ibm 1.80.0-beta0, Jun 24 25

ibm 1.80.0-beta0 published on Tuesday, Jun 24, 2025 by ibm-cloud

ibm.DlGatewayMacsecConfig

Explore with Pulumi AI

ibm 1.80.0-beta0 published on Tuesday, Jun 24, 2025 by ibm-cloud

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const test = new ibm.DlGatewayMacsecConfig("test", {gateway: "0a06fb9b-820f-4c44-8a31-77f1f0806d28"});

import pulumi
import pulumi_ibm as ibm

test = ibm.DlGatewayMacsecConfig("test", gateway="0a06fb9b-820f-4c44-8a31-77f1f0806d28")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.NewDlGatewayMacsecConfig(ctx, "test", &ibm.DlGatewayMacsecConfigArgs{
			Gateway: pulumi.String("0a06fb9b-820f-4c44-8a31-77f1f0806d28"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var test = new Ibm.DlGatewayMacsecConfig("test", new()
    {
        Gateway = "0a06fb9b-820f-4c44-8a31-77f1f0806d28",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.DlGatewayMacsecConfig;
import com.pulumi.ibm.DlGatewayMacsecConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new DlGatewayMacsecConfig("test", DlGatewayMacsecConfigArgs.builder()
            .gateway("0a06fb9b-820f-4c44-8a31-77f1f0806d28")
            .build());

    }
}

resources:
  test:
    type: ibm:DlGatewayMacsecConfig
    properties:
      gateway: 0a06fb9b-820f-4c44-8a31-77f1f0806d28

Create DlGatewayMacsecConfig Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new DlGatewayMacsecConfig(name: string, args: DlGatewayMacsecConfigArgs, opts?: CustomResourceOptions);

@overload
def DlGatewayMacsecConfig(resource_name: str,
                          args: DlGatewayMacsecConfigInitArgs,
                          opts: Optional[ResourceOptions] = None)

@overload
def DlGatewayMacsecConfig(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          active: Optional[bool] = None,
                          caks: Optional[Sequence[DlGatewayMacsecConfigCakArgs]] = None,
                          gateway: Optional[str] = None,
                          sak_rekeys: Optional[Sequence[DlGatewayMacsecConfigSakRekeyArgs]] = None,
                          security_policy: Optional[str] = None,
                          dl_gateway_macsec_config_id: Optional[str] = None,
                          window_size: Optional[float] = None)

func NewDlGatewayMacsecConfig(ctx *Context, name string, args DlGatewayMacsecConfigArgs, opts ...ResourceOption) (*DlGatewayMacsecConfig, error)

public DlGatewayMacsecConfig(string name, DlGatewayMacsecConfigArgs args, CustomResourceOptions? opts = null)

public DlGatewayMacsecConfig(String name, DlGatewayMacsecConfigArgs args)
public DlGatewayMacsecConfig(String name, DlGatewayMacsecConfigArgs args, CustomResourceOptions options)

type: ibm:DlGatewayMacsecConfig
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args DlGatewayMacsecConfigArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args DlGatewayMacsecConfigInitArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DlGatewayMacsecConfigArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DlGatewayMacsecConfigArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args DlGatewayMacsecConfigArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var dlGatewayMacsecConfigResource = new Ibm.DlGatewayMacsecConfig("dlGatewayMacsecConfigResource", new()
{
    Active = false,
    Caks = new[]
    {
        new Ibm.Inputs.DlGatewayMacsecConfigCakArgs
        {
            Keys = new[]
            {
                new Ibm.Inputs.DlGatewayMacsecConfigCakKeyArgs
                {
                    Crn = "string",
                },
            },
            Name = "string",
            Session = "string",
        },
    },
    Gateway = "string",
    SakRekeys = new[]
    {
        new Ibm.Inputs.DlGatewayMacsecConfigSakRekeyArgs
        {
            Mode = "string",
            Interval = 0,
        },
    },
    SecurityPolicy = "string",
    DlGatewayMacsecConfigId = "string",
    WindowSize = 0,
});

example, err := ibm.NewDlGatewayMacsecConfig(ctx, "dlGatewayMacsecConfigResource", &ibm.DlGatewayMacsecConfigArgs{
	Active: pulumi.Bool(false),
	Caks: ibm.DlGatewayMacsecConfigCakArray{
		&ibm.DlGatewayMacsecConfigCakArgs{
			Keys: ibm.DlGatewayMacsecConfigCakKeyArray{
				&ibm.DlGatewayMacsecConfigCakKeyArgs{
					Crn: pulumi.String("string"),
				},
			},
			Name:    pulumi.String("string"),
			Session: pulumi.String("string"),
		},
	},
	Gateway: pulumi.String("string"),
	SakRekeys: ibm.DlGatewayMacsecConfigSakRekeyArray{
		&ibm.DlGatewayMacsecConfigSakRekeyArgs{
			Mode:     pulumi.String("string"),
			Interval: pulumi.Float64(0),
		},
	},
	SecurityPolicy:          pulumi.String("string"),
	DlGatewayMacsecConfigId: pulumi.String("string"),
	WindowSize:              pulumi.Float64(0),
})

var dlGatewayMacsecConfigResource = new DlGatewayMacsecConfig("dlGatewayMacsecConfigResource", DlGatewayMacsecConfigArgs.builder()
    .active(false)
    .caks(DlGatewayMacsecConfigCakArgs.builder()
        .keys(DlGatewayMacsecConfigCakKeyArgs.builder()
            .crn("string")
            .build())
        .name("string")
        .session("string")
        .build())
    .gateway("string")
    .sakRekeys(DlGatewayMacsecConfigSakRekeyArgs.builder()
        .mode("string")
        .interval(0.0)
        .build())
    .securityPolicy("string")
    .dlGatewayMacsecConfigId("string")
    .windowSize(0.0)
    .build());

dl_gateway_macsec_config_resource = ibm.DlGatewayMacsecConfig("dlGatewayMacsecConfigResource",
    active=False,
    caks=[{
        "keys": [{
            "crn": "string",
        }],
        "name": "string",
        "session": "string",
    }],
    gateway="string",
    sak_rekeys=[{
        "mode": "string",
        "interval": 0,
    }],
    security_policy="string",
    dl_gateway_macsec_config_id="string",
    window_size=0)

const dlGatewayMacsecConfigResource = new ibm.DlGatewayMacsecConfig("dlGatewayMacsecConfigResource", {
    active: false,
    caks: [{
        keys: [{
            crn: "string",
        }],
        name: "string",
        session: "string",
    }],
    gateway: "string",
    sakRekeys: [{
        mode: "string",
        interval: 0,
    }],
    securityPolicy: "string",
    dlGatewayMacsecConfigId: "string",
    windowSize: 0,
});

type: ibm:DlGatewayMacsecConfig
properties:
    active: false
    caks:
        - keys:
            - crn: string
          name: string
          session: string
    dlGatewayMacsecConfigId: string
    gateway: string
    sakRekeys:
        - interval: 0
          mode: string
    securityPolicy: string
    windowSize: 0

DlGatewayMacsecConfig Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The DlGatewayMacsecConfig resource accepts the following input properties:

Active bool: Indicates if the MACsec feature is currently active (true) or inactive (false) for a gateway.
Caks List<DlGatewayMacsecConfigCak>: CAKs
Gateway string: Direct Link gateway identifier.
SakRekeys List<DlGatewayMacsecConfigSakRekey>: Determines how SAK rekeying occurs. It is either timer based or based on the amount of used packet numbers. Nested scheme for sak_rekey:
SecurityPolicy string: (String) Determines how packets without MACsec headers are handled. must_secure - Packets without MACsec headers are dropped. This policy should be used to prefer security over network availability. should_secure - Packets without MACsec headers are allowed. This policy should be used to prefer network availability over security.
DlGatewayMacsecConfigId string
WindowSize double: (Integer) The window size determines the number of frames in a window for replay protection. Replay protection is used to counter replay attacks. Frames within a window size can be out of order and are not replay protected.

Active bool: Indicates if the MACsec feature is currently active (true) or inactive (false) for a gateway.
Caks []DlGatewayMacsecConfigCakArgs: CAKs
Gateway string: Direct Link gateway identifier.
SakRekeys []DlGatewayMacsecConfigSakRekeyArgs: Determines how SAK rekeying occurs. It is either timer based or based on the amount of used packet numbers. Nested scheme for sak_rekey:
SecurityPolicy string: (String) Determines how packets without MACsec headers are handled. must_secure - Packets without MACsec headers are dropped. This policy should be used to prefer security over network availability. should_secure - Packets without MACsec headers are allowed. This policy should be used to prefer network availability over security.
DlGatewayMacsecConfigId string
WindowSize float64: (Integer) The window size determines the number of frames in a window for replay protection. Replay protection is used to counter replay attacks. Frames within a window size can be out of order and are not replay protected.

active Boolean: Indicates if the MACsec feature is currently active (true) or inactive (false) for a gateway.
caks List<DlGatewayMacsecConfigCak>: CAKs
gateway String: Direct Link gateway identifier.
sakRekeys List<DlGatewayMacsecConfigSakRekey>: Determines how SAK rekeying occurs. It is either timer based or based on the amount of used packet numbers. Nested scheme for sak_rekey:
securityPolicy String: (String) Determines how packets without MACsec headers are handled. must_secure - Packets without MACsec headers are dropped. This policy should be used to prefer security over network availability. should_secure - Packets without MACsec headers are allowed. This policy should be used to prefer network availability over security.
dlGatewayMacsecConfigId String
windowSize Double: (Integer) The window size determines the number of frames in a window for replay protection. Replay protection is used to counter replay attacks. Frames within a window size can be out of order and are not replay protected.

active boolean: Indicates if the MACsec feature is currently active (true) or inactive (false) for a gateway.
caks DlGatewayMacsecConfigCak[]: CAKs
gateway string: Direct Link gateway identifier.
sakRekeys DlGatewayMacsecConfigSakRekey[]: Determines how SAK rekeying occurs. It is either timer based or based on the amount of used packet numbers. Nested scheme for sak_rekey:
securityPolicy string: (String) Determines how packets without MACsec headers are handled. must_secure - Packets without MACsec headers are dropped. This policy should be used to prefer security over network availability. should_secure - Packets without MACsec headers are allowed. This policy should be used to prefer network availability over security.
dlGatewayMacsecConfigId string
windowSize number: (Integer) The window size determines the number of frames in a window for replay protection. Replay protection is used to counter replay attacks. Frames within a window size can be out of order and are not replay protected.

active bool: Indicates if the MACsec feature is currently active (true) or inactive (false) for a gateway.
caks Sequence[DlGatewayMacsecConfigCakArgs]: CAKs
gateway str: Direct Link gateway identifier.
sak_rekeys Sequence[DlGatewayMacsecConfigSakRekeyArgs]: Determines how SAK rekeying occurs. It is either timer based or based on the amount of used packet numbers. Nested scheme for sak_rekey:
security_policy str: (String) Determines how packets without MACsec headers are handled. must_secure - Packets without MACsec headers are dropped. This policy should be used to prefer security over network availability. should_secure - Packets without MACsec headers are allowed. This policy should be used to prefer network availability over security.
dl_gateway_macsec_config_id str
window_size float: (Integer) The window size determines the number of frames in a window for replay protection. Replay protection is used to counter replay attacks. Frames within a window size can be out of order and are not replay protected.

active Boolean: Indicates if the MACsec feature is currently active (true) or inactive (false) for a gateway.
caks List<Property Map>: CAKs
gateway String: Direct Link gateway identifier.
sakRekeys List<Property Map>: Determines how SAK rekeying occurs. It is either timer based or based on the amount of used packet numbers. Nested scheme for sak_rekey:
securityPolicy String: (String) Determines how packets without MACsec headers are handled. must_secure - Packets without MACsec headers are dropped. This policy should be used to prefer security over network availability. should_secure - Packets without MACsec headers are allowed. This policy should be used to prefer network availability over security.
dlGatewayMacsecConfigId String
windowSize Number: (Integer) The window size determines the number of frames in a window for replay protection. Replay protection is used to counter replay attacks. Frames within a window size can be out of order and are not replay protected.

Outputs

All input properties are implicitly available as output properties. Additionally, the DlGatewayMacsecConfig resource produces the following output properties:

CipherSuite string: (String) The cipher suite used in generating the security association key (SAK).
ConfidentialityOffset double: (Integer) The confidentiality offset determines the number of octets in an Ethernet frame that are not encrypted.
CreatedAt string: (String) The date and time the resource was created.
Id string: The provider-assigned unique ID for this managed resource.
KeyServerPriority double: (Integer) Used in the MACsec Key Agreement (MKA) protocol to determine which peer acts as the key server. Lower values indicate a higher preference to be the key server. The MACsec configuration on the direct link will always set this value to 255.
Status string: (String) Current status of MACsec on this direct link. Status offline is returned when MACsec is inactive and during direct link creation. Status deleting is returned when MACsec during removal of MACsec from the direct link and during direct link deletion. See status_reasons[] for possible remediation of the failed status.
StatusReasons List<DlGatewayMacsecConfigStatusReason>: (List) Context for certain values of status. Nested Schema for status_reasons:
UpdatedAt string: (String) The date and time the resource was last updated.

CipherSuite string: (String) The cipher suite used in generating the security association key (SAK).
ConfidentialityOffset float64: (Integer) The confidentiality offset determines the number of octets in an Ethernet frame that are not encrypted.
CreatedAt string: (String) The date and time the resource was created.
Id string: The provider-assigned unique ID for this managed resource.
KeyServerPriority float64: (Integer) Used in the MACsec Key Agreement (MKA) protocol to determine which peer acts as the key server. Lower values indicate a higher preference to be the key server. The MACsec configuration on the direct link will always set this value to 255.
Status string: (String) Current status of MACsec on this direct link. Status offline is returned when MACsec is inactive and during direct link creation. Status deleting is returned when MACsec during removal of MACsec from the direct link and during direct link deletion. See status_reasons[] for possible remediation of the failed status.
StatusReasons []DlGatewayMacsecConfigStatusReason: (List) Context for certain values of status. Nested Schema for status_reasons:
UpdatedAt string: (String) The date and time the resource was last updated.

cipherSuite String: (String) The cipher suite used in generating the security association key (SAK).
confidentialityOffset Double: (Integer) The confidentiality offset determines the number of octets in an Ethernet frame that are not encrypted.
createdAt String: (String) The date and time the resource was created.
id String: The provider-assigned unique ID for this managed resource.
keyServerPriority Double: (Integer) Used in the MACsec Key Agreement (MKA) protocol to determine which peer acts as the key server. Lower values indicate a higher preference to be the key server. The MACsec configuration on the direct link will always set this value to 255.
status String: (String) Current status of MACsec on this direct link. Status offline is returned when MACsec is inactive and during direct link creation. Status deleting is returned when MACsec during removal of MACsec from the direct link and during direct link deletion. See status_reasons[] for possible remediation of the failed status.
statusReasons List<DlGatewayMacsecConfigStatusReason>: (List) Context for certain values of status. Nested Schema for status_reasons:
updatedAt String: (String) The date and time the resource was last updated.

cipherSuite string: (String) The cipher suite used in generating the security association key (SAK).
confidentialityOffset number: (Integer) The confidentiality offset determines the number of octets in an Ethernet frame that are not encrypted.
createdAt string: (String) The date and time the resource was created.
id string: The provider-assigned unique ID for this managed resource.
keyServerPriority number: (Integer) Used in the MACsec Key Agreement (MKA) protocol to determine which peer acts as the key server. Lower values indicate a higher preference to be the key server. The MACsec configuration on the direct link will always set this value to 255.
status string: (String) Current status of MACsec on this direct link. Status offline is returned when MACsec is inactive and during direct link creation. Status deleting is returned when MACsec during removal of MACsec from the direct link and during direct link deletion. See status_reasons[] for possible remediation of the failed status.
statusReasons DlGatewayMacsecConfigStatusReason[]: (List) Context for certain values of status. Nested Schema for status_reasons:
updatedAt string: (String) The date and time the resource was last updated.

cipher_suite str: (String) The cipher suite used in generating the security association key (SAK).
confidentiality_offset float: (Integer) The confidentiality offset determines the number of octets in an Ethernet frame that are not encrypted.
created_at str: (String) The date and time the resource was created.
id str: The provider-assigned unique ID for this managed resource.
key_server_priority float: (Integer) Used in the MACsec Key Agreement (MKA) protocol to determine which peer acts as the key server. Lower values indicate a higher preference to be the key server. The MACsec configuration on the direct link will always set this value to 255.
status str: (String) Current status of MACsec on this direct link. Status offline is returned when MACsec is inactive and during direct link creation. Status deleting is returned when MACsec during removal of MACsec from the direct link and during direct link deletion. See status_reasons[] for possible remediation of the failed status.
status_reasons Sequence[DlGatewayMacsecConfigStatusReason]: (List) Context for certain values of status. Nested Schema for status_reasons:
updated_at str: (String) The date and time the resource was last updated.

cipherSuite String: (String) The cipher suite used in generating the security association key (SAK).
confidentialityOffset Number: (Integer) The confidentiality offset determines the number of octets in an Ethernet frame that are not encrypted.
createdAt String: (String) The date and time the resource was created.
id String: The provider-assigned unique ID for this managed resource.
keyServerPriority Number: (Integer) Used in the MACsec Key Agreement (MKA) protocol to determine which peer acts as the key server. Lower values indicate a higher preference to be the key server. The MACsec configuration on the direct link will always set this value to 255.
status String: (String) Current status of MACsec on this direct link. Status offline is returned when MACsec is inactive and during direct link creation. Status deleting is returned when MACsec during removal of MACsec from the direct link and during direct link deletion. See status_reasons[] for possible remediation of the failed status.
statusReasons List<Property Map>: (List) Context for certain values of status. Nested Schema for status_reasons:
updatedAt String: (String) The date and time the resource was last updated.

Look up Existing DlGatewayMacsecConfig Resource

Get an existing DlGatewayMacsecConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DlGatewayMacsecConfigState, opts?: CustomResourceOptions): DlGatewayMacsecConfig

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        active: Optional[bool] = None,
        caks: Optional[Sequence[DlGatewayMacsecConfigCakArgs]] = None,
        cipher_suite: Optional[str] = None,
        confidentiality_offset: Optional[float] = None,
        created_at: Optional[str] = None,
        dl_gateway_macsec_config_id: Optional[str] = None,
        gateway: Optional[str] = None,
        key_server_priority: Optional[float] = None,
        sak_rekeys: Optional[Sequence[DlGatewayMacsecConfigSakRekeyArgs]] = None,
        security_policy: Optional[str] = None,
        status: Optional[str] = None,
        status_reasons: Optional[Sequence[DlGatewayMacsecConfigStatusReasonArgs]] = None,
        updated_at: Optional[str] = None,
        window_size: Optional[float] = None) -> DlGatewayMacsecConfig

func GetDlGatewayMacsecConfig(ctx *Context, name string, id IDInput, state *DlGatewayMacsecConfigState, opts ...ResourceOption) (*DlGatewayMacsecConfig, error)

public static DlGatewayMacsecConfig Get(string name, Input<string> id, DlGatewayMacsecConfigState? state, CustomResourceOptions? opts = null)

public static DlGatewayMacsecConfig get(String name, Output<String> id, DlGatewayMacsecConfigState state, CustomResourceOptions options)

resources:  _:    type: ibm:DlGatewayMacsecConfig    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Active bool: Indicates if the MACsec feature is currently active (true) or inactive (false) for a gateway.
Caks List<DlGatewayMacsecConfigCak>: CAKs
CipherSuite string: (String) The cipher suite used in generating the security association key (SAK).
ConfidentialityOffset double: (Integer) The confidentiality offset determines the number of octets in an Ethernet frame that are not encrypted.
CreatedAt string: (String) The date and time the resource was created.
DlGatewayMacsecConfigId string
Gateway string: Direct Link gateway identifier.
KeyServerPriority double: (Integer) Used in the MACsec Key Agreement (MKA) protocol to determine which peer acts as the key server. Lower values indicate a higher preference to be the key server. The MACsec configuration on the direct link will always set this value to 255.
SakRekeys List<DlGatewayMacsecConfigSakRekey>: Determines how SAK rekeying occurs. It is either timer based or based on the amount of used packet numbers. Nested scheme for sak_rekey:
SecurityPolicy string: (String) Determines how packets without MACsec headers are handled. must_secure - Packets without MACsec headers are dropped. This policy should be used to prefer security over network availability. should_secure - Packets without MACsec headers are allowed. This policy should be used to prefer network availability over security.
Status string: (String) Current status of MACsec on this direct link. Status offline is returned when MACsec is inactive and during direct link creation. Status deleting is returned when MACsec during removal of MACsec from the direct link and during direct link deletion. See status_reasons[] for possible remediation of the failed status.
StatusReasons List<DlGatewayMacsecConfigStatusReason>: (List) Context for certain values of status. Nested Schema for status_reasons:
UpdatedAt string: (String) The date and time the resource was last updated.
WindowSize double: (Integer) The window size determines the number of frames in a window for replay protection. Replay protection is used to counter replay attacks. Frames within a window size can be out of order and are not replay protected.

Active bool: Indicates if the MACsec feature is currently active (true) or inactive (false) for a gateway.
Caks []DlGatewayMacsecConfigCakArgs: CAKs
CipherSuite string: (String) The cipher suite used in generating the security association key (SAK).
ConfidentialityOffset float64: (Integer) The confidentiality offset determines the number of octets in an Ethernet frame that are not encrypted.
CreatedAt string: (String) The date and time the resource was created.
DlGatewayMacsecConfigId string
Gateway string: Direct Link gateway identifier.
KeyServerPriority float64: (Integer) Used in the MACsec Key Agreement (MKA) protocol to determine which peer acts as the key server. Lower values indicate a higher preference to be the key server. The MACsec configuration on the direct link will always set this value to 255.
SakRekeys []DlGatewayMacsecConfigSakRekeyArgs: Determines how SAK rekeying occurs. It is either timer based or based on the amount of used packet numbers. Nested scheme for sak_rekey:
SecurityPolicy string: (String) Determines how packets without MACsec headers are handled. must_secure - Packets without MACsec headers are dropped. This policy should be used to prefer security over network availability. should_secure - Packets without MACsec headers are allowed. This policy should be used to prefer network availability over security.
Status string: (String) Current status of MACsec on this direct link. Status offline is returned when MACsec is inactive and during direct link creation. Status deleting is returned when MACsec during removal of MACsec from the direct link and during direct link deletion. See status_reasons[] for possible remediation of the failed status.
StatusReasons []DlGatewayMacsecConfigStatusReasonArgs: (List) Context for certain values of status. Nested Schema for status_reasons:
UpdatedAt string: (String) The date and time the resource was last updated.
WindowSize float64: (Integer) The window size determines the number of frames in a window for replay protection. Replay protection is used to counter replay attacks. Frames within a window size can be out of order and are not replay protected.

active Boolean: Indicates if the MACsec feature is currently active (true) or inactive (false) for a gateway.
caks List<DlGatewayMacsecConfigCak>: CAKs
cipherSuite String: (String) The cipher suite used in generating the security association key (SAK).
confidentialityOffset Double: (Integer) The confidentiality offset determines the number of octets in an Ethernet frame that are not encrypted.
createdAt String: (String) The date and time the resource was created.
dlGatewayMacsecConfigId String
gateway String: Direct Link gateway identifier.
keyServerPriority Double: (Integer) Used in the MACsec Key Agreement (MKA) protocol to determine which peer acts as the key server. Lower values indicate a higher preference to be the key server. The MACsec configuration on the direct link will always set this value to 255.
sakRekeys List<DlGatewayMacsecConfigSakRekey>: Determines how SAK rekeying occurs. It is either timer based or based on the amount of used packet numbers. Nested scheme for sak_rekey:
securityPolicy String: (String) Determines how packets without MACsec headers are handled. must_secure - Packets without MACsec headers are dropped. This policy should be used to prefer security over network availability. should_secure - Packets without MACsec headers are allowed. This policy should be used to prefer network availability over security.
status String: (String) Current status of MACsec on this direct link. Status offline is returned when MACsec is inactive and during direct link creation. Status deleting is returned when MACsec during removal of MACsec from the direct link and during direct link deletion. See status_reasons[] for possible remediation of the failed status.
statusReasons List<DlGatewayMacsecConfigStatusReason>: (List) Context for certain values of status. Nested Schema for status_reasons:
updatedAt String: (String) The date and time the resource was last updated.
windowSize Double: (Integer) The window size determines the number of frames in a window for replay protection. Replay protection is used to counter replay attacks. Frames within a window size can be out of order and are not replay protected.

active boolean: Indicates if the MACsec feature is currently active (true) or inactive (false) for a gateway.
caks DlGatewayMacsecConfigCak[]: CAKs
cipherSuite string: (String) The cipher suite used in generating the security association key (SAK).
confidentialityOffset number: (Integer) The confidentiality offset determines the number of octets in an Ethernet frame that are not encrypted.
createdAt string: (String) The date and time the resource was created.
dlGatewayMacsecConfigId string
gateway string: Direct Link gateway identifier.
keyServerPriority number: (Integer) Used in the MACsec Key Agreement (MKA) protocol to determine which peer acts as the key server. Lower values indicate a higher preference to be the key server. The MACsec configuration on the direct link will always set this value to 255.
sakRekeys DlGatewayMacsecConfigSakRekey[]: Determines how SAK rekeying occurs. It is either timer based or based on the amount of used packet numbers. Nested scheme for sak_rekey:
securityPolicy string: (String) Determines how packets without MACsec headers are handled. must_secure - Packets without MACsec headers are dropped. This policy should be used to prefer security over network availability. should_secure - Packets without MACsec headers are allowed. This policy should be used to prefer network availability over security.
status string: (String) Current status of MACsec on this direct link. Status offline is returned when MACsec is inactive and during direct link creation. Status deleting is returned when MACsec during removal of MACsec from the direct link and during direct link deletion. See status_reasons[] for possible remediation of the failed status.
statusReasons DlGatewayMacsecConfigStatusReason[]: (List) Context for certain values of status. Nested Schema for status_reasons:
updatedAt string: (String) The date and time the resource was last updated.
windowSize number: (Integer) The window size determines the number of frames in a window for replay protection. Replay protection is used to counter replay attacks. Frames within a window size can be out of order and are not replay protected.

active bool: Indicates if the MACsec feature is currently active (true) or inactive (false) for a gateway.
caks Sequence[DlGatewayMacsecConfigCakArgs]: CAKs
cipher_suite str: (String) The cipher suite used in generating the security association key (SAK).
confidentiality_offset float: (Integer) The confidentiality offset determines the number of octets in an Ethernet frame that are not encrypted.
created_at str: (String) The date and time the resource was created.
dl_gateway_macsec_config_id str
gateway str: Direct Link gateway identifier.
key_server_priority float: (Integer) Used in the MACsec Key Agreement (MKA) protocol to determine which peer acts as the key server. Lower values indicate a higher preference to be the key server. The MACsec configuration on the direct link will always set this value to 255.
sak_rekeys Sequence[DlGatewayMacsecConfigSakRekeyArgs]: Determines how SAK rekeying occurs. It is either timer based or based on the amount of used packet numbers. Nested scheme for sak_rekey:
security_policy str: (String) Determines how packets without MACsec headers are handled. must_secure - Packets without MACsec headers are dropped. This policy should be used to prefer security over network availability. should_secure - Packets without MACsec headers are allowed. This policy should be used to prefer network availability over security.
status str: (String) Current status of MACsec on this direct link. Status offline is returned when MACsec is inactive and during direct link creation. Status deleting is returned when MACsec during removal of MACsec from the direct link and during direct link deletion. See status_reasons[] for possible remediation of the failed status.
status_reasons Sequence[DlGatewayMacsecConfigStatusReasonArgs]: (List) Context for certain values of status. Nested Schema for status_reasons:
updated_at str: (String) The date and time the resource was last updated.
window_size float: (Integer) The window size determines the number of frames in a window for replay protection. Replay protection is used to counter replay attacks. Frames within a window size can be out of order and are not replay protected.

active Boolean: Indicates if the MACsec feature is currently active (true) or inactive (false) for a gateway.
caks List<Property Map>: CAKs
cipherSuite String: (String) The cipher suite used in generating the security association key (SAK).
confidentialityOffset Number: (Integer) The confidentiality offset determines the number of octets in an Ethernet frame that are not encrypted.
createdAt String: (String) The date and time the resource was created.
dlGatewayMacsecConfigId String
gateway String: Direct Link gateway identifier.
keyServerPriority Number: (Integer) Used in the MACsec Key Agreement (MKA) protocol to determine which peer acts as the key server. Lower values indicate a higher preference to be the key server. The MACsec configuration on the direct link will always set this value to 255.
sakRekeys List<Property Map>: Determines how SAK rekeying occurs. It is either timer based or based on the amount of used packet numbers. Nested scheme for sak_rekey:
securityPolicy String: (String) Determines how packets without MACsec headers are handled. must_secure - Packets without MACsec headers are dropped. This policy should be used to prefer security over network availability. should_secure - Packets without MACsec headers are allowed. This policy should be used to prefer network availability over security.
status String: (String) Current status of MACsec on this direct link. Status offline is returned when MACsec is inactive and during direct link creation. Status deleting is returned when MACsec during removal of MACsec from the direct link and during direct link deletion. See status_reasons[] for possible remediation of the failed status.
statusReasons List<Property Map>: (List) Context for certain values of status. Nested Schema for status_reasons:
updatedAt String: (String) The date and time the resource was last updated.
windowSize Number: (Integer) The window size determines the number of frames in a window for replay protection. Replay protection is used to counter replay attacks. Frames within a window size can be out of order and are not replay protected.

Supporting Types

DlGatewayMacsecConfigCak, DlGatewayMacsecConfigCakArgs

Keys List<DlGatewayMacsecConfigCakKey>: HPCS Key
Name string: The name identifies the connectivity association key (CAK) within the MACsec key chain.
Session string: Current status of the instance.

Keys []DlGatewayMacsecConfigCakKey: HPCS Key
Name string: The name identifies the connectivity association key (CAK) within the MACsec key chain.
Session string: Current status of the instance.

keys List<DlGatewayMacsecConfigCakKey>: HPCS Key
name String: The name identifies the connectivity association key (CAK) within the MACsec key chain.
session String: Current status of the instance.

keys DlGatewayMacsecConfigCakKey[]: HPCS Key
name string: The name identifies the connectivity association key (CAK) within the MACsec key chain.
session string: Current status of the instance.

keys Sequence[DlGatewayMacsecConfigCakKey]: HPCS Key
name str: The name identifies the connectivity association key (CAK) within the MACsec key chain.
session str: Current status of the instance.

keys List<Property Map>: HPCS Key
name String: The name identifies the connectivity association key (CAK) within the MACsec key chain.
session String: Current status of the instance.

DlGatewayMacsecConfigCakKey, DlGatewayMacsecConfigCakKeyArgs

Crn string: The CRN of the referenced key.

Crn string: The CRN of the referenced key.

crn String: The CRN of the referenced key.

crn string: The CRN of the referenced key.

crn str: The CRN of the referenced key.

crn String: The CRN of the referenced key.

DlGatewayMacsecConfigSakRekey, DlGatewayMacsecConfigSakRekeyArgs

Mode string: Determines that the SAK rekey occurs based on a timer.
Interval double: The time, in seconds, to force a Secure Association Key (SAK) rekey.

Mode string: Determines that the SAK rekey occurs based on a timer.
Interval float64: The time, in seconds, to force a Secure Association Key (SAK) rekey.

mode String: Determines that the SAK rekey occurs based on a timer.
interval Double: The time, in seconds, to force a Secure Association Key (SAK) rekey.

mode string: Determines that the SAK rekey occurs based on a timer.
interval number: The time, in seconds, to force a Secure Association Key (SAK) rekey.

mode str: Determines that the SAK rekey occurs based on a timer.
interval float: The time, in seconds, to force a Secure Association Key (SAK) rekey.

mode String: Determines that the SAK rekey occurs based on a timer.
interval Number: The time, in seconds, to force a Secure Association Key (SAK) rekey.

DlGatewayMacsecConfigStatusReason, DlGatewayMacsecConfigStatusReasonArgs

SakRekeyTimerModes List<DlGatewayMacsecConfigStatusReasonSakRekeyTimerMode>

SakRekeyTimerModes []DlGatewayMacsecConfigStatusReasonSakRekeyTimerMode

sakRekeyTimerModes List<DlGatewayMacsecConfigStatusReasonSakRekeyTimerMode>

sakRekeyTimerModes DlGatewayMacsecConfigStatusReasonSakRekeyTimerMode[]

sak_rekey_timer_modes Sequence[DlGatewayMacsecConfigStatusReasonSakRekeyTimerMode]

sakRekeyTimerModes List<Property Map>

DlGatewayMacsecConfigStatusReasonSakRekeyTimerMode, DlGatewayMacsecConfigStatusReasonSakRekeyTimerModeArgs

Code string: (String) A reason code for the status: macsec_cak_failed - At least one of the connectivity association keys (CAKs) associated with the MACsec configuration was unable to be configured on the direct link gateway. Refer to the status of the CAKs associated with the MACsec configuration to find the the source of this reason.
Message string: (String) An explanation of the status reason.
MoreInfo string: (String) Link to documentation about this status reason.

Code string: (String) A reason code for the status: macsec_cak_failed - At least one of the connectivity association keys (CAKs) associated with the MACsec configuration was unable to be configured on the direct link gateway. Refer to the status of the CAKs associated with the MACsec configuration to find the the source of this reason.
Message string: (String) An explanation of the status reason.
MoreInfo string: (String) Link to documentation about this status reason.

code String: (String) A reason code for the status: macsec_cak_failed - At least one of the connectivity association keys (CAKs) associated with the MACsec configuration was unable to be configured on the direct link gateway. Refer to the status of the CAKs associated with the MACsec configuration to find the the source of this reason.
message String: (String) An explanation of the status reason.
moreInfo String: (String) Link to documentation about this status reason.

code string: (String) A reason code for the status: macsec_cak_failed - At least one of the connectivity association keys (CAKs) associated with the MACsec configuration was unable to be configured on the direct link gateway. Refer to the status of the CAKs associated with the MACsec configuration to find the the source of this reason.
message string: (String) An explanation of the status reason.
moreInfo string: (String) Link to documentation about this status reason.

code str: (String) A reason code for the status: macsec_cak_failed - At least one of the connectivity association keys (CAKs) associated with the MACsec configuration was unable to be configured on the direct link gateway. Refer to the status of the CAKs associated with the MACsec configuration to find the the source of this reason.
message str: (String) An explanation of the status reason.
more_info str: (String) Link to documentation about this status reason.

code String: (String) A reason code for the status: macsec_cak_failed - At least one of the connectivity association keys (CAKs) associated with the MACsec configuration was unable to be configured on the direct link gateway. Refer to the status of the CAKs associated with the MACsec configuration to find the the source of this reason.
message String: (String) An explanation of the status reason.
moreInfo String: (String) Link to documentation about this status reason.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.80.0-beta0 published on Tuesday, Jun 24, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

ibm.DlGatewayMacsecConfig

On this page

On this page

Example Usage

Create DlGatewayMacsecConfig Resource

Constructor syntax

Parameters

Constructor example

DlGatewayMacsecConfig Resource Properties

Inputs

Outputs

Look up Existing DlGatewayMacsecConfig Resource

Supporting Types

DlGatewayMacsecConfigCak, DlGatewayMacsecConfigCakArgs

DlGatewayMacsecConfigCakKey, DlGatewayMacsecConfigCakKeyArgs

DlGatewayMacsecConfigSakRekey, DlGatewayMacsecConfigSakRekeyArgs

DlGatewayMacsecConfigStatusReason, DlGatewayMacsecConfigStatusReasonArgs

DlGatewayMacsecConfigStatusReasonSakRekeyTimerMode, DlGatewayMacsecConfigStatusReasonSakRekeyTimerModeArgs

Package Details

On this page

On this page