konnect 2.4.1, Mar 13 25

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

konnect.GatewayPluginOauth2

Explore with Pulumi AI

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

Example Usage

Coming soon!

Coming soon!

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.konnect.GatewayPluginOauth2;
import com.pulumi.konnect.GatewayPluginOauth2Args;
import com.pulumi.konnect.inputs.GatewayPluginOauth2ConfigArgs;
import com.pulumi.konnect.inputs.GatewayPluginOauth2OrderingArgs;
import com.pulumi.konnect.inputs.GatewayPluginOauth2OrderingAfterArgs;
import com.pulumi.konnect.inputs.GatewayPluginOauth2OrderingBeforeArgs;
import com.pulumi.konnect.inputs.GatewayPluginOauth2RouteArgs;
import com.pulumi.konnect.inputs.GatewayPluginOauth2ServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myGatewaypluginoauth2 = new GatewayPluginOauth2("myGatewaypluginoauth2", GatewayPluginOauth2Args.builder()
            .config(GatewayPluginOauth2ConfigArgs.builder()
                .accept_http_if_already_terminated(true)
                .anonymous("...my_anonymous...")
                .auth_header_name("...my_auth_header_name...")
                .enable_authorization_code(true)
                .enable_client_credentials(false)
                .enable_implicit_grant(true)
                .enable_password_grant(true)
                .global_credentials(true)
                .hide_credentials(false)
                .mandatory_scope(false)
                .persistent_refresh_token(true)
                .pkce("strict")
                .provision_key("...my_provision_key...")
                .realm("...my_realm...")
                .refresh_token_ttl(4.338528636e+07)
                .reuse_refresh_token(true)
                .scopes("...")
                .token_expiration(5.01)
                .build())
            .controlPlaneId("9524ec7d-36d9-465d-a8c5-83a3c9390458")
            .enabled(true)
            .gatewayPluginOauth2Id("...my_id...")
            .instanceName("...my_instance_name...")
            .ordering(GatewayPluginOauth2OrderingArgs.builder()
                .after(GatewayPluginOauth2OrderingAfterArgs.builder()
                    .access("...")
                    .build())
                .before(GatewayPluginOauth2OrderingBeforeArgs.builder()
                    .access("...")
                    .build())
                .build())
            .protocols("wss")
            .route(GatewayPluginOauth2RouteArgs.builder()
                .id("...my_id...")
                .build())
            .service(GatewayPluginOauth2ServiceArgs.builder()
                .id("...my_id...")
                .build())
            .tags("...")
            .build());

    }
}

resources:
  myGatewaypluginoauth2:
    type: konnect:GatewayPluginOauth2
    properties:
      config:
        accept_http_if_already_terminated: true
        anonymous: '...my_anonymous...'
        auth_header_name: '...my_auth_header_name...'
        enable_authorization_code: true
        enable_client_credentials: false
        enable_implicit_grant: true
        enable_password_grant: true
        global_credentials: true
        hide_credentials: false
        mandatory_scope: false
        persistent_refresh_token: true
        pkce: strict
        provision_key: '...my_provision_key...'
        realm: '...my_realm...'
        refresh_token_ttl: 4.338528636e+07
        reuse_refresh_token: true
        scopes:
          - '...'
        token_expiration: 5.01
      controlPlaneId: 9524ec7d-36d9-465d-a8c5-83a3c9390458
      enabled: true
      gatewayPluginOauth2Id: '...my_id...'
      instanceName: '...my_instance_name...'
      ordering:
        after:
          access:
            - '...'
        before:
          access:
            - '...'
      protocols:
        - wss
      route:
        id: '...my_id...'
      service:
        id: '...my_id...'
      tags:
        - '...'

Create GatewayPluginOauth2 Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new GatewayPluginOauth2(name: string, args: GatewayPluginOauth2Args, opts?: CustomResourceOptions);

@overload
def GatewayPluginOauth2(resource_name: str,
                        args: GatewayPluginOauth2Args,
                        opts: Optional[ResourceOptions] = None)

@overload
def GatewayPluginOauth2(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        config: Optional[GatewayPluginOauth2ConfigArgs] = None,
                        control_plane_id: Optional[str] = None,
                        enabled: Optional[bool] = None,
                        gateway_plugin_oauth2_id: Optional[str] = None,
                        instance_name: Optional[str] = None,
                        ordering: Optional[GatewayPluginOauth2OrderingArgs] = None,
                        protocols: Optional[Sequence[str]] = None,
                        route: Optional[GatewayPluginOauth2RouteArgs] = None,
                        service: Optional[GatewayPluginOauth2ServiceArgs] = None,
                        tags: Optional[Sequence[str]] = None)

func NewGatewayPluginOauth2(ctx *Context, name string, args GatewayPluginOauth2Args, opts ...ResourceOption) (*GatewayPluginOauth2, error)

public GatewayPluginOauth2(string name, GatewayPluginOauth2Args args, CustomResourceOptions? opts = null)

public GatewayPluginOauth2(String name, GatewayPluginOauth2Args args)
public GatewayPluginOauth2(String name, GatewayPluginOauth2Args args, CustomResourceOptions options)

type: konnect:GatewayPluginOauth2
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args GatewayPluginOauth2Args: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args GatewayPluginOauth2Args: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args GatewayPluginOauth2Args: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args GatewayPluginOauth2Args: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args GatewayPluginOauth2Args: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var gatewayPluginOauth2Resource = new Konnect.GatewayPluginOauth2("gatewayPluginOauth2Resource", new()
{
    Config = new Konnect.Inputs.GatewayPluginOauth2ConfigArgs
    {
        AcceptHttpIfAlreadyTerminated = false,
        Anonymous = "string",
        AuthHeaderName = "string",
        EnableAuthorizationCode = false,
        EnableClientCredentials = false,
        EnableImplicitGrant = false,
        EnablePasswordGrant = false,
        GlobalCredentials = false,
        HideCredentials = false,
        MandatoryScope = false,
        PersistentRefreshToken = false,
        Pkce = "string",
        ProvisionKey = "string",
        Realm = "string",
        RefreshTokenTtl = 0,
        ReuseRefreshToken = false,
        Scopes = new[]
        {
            "string",
        },
        TokenExpiration = 0,
    },
    ControlPlaneId = "string",
    Enabled = false,
    GatewayPluginOauth2Id = "string",
    InstanceName = "string",
    Ordering = new Konnect.Inputs.GatewayPluginOauth2OrderingArgs
    {
        After = new Konnect.Inputs.GatewayPluginOauth2OrderingAfterArgs
        {
            Accesses = new[]
            {
                "string",
            },
        },
        Before = new Konnect.Inputs.GatewayPluginOauth2OrderingBeforeArgs
        {
            Accesses = new[]
            {
                "string",
            },
        },
    },
    Protocols = new[]
    {
        "string",
    },
    Route = new Konnect.Inputs.GatewayPluginOauth2RouteArgs
    {
        Id = "string",
    },
    Service = new Konnect.Inputs.GatewayPluginOauth2ServiceArgs
    {
        Id = "string",
    },
    Tags = new[]
    {
        "string",
    },
});

example, err := konnect.NewGatewayPluginOauth2(ctx, "gatewayPluginOauth2Resource", &konnect.GatewayPluginOauth2Args{
Config: &.GatewayPluginOauth2ConfigArgs{
AcceptHttpIfAlreadyTerminated: pulumi.Bool(false),
Anonymous: pulumi.String("string"),
AuthHeaderName: pulumi.String("string"),
EnableAuthorizationCode: pulumi.Bool(false),
EnableClientCredentials: pulumi.Bool(false),
EnableImplicitGrant: pulumi.Bool(false),
EnablePasswordGrant: pulumi.Bool(false),
GlobalCredentials: pulumi.Bool(false),
HideCredentials: pulumi.Bool(false),
MandatoryScope: pulumi.Bool(false),
PersistentRefreshToken: pulumi.Bool(false),
Pkce: pulumi.String("string"),
ProvisionKey: pulumi.String("string"),
Realm: pulumi.String("string"),
RefreshTokenTtl: pulumi.Float64(0),
ReuseRefreshToken: pulumi.Bool(false),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
TokenExpiration: pulumi.Float64(0),
},
ControlPlaneId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
GatewayPluginOauth2Id: pulumi.String("string"),
InstanceName: pulumi.String("string"),
Ordering: &.GatewayPluginOauth2OrderingArgs{
After: &.GatewayPluginOauth2OrderingAfterArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
Before: &.GatewayPluginOauth2OrderingBeforeArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Protocols: pulumi.StringArray{
pulumi.String("string"),
},
Route: &.GatewayPluginOauth2RouteArgs{
Id: pulumi.String("string"),
},
Service: &.GatewayPluginOauth2ServiceArgs{
Id: pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
})

var gatewayPluginOauth2Resource = new GatewayPluginOauth2("gatewayPluginOauth2Resource", GatewayPluginOauth2Args.builder()
    .config(GatewayPluginOauth2ConfigArgs.builder()
        .acceptHttpIfAlreadyTerminated(false)
        .anonymous("string")
        .authHeaderName("string")
        .enableAuthorizationCode(false)
        .enableClientCredentials(false)
        .enableImplicitGrant(false)
        .enablePasswordGrant(false)
        .globalCredentials(false)
        .hideCredentials(false)
        .mandatoryScope(false)
        .persistentRefreshToken(false)
        .pkce("string")
        .provisionKey("string")
        .realm("string")
        .refreshTokenTtl(0)
        .reuseRefreshToken(false)
        .scopes("string")
        .tokenExpiration(0)
        .build())
    .controlPlaneId("string")
    .enabled(false)
    .gatewayPluginOauth2Id("string")
    .instanceName("string")
    .ordering(GatewayPluginOauth2OrderingArgs.builder()
        .after(GatewayPluginOauth2OrderingAfterArgs.builder()
            .accesses("string")
            .build())
        .before(GatewayPluginOauth2OrderingBeforeArgs.builder()
            .accesses("string")
            .build())
        .build())
    .protocols("string")
    .route(GatewayPluginOauth2RouteArgs.builder()
        .id("string")
        .build())
    .service(GatewayPluginOauth2ServiceArgs.builder()
        .id("string")
        .build())
    .tags("string")
    .build());

gateway_plugin_oauth2_resource = konnect.GatewayPluginOauth2("gatewayPluginOauth2Resource",
    config={
        "accept_http_if_already_terminated": False,
        "anonymous": "string",
        "auth_header_name": "string",
        "enable_authorization_code": False,
        "enable_client_credentials": False,
        "enable_implicit_grant": False,
        "enable_password_grant": False,
        "global_credentials": False,
        "hide_credentials": False,
        "mandatory_scope": False,
        "persistent_refresh_token": False,
        "pkce": "string",
        "provision_key": "string",
        "realm": "string",
        "refresh_token_ttl": 0,
        "reuse_refresh_token": False,
        "scopes": ["string"],
        "token_expiration": 0,
    },
    control_plane_id="string",
    enabled=False,
    gateway_plugin_oauth2_id="string",
    instance_name="string",
    ordering={
        "after": {
            "accesses": ["string"],
        },
        "before": {
            "accesses": ["string"],
        },
    },
    protocols=["string"],
    route={
        "id": "string",
    },
    service={
        "id": "string",
    },
    tags=["string"])

const gatewayPluginOauth2Resource = new konnect.GatewayPluginOauth2("gatewayPluginOauth2Resource", {
    config: {
        acceptHttpIfAlreadyTerminated: false,
        anonymous: "string",
        authHeaderName: "string",
        enableAuthorizationCode: false,
        enableClientCredentials: false,
        enableImplicitGrant: false,
        enablePasswordGrant: false,
        globalCredentials: false,
        hideCredentials: false,
        mandatoryScope: false,
        persistentRefreshToken: false,
        pkce: "string",
        provisionKey: "string",
        realm: "string",
        refreshTokenTtl: 0,
        reuseRefreshToken: false,
        scopes: ["string"],
        tokenExpiration: 0,
    },
    controlPlaneId: "string",
    enabled: false,
    gatewayPluginOauth2Id: "string",
    instanceName: "string",
    ordering: {
        after: {
            accesses: ["string"],
        },
        before: {
            accesses: ["string"],
        },
    },
    protocols: ["string"],
    route: {
        id: "string",
    },
    service: {
        id: "string",
    },
    tags: ["string"],
});

type: konnect:GatewayPluginOauth2
properties:
    config:
        acceptHttpIfAlreadyTerminated: false
        anonymous: string
        authHeaderName: string
        enableAuthorizationCode: false
        enableClientCredentials: false
        enableImplicitGrant: false
        enablePasswordGrant: false
        globalCredentials: false
        hideCredentials: false
        mandatoryScope: false
        persistentRefreshToken: false
        pkce: string
        provisionKey: string
        realm: string
        refreshTokenTtl: 0
        reuseRefreshToken: false
        scopes:
            - string
        tokenExpiration: 0
    controlPlaneId: string
    enabled: false
    gatewayPluginOauth2Id: string
    instanceName: string
    ordering:
        after:
            accesses:
                - string
        before:
            accesses:
                - string
    protocols:
        - string
    route:
        id: string
    service:
        id: string
    tags:
        - string

GatewayPluginOauth2 Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The GatewayPluginOauth2 resource accepts the following input properties:

Config GatewayPluginOauth2Config
ControlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
Enabled bool: Whether the plugin is applied.
GatewayPluginOauth2Id string: The ID of this resource.
InstanceName string
Ordering GatewayPluginOauth2Ordering
Protocols List<string>: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Route GatewayPluginOauth2Route: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginOauth2Service: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags List<string>: An optional set of strings associated with the Plugin for grouping and filtering.

Config GatewayPluginOauth2ConfigArgs
ControlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
Enabled bool: Whether the plugin is applied.
GatewayPluginOauth2Id string: The ID of this resource.
InstanceName string
Ordering GatewayPluginOauth2OrderingArgs
Protocols []string: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Route GatewayPluginOauth2RouteArgs: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginOauth2ServiceArgs: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags []string: An optional set of strings associated with the Plugin for grouping and filtering.

config GatewayPluginOauth2Config
controlPlaneId String: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled Boolean: Whether the plugin is applied.
gatewayPluginOauth2Id String: The ID of this resource.
instanceName String
ordering GatewayPluginOauth2Ordering
protocols List<String>: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginOauth2Route: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginOauth2Service: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>: An optional set of strings associated with the Plugin for grouping and filtering.

config GatewayPluginOauth2Config
controlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled boolean: Whether the plugin is applied.
gatewayPluginOauth2Id string: The ID of this resource.
instanceName string
ordering GatewayPluginOauth2Ordering
protocols string[]: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginOauth2Route: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginOauth2Service: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags string[]: An optional set of strings associated with the Plugin for grouping and filtering.

config GatewayPluginOauth2ConfigArgs
control_plane_id str: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled bool: Whether the plugin is applied.
gateway_plugin_oauth2_id str: The ID of this resource.
instance_name str
ordering GatewayPluginOauth2OrderingArgs
protocols Sequence[str]: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginOauth2RouteArgs: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginOauth2ServiceArgs: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags Sequence[str]: An optional set of strings associated with the Plugin for grouping and filtering.

config Property Map
controlPlaneId String: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
enabled Boolean: Whether the plugin is applied.
gatewayPluginOauth2Id String: The ID of this resource.
instanceName String
ordering Property Map
protocols List<String>: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route Property Map: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service Property Map: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>: An optional set of strings associated with the Plugin for grouping and filtering.

Outputs

All input properties are implicitly available as output properties. Additionally, the GatewayPluginOauth2 resource produces the following output properties:

CreatedAt double: Unix epoch when the resource was created.
Id string: The provider-assigned unique ID for this managed resource.
UpdatedAt double: Unix epoch when the resource was last updated.

CreatedAt float64: Unix epoch when the resource was created.
Id string: The provider-assigned unique ID for this managed resource.
UpdatedAt float64: Unix epoch when the resource was last updated.

createdAt Double: Unix epoch when the resource was created.
id String: The provider-assigned unique ID for this managed resource.
updatedAt Double: Unix epoch when the resource was last updated.

createdAt number: Unix epoch when the resource was created.
id string: The provider-assigned unique ID for this managed resource.
updatedAt number: Unix epoch when the resource was last updated.

created_at float: Unix epoch when the resource was created.
id str: The provider-assigned unique ID for this managed resource.
updated_at float: Unix epoch when the resource was last updated.

createdAt Number: Unix epoch when the resource was created.
id String: The provider-assigned unique ID for this managed resource.
updatedAt Number: Unix epoch when the resource was last updated.

Look up Existing GatewayPluginOauth2 Resource

Get an existing GatewayPluginOauth2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: GatewayPluginOauth2State, opts?: CustomResourceOptions): GatewayPluginOauth2

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        config: Optional[GatewayPluginOauth2ConfigArgs] = None,
        control_plane_id: Optional[str] = None,
        created_at: Optional[float] = None,
        enabled: Optional[bool] = None,
        gateway_plugin_oauth2_id: Optional[str] = None,
        instance_name: Optional[str] = None,
        ordering: Optional[GatewayPluginOauth2OrderingArgs] = None,
        protocols: Optional[Sequence[str]] = None,
        route: Optional[GatewayPluginOauth2RouteArgs] = None,
        service: Optional[GatewayPluginOauth2ServiceArgs] = None,
        tags: Optional[Sequence[str]] = None,
        updated_at: Optional[float] = None) -> GatewayPluginOauth2

func GetGatewayPluginOauth2(ctx *Context, name string, id IDInput, state *GatewayPluginOauth2State, opts ...ResourceOption) (*GatewayPluginOauth2, error)

public static GatewayPluginOauth2 Get(string name, Input<string> id, GatewayPluginOauth2State? state, CustomResourceOptions? opts = null)

public static GatewayPluginOauth2 get(String name, Output<String> id, GatewayPluginOauth2State state, CustomResourceOptions options)

resources:  _:    type: konnect:GatewayPluginOauth2    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Config GatewayPluginOauth2Config
ControlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
CreatedAt double: Unix epoch when the resource was created.
Enabled bool: Whether the plugin is applied.
GatewayPluginOauth2Id string: The ID of this resource.
InstanceName string
Ordering GatewayPluginOauth2Ordering
Protocols List<string>: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Route GatewayPluginOauth2Route: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginOauth2Service: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags List<string>: An optional set of strings associated with the Plugin for grouping and filtering.
UpdatedAt double: Unix epoch when the resource was last updated.

Config GatewayPluginOauth2ConfigArgs
ControlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
CreatedAt float64: Unix epoch when the resource was created.
Enabled bool: Whether the plugin is applied.
GatewayPluginOauth2Id string: The ID of this resource.
InstanceName string
Ordering GatewayPluginOauth2OrderingArgs
Protocols []string: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
Route GatewayPluginOauth2RouteArgs: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
Service GatewayPluginOauth2ServiceArgs: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
Tags []string: An optional set of strings associated with the Plugin for grouping and filtering.
UpdatedAt float64: Unix epoch when the resource was last updated.

config GatewayPluginOauth2Config
controlPlaneId String: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
createdAt Double: Unix epoch when the resource was created.
enabled Boolean: Whether the plugin is applied.
gatewayPluginOauth2Id String: The ID of this resource.
instanceName String
ordering GatewayPluginOauth2Ordering
protocols List<String>: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginOauth2Route: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginOauth2Service: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>: An optional set of strings associated with the Plugin for grouping and filtering.
updatedAt Double: Unix epoch when the resource was last updated.

config GatewayPluginOauth2Config
controlPlaneId string: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
createdAt number: Unix epoch when the resource was created.
enabled boolean: Whether the plugin is applied.
gatewayPluginOauth2Id string: The ID of this resource.
instanceName string
ordering GatewayPluginOauth2Ordering
protocols string[]: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginOauth2Route: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginOauth2Service: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags string[]: An optional set of strings associated with the Plugin for grouping and filtering.
updatedAt number: Unix epoch when the resource was last updated.

config GatewayPluginOauth2ConfigArgs
control_plane_id str: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
created_at float: Unix epoch when the resource was created.
enabled bool: Whether the plugin is applied.
gateway_plugin_oauth2_id str: The ID of this resource.
instance_name str
ordering GatewayPluginOauth2OrderingArgs
protocols Sequence[str]: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route GatewayPluginOauth2RouteArgs: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service GatewayPluginOauth2ServiceArgs: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags Sequence[str]: An optional set of strings associated with the Plugin for grouping and filtering.
updated_at float: Unix epoch when the resource was last updated.

config Property Map
controlPlaneId String: The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
createdAt Number: Unix epoch when the resource was created.
enabled Boolean: Whether the plugin is applied.
gatewayPluginOauth2Id String: The ID of this resource.
instanceName String
ordering Property Map
protocols List<String>: A list of the request protocols that will trigger this plugin. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will only support tcp and tls.
route Property Map: If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
service Property Map: If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
tags List<String>: An optional set of strings associated with the Plugin for grouping and filtering.
updatedAt Number: Unix epoch when the resource was last updated.

Supporting Types

GatewayPluginOauth2Config, GatewayPluginOauth2ConfigArgs

AcceptHttpIfAlreadyTerminated bool: Accepts HTTPs requests that have already been terminated by a proxy or load balancer.
Anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
AuthHeaderName string: The name of the header that is supposed to carry the access token.
EnableAuthorizationCode bool: An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).
EnableClientCredentials bool: An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).
EnableImplicitGrant bool: An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).
EnablePasswordGrant bool: An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).
GlobalCredentials bool: An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has config.global_credentials=true.
HideCredentials bool: An optional boolean value telling the plugin to show or hide the credential from the upstream service.
MandatoryScope bool: An optional boolean value telling the plugin to require at least one scope to be authorized by the end user.
PersistentRefreshToken bool
Pkce string: Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin. must be one of ["lax", "none", "strict"]
ProvisionKey string: The unique key the plugin has generated when it has been added to the Service.
Realm string: When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
RefreshTokenTtl double: Time-to-live value for data
ReuseRefreshToken bool: An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.
Scopes List<string>: Describes an array of scope names that will be available to the end user. If mandatory_scope is set to true, then scopes are required.
TokenExpiration double: An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to 0 to disable the expiration.

AcceptHttpIfAlreadyTerminated bool: Accepts HTTPs requests that have already been terminated by a proxy or load balancer.
Anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
AuthHeaderName string: The name of the header that is supposed to carry the access token.
EnableAuthorizationCode bool: An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).
EnableClientCredentials bool: An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).
EnableImplicitGrant bool: An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).
EnablePasswordGrant bool: An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).
GlobalCredentials bool: An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has config.global_credentials=true.
HideCredentials bool: An optional boolean value telling the plugin to show or hide the credential from the upstream service.
MandatoryScope bool: An optional boolean value telling the plugin to require at least one scope to be authorized by the end user.
PersistentRefreshToken bool
Pkce string: Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin. must be one of ["lax", "none", "strict"]
ProvisionKey string: The unique key the plugin has generated when it has been added to the Service.
Realm string: When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
RefreshTokenTtl float64: Time-to-live value for data
ReuseRefreshToken bool: An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.
Scopes []string: Describes an array of scope names that will be available to the end user. If mandatory_scope is set to true, then scopes are required.
TokenExpiration float64: An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to 0 to disable the expiration.

acceptHttpIfAlreadyTerminated Boolean: Accepts HTTPs requests that have already been terminated by a proxy or load balancer.
anonymous String: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
authHeaderName String: The name of the header that is supposed to carry the access token.
enableAuthorizationCode Boolean: An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).
enableClientCredentials Boolean: An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).
enableImplicitGrant Boolean: An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).
enablePasswordGrant Boolean: An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).
globalCredentials Boolean: An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has config.global_credentials=true.
hideCredentials Boolean: An optional boolean value telling the plugin to show or hide the credential from the upstream service.
mandatoryScope Boolean: An optional boolean value telling the plugin to require at least one scope to be authorized by the end user.
persistentRefreshToken Boolean
pkce String: Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin. must be one of ["lax", "none", "strict"]
provisionKey String: The unique key the plugin has generated when it has been added to the Service.
realm String: When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
refreshTokenTtl Double: Time-to-live value for data
reuseRefreshToken Boolean: An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.
scopes List<String>: Describes an array of scope names that will be available to the end user. If mandatory_scope is set to true, then scopes are required.
tokenExpiration Double: An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to 0 to disable the expiration.

acceptHttpIfAlreadyTerminated boolean: Accepts HTTPs requests that have already been terminated by a proxy or load balancer.
anonymous string: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
authHeaderName string: The name of the header that is supposed to carry the access token.
enableAuthorizationCode boolean: An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).
enableClientCredentials boolean: An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).
enableImplicitGrant boolean: An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).
enablePasswordGrant boolean: An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).
globalCredentials boolean: An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has config.global_credentials=true.
hideCredentials boolean: An optional boolean value telling the plugin to show or hide the credential from the upstream service.
mandatoryScope boolean: An optional boolean value telling the plugin to require at least one scope to be authorized by the end user.
persistentRefreshToken boolean
pkce string: Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin. must be one of ["lax", "none", "strict"]
provisionKey string: The unique key the plugin has generated when it has been added to the Service.
realm string: When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
refreshTokenTtl number: Time-to-live value for data
reuseRefreshToken boolean: An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.
scopes string[]: Describes an array of scope names that will be available to the end user. If mandatory_scope is set to true, then scopes are required.
tokenExpiration number: An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to 0 to disable the expiration.

accept_http_if_already_terminated bool: Accepts HTTPs requests that have already been terminated by a proxy or load balancer.
anonymous str: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
auth_header_name str: The name of the header that is supposed to carry the access token.
enable_authorization_code bool: An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).
enable_client_credentials bool: An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).
enable_implicit_grant bool: An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).
enable_password_grant bool: An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).
global_credentials bool: An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has config.global_credentials=true.
hide_credentials bool: An optional boolean value telling the plugin to show or hide the credential from the upstream service.
mandatory_scope bool: An optional boolean value telling the plugin to require at least one scope to be authorized by the end user.
persistent_refresh_token bool
pkce str: Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin. must be one of ["lax", "none", "strict"]
provision_key str: The unique key the plugin has generated when it has been added to the Service.
realm str: When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
refresh_token_ttl float: Time-to-live value for data
reuse_refresh_token bool: An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.
scopes Sequence[str]: Describes an array of scope names that will be available to the end user. If mandatory_scope is set to true, then scopes are required.
token_expiration float: An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to 0 to disable the expiration.

acceptHttpIfAlreadyTerminated Boolean: Accepts HTTPs requests that have already been terminated by a proxy or load balancer.
anonymous String: An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.
authHeaderName String: The name of the header that is supposed to carry the access token.
enableAuthorizationCode Boolean: An optional boolean value to enable the three-legged Authorization Code flow (RFC 6742 Section 4.1).
enableClientCredentials Boolean: An optional boolean value to enable the Client Credentials Grant flow (RFC 6742 Section 4.4).
enableImplicitGrant Boolean: An optional boolean value to enable the Implicit Grant flow which allows to provision a token as a result of the authorization process (RFC 6742 Section 4.2).
enablePasswordGrant Boolean: An optional boolean value to enable the Resource Owner Password Credentials Grant flow (RFC 6742 Section 4.3).
globalCredentials Boolean: An optional boolean value that allows using the same OAuth credentials generated by the plugin with any other service whose OAuth 2.0 plugin configuration also has config.global_credentials=true.
hideCredentials Boolean: An optional boolean value telling the plugin to show or hide the credential from the upstream service.
mandatoryScope Boolean: An optional boolean value telling the plugin to require at least one scope to be authorized by the end user.
persistentRefreshToken Boolean
pkce String: Specifies a mode of how the Proof Key for Code Exchange (PKCE) should be handled by the plugin. must be one of ["lax", "none", "strict"]
provisionKey String: The unique key the plugin has generated when it has been added to the Service.
realm String: When authentication fails the plugin sends WWW-Authenticate header with realm attribute value.
refreshTokenTtl Number: Time-to-live value for data
reuseRefreshToken Boolean: An optional boolean value that indicates whether an OAuth refresh token is reused when refreshing an access token.
scopes List<String>: Describes an array of scope names that will be available to the end user. If mandatory_scope is set to true, then scopes are required.
tokenExpiration Number: An optional integer value telling the plugin how many seconds a token should last, after which the client will need to refresh the token. Set to 0 to disable the expiration.

GatewayPluginOauth2Ordering, GatewayPluginOauth2OrderingArgs

After GatewayPluginOauth2OrderingAfter
Before GatewayPluginOauth2OrderingBefore

After GatewayPluginOauth2OrderingAfter
Before GatewayPluginOauth2OrderingBefore

after GatewayPluginOauth2OrderingAfter
before GatewayPluginOauth2OrderingBefore

after GatewayPluginOauth2OrderingAfter
before GatewayPluginOauth2OrderingBefore

after GatewayPluginOauth2OrderingAfter
before GatewayPluginOauth2OrderingBefore

after Property Map
before Property Map

GatewayPluginOauth2OrderingAfter, GatewayPluginOauth2OrderingAfterArgs

Accesses List<string>

Accesses []string

accesses List<String>

accesses string[]

accesses Sequence[str]

accesses List<String>

GatewayPluginOauth2OrderingBefore, GatewayPluginOauth2OrderingBeforeArgs

Accesses List<string>

Accesses []string

accesses List<String>

accesses string[]

accesses Sequence[str]

accesses List<String>

GatewayPluginOauth2Route, GatewayPluginOauth2RouteArgs

Id string

Id string

id String

id string

id str

id String

GatewayPluginOauth2Service, GatewayPluginOauth2ServiceArgs

Id string

Id string

id String

id string

id str

id String

Import

$ pulumi import konnect:index/gatewayPluginOauth2:GatewayPluginOauth2 my_konnect_gateway_plugin_oauth2 "{ \"control_plane_id\": \"9524ec7d-36d9-465d-a8c5-83a3c9390458\", \"plugin_id\": \"3473c251-5b6c-4f45-b1ff-7ede735a366d\"}"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: konnect kong/terraform-provider-konnect
License
Notes: This Pulumi package is based on the konnect Terraform Provider.

konnect 2.4.1 published on Thursday, Mar 13, 2025 by kong

kong/terraform-provider-konnect

konnect.GatewayPluginOauth2

On this page

On this page

Example Usage

Create GatewayPluginOauth2 Resource

Constructor syntax

Parameters

Constructor example

GatewayPluginOauth2 Resource Properties

Inputs

Outputs

Look up Existing GatewayPluginOauth2 Resource

Supporting Types

GatewayPluginOauth2Config, GatewayPluginOauth2ConfigArgs

GatewayPluginOauth2Ordering, GatewayPluginOauth2OrderingArgs

GatewayPluginOauth2OrderingAfter, GatewayPluginOauth2OrderingAfterArgs

GatewayPluginOauth2OrderingBefore, GatewayPluginOauth2OrderingBeforeArgs

GatewayPluginOauth2Route, GatewayPluginOauth2RouteArgs

GatewayPluginOauth2Service, GatewayPluginOauth2ServiceArgs

Import

Package Details

On this page

On this page