayPluginUpstreamOauthOrderingBeforeArgs.builder()
.accesses("string")
.build())
.build())
.protocols("string")
.route(GatewayPluginUpstreamOauthRouteArgs.builder()
.id("string")
.build())
.service(GatewayPluginUpstreamOauthServiceArgs.builder()
.id("string")
.build())
.tags("string")
.build());
gateway_plugin_upstream_oauth_resource = konnect.GatewayPluginUpstreamOauth("gatewayPluginUpstreamOauthResource",
config={
"behavior": {
"idp_error_response_body_template": "string",
"idp_error_response_content_type": "string",
"idp_error_response_message": "string",
"idp_error_response_status_code": 0,
"purge_token_on_upstream_status_codes": [0],
"upstream_access_token_header_name": "string",
},
"cache": {
"default_ttl": 0,
"eagerly_expire": 0,
"memory": {
"dictionary_name": "string",
},
"redis": {
"cluster_max_redirections": 0,
"cluster_nodes": [{
"ip": "string",
"port": 0,
}],
"connect_timeout": 0,
"connection_is_proxied": False,
"database": 0,
"host": "string",
"keepalive_backlog": 0,
"keepalive_pool_size": 0,
"password": "string",
"port": 0,
"read_timeout": 0,
"send_timeout": 0,
"sentinel_master": "string",
"sentinel_nodes": [{
"host": "string",
"port": 0,
}],
"sentinel_password": "string",
"sentinel_role": "string",
"sentinel_username": "string",
"server_name": "string",
"ssl": False,
"ssl_verify": False,
"username": "string",
},
"strategy": "string",
},
"client": {
"auth_method": "string",
"client_secret_jwt_alg": "string",
"http_proxy": "string",
"http_proxy_authorization": "string",
"http_version": 0,
"https_proxy": "string",
"https_proxy_authorization": "string",
"keep_alive": False,
"no_proxy": "string",
"ssl_verify": False,
"timeout": 0,
},
"oauth": {
"audiences": ["string"],
"client_id": "string",
"client_secret": "string",
"grant_type": "string",
"password": "string",
"scopes": ["string"],
"token_endpoint": "string",
"token_headers": {
"string": "string",
},
"token_post_args": {
"string": "string",
},
"username": "string",
},
},
control_plane_id="string",
consumer={
"id": "string",
},
consumer_group={
"id": "string",
},
enabled=False,
gateway_plugin_upstream_oauth_id="string",
instance_name="string",
ordering={
"after": {
"accesses": ["string"],
},
"before": {
"accesses": ["string"],
},
},
protocols=["string"],
route={
"id": "string",
},
service={
"id": "string",
},
tags=["string"])
const gatewayPluginUpstreamOauthResource = new konnect.GatewayPluginUpstreamOauth("gatewayPluginUpstreamOauthResource", {
config: {
behavior: {
idpErrorResponseBodyTemplate: "string",
idpErrorResponseContentType: "string",
idpErrorResponseMessage: "string",
idpErrorResponseStatusCode: 0,
purgeTokenOnUpstreamStatusCodes: [0],
upstreamAccessTokenHeaderName: "string",
},
cache: {
defaultTtl: 0,
eagerlyExpire: 0,
memory: {
dictionaryName: "string",
},
redis: {
clusterMaxRedirections: 0,
clusterNodes: [{
ip: "string",
port: 0,
}],
connectTimeout: 0,
connectionIsProxied: false,
database: 0,
host: "string",
keepaliveBacklog: 0,
keepalivePoolSize: 0,
password: "string",
port: 0,
readTimeout: 0,
sendTimeout: 0,
sentinelMaster: "string",
sentinelNodes: [{
host: "string",
port: 0,
}],
sentinelPassword: "string",
sentinelRole: "string",
sentinelUsername: "string",
serverName: "string",
ssl: false,
sslVerify: false,
username: "string",
},
strategy: "string",
},
client: {
authMethod: "string",
clientSecretJwtAlg: "string",
httpProxy: "string",
httpProxyAuthorization: "string",
httpVersion: 0,
httpsProxy: "string",
httpsProxyAuthorization: "string",
keepAlive: false,
noProxy: "string",
sslVerify: false,
timeout: 0,
},
oauth: {
audiences: ["string"],
clientId: "string",
clientSecret: "string",
grantType: "string",
password: "string",
scopes: ["string"],
tokenEndpoint: "string",
tokenHeaders: {
string: "string",
},
tokenPostArgs: {
string: "string",
},
username: "string",
},
},
controlPlaneId: "string",
consumer: {
id: "string",
},
consumerGroup: {
id: "string",
},
enabled: false,
gatewayPluginUpstreamOauthId: "string",
instanceName: "string",
ordering: {
after: {
accesses: ["string"],
},
before: {
accesses: ["string"],
},
},
protocols: ["string"],
route: {
id: "string",
},
service: {
id: "string",
},
tags: ["string"],
});
type: konnect:GatewayPluginUpstreamOauth
properties:
config:
behavior:
idpErrorResponseBodyTemplate: string
idpErrorResponseContentType: string
idpErrorResponseMessage: string
idpErrorResponseStatusCode: 0
purgeTokenOnUpstreamStatusCodes:
- 0
upstreamAccessTokenHeaderName: string
cache:
defaultTtl: 0
eagerlyExpire: 0
memory:
dictionaryName: string
redis:
clusterMaxRedirections: 0
clusterNodes:
- ip: string
port: 0
connectTimeout: 0
connectionIsProxied: false
database: 0
host: string
keepaliveBacklog: 0
keepalivePoolSize: 0
password: string
port: 0
readTimeout: 0
sendTimeout: 0
sentinelMaster: string
sentinelNodes:
- host: string
port: 0
sentinelPassword: string
sentinelRole: string
sentinelUsername: string
serverName: string
ssl: false
sslVerify: false
username: string
strategy: string
client:
authMethod: string
clientSecretJwtAlg: string
httpProxy: string
httpProxyAuthorization: string
httpVersion: 0
httpsProxy: string
httpsProxyAuthorization: string
keepAlive: false
noProxy: string
sslVerify: false
timeout: 0
oauth:
audiences:
- string
clientId: string
clientSecret: string
grantType: string
password: string
scopes:
- string
tokenEndpoint: string
tokenHeaders:
string: string
tokenPostArgs:
string: string
username: string
consumer:
id: string
consumerGroup:
id: string
controlPlaneId: string
enabled: false
gatewayPluginUpstreamOauthId: string
instanceName: string
ordering:
after:
accesses:
- string
before:
accesses:
- string
protocols:
- string
route:
id: string
service:
id: string
tags:
- string
GatewayPluginUpstreamOauth Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GatewayPluginUpstreamOauth resource accepts the following input properties:
- Config
Gateway
Plugin Upstream Oauth Config - Control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- Consumer
Gateway
Plugin Upstream Oauth Consumer - If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.
- Consumer
Group GatewayPlugin Upstream Oauth Consumer Group - If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups
- Enabled bool
- Whether the plugin is applied.
- Gateway
Plugin stringUpstream Oauth Id - The ID of this resource.
- Instance
Name string - Ordering
Gateway
Plugin Upstream Oauth Ordering - Protocols List<string>
- A set of strings representing HTTP protocols.
- Route
Gateway
Plugin Upstream Oauth Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- Service
Gateway
Plugin Upstream Oauth Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<string>
- An optional set of strings associated with the Plugin for grouping and filtering.
- Config
Gateway
Plugin Upstream Oauth Config Args - Control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- Consumer
Gateway
Plugin Upstream Oauth Consumer Args - If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.
- Consumer
Group GatewayPlugin Upstream Oauth Consumer Group Args - If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups
- Enabled bool
- Whether the plugin is applied.
- Gateway
Plugin stringUpstream Oauth Id - The ID of this resource.
- Instance
Name string - Ordering
Gateway
Plugin Upstream Oauth Ordering Args - Protocols []string
- A set of strings representing HTTP protocols.
- Route
Gateway
Plugin Upstream Oauth Route Args - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- Service
Gateway
Plugin Upstream Oauth Service Args - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- []string
- An optional set of strings associated with the Plugin for grouping and filtering.
- config
Gateway
Plugin Upstream Oauth Config - control
Plane StringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- consumer
Gateway
Plugin Upstream Oauth Consumer - If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.
- consumer
Group GatewayPlugin Upstream Oauth Consumer Group - If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups
- enabled Boolean
- Whether the plugin is applied.
- gateway
Plugin StringUpstream Oauth Id - The ID of this resource.
- instance
Name String - ordering
Gateway
Plugin Upstream Oauth Ordering - protocols List<String>
- A set of strings representing HTTP protocols.
- route
Gateway
Plugin Upstream Oauth Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Upstream Oauth Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<String>
- An optional set of strings associated with the Plugin for grouping and filtering.
- config
Gateway
Plugin Upstream Oauth Config - control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- consumer
Gateway
Plugin Upstream Oauth Consumer - If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.
- consumer
Group GatewayPlugin Upstream Oauth Consumer Group - If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups
- enabled boolean
- Whether the plugin is applied.
- gateway
Plugin stringUpstream Oauth Id - The ID of this resource.
- instance
Name string - ordering
Gateway
Plugin Upstream Oauth Ordering - protocols string[]
- A set of strings representing HTTP protocols.
- route
Gateway
Plugin Upstream Oauth Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Upstream Oauth Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- string[]
- An optional set of strings associated with the Plugin for grouping and filtering.
- config
Gateway
Plugin Upstream Oauth Config Args - control_
plane_ strid - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- consumer
Gateway
Plugin Upstream Oauth Consumer Args - If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.
- consumer_
group GatewayPlugin Upstream Oauth Consumer Group Args - If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups
- enabled bool
- Whether the plugin is applied.
- gateway_
plugin_ strupstream_ oauth_ id - The ID of this resource.
- instance_
name str - ordering
Gateway
Plugin Upstream Oauth Ordering Args - protocols Sequence[str]
- A set of strings representing HTTP protocols.
- route
Gateway
Plugin Upstream Oauth Route Args - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Upstream Oauth Service Args - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- Sequence[str]
- An optional set of strings associated with the Plugin for grouping and filtering.
- config Property Map
- control
Plane StringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- consumer Property Map
- If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.
- consumer
Group Property Map - If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups
- enabled Boolean
- Whether the plugin is applied.
- gateway
Plugin StringUpstream Oauth Id - The ID of this resource.
- instance
Name String - ordering Property Map
- protocols List<String>
- A set of strings representing HTTP protocols.
- route Property Map
- If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service Property Map
- If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<String>
- An optional set of strings associated with the Plugin for grouping and filtering.
Outputs
All input properties are implicitly available as output properties. Additionally, the GatewayPluginUpstreamOauth resource produces the following output properties:
- created_
at float - Unix epoch when the resource was created.
- id str
- The provider-assigned unique ID for this managed resource.
- updated_
at float - Unix epoch when the resource was last updated.
Look up Existing GatewayPluginUpstreamOauth Resource
Get an existing GatewayPluginUpstreamOauth resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GatewayPluginUpstreamOauthState, opts?: CustomResourceOptions): GatewayPluginUpstreamOauth@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
config: Optional[GatewayPluginUpstreamOauthConfigArgs] = None,
consumer: Optional[GatewayPluginUpstreamOauthConsumerArgs] = None,
consumer_group: Optional[GatewayPluginUpstreamOauthConsumerGroupArgs] = None,
control_plane_id: Optional[str] = None,
created_at: Optional[float] = None,
enabled: Optional[bool] = None,
gateway_plugin_upstream_oauth_id: Optional[str] = None,
instance_name: Optional[str] = None,
ordering: Optional[GatewayPluginUpstreamOauthOrderingArgs] = None,
protocols: Optional[Sequence[str]] = None,
route: Optional[GatewayPluginUpstreamOauthRouteArgs] = None,
service: Optional[GatewayPluginUpstreamOauthServiceArgs] = None,
tags: Optional[Sequence[str]] = None,
updated_at: Optional[float] = None) -> GatewayPluginUpstreamOauthfunc GetGatewayPluginUpstreamOauth(ctx *Context, name string, id IDInput, state *GatewayPluginUpstreamOauthState, opts ...ResourceOption) (*GatewayPluginUpstreamOauth, error)public static GatewayPluginUpstreamOauth Get(string name, Input<string> id, GatewayPluginUpstreamOauthState? state, CustomResourceOptions? opts = null)public static GatewayPluginUpstreamOauth get(String name, Output<String> id, GatewayPluginUpstreamOauthState state, CustomResourceOptions options)resources: _: type: konnect:GatewayPluginUpstreamOauth get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Config
Gateway
Plugin Upstream Oauth Config - Consumer
Gateway
Plugin Upstream Oauth Consumer - If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.
- Consumer
Group GatewayPlugin Upstream Oauth Consumer Group - If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups
- Control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- Created
At double - Unix epoch when the resource was created.
- Enabled bool
- Whether the plugin is applied.
- Gateway
Plugin stringUpstream Oauth Id - The ID of this resource.
- Instance
Name string - Ordering
Gateway
Plugin Upstream Oauth Ordering - Protocols List<string>
- A set of strings representing HTTP protocols.
- Route
Gateway
Plugin Upstream Oauth Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- Service
Gateway
Plugin Upstream Oauth Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<string>
- An optional set of strings associated with the Plugin for grouping and filtering.
- Updated
At double - Unix epoch when the resource was last updated.
- Config
Gateway
Plugin Upstream Oauth Config Args - Consumer
Gateway
Plugin Upstream Oauth Consumer Args - If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.
- Consumer
Group GatewayPlugin Upstream Oauth Consumer Group Args - If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups
- Control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- Created
At float64 - Unix epoch when the resource was created.
- Enabled bool
- Whether the plugin is applied.
- Gateway
Plugin stringUpstream Oauth Id - The ID of this resource.
- Instance
Name string - Ordering
Gateway
Plugin Upstream Oauth Ordering Args - Protocols []string
- A set of strings representing HTTP protocols.
- Route
Gateway
Plugin Upstream Oauth Route Args - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- Service
Gateway
Plugin Upstream Oauth Service Args - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- []string
- An optional set of strings associated with the Plugin for grouping and filtering.
- Updated
At float64 - Unix epoch when the resource was last updated.
- config
Gateway
Plugin Upstream Oauth Config - consumer
Gateway
Plugin Upstream Oauth Consumer - If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.
- consumer
Group GatewayPlugin Upstream Oauth Consumer Group - If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups
- control
Plane StringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- created
At Double - Unix epoch when the resource was created.
- enabled Boolean
- Whether the plugin is applied.
- gateway
Plugin StringUpstream Oauth Id - The ID of this resource.
- instance
Name String - ordering
Gateway
Plugin Upstream Oauth Ordering - protocols List<String>
- A set of strings representing HTTP protocols.
- route
Gateway
Plugin Upstream Oauth Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Upstream Oauth Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<String>
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated
At Double - Unix epoch when the resource was last updated.
- config
Gateway
Plugin Upstream Oauth Config - consumer
Gateway
Plugin Upstream Oauth Consumer - If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.
- consumer
Group GatewayPlugin Upstream Oauth Consumer Group - If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups
- control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- created
At number - Unix epoch when the resource was created.
- enabled boolean
- Whether the plugin is applied.
- gateway
Plugin stringUpstream Oauth Id - The ID of this resource.
- instance
Name string - ordering
Gateway
Plugin Upstream Oauth Ordering - protocols string[]
- A set of strings representing HTTP protocols.
- route
Gateway
Plugin Upstream Oauth Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Upstream Oauth Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- string[]
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated
At number - Unix epoch when the resource was last updated.
- config
Gateway
Plugin Upstream Oauth Config Args - consumer
Gateway
Plugin Upstream Oauth Consumer Args - If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.
- consumer_
group GatewayPlugin Upstream Oauth Consumer Group Args - If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups
- control_
plane_ strid - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- created_
at float - Unix epoch when the resource was created.
- enabled bool
- Whether the plugin is applied.
- gateway_
plugin_ strupstream_ oauth_ id - The ID of this resource.
- instance_
name str - ordering
Gateway
Plugin Upstream Oauth Ordering Args - protocols Sequence[str]
- A set of strings representing HTTP protocols.
- route
Gateway
Plugin Upstream Oauth Route Args - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Upstream Oauth Service Args - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- Sequence[str]
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated_
at float - Unix epoch when the resource was last updated.
- config Property Map
- consumer Property Map
- If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.
- consumer
Group Property Map - If set, the plugin will activate only for requests where the specified consumer group has been authenticated. (Note that some plugins can not be restricted to consumers groups this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer Groups
- control
Plane StringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- created
At Number - Unix epoch when the resource was created.
- enabled Boolean
- Whether the plugin is applied.
- gateway
Plugin StringUpstream Oauth Id - The ID of this resource.
- instance
Name String - ordering Property Map
- protocols List<String>
- A set of strings representing HTTP protocols.
- route Property Map
- If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service Property Map
- If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<String>
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated
At Number - Unix epoch when the resource was last updated.
Supporting Types
GatewayPluginUpstreamOauthConfig, GatewayPluginUpstreamOauthConfigArgs
GatewayPluginUpstreamOauthConfigBehavior, GatewayPluginUpstreamOauthConfigBehaviorArgs
- Idp
Error stringResponse Body Template - The template to use to create the body of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- Idp
Error stringResponse Content Type - The Content-Type of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- Idp
Error stringResponse Message - The message to embed in the body of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- Idp
Error doubleResponse Status Code - The response code to return to the consumer if Kong fails to obtain a token from the IdP.
- Purge
Token List<double>On Upstream Status Codes - An array of status codes which will force an access token to be purged when returned by the upstream. An empty array will disable this functionality.
- Upstream
Access stringToken Header Name - The name of the header used to send the access token (obtained from the IdP) to the upstream service.
- Idp
Error stringResponse Body Template - The template to use to create the body of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- Idp
Error stringResponse Content Type - The Content-Type of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- Idp
Error stringResponse Message - The message to embed in the body of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- Idp
Error float64Response Status Code - The response code to return to the consumer if Kong fails to obtain a token from the IdP.
- Purge
Token []float64On Upstream Status Codes - An array of status codes which will force an access token to be purged when returned by the upstream. An empty array will disable this functionality.
- Upstream
Access stringToken Header Name - The name of the header used to send the access token (obtained from the IdP) to the upstream service.
- idp
Error StringResponse Body Template - The template to use to create the body of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- idp
Error StringResponse Content Type - The Content-Type of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- idp
Error StringResponse Message - The message to embed in the body of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- idp
Error DoubleResponse Status Code - The response code to return to the consumer if Kong fails to obtain a token from the IdP.
- purge
Token List<Double>On Upstream Status Codes - An array of status codes which will force an access token to be purged when returned by the upstream. An empty array will disable this functionality.
- upstream
Access StringToken Header Name - The name of the header used to send the access token (obtained from the IdP) to the upstream service.
- idp
Error stringResponse Body Template - The template to use to create the body of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- idp
Error stringResponse Content Type - The Content-Type of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- idp
Error stringResponse Message - The message to embed in the body of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- idp
Error numberResponse Status Code - The response code to return to the consumer if Kong fails to obtain a token from the IdP.
- purge
Token number[]On Upstream Status Codes - An array of status codes which will force an access token to be purged when returned by the upstream. An empty array will disable this functionality.
- upstream
Access stringToken Header Name - The name of the header used to send the access token (obtained from the IdP) to the upstream service.
- idp_
error_ strresponse_ body_ template - The template to use to create the body of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- idp_
error_ strresponse_ content_ type - The Content-Type of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- idp_
error_ strresponse_ message - The message to embed in the body of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- idp_
error_ floatresponse_ status_ code - The response code to return to the consumer if Kong fails to obtain a token from the IdP.
- purge_
token_ Sequence[float]on_ upstream_ status_ codes - An array of status codes which will force an access token to be purged when returned by the upstream. An empty array will disable this functionality.
- upstream_
access_ strtoken_ header_ name - The name of the header used to send the access token (obtained from the IdP) to the upstream service.
- idp
Error StringResponse Body Template - The template to use to create the body of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- idp
Error StringResponse Content Type - The Content-Type of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- idp
Error StringResponse Message - The message to embed in the body of the response to return to the consumer if Kong fails to obtain a token from the IdP.
- idp
Error NumberResponse Status Code - The response code to return to the consumer if Kong fails to obtain a token from the IdP.
- purge
Token List<Number>On Upstream Status Codes - An array of status codes which will force an access token to be purged when returned by the upstream. An empty array will disable this functionality.
- upstream
Access StringToken Header Name - The name of the header used to send the access token (obtained from the IdP) to the upstream service.
GatewayPluginUpstreamOauthConfigCache, GatewayPluginUpstreamOauthConfigCacheArgs
- Default
Ttl double - The lifetime of a token without an explicit
expires_invalue. - Eagerly
Expire double - The number of seconds to eagerly expire a cached token. By default, a cached token expires 5 seconds before its lifetime as defined in
expires_in. - Memory
Gateway
Plugin Upstream Oauth Config Cache Memory - Redis
Gateway
Plugin Upstream Oauth Config Cache Redis - Strategy string
- The method Kong should use to cache tokens issued by the IdP. must be one of ["memory", "redis"]
- Default
Ttl float64 - The lifetime of a token without an explicit
expires_invalue. - Eagerly
Expire float64 - The number of seconds to eagerly expire a cached token. By default, a cached token expires 5 seconds before its lifetime as defined in
expires_in. - Memory
Gateway
Plugin Upstream Oauth Config Cache Memory - Redis
Gateway
Plugin Upstream Oauth Config Cache Redis - Strategy string
- The method Kong should use to cache tokens issued by the IdP. must be one of ["memory", "redis"]
- default
Ttl Double - The lifetime of a token without an explicit
expires_invalue. - eagerly
Expire Double - The number of seconds to eagerly expire a cached token. By default, a cached token expires 5 seconds before its lifetime as defined in
expires_in. - memory
Gateway
Plugin Upstream Oauth Config Cache Memory - redis
Gateway
Plugin Upstream Oauth Config Cache Redis - strategy String
- The method Kong should use to cache tokens issued by the IdP. must be one of ["memory", "redis"]
- default
Ttl number - The lifetime of a token without an explicit
expires_invalue. - eagerly
Expire number - The number of seconds to eagerly expire a cached token. By default, a cached token expires 5 seconds before its lifetime as defined in
expires_in. - memory
Gateway
Plugin Upstream Oauth Config Cache Memory - redis
Gateway
Plugin Upstream Oauth Config Cache Redis - strategy string
- The method Kong should use to cache tokens issued by the IdP. must be one of ["memory", "redis"]
- default_
ttl float - The lifetime of a token without an explicit
expires_invalue. - eagerly_
expire float - The number of seconds to eagerly expire a cached token. By default, a cached token expires 5 seconds before its lifetime as defined in
expires_in. - memory
Gateway
Plugin Upstream Oauth Config Cache Memory - redis
Gateway
Plugin Upstream Oauth Config Cache Redis - strategy str
- The method Kong should use to cache tokens issued by the IdP. must be one of ["memory", "redis"]
- default
Ttl Number - The lifetime of a token without an explicit
expires_invalue. - eagerly
Expire Number - The number of seconds to eagerly expire a cached token. By default, a cached token expires 5 seconds before its lifetime as defined in
expires_in. - memory Property Map
- redis Property Map
- strategy String
- The method Kong should use to cache tokens issued by the IdP. must be one of ["memory", "redis"]
GatewayPluginUpstreamOauthConfigCacheMemory, GatewayPluginUpstreamOauthConfigCacheMemoryArgs
- Dictionary
Name string - The shared dictionary used by the plugin to cache tokens if
config.cache.strategyis set tomemory.
- Dictionary
Name string - The shared dictionary used by the plugin to cache tokens if
config.cache.strategyis set tomemory.
- dictionary
Name String - The shared dictionary used by the plugin to cache tokens if
config.cache.strategyis set tomemory.
- dictionary
Name string - The shared dictionary used by the plugin to cache tokens if
config.cache.strategyis set tomemory.
- dictionary_
name str - The shared dictionary used by the plugin to cache tokens if
config.cache.strategyis set tomemory.
- dictionary
Name String - The shared dictionary used by the plugin to cache tokens if
config.cache.strategyis set tomemory.
GatewayPluginUpstreamOauthConfigCacheRedis, GatewayPluginUpstreamOauthConfigCacheRedisArgs
- Cluster
Max doubleRedirections - Maximum retry attempts for redirection.
- Cluster
Nodes List<GatewayPlugin Upstream Oauth Config Cache Redis Cluster Node> - Cluster addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Cluster. The minimum length of the array is 1 element. - Connect
Timeout double - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- Connection
Is boolProxied - If the connection to Redis is proxied (e.g. Envoy), set it
true. Set thehostandportto point to the proxy address. - Database double
- Database to use for the Redis connection when using the
redisstrategy - Host string
- A string representing a host name, such as example.com.
- Keepalive
Backlog double - Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size. - Keepalive
Pool doubleSize - The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_sizenorkeepalive_backlogis specified, no pool is created. Ifkeepalive_pool_sizeisn't specified butkeepalive_backlogis specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low. - Password string
- Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
- Port double
- An integer representing a port number between 0 and 65535, inclusive.
- Read
Timeout double - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- Send
Timeout double - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- Sentinel
Master string - Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
- Sentinel
Nodes List<GatewayPlugin Upstream Oauth Config Cache Redis Sentinel Node> - Sentinel node addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Sentinel. The minimum length of the array is 1 element. - Sentinel
Password string - Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
- Sentinel
Role string - Sentinel role to use for Redis connections when the
redisstrategy is defined. Defining this value implies using Redis Sentinel. must be one of ["any", "master", "slave"] - Sentinel
Username string - Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won't be performed. This requires Redis v6.2.0+.
- Server
Name string - A string representing an SNI (server name indication) value for TLS.
- Ssl bool
- If set to true, uses SSL to connect to Redis.
- Ssl
Verify bool - If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificateinkong.confto specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depthaccordingly. - Username string
- Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default.
- Cluster
Max float64Redirections - Maximum retry attempts for redirection.
- Cluster
Nodes []GatewayPlugin Upstream Oauth Config Cache Redis Cluster Node - Cluster addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Cluster. The minimum length of the array is 1 element. - Connect
Timeout float64 - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- Connection
Is boolProxied - If the connection to Redis is proxied (e.g. Envoy), set it
true. Set thehostandportto point to the proxy address. - Database float64
- Database to use for the Redis connection when using the
redisstrategy - Host string
- A string representing a host name, such as example.com.
- Keepalive
Backlog float64 - Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size. - Keepalive
Pool float64Size - The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_sizenorkeepalive_backlogis specified, no pool is created. Ifkeepalive_pool_sizeisn't specified butkeepalive_backlogis specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low. - Password string
- Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
- Port float64
- An integer representing a port number between 0 and 65535, inclusive.
- Read
Timeout float64 - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- Send
Timeout float64 - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- Sentinel
Master string - Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
- Sentinel
Nodes []GatewayPlugin Upstream Oauth Config Cache Redis Sentinel Node - Sentinel node addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Sentinel. The minimum length of the array is 1 element. - Sentinel
Password string - Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
- Sentinel
Role string - Sentinel role to use for Redis connections when the
redisstrategy is defined. Defining this value implies using Redis Sentinel. must be one of ["any", "master", "slave"] - Sentinel
Username string - Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won't be performed. This requires Redis v6.2.0+.
- Server
Name string - A string representing an SNI (server name indication) value for TLS.
- Ssl bool
- If set to true, uses SSL to connect to Redis.
- Ssl
Verify bool - If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificateinkong.confto specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depthaccordingly. - Username string
- Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default.
- cluster
Max DoubleRedirections - Maximum retry attempts for redirection.
- cluster
Nodes List<GatewayPlugin Upstream Oauth Config Cache Redis Cluster Node> - Cluster addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Cluster. The minimum length of the array is 1 element. - connect
Timeout Double - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- connection
Is BooleanProxied - If the connection to Redis is proxied (e.g. Envoy), set it
true. Set thehostandportto point to the proxy address. - database Double
- Database to use for the Redis connection when using the
redisstrategy - host String
- A string representing a host name, such as example.com.
- keepalive
Backlog Double - Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size. - keepalive
Pool DoubleSize - The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_sizenorkeepalive_backlogis specified, no pool is created. Ifkeepalive_pool_sizeisn't specified butkeepalive_backlogis specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low. - password String
- Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
- port Double
- An integer representing a port number between 0 and 65535, inclusive.
- read
Timeout Double - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- send
Timeout Double - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- sentinel
Master String - Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
- sentinel
Nodes List<GatewayPlugin Upstream Oauth Config Cache Redis Sentinel Node> - Sentinel node addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Sentinel. The minimum length of the array is 1 element. - sentinel
Password String - Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
- sentinel
Role String - Sentinel role to use for Redis connections when the
redisstrategy is defined. Defining this value implies using Redis Sentinel. must be one of ["any", "master", "slave"] - sentinel
Username String - Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won't be performed. This requires Redis v6.2.0+.
- server
Name String - A string representing an SNI (server name indication) value for TLS.
- ssl Boolean
- If set to true, uses SSL to connect to Redis.
- ssl
Verify Boolean - If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificateinkong.confto specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depthaccordingly. - username String
- Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default.
- cluster
Max numberRedirections - Maximum retry attempts for redirection.
- cluster
Nodes GatewayPlugin Upstream Oauth Config Cache Redis Cluster Node[] - Cluster addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Cluster. The minimum length of the array is 1 element. - connect
Timeout number - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- connection
Is booleanProxied - If the connection to Redis is proxied (e.g. Envoy), set it
true. Set thehostandportto point to the proxy address. - database number
- Database to use for the Redis connection when using the
redisstrategy - host string
- A string representing a host name, such as example.com.
- keepalive
Backlog number - Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size. - keepalive
Pool numberSize - The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_sizenorkeepalive_backlogis specified, no pool is created. Ifkeepalive_pool_sizeisn't specified butkeepalive_backlogis specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low. - password string
- Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
- port number
- An integer representing a port number between 0 and 65535, inclusive.
- read
Timeout number - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- send
Timeout number - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- sentinel
Master string - Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
- sentinel
Nodes GatewayPlugin Upstream Oauth Config Cache Redis Sentinel Node[] - Sentinel node addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Sentinel. The minimum length of the array is 1 element. - sentinel
Password string - Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
- sentinel
Role string - Sentinel role to use for Redis connections when the
redisstrategy is defined. Defining this value implies using Redis Sentinel. must be one of ["any", "master", "slave"] - sentinel
Username string - Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won't be performed. This requires Redis v6.2.0+.
- server
Name string - A string representing an SNI (server name indication) value for TLS.
- ssl boolean
- If set to true, uses SSL to connect to Redis.
- ssl
Verify boolean - If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificateinkong.confto specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depthaccordingly. - username string
- Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default.
- cluster_
max_ floatredirections - Maximum retry attempts for redirection.
- cluster_
nodes Sequence[GatewayPlugin Upstream Oauth Config Cache Redis Cluster Node] - Cluster addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Cluster. The minimum length of the array is 1 element. - connect_
timeout float - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- connection_
is_ boolproxied - If the connection to Redis is proxied (e.g. Envoy), set it
true. Set thehostandportto point to the proxy address. - database float
- Database to use for the Redis connection when using the
redisstrategy - host str
- A string representing a host name, such as example.com.
- keepalive_
backlog float - Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size. - keepalive_
pool_ floatsize - The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_sizenorkeepalive_backlogis specified, no pool is created. Ifkeepalive_pool_sizeisn't specified butkeepalive_backlogis specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low. - password str
- Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
- port float
- An integer representing a port number between 0 and 65535, inclusive.
- read_
timeout float - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- send_
timeout float - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- sentinel_
master str - Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
- sentinel_
nodes Sequence[GatewayPlugin Upstream Oauth Config Cache Redis Sentinel Node] - Sentinel node addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Sentinel. The minimum length of the array is 1 element. - sentinel_
password str - Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
- sentinel_
role str - Sentinel role to use for Redis connections when the
redisstrategy is defined. Defining this value implies using Redis Sentinel. must be one of ["any", "master", "slave"] - sentinel_
username str - Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won't be performed. This requires Redis v6.2.0+.
- server_
name str - A string representing an SNI (server name indication) value for TLS.
- ssl bool
- If set to true, uses SSL to connect to Redis.
- ssl_
verify bool - If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificateinkong.confto specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depthaccordingly. - username str
- Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default.
- cluster
Max NumberRedirections - Maximum retry attempts for redirection.
- cluster
Nodes List<Property Map> - Cluster addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Cluster. The minimum length of the array is 1 element. - connect
Timeout Number - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- connection
Is BooleanProxied - If the connection to Redis is proxied (e.g. Envoy), set it
true. Set thehostandportto point to the proxy address. - database Number
- Database to use for the Redis connection when using the
redisstrategy - host String
- A string representing a host name, such as example.com.
- keepalive
Backlog Number - Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return
nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less thankeepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger thankeepalive_pool_size. - keepalive
Pool NumberSize - The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither
keepalive_pool_sizenorkeepalive_backlogis specified, no pool is created. Ifkeepalive_pool_sizeisn't specified butkeepalive_backlogis specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low. - password String
- Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
- port Number
- An integer representing a port number between 0 and 65535, inclusive.
- read
Timeout Number - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- send
Timeout Number - An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.
- sentinel
Master String - Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.
- sentinel
Nodes List<Property Map> - Sentinel node addresses to use for Redis connections when the
redisstrategy is defined. Defining this field implies using a Redis Sentinel. The minimum length of the array is 1 element. - sentinel
Password String - Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.
- sentinel
Role String - Sentinel role to use for Redis connections when the
redisstrategy is defined. Defining this value implies using Redis Sentinel. must be one of ["any", "master", "slave"] - sentinel
Username String - Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won't be performed. This requires Redis v6.2.0+.
- server
Name String - A string representing an SNI (server name indication) value for TLS.
- ssl Boolean
- If set to true, uses SSL to connect to Redis.
- ssl
Verify Boolean - If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure
lua_ssl_trusted_certificateinkong.confto specify the CA (or server) certificate used by your Redis server. You may also need to configurelua_ssl_verify_depthaccordingly. - username String
- Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to
default.
GatewayPluginUpstreamOauthConfigCacheRedisClusterNode, GatewayPluginUpstreamOauthConfigCacheRedisClusterNodeArgs
GatewayPluginUpstreamOauthConfigCacheRedisSentinelNode, GatewayPluginUpstreamOauthConfigCacheRedisSentinelNodeArgs
GatewayPluginUpstreamOauthConfigClient, GatewayPluginUpstreamOauthConfigClientArgs
- Auth
Method string - The authentication method used in client requests to the IdP. Supported values are:
client_secret_basicto sendclient_idandclient_secretin theAuthorization: Basicheader,client_secret_postto sendclient_idandclient_secretas part of the request body, orclient_secret_jwtto send a JWT signed with theclient_secretusing the client assertion as part of the body. must be one of ["clientsecretbasic", "clientsecretjwt", "clientsecretpost", "none"] - Client
Secret stringJwt Alg - The algorithm to use with JWT when using
client_secret_jwtauthentication. must be one of ["HS256", "HS512"] - Http
Proxy string - The proxy to use when making HTTP requests to the IdP.
- string
- The
Proxy-Authorizationheader value to be used withhttp_proxy. - Http
Version double - The HTTP version used for requests made by this plugin. Supported values:
1.1for HTTP 1.1 and1.0for HTTP 1.0. - Https
Proxy string - The proxy to use when making HTTPS requests to the IdP.
- string
- The
Proxy-Authorizationheader value to be used withhttps_proxy. - Keep
Alive bool - Whether to use keepalive connections to the IdP.
- No
Proxy string - A comma-separated list of hosts that should not be proxied.
- Ssl
Verify bool - Whether to verify the certificate presented by the IdP when using HTTPS.
- Timeout double
- Network I/O timeout for requests to the IdP in milliseconds.
- Auth
Method string - The authentication method used in client requests to the IdP. Supported values are:
client_secret_basicto sendclient_idandclient_secretin theAuthorization: Basicheader,client_secret_postto sendclient_idandclient_secretas part of the request body, orclient_secret_jwtto send a JWT signed with theclient_secretusing the client assertion as part of the body. must be one of ["clientsecretbasic", "clientsecretjwt", "clientsecretpost", "none"] - Client
Secret stringJwt Alg - The algorithm to use with JWT when using
client_secret_jwtauthentication. must be one of ["HS256", "HS512"] - Http
Proxy string - The proxy to use when making HTTP requests to the IdP.
- string
- The
Proxy-Authorizationheader value to be used withhttp_proxy. - Http
Version float64 - The HTTP version used for requests made by this plugin. Supported values:
1.1for HTTP 1.1 and1.0for HTTP 1.0. - Https
Proxy string - The proxy to use when making HTTPS requests to the IdP.
- string
- The
Proxy-Authorizationheader value to be used withhttps_proxy. - Keep
Alive bool - Whether to use keepalive connections to the IdP.
- No
Proxy string - A comma-separated list of hosts that should not be proxied.
- Ssl
Verify bool - Whether to verify the certificate presented by the IdP when using HTTPS.
- Timeout float64
- Network I/O timeout for requests to the IdP in milliseconds.
- auth
Method String - The authentication method used in client requests to the IdP. Supported values are:
client_secret_basicto sendclient_idandclient_secretin theAuthorization: Basicheader,client_secret_postto sendclient_idandclient_secretas part of the request body, orclient_secret_jwtto send a JWT signed with theclient_secretusing the client assertion as part of the body. must be one of ["clientsecretbasic", "clientsecretjwt", "clientsecretpost", "none"] - client
Secret StringJwt Alg - The algorithm to use with JWT when using
client_secret_jwtauthentication. must be one of ["HS256", "HS512"] - http
Proxy String - The proxy to use when making HTTP requests to the IdP.
- String
- The
Proxy-Authorizationheader value to be used withhttp_proxy. - http
Version Double - The HTTP version used for requests made by this plugin. Supported values:
1.1for HTTP 1.1 and1.0for HTTP 1.0. - https
Proxy String - The proxy to use when making HTTPS requests to the IdP.
- String
- The
Proxy-Authorizationheader value to be used withhttps_proxy. - keep
Alive Boolean - Whether to use keepalive connections to the IdP.
- no
Proxy String - A comma-separated list of hosts that should not be proxied.
- ssl
Verify Boolean - Whether to verify the certificate presented by the IdP when using HTTPS.
- timeout Double
- Network I/O timeout for requests to the IdP in milliseconds.
- auth
Method string - The authentication method used in client requests to the IdP. Supported values are:
client_secret_basicto sendclient_idandclient_secretin theAuthorization: Basicheader,client_secret_postto sendclient_idandclient_secretas part of the request body, orclient_secret_jwtto send a JWT signed with theclient_secretusing the client assertion as part of the body. must be one of ["clientsecretbasic", "clientsecretjwt", "clientsecretpost", "none"] - client
Secret stringJwt Alg - The algorithm to use with JWT when using
client_secret_jwtauthentication. must be one of ["HS256", "HS512"] - http
Proxy string - The proxy to use when making HTTP requests to the IdP.
- string
- The
Proxy-Authorizationheader value to be used withhttp_proxy. - http
Version number - The HTTP version used for requests made by this plugin. Supported values:
1.1for HTTP 1.1 and1.0for HTTP 1.0. - https
Proxy string - The proxy to use when making HTTPS requests to the IdP.
- string
- The
Proxy-Authorizationheader value to be used withhttps_proxy. - keep
Alive boolean - Whether to use keepalive connections to the IdP.
- no
Proxy string - A comma-separated list of hosts that should not be proxied.
- ssl
Verify boolean - Whether to verify the certificate presented by the IdP when using HTTPS.
- timeout number
- Network I/O timeout for requests to the IdP in milliseconds.
- auth_
method str - The authentication method used in client requests to the IdP. Supported values are:
client_secret_basicto sendclient_idandclient_secretin theAuthorization: Basicheader,client_secret_postto sendclient_idandclient_secretas part of the request body, orclient_secret_jwtto send a JWT signed with theclient_secretusing the client assertion as part of the body. must be one of ["clientsecretbasic", "clientsecretjwt", "clientsecretpost", "none"] - client_
secret_ strjwt_ alg - The algorithm to use with JWT when using
client_secret_jwtauthentication. must be one of ["HS256", "HS512"] - http_
proxy str - The proxy to use when making HTTP requests to the IdP.
- str
- The
Proxy-Authorizationheader value to be used withhttp_proxy. - http_
version float - The HTTP version used for requests made by this plugin. Supported values:
1.1for HTTP 1.1 and1.0for HTTP 1.0. - https_
proxy str - The proxy to use when making HTTPS requests to the IdP.
- str
- The
Proxy-Authorizationheader value to be used withhttps_proxy. - keep_
alive bool - Whether to use keepalive connections to the IdP.
- no_
proxy str - A comma-separated list of hosts that should not be proxied.
- ssl_
verify bool - Whether to verify the certificate presented by the IdP when using HTTPS.
- timeout float
- Network I/O timeout for requests to the IdP in milliseconds.
- auth
Method String - The authentication method used in client requests to the IdP. Supported values are:
client_secret_basicto sendclient_idandclient_secretin theAuthorization: Basicheader,client_secret_postto sendclient_idandclient_secretas part of the request body, orclient_secret_jwtto send a JWT signed with theclient_secretusing the client assertion as part of the body. must be one of ["clientsecretbasic", "clientsecretjwt", "clientsecretpost", "none"] - client
Secret StringJwt Alg - The algorithm to use with JWT when using
client_secret_jwtauthentication. must be one of ["HS256", "HS512"] - http
Proxy String - The proxy to use when making HTTP requests to the IdP.
- String
- The
Proxy-Authorizationheader value to be used withhttp_proxy. - http
Version Number - The HTTP version used for requests made by this plugin. Supported values:
1.1for HTTP 1.1 and1.0for HTTP 1.0. - https
Proxy String - The proxy to use when making HTTPS requests to the IdP.
- String
- The
Proxy-Authorizationheader value to be used withhttps_proxy. - keep
Alive Boolean - Whether to use keepalive connections to the IdP.
- no
Proxy String - A comma-separated list of hosts that should not be proxied.
- ssl
Verify Boolean - Whether to verify the certificate presented by the IdP when using HTTPS.
- timeout Number
- Network I/O timeout for requests to the IdP in milliseconds.
GatewayPluginUpstreamOauthConfigOauth, GatewayPluginUpstreamOauthConfigOauthArgs
- Audiences List<string>
- List of audiences passed to the IdP when obtaining a new token.
- Client
Id string - The client ID for the application registration in the IdP.
- Client
Secret string - The client secret for the application registration in the IdP.
- Grant
Type string - The OAuth grant type to be used. must be one of ["client_credentials", "password"]
- Password string
- The password to use if
config.oauth.grant_typeis set topassword. - Scopes List<string>
- List of scopes to request from the IdP when obtaining a new token.
- Token
Endpoint string - The token endpoint URI.
- Token
Headers Dictionary<string, string> - Extra headers to be passed in the token endpoint request.
- Token
Post Dictionary<string, string>Args - Extra post arguments to be passed in the token endpoint request.
- Username string
- The username to use if
config.oauth.grant_typeis set topassword.
- Audiences []string
- List of audiences passed to the IdP when obtaining a new token.
- Client
Id string - The client ID for the application registration in the IdP.
- Client
Secret string - The client secret for the application registration in the IdP.
- Grant
Type string - The OAuth grant type to be used. must be one of ["client_credentials", "password"]
- Password string
- The password to use if
config.oauth.grant_typeis set topassword. - Scopes []string
- List of scopes to request from the IdP when obtaining a new token.
- Token
Endpoint string - The token endpoint URI.
- Token
Headers map[string]string - Extra headers to be passed in the token endpoint request.
- Token
Post map[string]stringArgs - Extra post arguments to be passed in the token endpoint request.
- Username string
- The username to use if
config.oauth.grant_typeis set topassword.
- audiences List<String>
- List of audiences passed to the IdP when obtaining a new token.
- client
Id String - The client ID for the application registration in the IdP.
- client
Secret String - The client secret for the application registration in the IdP.
- grant
Type String - The OAuth grant type to be used. must be one of ["client_credentials", "password"]
- password String
- The password to use if
config.oauth.grant_typeis set topassword. - scopes List<String>
- List of scopes to request from the IdP when obtaining a new token.
- token
Endpoint String - The token endpoint URI.
- token
Headers Map<String,String> - Extra headers to be passed in the token endpoint request.
- token
Post Map<String,String>Args - Extra post arguments to be passed in the token endpoint request.
- username String
- The username to use if
config.oauth.grant_typeis set topassword.
- audiences string[]
- List of audiences passed to the IdP when obtaining a new token.
- client
Id string - The client ID for the application registration in the IdP.
- client
Secret string - The client secret for the application registration in the IdP.
- grant
Type string - The OAuth grant type to be used. must be one of ["client_credentials", "password"]
- password string
- The password to use if
config.oauth.grant_typeis set topassword. - scopes string[]
- List of scopes to request from the IdP when obtaining a new token.
- token
Endpoint string - The token endpoint URI.
- token
Headers {[key: string]: string} - Extra headers to be passed in the token endpoint request.
- token
Post {[key: string]: string}Args - Extra post arguments to be passed in the token endpoint request.
- username string
- The username to use if
config.oauth.grant_typeis set topassword.
- audiences Sequence[str]
- List of audiences passed to the IdP when obtaining a new token.
- client_
id str - The client ID for the application registration in the IdP.
- client_
secret str - The client secret for the application registration in the IdP.
- grant_
type str - The OAuth grant type to be used. must be one of ["client_credentials", "password"]
- password str
- The password to use if
config.oauth.grant_typeis set topassword. - scopes Sequence[str]
- List of scopes to request from the IdP when obtaining a new token.
- token_
endpoint str - The token endpoint URI.
- token_
headers Mapping[str, str] - Extra headers to be passed in the token endpoint request.
- token_
post_ Mapping[str, str]args - Extra post arguments to be passed in the token endpoint request.
- username str
- The username to use if
config.oauth.grant_typeis set topassword.
- audiences List<String>
- List of audiences passed to the IdP when obtaining a new token.
- client
Id String - The client ID for the application registration in the IdP.
- client
Secret String - The client secret for the application registration in the IdP.
- grant
Type String - The OAuth grant type to be used. must be one of ["client_credentials", "password"]
- password String
- The password to use if
config.oauth.grant_typeis set topassword. - scopes List<String>
- List of scopes to request from the IdP when obtaining a new token.
- token
Endpoint String - The token endpoint URI.
- token
Headers Map<String> - Extra headers to be passed in the token endpoint request.
- token
Post Map<String>Args - Extra post arguments to be passed in the token endpoint request.
- username String
- The username to use if
config.oauth.grant_typeis set topassword.
GatewayPluginUpstreamOauthConsumer, GatewayPluginUpstreamOauthConsumerArgs
- Id string
- Id string
- id String
- id string
- id str
- id String
GatewayPluginUpstreamOauthConsumerGroup, GatewayPluginUpstreamOauthConsumerGroupArgs
- Id string
- Id string
- id String
- id string
- id str
- id String
GatewayPluginUpstreamOauthOrdering, GatewayPluginUpstreamOauthOrderingArgs
GatewayPluginUpstreamOauthOrderingAfter, GatewayPluginUpstreamOauthOrderingAfterArgs
- Accesses List<string>
- Accesses []string
- accesses List<String>
- accesses string[]
- accesses Sequence[str]
- accesses List<String>
GatewayPluginUpstreamOauthOrderingBefore, GatewayPluginUpstreamOauthOrderingBeforeArgs
- Accesses List<string>
- Accesses []string
- accesses List<String>
- accesses string[]
- accesses Sequence[str]
- accesses List<String>
GatewayPluginUpstreamOauthRoute, GatewayPluginUpstreamOauthRouteArgs
- Id string
- Id string
- id String
- id string
- id str
- id String
GatewayPluginUpstreamOauthService, GatewayPluginUpstreamOauthServiceArgs
- Id string
- Id string
- id String
- id string
- id str
- id String
Import
$ pulumi import konnect:index/gatewayPluginUpstreamOauth:GatewayPluginUpstreamOauth my_konnect_gateway_plugin_upstream_oauth "{ \"control_plane_id\": \"9524ec7d-36d9-465d-a8c5-83a3c9390458\", \"plugin_id\": \"3473c251-5b6c-4f45-b1ff-7ede735a366d\"}"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- konnect kong/terraform-provider-konnect
- License
- Notes
- This Pulumi package is based on the
konnectTerraform Provider.