konnect 2.4.1, Mar 13 25

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

konnect.getGatewayPluginHeaderCertAuth

Explore with Pulumi AI

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

Using getGatewayPluginHeaderCertAuth

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getGatewayPluginHeaderCertAuth(args: GetGatewayPluginHeaderCertAuthArgs, opts?: InvokeOptions): Promise<GetGatewayPluginHeaderCertAuthResult>
function getGatewayPluginHeaderCertAuthOutput(args: GetGatewayPluginHeaderCertAuthOutputArgs, opts?: InvokeOptions): Output<GetGatewayPluginHeaderCertAuthResult>

def get_gateway_plugin_header_cert_auth(control_plane_id: Optional[str] = None,
                                        opts: Optional[InvokeOptions] = None) -> GetGatewayPluginHeaderCertAuthResult
def get_gateway_plugin_header_cert_auth_output(control_plane_id: Optional[pulumi.Input[str]] = None,
                                        opts: Optional[InvokeOptions] = None) -> Output[GetGatewayPluginHeaderCertAuthResult]

func LookupGatewayPluginHeaderCertAuth(ctx *Context, args *LookupGatewayPluginHeaderCertAuthArgs, opts ...InvokeOption) (*LookupGatewayPluginHeaderCertAuthResult, error)
func LookupGatewayPluginHeaderCertAuthOutput(ctx *Context, args *LookupGatewayPluginHeaderCertAuthOutputArgs, opts ...InvokeOption) LookupGatewayPluginHeaderCertAuthResultOutput

> Note: This function is named LookupGatewayPluginHeaderCertAuth in the Go SDK.

public static class GetGatewayPluginHeaderCertAuth 
{
    public static Task<GetGatewayPluginHeaderCertAuthResult> InvokeAsync(GetGatewayPluginHeaderCertAuthArgs args, InvokeOptions? opts = null)
    public static Output<GetGatewayPluginHeaderCertAuthResult> Invoke(GetGatewayPluginHeaderCertAuthInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetGatewayPluginHeaderCertAuthResult> getGatewayPluginHeaderCertAuth(GetGatewayPluginHeaderCertAuthArgs args, InvokeOptions options)
public static Output<GetGatewayPluginHeaderCertAuthResult> getGatewayPluginHeaderCertAuth(GetGatewayPluginHeaderCertAuthArgs args, InvokeOptions options)

fn::invoke:
  function: konnect:index/getGatewayPluginHeaderCertAuth:getGatewayPluginHeaderCertAuth
  arguments:
    # arguments dictionary

The following arguments are supported:

ControlPlaneId string

ControlPlaneId string

controlPlaneId String

controlPlaneId string

control_plane_id str

controlPlaneId String

getGatewayPluginHeaderCertAuth Result

The following output properties are available:

Config GetGatewayPluginHeaderCertAuthConfig
ControlPlaneId string
CreatedAt double
Enabled bool
Id string
InstanceName string
Ordering GetGatewayPluginHeaderCertAuthOrdering
Protocols List<string>
Route GetGatewayPluginHeaderCertAuthRoute
Service GetGatewayPluginHeaderCertAuthService
Tags List<string>
UpdatedAt double

Config GetGatewayPluginHeaderCertAuthConfig
ControlPlaneId string
CreatedAt float64
Enabled bool
Id string
InstanceName string
Ordering GetGatewayPluginHeaderCertAuthOrdering
Protocols []string
Route GetGatewayPluginHeaderCertAuthRoute
Service GetGatewayPluginHeaderCertAuthService
Tags []string
UpdatedAt float64

config GetGatewayPluginHeaderCertAuthConfig
controlPlaneId String
createdAt Double
enabled Boolean
id String
instanceName String
ordering GetGatewayPluginHeaderCertAuthOrdering
protocols List<String>
route GetGatewayPluginHeaderCertAuthRoute
service GetGatewayPluginHeaderCertAuthService
tags List<String>
updatedAt Double

config GetGatewayPluginHeaderCertAuthConfig
controlPlaneId string
createdAt number
enabled boolean
id string
instanceName string
ordering GetGatewayPluginHeaderCertAuthOrdering
protocols string[]
route GetGatewayPluginHeaderCertAuthRoute
service GetGatewayPluginHeaderCertAuthService
tags string[]
updatedAt number

config GetGatewayPluginHeaderCertAuthConfig
control_plane_id str
created_at float
enabled bool
id str
instance_name str
ordering GetGatewayPluginHeaderCertAuthOrdering
protocols Sequence[str]
route GetGatewayPluginHeaderCertAuthRoute
service GetGatewayPluginHeaderCertAuthService
tags Sequence[str]
updated_at float

config Property Map
controlPlaneId String
createdAt Number
enabled Boolean
id String
instanceName String
ordering Property Map
protocols List<String>
route Property Map
service Property Map
tags List<String>
updatedAt Number

Supporting Types

GetGatewayPluginHeaderCertAuthConfig

AllowPartialChain bool: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
Anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
AuthenticatedGroupBy string: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users.
CaCertificates List<string>: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
CacheTtl double: Cache expiry time in seconds.
CertCacheTtl double: The length of time in milliseconds between refreshes of the revocation check status cache.
CertificateHeaderFormat string: Format of the certificate header. Supported formats: base64_encoded, url_encoded.
CertificateHeaderName string: Name of the header that contains the certificate, received from the WAF or other L7 downstream proxy.
ConsumerBies List<string>: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
DefaultConsumer string: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
HttpProxyHost string: A string representing a host name, such as example.com.
HttpProxyPort double: An integer representing a port number between 0 and 65535, inclusive.
HttpTimeout double: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
HttpsProxyHost string: A string representing a host name, such as example.com.
HttpsProxyPort double: An integer representing a port number between 0 and 65535, inclusive.
RevocationCheckMode string: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status.
SecureSource bool: Whether to secure the source of the request. If set to true, the plugin will only allow requests from trusted IPs (configured by the trusted_ips config option).
SkipConsumerLookup bool: Skip consumer lookup once certificate is trusted against the configured CA list.

AllowPartialChain bool: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
Anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
AuthenticatedGroupBy string: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users.
CaCertificates []string: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
CacheTtl float64: Cache expiry time in seconds.
CertCacheTtl float64: The length of time in milliseconds between refreshes of the revocation check status cache.
CertificateHeaderFormat string: Format of the certificate header. Supported formats: base64_encoded, url_encoded.
CertificateHeaderName string: Name of the header that contains the certificate, received from the WAF or other L7 downstream proxy.
ConsumerBies []string: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
DefaultConsumer string: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
HttpProxyHost string: A string representing a host name, such as example.com.
HttpProxyPort float64: An integer representing a port number between 0 and 65535, inclusive.
HttpTimeout float64: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
HttpsProxyHost string: A string representing a host name, such as example.com.
HttpsProxyPort float64: An integer representing a port number between 0 and 65535, inclusive.
RevocationCheckMode string: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status.
SecureSource bool: Whether to secure the source of the request. If set to true, the plugin will only allow requests from trusted IPs (configured by the trusted_ips config option).
SkipConsumerLookup bool: Skip consumer lookup once certificate is trusted against the configured CA list.

allowPartialChain Boolean: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
anonymous String: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
authenticatedGroupBy String: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users.
caCertificates List<String>: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
cacheTtl Double: Cache expiry time in seconds.
certCacheTtl Double: The length of time in milliseconds between refreshes of the revocation check status cache.
certificateHeaderFormat String: Format of the certificate header. Supported formats: base64_encoded, url_encoded.
certificateHeaderName String: Name of the header that contains the certificate, received from the WAF or other L7 downstream proxy.
consumerBies List<String>: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
defaultConsumer String: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
httpProxyHost String: A string representing a host name, such as example.com.
httpProxyPort Double: An integer representing a port number between 0 and 65535, inclusive.
httpTimeout Double: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
httpsProxyHost String: A string representing a host name, such as example.com.
httpsProxyPort Double: An integer representing a port number between 0 and 65535, inclusive.
revocationCheckMode String: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status.
secureSource Boolean: Whether to secure the source of the request. If set to true, the plugin will only allow requests from trusted IPs (configured by the trusted_ips config option).
skipConsumerLookup Boolean: Skip consumer lookup once certificate is trusted against the configured CA list.

allowPartialChain boolean: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
authenticatedGroupBy string: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users.
caCertificates string[]: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
cacheTtl number: Cache expiry time in seconds.
certCacheTtl number: The length of time in milliseconds between refreshes of the revocation check status cache.
certificateHeaderFormat string: Format of the certificate header. Supported formats: base64_encoded, url_encoded.
certificateHeaderName string: Name of the header that contains the certificate, received from the WAF or other L7 downstream proxy.
consumerBies string[]: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
defaultConsumer string: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
httpProxyHost string: A string representing a host name, such as example.com.
httpProxyPort number: An integer representing a port number between 0 and 65535, inclusive.
httpTimeout number: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
httpsProxyHost string: A string representing a host name, such as example.com.
httpsProxyPort number: An integer representing a port number between 0 and 65535, inclusive.
revocationCheckMode string: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status.
secureSource boolean: Whether to secure the source of the request. If set to true, the plugin will only allow requests from trusted IPs (configured by the trusted_ips config option).
skipConsumerLookup boolean: Skip consumer lookup once certificate is trusted against the configured CA list.

allow_partial_chain bool: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
anonymous str: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
authenticated_group_by str: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users.
ca_certificates Sequence[str]: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
cache_ttl float: Cache expiry time in seconds.
cert_cache_ttl float: The length of time in milliseconds between refreshes of the revocation check status cache.
certificate_header_format str: Format of the certificate header. Supported formats: base64_encoded, url_encoded.
certificate_header_name str: Name of the header that contains the certificate, received from the WAF or other L7 downstream proxy.
consumer_bies Sequence[str]: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
default_consumer str: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
http_proxy_host str: A string representing a host name, such as example.com.
http_proxy_port float: An integer representing a port number between 0 and 65535, inclusive.
http_timeout float: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
https_proxy_host str: A string representing a host name, such as example.com.
https_proxy_port float: An integer representing a port number between 0 and 65535, inclusive.
revocation_check_mode str: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status.
secure_source bool: Whether to secure the source of the request. If set to true, the plugin will only allow requests from trusted IPs (configured by the trusted_ips config option).
skip_consumer_lookup bool: Skip consumer lookup once certificate is trusted against the configured CA list.

allowPartialChain Boolean: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
anonymous String: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
authenticatedGroupBy String: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users.
caCertificates List<String>: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
cacheTtl Number: Cache expiry time in seconds.
certCacheTtl Number: The length of time in milliseconds between refreshes of the revocation check status cache.
certificateHeaderFormat String: Format of the certificate header. Supported formats: base64_encoded, url_encoded.
certificateHeaderName String: Name of the header that contains the certificate, received from the WAF or other L7 downstream proxy.
consumerBies List<String>: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
defaultConsumer String: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
httpProxyHost String: A string representing a host name, such as example.com.
httpProxyPort Number: An integer representing a port number between 0 and 65535, inclusive.
httpTimeout Number: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
httpsProxyHost String: A string representing a host name, such as example.com.
httpsProxyPort Number: An integer representing a port number between 0 and 65535, inclusive.
revocationCheckMode String: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status.
secureSource Boolean: Whether to secure the source of the request. If set to true, the plugin will only allow requests from trusted IPs (configured by the trusted_ips config option).
skipConsumerLookup Boolean: Skip consumer lookup once certificate is trusted against the configured CA list.

GetGatewayPluginHeaderCertAuthOrdering

After GetGatewayPluginHeaderCertAuthOrderingAfter
Before GetGatewayPluginHeaderCertAuthOrderingBefore

After GetGatewayPluginHeaderCertAuthOrderingAfter
Before GetGatewayPluginHeaderCertAuthOrderingBefore

after GetGatewayPluginHeaderCertAuthOrderingAfter
before GetGatewayPluginHeaderCertAuthOrderingBefore

after GetGatewayPluginHeaderCertAuthOrderingAfter
before GetGatewayPluginHeaderCertAuthOrderingBefore

after GetGatewayPluginHeaderCertAuthOrderingAfter
before GetGatewayPluginHeaderCertAuthOrderingBefore

after Property Map
before Property Map

GetGatewayPluginHeaderCertAuthOrderingAfter

Accesses List<string>

Accesses []string

accesses List<String>

accesses string[]

accesses Sequence[str]

accesses List<String>

GetGatewayPluginHeaderCertAuthOrderingBefore

Accesses List<string>

Accesses []string

accesses List<String>

accesses string[]

accesses Sequence[str]

accesses List<String>

GetGatewayPluginHeaderCertAuthRoute

Id string

Id string

id String

id string

id str

id String

GetGatewayPluginHeaderCertAuthService

Id string

Id string

id String

id string

id str

id String

Package Details

Repository: konnect kong/terraform-provider-konnect
License
Notes: This Pulumi package is based on the konnect Terraform Provider.

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

kong/terraform-provider-konnect

konnect.getGatewayPluginHeaderCertAuth

On this page

On this page

Using getGatewayPluginHeaderCertAuth

getGatewayPluginHeaderCertAuth Result

Supporting Types

GetGatewayPluginHeaderCertAuthConfig

GetGatewayPluginHeaderCertAuthOrdering

GetGatewayPluginHeaderCertAuthOrderingAfter

GetGatewayPluginHeaderCertAuthOrderingBefore

GetGatewayPluginHeaderCertAuthRoute

GetGatewayPluginHeaderCertAuthService

Package Details

On this page

On this page