konnect.GatewayPluginMtlsAuth

Coming soon!

Coming soon!

Coming soon!

resource_name This property is required. str

The unique name of the resource.

args This property is required. GatewayPluginMtlsAuthArgs

The arguments to resource properties.

opts ResourceOptions

Bag of options to control resource's behavior.

ctx Context

Context object for the current deployment.

name This property is required. string

The unique name of the resource.

args This property is required. GatewayPluginMtlsAuthArgs

The arguments to resource properties.

opts ResourceOption

Bag of options to control resource's behavior.

name This property is required. string

The unique name of the resource.

args This property is required. GatewayPluginMtlsAuthArgs

The arguments to resource properties.

opts CustomResourceOptions

Bag of options to control resource's behavior.

name This property is required. String

The unique name of the resource.

args This property is required. GatewayPluginMtlsAuthArgs

The arguments to resource properties.

options CustomResourceOptions

Bag of options to control resource's behavior.

Config This property is required. GatewayPluginMtlsAuthConfig

ControlPlaneId This property is required. string

The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.

Enabled bool

Whether the plugin is applied.

GatewayPluginMtlsAuthId string

The ID of this resource.

InstanceName string

Ordering GatewayPluginMtlsAuthOrdering

Protocols List<string>

A set of strings representing HTTP protocols.

Route GatewayPluginMtlsAuthRoute

If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.

Service GatewayPluginMtlsAuthService

If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.

Tags List<string>

An optional set of strings associated with the Plugin for grouping and filtering.

Config This property is required. GatewayPluginMtlsAuthConfigArgs

ControlPlaneId This property is required. string

The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.

Enabled bool

Whether the plugin is applied.

GatewayPluginMtlsAuthId string

The ID of this resource.

InstanceName string

Ordering GatewayPluginMtlsAuthOrderingArgs

Protocols []string

A set of strings representing HTTP protocols.

Route GatewayPluginMtlsAuthRouteArgs

If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.

Service GatewayPluginMtlsAuthServiceArgs

If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.

Tags []string

An optional set of strings associated with the Plugin for grouping and filtering.

config This property is required. GatewayPluginMtlsAuthConfig

controlPlaneId This property is required. String

The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.

enabled Boolean

Whether the plugin is applied.

gatewayPluginMtlsAuthId String

The ID of this resource.

instanceName String

ordering GatewayPluginMtlsAuthOrdering

protocols List<String>

A set of strings representing HTTP protocols.

route GatewayPluginMtlsAuthRoute

If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.

service GatewayPluginMtlsAuthService

If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.

tags List<String>

An optional set of strings associated with the Plugin for grouping and filtering.

config This property is required. GatewayPluginMtlsAuthConfigArgs

control_plane_id This property is required. str

The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.

enabled bool

Whether the plugin is applied.

gateway_plugin_mtls_auth_id str

The ID of this resource.

instance_name str

ordering GatewayPluginMtlsAuthOrderingArgs

protocols Sequence[str]

A set of strings representing HTTP protocols.

route GatewayPluginMtlsAuthRouteArgs

If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.

service GatewayPluginMtlsAuthServiceArgs

If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.

tags Sequence[str]

An optional set of strings associated with the Plugin for grouping and filtering.

config This property is required. Property Map

controlPlaneId This property is required. String

The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.

enabled Boolean

Whether the plugin is applied.

gatewayPluginMtlsAuthId String

The ID of this resource.

instanceName String

ordering Property Map

protocols List<String>

A set of strings representing HTTP protocols.

route Property Map

If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.

service Property Map

If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.

tags List<String>

An optional set of strings associated with the Plugin for grouping and filtering.

CreatedAt double

Unix epoch when the resource was created.

Id string

The provider-assigned unique ID for this managed resource.

UpdatedAt double

Unix epoch when the resource was last updated.

CreatedAt float64

Unix epoch when the resource was created.

Id string

The provider-assigned unique ID for this managed resource.

UpdatedAt float64

Unix epoch when the resource was last updated.

createdAt Double

Unix epoch when the resource was created.

id String

The provider-assigned unique ID for this managed resource.

updatedAt Double

Unix epoch when the resource was last updated.

created_at float

Unix epoch when the resource was created.

id str

The provider-assigned unique ID for this managed resource.

updated_at float

Unix epoch when the resource was last updated.

createdAt Number

Unix epoch when the resource was created.

id String

The provider-assigned unique ID for this managed resource.

updatedAt Number

Unix epoch when the resource was last updated.

resource_name This property is required.

The unique name of the resulting resource.

id This property is required.

The unique provider ID of the resource to lookup.

name This property is required.

The unique name of the resulting resource.

id This property is required.

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

name This property is required.

The unique name of the resulting resource.

id This property is required.

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

name This property is required.

The unique name of the resulting resource.

id This property is required.

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

AllowPartialChain bool

Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.

Anonymous string

An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.

AuthenticatedGroupBy string

Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users. must be one of ["CN", "DN"]

CaCertificates List<string>

List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).

CacheTtl double

Cache expiry time in seconds.

CertCacheTtl double

The length of time in seconds between refreshes of the revocation check status cache.

ConsumerBies List<string>

Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.

DefaultConsumer string

The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.

HttpProxyHost string

A string representing a host name, such as example.com.

HttpProxyPort double

An integer representing a port number between 0 and 65535, inclusive.

HttpTimeout double

HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.

HttpsProxyHost string

A string representing a host name, such as example.com.

HttpsProxyPort double

An integer representing a port number between 0 and 65535, inclusive.

RevocationCheckMode string

Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status. must be one of ["IGNORECAERROR", "SKIP", "STRICT"]

SendCaDn bool

Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.

SkipConsumerLookup bool

Skip consumer lookup once certificate is trusted against the configured CA list.

AllowPartialChain bool

Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.

Anonymous string

An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.

AuthenticatedGroupBy string

Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users. must be one of ["CN", "DN"]

CaCertificates []string

List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).

CacheTtl float64

Cache expiry time in seconds.

CertCacheTtl float64

The length of time in seconds between refreshes of the revocation check status cache.

ConsumerBies []string

Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.

DefaultConsumer string

The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.

HttpProxyHost string

A string representing a host name, such as example.com.

HttpProxyPort float64

An integer representing a port number between 0 and 65535, inclusive.

HttpTimeout float64

HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.

HttpsProxyHost string

A string representing a host name, such as example.com.

HttpsProxyPort float64

An integer representing a port number between 0 and 65535, inclusive.

RevocationCheckMode string

Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status. must be one of ["IGNORECAERROR", "SKIP", "STRICT"]

SendCaDn bool

Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.

SkipConsumerLookup bool

Skip consumer lookup once certificate is trusted against the configured CA list.

allowPartialChain Boolean

Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.

anonymous String

An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.

authenticatedGroupBy String

Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users. must be one of ["CN", "DN"]

caCertificates List<String>

List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).

cacheTtl Double

Cache expiry time in seconds.

certCacheTtl Double

The length of time in seconds between refreshes of the revocation check status cache.

consumerBies List<String>

Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.

defaultConsumer String

The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.

httpProxyHost String

A string representing a host name, such as example.com.

httpProxyPort Double

An integer representing a port number between 0 and 65535, inclusive.

httpTimeout Double

HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.

httpsProxyHost String

A string representing a host name, such as example.com.

httpsProxyPort Double

An integer representing a port number between 0 and 65535, inclusive.

revocationCheckMode String

Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status. must be one of ["IGNORECAERROR", "SKIP", "STRICT"]

sendCaDn Boolean

Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.

skipConsumerLookup Boolean

Skip consumer lookup once certificate is trusted against the configured CA list.

allow_partial_chain bool

Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.

anonymous str

An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.

authenticated_group_by str

Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users. must be one of ["CN", "DN"]

ca_certificates Sequence[str]

List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).

cache_ttl float

Cache expiry time in seconds.

cert_cache_ttl float

The length of time in seconds between refreshes of the revocation check status cache.

consumer_bies Sequence[str]

Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.

default_consumer str

The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.

http_proxy_host str

A string representing a host name, such as example.com.

http_proxy_port float

An integer representing a port number between 0 and 65535, inclusive.

http_timeout float

HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.

https_proxy_host str

A string representing a host name, such as example.com.

https_proxy_port float

An integer representing a port number between 0 and 65535, inclusive.

revocation_check_mode str

Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status. must be one of ["IGNORECAERROR", "SKIP", "STRICT"]

send_ca_dn bool

Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.

skip_consumer_lookup bool

Skip consumer lookup once certificate is trusted against the configured CA list.

allowPartialChain Boolean

Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.

anonymous String

An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.

authenticatedGroupBy String

Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users. must be one of ["CN", "DN"]

caCertificates List<String>

List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).

cacheTtl Number

Cache expiry time in seconds.

certCacheTtl Number

The length of time in seconds between refreshes of the revocation check status cache.

consumerBies List<String>

Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.

defaultConsumer String

The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.

httpProxyHost String

A string representing a host name, such as example.com.

httpProxyPort Number

An integer representing a port number between 0 and 65535, inclusive.

httpTimeout Number

HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.

httpsProxyHost String

A string representing a host name, such as example.com.

httpsProxyPort Number

An integer representing a port number between 0 and 65535, inclusive.

revocationCheckMode String

Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status. must be one of ["IGNORECAERROR", "SKIP", "STRICT"]

sendCaDn Boolean

Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.

skipConsumerLookup Boolean

Skip consumer lookup once certificate is trusted against the configured CA list.

After GatewayPluginMtlsAuthOrderingAfter

Before GatewayPluginMtlsAuthOrderingBefore

After GatewayPluginMtlsAuthOrderingAfter

Before GatewayPluginMtlsAuthOrderingBefore

after GatewayPluginMtlsAuthOrderingAfter

before GatewayPluginMtlsAuthOrderingBefore

after GatewayPluginMtlsAuthOrderingAfter

before GatewayPluginMtlsAuthOrderingBefore

after Property Map

before Property Map

Accesses List<string>

Accesses []string

accesses List<String>

accesses Sequence[str]

accesses List<String>

Accesses List<string>

Accesses []string

accesses List<String>

accesses Sequence[str]

accesses List<String>

Id string

Id string

id String

id str

id String

Id string

Id string

id String

id str

id String