konnect 2.4.1, Mar 13 25

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

konnect.getGatewayPluginMtlsAuth

Explore with Pulumi AI

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

Using getGatewayPluginMtlsAuth

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getGatewayPluginMtlsAuth(args: GetGatewayPluginMtlsAuthArgs, opts?: InvokeOptions): Promise<GetGatewayPluginMtlsAuthResult>
function getGatewayPluginMtlsAuthOutput(args: GetGatewayPluginMtlsAuthOutputArgs, opts?: InvokeOptions): Output<GetGatewayPluginMtlsAuthResult>

def get_gateway_plugin_mtls_auth(control_plane_id: Optional[str] = None,
                                 opts: Optional[InvokeOptions] = None) -> GetGatewayPluginMtlsAuthResult
def get_gateway_plugin_mtls_auth_output(control_plane_id: Optional[pulumi.Input[str]] = None,
                                 opts: Optional[InvokeOptions] = None) -> Output[GetGatewayPluginMtlsAuthResult]

func LookupGatewayPluginMtlsAuth(ctx *Context, args *LookupGatewayPluginMtlsAuthArgs, opts ...InvokeOption) (*LookupGatewayPluginMtlsAuthResult, error)
func LookupGatewayPluginMtlsAuthOutput(ctx *Context, args *LookupGatewayPluginMtlsAuthOutputArgs, opts ...InvokeOption) LookupGatewayPluginMtlsAuthResultOutput

> Note: This function is named LookupGatewayPluginMtlsAuth in the Go SDK.

public static class GetGatewayPluginMtlsAuth 
{
    public static Task<GetGatewayPluginMtlsAuthResult> InvokeAsync(GetGatewayPluginMtlsAuthArgs args, InvokeOptions? opts = null)
    public static Output<GetGatewayPluginMtlsAuthResult> Invoke(GetGatewayPluginMtlsAuthInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetGatewayPluginMtlsAuthResult> getGatewayPluginMtlsAuth(GetGatewayPluginMtlsAuthArgs args, InvokeOptions options)
public static Output<GetGatewayPluginMtlsAuthResult> getGatewayPluginMtlsAuth(GetGatewayPluginMtlsAuthArgs args, InvokeOptions options)

fn::invoke:
  function: konnect:index/getGatewayPluginMtlsAuth:getGatewayPluginMtlsAuth
  arguments:
    # arguments dictionary

The following arguments are supported:

ControlPlaneId string

ControlPlaneId string

controlPlaneId String

controlPlaneId string

control_plane_id str

controlPlaneId String

getGatewayPluginMtlsAuth Result

The following output properties are available:

Config GetGatewayPluginMtlsAuthConfig
ControlPlaneId string
CreatedAt double
Enabled bool
Id string
InstanceName string
Ordering GetGatewayPluginMtlsAuthOrdering
Protocols List<string>
Route GetGatewayPluginMtlsAuthRoute
Service GetGatewayPluginMtlsAuthService
Tags List<string>
UpdatedAt double

Config GetGatewayPluginMtlsAuthConfig
ControlPlaneId string
CreatedAt float64
Enabled bool
Id string
InstanceName string
Ordering GetGatewayPluginMtlsAuthOrdering
Protocols []string
Route GetGatewayPluginMtlsAuthRoute
Service GetGatewayPluginMtlsAuthService
Tags []string
UpdatedAt float64

config GetGatewayPluginMtlsAuthConfig
controlPlaneId String
createdAt Double
enabled Boolean
id String
instanceName String
ordering GetGatewayPluginMtlsAuthOrdering
protocols List<String>
route GetGatewayPluginMtlsAuthRoute
service GetGatewayPluginMtlsAuthService
tags List<String>
updatedAt Double

config GetGatewayPluginMtlsAuthConfig
controlPlaneId string
createdAt number
enabled boolean
id string
instanceName string
ordering GetGatewayPluginMtlsAuthOrdering
protocols string[]
route GetGatewayPluginMtlsAuthRoute
service GetGatewayPluginMtlsAuthService
tags string[]
updatedAt number

config GetGatewayPluginMtlsAuthConfig
control_plane_id str
created_at float
enabled bool
id str
instance_name str
ordering GetGatewayPluginMtlsAuthOrdering
protocols Sequence[str]
route GetGatewayPluginMtlsAuthRoute
service GetGatewayPluginMtlsAuthService
tags Sequence[str]
updated_at float

config Property Map
controlPlaneId String
createdAt Number
enabled Boolean
id String
instanceName String
ordering Property Map
protocols List<String>
route Property Map
service Property Map
tags List<String>
updatedAt Number

Supporting Types

GetGatewayPluginMtlsAuthConfig

AllowPartialChain bool: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
Anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
AuthenticatedGroupBy string: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users.
CaCertificates List<string>: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
CacheTtl double: Cache expiry time in seconds.
CertCacheTtl double: The length of time in seconds between refreshes of the revocation check status cache.
ConsumerBies List<string>: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
DefaultConsumer string: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
HttpProxyHost string: A string representing a host name, such as example.com.
HttpProxyPort double: An integer representing a port number between 0 and 65535, inclusive.
HttpTimeout double: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
HttpsProxyHost string: A string representing a host name, such as example.com.
HttpsProxyPort double: An integer representing a port number between 0 and 65535, inclusive.
RevocationCheckMode string: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status.
SendCaDn bool: Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.
SkipConsumerLookup bool: Skip consumer lookup once certificate is trusted against the configured CA list.

AllowPartialChain bool: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
Anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
AuthenticatedGroupBy string: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users.
CaCertificates []string: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
CacheTtl float64: Cache expiry time in seconds.
CertCacheTtl float64: The length of time in seconds between refreshes of the revocation check status cache.
ConsumerBies []string: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
DefaultConsumer string: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
HttpProxyHost string: A string representing a host name, such as example.com.
HttpProxyPort float64: An integer representing a port number between 0 and 65535, inclusive.
HttpTimeout float64: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
HttpsProxyHost string: A string representing a host name, such as example.com.
HttpsProxyPort float64: An integer representing a port number between 0 and 65535, inclusive.
RevocationCheckMode string: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status.
SendCaDn bool: Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.
SkipConsumerLookup bool: Skip consumer lookup once certificate is trusted against the configured CA list.

allowPartialChain Boolean: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
anonymous String: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
authenticatedGroupBy String: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users.
caCertificates List<String>: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
cacheTtl Double: Cache expiry time in seconds.
certCacheTtl Double: The length of time in seconds between refreshes of the revocation check status cache.
consumerBies List<String>: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
defaultConsumer String: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
httpProxyHost String: A string representing a host name, such as example.com.
httpProxyPort Double: An integer representing a port number between 0 and 65535, inclusive.
httpTimeout Double: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
httpsProxyHost String: A string representing a host name, such as example.com.
httpsProxyPort Double: An integer representing a port number between 0 and 65535, inclusive.
revocationCheckMode String: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status.
sendCaDn Boolean: Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.
skipConsumerLookup Boolean: Skip consumer lookup once certificate is trusted against the configured CA list.

allowPartialChain boolean: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
authenticatedGroupBy string: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users.
caCertificates string[]: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
cacheTtl number: Cache expiry time in seconds.
certCacheTtl number: The length of time in seconds between refreshes of the revocation check status cache.
consumerBies string[]: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
defaultConsumer string: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
httpProxyHost string: A string representing a host name, such as example.com.
httpProxyPort number: An integer representing a port number between 0 and 65535, inclusive.
httpTimeout number: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
httpsProxyHost string: A string representing a host name, such as example.com.
httpsProxyPort number: An integer representing a port number between 0 and 65535, inclusive.
revocationCheckMode string: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status.
sendCaDn boolean: Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.
skipConsumerLookup boolean: Skip consumer lookup once certificate is trusted against the configured CA list.

allow_partial_chain bool: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
anonymous str: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
authenticated_group_by str: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users.
ca_certificates Sequence[str]: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
cache_ttl float: Cache expiry time in seconds.
cert_cache_ttl float: The length of time in seconds between refreshes of the revocation check status cache.
consumer_bies Sequence[str]: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
default_consumer str: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
http_proxy_host str: A string representing a host name, such as example.com.
http_proxy_port float: An integer representing a port number between 0 and 65535, inclusive.
http_timeout float: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
https_proxy_host str: A string representing a host name, such as example.com.
https_proxy_port float: An integer representing a port number between 0 and 65535, inclusive.
revocation_check_mode str: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status.
send_ca_dn bool: Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.
skip_consumer_lookup bool: Skip consumer lookup once certificate is trusted against the configured CA list.

allowPartialChain Boolean: Allow certificate verification with only an intermediate certificate. When this is enabled, you don't need to upload the full chain to Kong Certificates.
anonymous String: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails. If empty (default null), the request fails with an authentication failure 4xx. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
authenticatedGroupBy String: Certificate property to use as the authenticated group. Valid values are CN (Common Name) or DN (Distinguished Name). Once skip_consumer_lookup is applied, any client with a valid certificate can access the Service/API. To restrict usage to only some of the authenticated users, also add the ACL plugin (not covered here) and create allowed or denied groups of users.
caCertificates List<String>: List of CA Certificates strings to use as Certificate Authorities (CA) when validating a client certificate. At least one is required but you can specify as many as needed. The value of this array is comprised of primary keys (id).
cacheTtl Number: Cache expiry time in seconds.
certCacheTtl Number: The length of time in seconds between refreshes of the revocation check status cache.
consumerBies List<String>: Whether to match the subject name of the client-supplied certificate against consumer's username and/or custom_id attribute. If set to [] (the empty array), then auto-matching is disabled.
defaultConsumer String: The UUID or username of the consumer to use when a trusted client certificate is presented but no consumer matches. Note that this value must refer to the consumer id or username attribute, and not its custom_id.
httpProxyHost String: A string representing a host name, such as example.com.
httpProxyPort Number: An integer representing a port number between 0 and 65535, inclusive.
httpTimeout Number: HTTP timeout threshold in milliseconds when communicating with the OCSP server or downloading CRL.
httpsProxyHost String: A string representing a host name, such as example.com.
httpsProxyPort Number: An integer representing a port number between 0 and 65535, inclusive.
revocationCheckMode String: Controls client certificate revocation check behavior. If set to SKIP, no revocation check is performed. If set to IGNORE_CA_ERROR, the plugin respects the revocation status when either OCSP or CRL URL is set, and doesn't fail on network issues. If set to STRICT, the plugin only treats the certificate as valid when it's able to verify the revocation status.
sendCaDn Boolean: Sends the distinguished names (DN) of the configured CA list in the TLS handshake message.
skipConsumerLookup Boolean: Skip consumer lookup once certificate is trusted against the configured CA list.

GetGatewayPluginMtlsAuthOrdering

After GetGatewayPluginMtlsAuthOrderingAfter
Before GetGatewayPluginMtlsAuthOrderingBefore

After GetGatewayPluginMtlsAuthOrderingAfter
Before GetGatewayPluginMtlsAuthOrderingBefore

after GetGatewayPluginMtlsAuthOrderingAfter
before GetGatewayPluginMtlsAuthOrderingBefore

after GetGatewayPluginMtlsAuthOrderingAfter
before GetGatewayPluginMtlsAuthOrderingBefore

after GetGatewayPluginMtlsAuthOrderingAfter
before GetGatewayPluginMtlsAuthOrderingBefore

after Property Map
before Property Map

GetGatewayPluginMtlsAuthOrderingAfter

Accesses List<string>

Accesses []string

accesses List<String>

accesses string[]

accesses Sequence[str]

accesses List<String>

GetGatewayPluginMtlsAuthOrderingBefore

Accesses List<string>

Accesses []string

accesses List<String>

accesses string[]

accesses Sequence[str]

accesses List<String>

GetGatewayPluginMtlsAuthRoute

Id string

Id string

id String

id string

id str

id String

GetGatewayPluginMtlsAuthService

Id string

Id string

id String

id string

id str

id String

Package Details

Repository: konnect kong/terraform-provider-konnect
License
Notes: This Pulumi package is based on the konnect Terraform Provider.

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

kong/terraform-provider-konnect

konnect.getGatewayPluginMtlsAuth

On this page

On this page

Using getGatewayPluginMtlsAuth

getGatewayPluginMtlsAuth Result

Supporting Types

GetGatewayPluginMtlsAuthConfig

GetGatewayPluginMtlsAuthOrdering

GetGatewayPluginMtlsAuthOrderingAfter

GetGatewayPluginMtlsAuthOrderingBefore

GetGatewayPluginMtlsAuthRoute

GetGatewayPluginMtlsAuthService

Package Details

On this page

On this page