Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Konnect Provider
  3. API Docs
  4. GatewayPluginOauth2
konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong
kong/terraform-provider-konnect

konnect.GatewayPluginOauth2

Explore with Pulumi AI

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong
kong/terraform-provider-konnect

GatewayPluginOauth2 Resource

Example Usage

Coming soon!

Coming soon!

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.konnect.GatewayPluginOauth2;
import com.pulumi.konnect.GatewayPluginOauth2Args;
import com.pulumi.konnect.inputs.GatewayPluginOauth2ConfigArgs;
import com.pulumi.konnect.inputs.GatewayPluginOauth2OrderingArgs;
import com.pulumi.konnect.inputs.GatewayPluginOauth2OrderingAfterArgs;
import com.pulumi.konnect.inputs.GatewayPluginOauth2OrderingBeforeArgs;
import com.pulumi.konnect.inputs.GatewayPluginOauth2RouteArgs;
import com.pulumi.konnect.inputs.GatewayPluginOauth2ServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myGatewaypluginoauth2 = new GatewayPluginOauth2("myGatewaypluginoauth2", GatewayPluginOauth2Args.builder()
            .config(GatewayPluginOauth2ConfigArgs.builder()
                .accept_http_if_already_terminated(true)
                .anonymous("...my_anonymous...")
                .auth_header_name("...my_auth_header_name...")
                .enable_authorization_code(true)
                .enable_client_credentials(false)
                .enable_implicit_grant(true)
                .enable_password_grant(true)
                .global_credentials(true)
                .hide_credentials(false)
                .mandatory_scope(false)
                .persistent_refresh_token(true)
                .pkce("strict")
                .provision_key("...my_provision_key...")
                .realm("...my_realm...")
                .refresh_token_ttl(4.338528636e+07)
                .reuse_refresh_token(true)
                .scopes("...")
                .token_expiration(5.01)
                .build())
            .controlPlaneId("9524ec7d-36d9-465d-a8c5-83a3c9390458")
            .enabled(true)
            .gatewayPluginOauth2Id("...my_id...")
            .instanceName("...my_instance_name...")
            .ordering(GatewayPluginOauth2OrderingArgs.builder()
                .after(GatewayPluginOauth2OrderingAfterArgs.builder()
                    .access("...")
                    .build())
                .before(GatewayPluginOauth2OrderingBeforeArgs.builder()
                    .access("...")
                    .build())
                .build())
            .protocols("wss")
            .route(GatewayPluginOauth2RouteArgs.builder()
                .id("...my_id...")
                .build())
            .service(GatewayPluginOauth2ServiceArgs.builder()
                .id("...my_id...")
                .build())
            .tags("...")
            .build());

    }
}
Copy
resources:
  myGatewaypluginoauth2:
    type: konnect:GatewayPluginOauth2
    properties:
      config:
        accept_http_if_already_terminated: true
        anonymous: '...my_anonymous...'
        auth_header_name: '...my_auth_header_name...'
        enable_authorization_code: true
        enable_client_credentials: false
        enable_implicit_grant: true
        enable_password_grant: true
        global_credentials: true
        hide_credentials: false
        mandatory_scope: false
        persistent_refresh_token: true
        pkce: strict
        provision_key: '...my_provision_key...'
        realm: '...my_realm...'
        refresh_token_ttl: 4.338528636e+07
        reuse_refresh_token: true
        scopes:
          - '...'
        token_expiration: 5.01
      controlPlaneId: 9524ec7d-36d9-465d-a8c5-83a3c9390458
      enabled: true
      gatewayPluginOauth2Id: '...my_id...'
      instanceName: '...my_instance_name...'
      ordering:
        after:
          access:
            - '...'
        before:
          access:
            - '...'
      protocols:
        - wss
      route:
        id: '...my_id...'
      service:
        id: '...my_id...'
      tags:
        - '...'
Copy

Create GatewayPluginOauth2 Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new GatewayPluginOauth2(name: string, args: GatewayPluginOauth2Args, opts?: CustomResourceOptions);
@overload
def GatewayPluginOauth2(resource_name: str,
                        args: GatewayPluginOauth2Args,
                        opts: Optional[ResourceOptions] = None)

@overload
def GatewayPluginOauth2(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        config: Optional[GatewayPluginOauth2ConfigArgs] = None,
                        control_plane_id: Optional[str] = None,
                        enabled: Optional[bool] = None,
                        gateway_plugin_oauth2_id: Optional[str] = None,
                        instance_name: Optional[str] = None,
                        ordering: Optional[GatewayPluginOauth2OrderingArgs] = None,
                        protocols: Optional[Sequence[str]] = None,
                        route: Optional[GatewayPluginOauth2RouteArgs] = None,
                        service: Optional[GatewayPluginOauth2ServiceArgs] = None,
                        tags: Optional[Sequence[str]] = None)
func NewGatewayPluginOauth2(ctx *Context, name string, args GatewayPluginOauth2Args, opts ...ResourceOption) (*GatewayPluginOauth2, error)
public GatewayPluginOauth2(string name, GatewayPluginOauth2Args args, CustomResourceOptions? opts = null)
public GatewayPluginOauth2(String name, GatewayPluginOauth2Args args)
public GatewayPluginOauth2(String name, GatewayPluginOauth2Args args, CustomResourceOptions options)

type: konnect:GatewayPluginOauth2
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. GatewayPluginOauth2Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. GatewayPluginOauth2Args
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. GatewayPluginOauth2Args
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. GatewayPluginOauth2Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. GatewayPluginOauth2Args
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var gatewayPluginOauth2Resource = new Konnect.GatewayPluginOauth2("gatewayPluginOauth2Resource", new()
{
    Config = new Konnect.Inputs.GatewayPluginOauth2ConfigArgs
    {
        AcceptHttpIfAlreadyTerminated = false,
        Anonymous = "string",
        AuthHeaderName = "string",
        EnableAuthorizationCode = false,
        EnableClientCredentials = false,
        EnableImplicitGrant = false,
        EnablePasswordGrant = false,
        GlobalCredentials = false,
        HideCredentials = false,
        MandatoryScope = false,
        PersistentRefreshToken = false,
        Pkce = "string",
        ProvisionKey = "string",
        Realm = "string",
        RefreshTokenTtl = 0,
        ReuseRefreshToken = false,
        Scopes = new[]
        {
            "string",
        },
        TokenExpiration = 0,
    },
    ControlPlaneId = "string",
    Enabled = false,
    GatewayPluginOauth2Id = "string",
    InstanceName = "string",
    Ordering = new Konnect.Inputs.GatewayPluginOauth2OrderingArgs
    {
        After = new Konnect.Inputs.GatewayPluginOauth2OrderingAfterArgs
        {
            Accesses = new[]
            {
                "string",
            },
        },
        Before = new Konnect.Inputs.GatewayPluginOauth2OrderingBeforeArgs
        {
            Accesses = new[]
            {
                "string",
            },
        },
    },
    Protocols = new[]
    {
        "string",
    },
    Route = new Konnect.Inputs.GatewayPluginOauth2RouteArgs
    {
        Id = "string",
    },
    Service = new Konnect.Inputs.GatewayPluginOauth2ServiceArgs
    {
        Id = "string",
    },
    Tags = new[]
    {
        "string",
    },
});
Copy
example, err := konnect.NewGatewayPluginOauth2(ctx, "gatewayPluginOauth2Resource", &konnect.GatewayPluginOauth2Args{
Config: &.GatewayPluginOauth2ConfigArgs{
AcceptHttpIfAlreadyTerminated: pulumi.Bool(false),
Anonymous: pulumi.String("string"),
AuthHeaderName: pulumi.String("string"),
EnableAuthorizationCode: pulumi.Bool(false),
EnableClientCredentials: pulumi.Bool(false),
EnableImplicitGrant: pulumi.Bool(false),
EnablePasswordGrant: pulumi.Bool(false),
GlobalCredentials: pulumi.Bool(false),
HideCredentials: pulumi.Bool(false),
MandatoryScope: pulumi.Bool(false),
PersistentRefreshToken: pulumi.Bool(false),
Pkce: pulumi.String("string"),
ProvisionKey: pulumi.String("string"),
Realm: pulumi.String("string"),
RefreshTokenTtl: pulumi.Float64(0),
ReuseRefreshToken: pulumi.Bool(false),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
TokenExpiration: pulumi.Float64(0),
},
ControlPlaneId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
GatewayPluginOauth2Id: pulumi.String("string"),
InstanceName: pulumi.String("string"),
Ordering: &.GatewayPluginOauth2OrderingArgs{
After: &.GatewayPluginOauth2OrderingAfterArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
Before: &.GatewayPluginOauth2OrderingBeforeArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Protocols: pulumi.StringArray{
pulumi.String("string"),
},
Route: &.GatewayPluginOauth2RouteArgs{
Id: pulumi.String("string"),
},
Service: &.GatewayPluginOauth2ServiceArgs{
Id: pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
})
Copy
var gatewayPluginOauth2Resource = new GatewayPluginOauth2("gatewayPluginOauth2Resource", GatewayPluginOauth2Args.builder()
    .config(GatewayPluginOauth2ConfigArgs.builder()
        .acceptHttpIfAlreadyTerminated(false)
        .anonymous("string")
        .authHeaderName("string")
        .enableAuthorizationCode(false)
        .enableClientCredentials(false)
        .enableImplicitGrant(false)
        .enablePasswordGrant(false)
        .globalCredentials(false)
        .hideCredentials(false)
        .mandatoryScope(false)
        .persistentRefreshToken(false)
        .pkce("string")
        .provisionKey("string")
        .realm("string")
        .refreshTokenTtl(0)
        .reuseRefreshToken(false)
        .scopes("string")
        .tokenExpiration(0)
        .build())
    .controlPlaneId("string")
    .enabled(false)
    .gatewayPluginOauth2Id("string")
    .instanceName("string")
    .ordering(GatewayPluginOauth2OrderingArgs.builder()
        .after(GatewayPluginOauth2OrderingAfterArgs.builder()
            .accesses("string")
            .build())
        .before(GatewayPluginOauth2OrderingBeforeArgs.builder()
            .accesses("string")
            .build())
        .build())
    .protocols("string")
    .route(GatewayPluginOauth2RouteArgs.builder()
        .id("string")
        .build())
    .service(GatewayPluginOauth2ServiceArgs.builder()
        .id("string")
        .build())
    .tags("string")
    .build());
Copy
gateway_plugin_oauth2_resource = konnect.GatewayPluginOauth2("gatewayPluginOauth2Resource",
    config={
        "accept_http_if_already_terminated": False,
        "anonymous": "string",
        "auth_header_name": "string",
        "enable_authorization_code": False,
        "enable_client_credentials": False,
        "enable_implicit_grant": False,
        "enable_password_grant": False,
        "global_credentials": False,
        "hide_credentials": False,
        "mandatory_scope": False,
        "persistent_refresh_token": False,
        "pkce": "string",
        "provision_key": "string",
        "realm": "string",
        "refresh_token_ttl": 0,
        "reuse_refresh_token": False,
        "scopes": ["string"],
        "token_expiration": 0,
    },
    control_plane_id="string",
    enabled=False,
    gateway_plugin_oauth2_id="string",
    instance_name="string",
    ordering={
        "after": {
            "accesses": ["string"],
        },
        "before": {
            "accesses": ["string"],
        },
    },
    protocols=["string"],
    route={
        "id": "string",
    },
    service={
        "id": "string",
    },
    tags=["string"])
Copy
const gatewayPluginOauth2Resource = new konnect.GatewayPluginOauth2("gatewayPluginOauth2Resource", {
    config: {
        acceptHttpIfAlreadyTerminated: false,
        anonymous: "string",
        authHeaderName: "string",
        enableAuthorizationCode: false,
        enableClientCredentials: false,
        enableImplicitGrant: false,
        enablePasswordGrant: false,
        globalCredentials: false,
        hideCredentials: false,
        mandatoryScope: false,
        persistentRefreshToken: false,
        pkce: "string",
        provisionKey: "string",
        realm: "string",
        refreshTokenTtl: 0,
        reuseRefreshToken: false,
        scopes: ["string"],
        tokenExpiration: 0,
    },
    controlPlaneId: "string",
    enabled: false,
    gatewayPluginOauth2Id: "string",
    instanceName: "string",
    ordering: {
        after: {
            accesses: ["string"],
        },
        before: {
            accesses: ["string"],
        },
    },
    protocols: ["string"],
    route: {
        id: "string",
    },
    service: {
        id: "string",
    },
    tags: ["string"],
});
Copy
type: konnect:GatewayPluginOauth2
properties:
    config:
        acceptHttpIfAlreadyTerminated: false
        anonymous: string
        authHeaderName: string
        enableAuthorizationCode: false
        enableClientCredentials: false
        enableImplicitGrant: false
        enablePasswordGrant: false
        globalCredentials: false
        hideCredentials: false
        mandatoryScope: false
        persistentRefreshToken: false
        pkce: string
        provisionKey: string
        realm: string
        refreshTokenTtl: 0
        reuseRefreshToken: false
        scopes:
            - string
        tokenExpiration: 0
    controlPlaneId: string
    enabled: false
    gatewayPluginOauth2Id: string
    instanceName: string
    ordering:
        after:
            accesses:
                - string
        before:
            accesses:
                - string
    protocols:
        - string
    route:
        id: string
    service:
        id: string
    tags:
        - string
Copy

GatewayPluginOauth2 Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The GatewayPluginOauth2 resource accepts the following input properties:

Config This property is required. GatewayPluginOauth2Config
ControlPlaneId This property is required. string
The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
Enabled bool
Whether the plugin is applied.
GatewayPluginOauth2Id string
The ID of this resource.
InstanceName string
Ordering GatewayPluginOauth2Ordering
Protocols List<string>
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Route GatewayPluginOauth2Route
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginOauth2Service
If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags List<string>
An optional set of strings associated with the Plugin for grouping and filtering.
Config This property is required. GatewayPluginOauth2ConfigArgs
ControlPlaneId This property is required. string
The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
Enabled bool
Whether the plugin is applied.
GatewayPluginOauth2Id string
The ID of this resource.
InstanceName string
Ordering GatewayPluginOauth2OrderingArgs
Protocols []string
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Route GatewayPluginOauth2RouteArgs
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginOauth2ServiceArgs
If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags []string
An optional set of strings associated with the Plugin for grouping and filtering.
config This property is required. GatewayPluginOauth2Config
controlPlaneId This property is required. String
The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled Boolean
Whether the plugin is applied.
gatewayPluginOauth2Id String
The ID of this resource.
instanceName String
ordering GatewayPluginOauth2Ordering
protocols List<String>
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginOauth2Route
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginOauth2Service
If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>
An optional set of strings associated with the Plugin for grouping and filtering.
config This property is required. GatewayPluginOauth2Config
controlPlaneId This property is required. string
The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled boolean
Whether the plugin is applied.
gatewayPluginOauth2Id string
The ID of this resource.
instanceName string
ordering GatewayPluginOauth2Ordering
protocols string[]
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginOauth2Route
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginOauth2Service
If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags string[]
An optional set of strings associated with the Plugin for grouping and filtering.
config This property is required. GatewayPluginOauth2ConfigArgs
control_plane_id This property is required. str
The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled bool
Whether the plugin is applied.
gateway_plugin_oauth2_id str
The ID of this resource.
instance_name str
ordering GatewayPluginOauth2OrderingArgs
protocols Sequence[str]
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginOauth2RouteArgs
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginOauth2ServiceArgs
If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags Sequence[str]
An optional set of strings associated with the Plugin for grouping and filtering.
config This property is required. Property Map
controlPlaneId This property is required. String
The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled Boolean
Whether the plugin is applied.
gatewayPluginOauth2Id String
The ID of this resource.
instanceName String
ordering Property Map
protocols List<String>
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route Property Map
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service Property Map
If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>
An optional set of strings associated with the Plugin for grouping and filtering.

Outputs

All input properties are implicitly available as output properties. Additionally, the GatewayPluginOauth2 resource produces the following output properties:

CreatedAt double
Unix epoch when the resource was created.
Id string
The provider-assigned unique ID for this managed resource.
UpdatedAt double
Unix epoch when the resource was last updated.
CreatedAt float64
Unix epoch when the resource was created.
Id string
The provider-assigned unique ID for this managed resource.
UpdatedAt float64
Unix epoch when the resource was last updated.
createdAt Double
Unix epoch when the resource was created.
id String
The provider-assigned unique ID for this managed resource.
updatedAt Double
Unix epoch when the resource was last updated.
createdAt number
Unix epoch when the resource was created.
id string
The provider-assigned unique ID for this managed resource.
updatedAt number
Unix epoch when the resource was last updated.
created_at float
Unix epoch when the resource was created.
id str
The provider-assigned unique ID for this managed resource.
updated_at float
Unix epoch when the resource was last updated.
createdAt Number
Unix epoch when the resource was created.
id String
The provider-assigned unique ID for this managed resource.
updatedAt Number
Unix epoch when the resource was last updated.

Look up Existing GatewayPluginOauth2 Resource

Get an existing GatewayPluginOauth2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: GatewayPluginOauth2State, opts?: CustomResourceOptions): GatewayPluginOauth2
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        config: Optional[GatewayPluginOauth2ConfigArgs] = None,
        control_plane_id: Optional[str] = None,
        created_at: Optional[float] = None,
        enabled: Optional[bool] = None,
        gateway_plugin_oauth2_id: Optional[str] = None,
        instance_name: Optional[str] = None,
        ordering: Optional[GatewayPluginOauth2OrderingArgs] = None,
        protocols: Optional[Sequence[str]] = None,
        route: Optional[GatewayPluginOauth2RouteArgs] = None,
        service: Optional[GatewayPluginOauth2ServiceArgs] = None,
        tags: Optional[Sequence[str]] = None,
        updated_at: Optional[float] = None) -> GatewayPluginOauth2
func GetGatewayPluginOauth2(ctx *Context, name string, id IDInput, state *GatewayPluginOauth2State, opts ...ResourceOption) (*GatewayPluginOauth2, error)
public static GatewayPluginOauth2 Get(string name, Input<string> id, GatewayPluginOauth2State? state, CustomResourceOptions? opts = null)
public static GatewayPluginOauth2 get(String name, Output<String> id, GatewayPluginOauth2State state, CustomResourceOptions options)
resources:  _:    type: konnect:GatewayPluginOauth2    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Config GatewayPluginOauth2Config
ControlPlaneId string
The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
CreatedAt double
Unix epoch when the resource was created.
Enabled bool
Whether the plugin is applied.
GatewayPluginOauth2Id string
The ID of this resource.
InstanceName string
Ordering GatewayPluginOauth2Ordering
Protocols List<string>
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Route GatewayPluginOauth2Route
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginOauth2Service
If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags List<string>
An optional set of strings associated with the Plugin for grouping and filtering.
UpdatedAt double
Unix epoch when the resource was last updated.
Config GatewayPluginOauth2ConfigArgs
ControlPlaneId string
The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
CreatedAt float64
Unix epoch when the resource was created.
Enabled bool
Whether the plugin is applied.
GatewayPluginOauth2Id string
The ID of this resource.
InstanceName string
Ordering GatewayPluginOauth2OrderingArgs
Protocols []string
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Route GatewayPluginOauth2RouteArgs
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginOauth2ServiceArgs
If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags []string
An optional set of strings associated with the Plugin for grouping and filtering.
UpdatedAt float64
Unix epoch when the resource was last updated.
config GatewayPluginOauth2Config
controlPlaneId String
The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
createdAt Double
Unix epoch when the resource was created.
enabled Boolean
Whether the plugin is applied.
gatewayPluginOauth2Id String
The ID of this resource.
instanceName String
ordering GatewayPluginOauth2Ordering
protocols List<String>
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginOauth2Route
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginOauth2Service
If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>
An optional set of strings associated with the Plugin for grouping and filtering.
updatedAt Double
Unix epoch when the resource was last updated.
config GatewayPluginOauth2Config
controlPlaneId string
The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
createdAt number
Unix epoch when the resource was created.
enabled boolean
Whether the plugin is applied.
gatewayPluginOauth2Id string
The ID of this resource.
instanceName string
ordering GatewayPluginOauth2Ordering
protocols string[]
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginOauth2Route
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginOauth2Service
If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags string[]
An optional set of strings associated with the Plugin for grouping and filtering.
updatedAt number
Unix epoch when the resource was last updated.
config GatewayPluginOauth2ConfigArgs
control_plane_id str
The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
created_at float
Unix epoch when the resource was created.
enabled bool
Whether the plugin is applied.
gateway_plugin_oauth2_id str
The ID of this resource.
instance_name str
ordering GatewayPluginOauth2OrderingArgs
protocols Sequence[str]
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginOauth2RouteArgs
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginOauth2ServiceArgs
If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags Sequence[str]
An optional set of strings associated with the Plugin for grouping and filtering.
updated_at float
Unix epoch when the resource was last updated.
config Property Map
controlPlaneId String
The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
createdAt Number
Unix epoch when the resource was created.
enabled Boolean
Whether the plugin is applied.
gatewayPluginOauth2Id String
The ID of this resource.
instanceName String
ordering Property Map
protocols List<String>
A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route Property Map
If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service Property Map
If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>
An optional set of strings associated with the Plugin for grouping and filtering.
updatedAt Number
Unix epoch when the resource was last updated.

Supporting Types

GatewayPluginOauth2Config
, GatewayPluginOauth2ConfigArgs

AcceptHttpIfAlreadyTerminated bool
Accepts HTTPs requests that have already been terminated by a proxy or load balancer.
Anonymous string
An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
AuthHeaderName string
The name of the header that is supposed to carry the access token.
EnableAuthorizationCode bool
An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).
EnableClientCredentials bool
An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).
EnableImplicitGrant bool
An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).
EnablePasswordGrant bool
An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).
GlobalCredentials bool
An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has config.global_credentials=true.
HideCredentials bool
An optional boolean value telling the plugin to show or hide the credential from the upstream service.
MandatoryScope bool
An optional boolean value telling the plugin to require at least one scope to be authorized by the end user.
PersistentRefreshToken bool
Pkce string
Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin. must be one of ["lax", "none", "strict"]
ProvisionKey string
The unique key the plugin has generated when it has been added to the Service.
Realm string
When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
RefreshTokenTtl double
Time-to-live value for data
ReuseRefreshToken bool
An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.
Scopes List<string>
Describes an array of scope names that will be available to the end user. If mandatory_scope is set to true, then scopes are required.
TokenExpiration double
An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to 0 to disable the expiration.
AcceptHttpIfAlreadyTerminated bool
Accepts HTTPs requests that have already been terminated by a proxy or load balancer.
Anonymous string
An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
AuthHeaderName string
The name of the header that is supposed to carry the access token.
EnableAuthorizationCode bool
An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).
EnableClientCredentials bool
An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).
EnableImplicitGrant bool
An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).
EnablePasswordGrant bool
An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).
GlobalCredentials bool
An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has config.global_credentials=true.
HideCredentials bool
An optional boolean value telling the plugin to show or hide the credential from the upstream service.
MandatoryScope bool
An optional boolean value telling the plugin to require at least one scope to be authorized by the end user.
PersistentRefreshToken bool
Pkce string
Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin. must be one of ["lax", "none", "strict"]
ProvisionKey string
The unique key the plugin has generated when it has been added to the Service.
Realm string
When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
RefreshTokenTtl float64
Time-to-live value for data
ReuseRefreshToken bool
An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.
Scopes []string
Describes an array of scope names that will be available to the end user. If mandatory_scope is set to true, then scopes are required.
TokenExpiration float64
An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to 0 to disable the expiration.
acceptHttpIfAlreadyTerminated Boolean
Accepts HTTPs requests that have already been terminated by a proxy or load balancer.
anonymous String
An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
authHeaderName String
The name of the header that is supposed to carry the access token.
enableAuthorizationCode Boolean
An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).
enableClientCredentials Boolean
An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).
enableImplicitGrant Boolean
An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).
enablePasswordGrant Boolean
An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).
globalCredentials Boolean
An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has config.global_credentials=true.
hideCredentials Boolean
An optional boolean value telling the plugin to show or hide the credential from the upstream service.
mandatoryScope Boolean
An optional boolean value telling the plugin to require at least one scope to be authorized by the end user.
persistentRefreshToken Boolean
pkce String
Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin. must be one of ["lax", "none", "strict"]
provisionKey String
The unique key the plugin has generated when it has been added to the Service.
realm String
When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
refreshTokenTtl Double
Time-to-live value for data
reuseRefreshToken Boolean
An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.
scopes List<String>
Describes an array of scope names that will be available to the end user. If mandatory_scope is set to true, then scopes are required.
tokenExpiration Double
An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to 0 to disable the expiration.
acceptHttpIfAlreadyTerminated boolean
Accepts HTTPs requests that have already been terminated by a proxy or load balancer.
anonymous string
An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
authHeaderName string
The name of the header that is supposed to carry the access token.
enableAuthorizationCode boolean
An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).
enableClientCredentials boolean
An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).
enableImplicitGrant boolean
An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).
enablePasswordGrant boolean
An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).
globalCredentials boolean
An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has config.global_credentials=true.
hideCredentials boolean
An optional boolean value telling the plugin to show or hide the credential from the upstream service.
mandatoryScope boolean
An optional boolean value telling the plugin to require at least one scope to be authorized by the end user.
persistentRefreshToken boolean
pkce string
Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin. must be one of ["lax", "none", "strict"]
provisionKey string
The unique key the plugin has generated when it has been added to the Service.
realm string
When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
refreshTokenTtl number
Time-to-live value for data
reuseRefreshToken boolean
An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.
scopes string[]
Describes an array of scope names that will be available to the end user. If mandatory_scope is set to true, then scopes are required.
tokenExpiration number
An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to 0 to disable the expiration.
accept_http_if_already_terminated bool
Accepts HTTPs requests that have already been terminated by a proxy or load balancer.
anonymous str
An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
auth_header_name str
The name of the header that is supposed to carry the access token.
enable_authorization_code bool
An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).
enable_client_credentials bool
An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).
enable_implicit_grant bool
An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).
enable_password_grant bool
An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).
global_credentials bool
An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has config.global_credentials=true.
hide_credentials bool
An optional boolean value telling the plugin to show or hide the credential from the upstream service.
mandatory_scope bool
An optional boolean value telling the plugin to require at least one scope to be authorized by the end user.
persistent_refresh_token bool
pkce str
Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin. must be one of ["lax", "none", "strict"]
provision_key str
The unique key the plugin has generated when it has been added to the Service.
realm str
When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
refresh_token_ttl float
Time-to-live value for data
reuse_refresh_token bool
An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.
scopes Sequence[str]
Describes an array of scope names that will be available to the end user. If mandatory_scope is set to true, then scopes are required.
token_expiration float
An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to 0 to disable the expiration.
acceptHttpIfAlreadyTerminated Boolean
Accepts HTTPs requests that have already been terminated by a proxy or load balancer.
anonymous String
An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
authHeaderName String
The name of the header that is supposed to carry the access token.
enableAuthorizationCode Boolean
An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).
enableClientCredentials Boolean
An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).
enableImplicitGrant Boolean
An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).
enablePasswordGrant Boolean
An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).
globalCredentials Boolean
An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has config.global_credentials=true.
hideCredentials Boolean
An optional boolean value telling the plugin to show or hide the credential from the upstream service.
mandatoryScope Boolean
An optional boolean value telling the plugin to require at least one scope to be authorized by the end user.
persistentRefreshToken Boolean
pkce String
Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin. must be one of ["lax", "none", "strict"]
provisionKey String
The unique key the plugin has generated when it has been added to the Service.
realm String
When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
refreshTokenTtl Number
Time-to-live value for data
reuseRefreshToken Boolean
An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.
scopes List<String>
Describes an array of scope names that will be available to the end user. If mandatory_scope is set to true, then scopes are required.
tokenExpiration Number
An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to 0 to disable the expiration.

GatewayPluginOauth2Ordering
, GatewayPluginOauth2OrderingArgs

GatewayPluginOauth2OrderingAfter
, GatewayPluginOauth2OrderingAfterArgs

Accesses List<string>
Accesses []string
accesses List<String>
accesses string[]
accesses Sequence[str]
accesses List<String>

GatewayPluginOauth2OrderingBefore
, GatewayPluginOauth2OrderingBeforeArgs

Accesses List<string>
Accesses []string
accesses List<String>
accesses string[]
accesses Sequence[str]
accesses List<String>

GatewayPluginOauth2Route
, GatewayPluginOauth2RouteArgs

Id string
Id string
id String
id string
id str
id String

GatewayPluginOauth2Service
, GatewayPluginOauth2ServiceArgs

Id string
Id string
id String
id string
id str
id String

Import

$ pulumi import konnect:index/gatewayPluginOauth2:GatewayPluginOauth2 my_konnect_gateway_plugin_oauth2 "{ \"control_plane_id\": \"9524ec7d-36d9-465d-a8c5-83a3c9390458\", \"plugin_id\": \"3473c251-5b6c-4f45-b1ff-7ede735a366d\"}"
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
konnect kong/terraform-provider-konnect
License
Notes
This Pulumi package is based on the konnect Terraform Provider.
konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong
kong/terraform-provider-konnect