ibm 1.80.0-beta0, Jun 24 25

ibm 1.80.0-beta0 published on Tuesday, Jun 24, 2025 by ibm-cloud

ibm.getDlGatewayMacsecCak

Explore with Pulumi AI

ibm 1.80.0-beta0 published on Tuesday, Jun 24, 2025 by ibm-cloud

For a given IBM Cloud Infrastructure Direct Link Gateway, Get a MACsec CAK by its identifier. A connectivity association key (CAK) used in the MACsec Key Agreement (MKA) protocol. MACsec CAKs consist of both a name and key. The CAK’s name must be a hexadecimal string of even lengths between 2 to 64 inclusive. The CAK’s key must be a Hyper Protect Crypto Service Standard Key type=standard with key material a hexadecimal string exactly 64 characters in length.

For more information, about IBM Cloud Direct Link, see getting started with IBM Cloud Direct Link.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const test = ibm.getDlGatewayMacsecCak({
    cakId: "ef4dcb1a-fee4-41c7-9e11-9cd99e65c1f4",
    gateway: "0a06fb9b-820f-4c44-8a31-77f1f0806d28",
});

import pulumi
import pulumi_ibm as ibm

test = ibm.get_dl_gateway_macsec_cak(cak_id="ef4dcb1a-fee4-41c7-9e11-9cd99e65c1f4",
    gateway="0a06fb9b-820f-4c44-8a31-77f1f0806d28")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.LookupDlGatewayMacsecCak(ctx, &ibm.LookupDlGatewayMacsecCakArgs{
			CakId:   "ef4dcb1a-fee4-41c7-9e11-9cd99e65c1f4",
			Gateway: "0a06fb9b-820f-4c44-8a31-77f1f0806d28",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var test = Ibm.GetDlGatewayMacsecCak.Invoke(new()
    {
        CakId = "ef4dcb1a-fee4-41c7-9e11-9cd99e65c1f4",
        Gateway = "0a06fb9b-820f-4c44-8a31-77f1f0806d28",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetDlGatewayMacsecCakArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var test = IbmFunctions.getDlGatewayMacsecCak(GetDlGatewayMacsecCakArgs.builder()
            .cakId("ef4dcb1a-fee4-41c7-9e11-9cd99e65c1f4")
            .gateway("0a06fb9b-820f-4c44-8a31-77f1f0806d28")
            .build());

    }
}

variables:
  test:
    fn::invoke:
      function: ibm:getDlGatewayMacsecCak
      arguments:
        cakId: ef4dcb1a-fee4-41c7-9e11-9cd99e65c1f4
        gateway: 0a06fb9b-820f-4c44-8a31-77f1f0806d28

Using getDlGatewayMacsecCak

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getDlGatewayMacsecCak(args: GetDlGatewayMacsecCakArgs, opts?: InvokeOptions): Promise<GetDlGatewayMacsecCakResult>
function getDlGatewayMacsecCakOutput(args: GetDlGatewayMacsecCakOutputArgs, opts?: InvokeOptions): Output<GetDlGatewayMacsecCakResult>

def get_dl_gateway_macsec_cak(active_deltas: Optional[Sequence[GetDlGatewayMacsecCakActiveDelta]] = None,
                              cak_id: Optional[str] = None,
                              gateway: Optional[str] = None,
                              id: Optional[str] = None,
                              opts: Optional[InvokeOptions] = None) -> GetDlGatewayMacsecCakResult
def get_dl_gateway_macsec_cak_output(active_deltas: Optional[pulumi.Input[Sequence[pulumi.Input[GetDlGatewayMacsecCakActiveDeltaArgs]]]] = None,
                              cak_id: Optional[pulumi.Input[str]] = None,
                              gateway: Optional[pulumi.Input[str]] = None,
                              id: Optional[pulumi.Input[str]] = None,
                              opts: Optional[InvokeOptions] = None) -> Output[GetDlGatewayMacsecCakResult]

func LookupDlGatewayMacsecCak(ctx *Context, args *LookupDlGatewayMacsecCakArgs, opts ...InvokeOption) (*LookupDlGatewayMacsecCakResult, error)
func LookupDlGatewayMacsecCakOutput(ctx *Context, args *LookupDlGatewayMacsecCakOutputArgs, opts ...InvokeOption) LookupDlGatewayMacsecCakResultOutput

> Note: This function is named LookupDlGatewayMacsecCak in the Go SDK.

public static class GetDlGatewayMacsecCak 
{
    public static Task<GetDlGatewayMacsecCakResult> InvokeAsync(GetDlGatewayMacsecCakArgs args, InvokeOptions? opts = null)
    public static Output<GetDlGatewayMacsecCakResult> Invoke(GetDlGatewayMacsecCakInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetDlGatewayMacsecCakResult> getDlGatewayMacsecCak(GetDlGatewayMacsecCakArgs args, InvokeOptions options)
public static Output<GetDlGatewayMacsecCakResult> getDlGatewayMacsecCak(GetDlGatewayMacsecCakArgs args, InvokeOptions options)

fn::invoke:
  function: ibm:index/getDlGatewayMacsecCak:getDlGatewayMacsecCak
  arguments:
    # arguments dictionary

The following arguments are supported:

CakId string: Direct Link gateway MACsec CAK identifier.
Gateway string: Direct Link gateway identifier.
ActiveDeltas List<GetDlGatewayMacsecCakActiveDelta>: (List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:
Id string

CakId string: Direct Link gateway MACsec CAK identifier.
Gateway string: Direct Link gateway identifier.
ActiveDeltas []GetDlGatewayMacsecCakActiveDelta: (List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:
Id string

cakId String: Direct Link gateway MACsec CAK identifier.
gateway String: Direct Link gateway identifier.
activeDeltas List<GetDlGatewayMacsecCakActiveDelta>: (List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:
id String

cakId string: Direct Link gateway MACsec CAK identifier.
gateway string: Direct Link gateway identifier.
activeDeltas GetDlGatewayMacsecCakActiveDelta[]: (List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:
id string

cak_id str: Direct Link gateway MACsec CAK identifier.
gateway str: Direct Link gateway identifier.
active_deltas Sequence[GetDlGatewayMacsecCakActiveDelta]: (List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:
id str

cakId String: Direct Link gateway MACsec CAK identifier.
gateway String: Direct Link gateway identifier.
activeDeltas List<Property Map>: (List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:
id String

getDlGatewayMacsecCak Result

The following output properties are available:

CakId string

CreatedAt string

(String) The date and time the resource was created.

Gateway string

Id string

Keys List<GetDlGatewayMacsecCakKey>

(List) A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:

Name string

(String) The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

Session string

(String) The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional

Status string

(String) Current status of the CAK.

Status operational is returned when the CAK is configured - successfully.
Status rotating is returned during a key rotation. The CAK defined by active_delta is still configured on the device and could be securing the MACsec session. In the case of a primary CAK, the status will be rotating for a period of time while waiting for the MACsec session to be secured with the new CAK. After that time, the CAK will either enter active or inactive status.
Status active is returned when the CAK is configured successfully and is currently used to secure the MACsec session.
Status inactive is returned when the CAK is configured successfully, but is not currently used to secure the MACsec session. The CAK may enter rotating status, and ultimately the active status, if it is found to be used to secure the MACsec session. The CAK may never leave this status on its own (e.g. if there is a key/key name mismatch). You are allowed to patch the CAK in this state to start the rotation procedure again.
Status failed is returned when the CAK cannot be configured. To recover, first resolve any issues with your HPCS key, then patch this CAK with the same or new key. Alternatively, you can delete this CAK if used for the fallback session.

UpdatedAt string

(String) The date and time the resource was last updated.

ActiveDeltas List<GetDlGatewayMacsecCakActiveDelta>

(List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:

CakId string

CreatedAt string

(String) The date and time the resource was created.

Gateway string

Id string

Keys []GetDlGatewayMacsecCakKey

(List) A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:

Name string

Session string

Status string

(String) Current status of the CAK.

Status operational is returned when the CAK is configured - successfully.
Status rotating is returned during a key rotation. The CAK defined by active_delta is still configured on the device and could be securing the MACsec session. In the case of a primary CAK, the status will be rotating for a period of time while waiting for the MACsec session to be secured with the new CAK. After that time, the CAK will either enter active or inactive status.
Status active is returned when the CAK is configured successfully and is currently used to secure the MACsec session.
Status inactive is returned when the CAK is configured successfully, but is not currently used to secure the MACsec session. The CAK may enter rotating status, and ultimately the active status, if it is found to be used to secure the MACsec session. The CAK may never leave this status on its own (e.g. if there is a key/key name mismatch). You are allowed to patch the CAK in this state to start the rotation procedure again.
Status failed is returned when the CAK cannot be configured. To recover, first resolve any issues with your HPCS key, then patch this CAK with the same or new key. Alternatively, you can delete this CAK if used for the fallback session.

UpdatedAt string

(String) The date and time the resource was last updated.

ActiveDeltas []GetDlGatewayMacsecCakActiveDelta

(List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:

cakId String

createdAt String

(String) The date and time the resource was created.

gateway String

id String

keys List<GetDlGatewayMacsecCakKey>

(List) A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:

name String

session String

status String

(String) Current status of the CAK.

Status operational is returned when the CAK is configured - successfully.
Status rotating is returned during a key rotation. The CAK defined by active_delta is still configured on the device and could be securing the MACsec session. In the case of a primary CAK, the status will be rotating for a period of time while waiting for the MACsec session to be secured with the new CAK. After that time, the CAK will either enter active or inactive status.
Status active is returned when the CAK is configured successfully and is currently used to secure the MACsec session.
Status inactive is returned when the CAK is configured successfully, but is not currently used to secure the MACsec session. The CAK may enter rotating status, and ultimately the active status, if it is found to be used to secure the MACsec session. The CAK may never leave this status on its own (e.g. if there is a key/key name mismatch). You are allowed to patch the CAK in this state to start the rotation procedure again.
Status failed is returned when the CAK cannot be configured. To recover, first resolve any issues with your HPCS key, then patch this CAK with the same or new key. Alternatively, you can delete this CAK if used for the fallback session.

updatedAt String

(String) The date and time the resource was last updated.

activeDeltas List<GetDlGatewayMacsecCakActiveDelta>

(List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:

cakId string

createdAt string

(String) The date and time the resource was created.

gateway string

id string

keys GetDlGatewayMacsecCakKey[]

(List) A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:

name string

session string

status string

(String) Current status of the CAK.

Status operational is returned when the CAK is configured - successfully.
Status rotating is returned during a key rotation. The CAK defined by active_delta is still configured on the device and could be securing the MACsec session. In the case of a primary CAK, the status will be rotating for a period of time while waiting for the MACsec session to be secured with the new CAK. After that time, the CAK will either enter active or inactive status.
Status active is returned when the CAK is configured successfully and is currently used to secure the MACsec session.
Status inactive is returned when the CAK is configured successfully, but is not currently used to secure the MACsec session. The CAK may enter rotating status, and ultimately the active status, if it is found to be used to secure the MACsec session. The CAK may never leave this status on its own (e.g. if there is a key/key name mismatch). You are allowed to patch the CAK in this state to start the rotation procedure again.
Status failed is returned when the CAK cannot be configured. To recover, first resolve any issues with your HPCS key, then patch this CAK with the same or new key. Alternatively, you can delete this CAK if used for the fallback session.

updatedAt string

(String) The date and time the resource was last updated.

activeDeltas GetDlGatewayMacsecCakActiveDelta[]

(List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:

cak_id str

created_at str

(String) The date and time the resource was created.

gateway str

id str

keys Sequence[GetDlGatewayMacsecCakKey]

(List) A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:

name str

session str

status str

(String) Current status of the CAK.

Status operational is returned when the CAK is configured - successfully.
Status rotating is returned during a key rotation. The CAK defined by active_delta is still configured on the device and could be securing the MACsec session. In the case of a primary CAK, the status will be rotating for a period of time while waiting for the MACsec session to be secured with the new CAK. After that time, the CAK will either enter active or inactive status.
Status active is returned when the CAK is configured successfully and is currently used to secure the MACsec session.
Status inactive is returned when the CAK is configured successfully, but is not currently used to secure the MACsec session. The CAK may enter rotating status, and ultimately the active status, if it is found to be used to secure the MACsec session. The CAK may never leave this status on its own (e.g. if there is a key/key name mismatch). You are allowed to patch the CAK in this state to start the rotation procedure again.
Status failed is returned when the CAK cannot be configured. To recover, first resolve any issues with your HPCS key, then patch this CAK with the same or new key. Alternatively, you can delete this CAK if used for the fallback session.

updated_at str

(String) The date and time the resource was last updated.

active_deltas Sequence[GetDlGatewayMacsecCakActiveDelta]

(List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:

cakId String

createdAt String

(String) The date and time the resource was created.

gateway String

id String

keys List<Property Map>

(List) A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:

name String

session String

status String

(String) Current status of the CAK.

Status operational is returned when the CAK is configured - successfully.
Status rotating is returned during a key rotation. The CAK defined by active_delta is still configured on the device and could be securing the MACsec session. In the case of a primary CAK, the status will be rotating for a period of time while waiting for the MACsec session to be secured with the new CAK. After that time, the CAK will either enter active or inactive status.
Status active is returned when the CAK is configured successfully and is currently used to secure the MACsec session.
Status inactive is returned when the CAK is configured successfully, but is not currently used to secure the MACsec session. The CAK may enter rotating status, and ultimately the active status, if it is found to be used to secure the MACsec session. The CAK may never leave this status on its own (e.g. if there is a key/key name mismatch). You are allowed to patch the CAK in this state to start the rotation procedure again.
Status failed is returned when the CAK cannot be configured. To recover, first resolve any issues with your HPCS key, then patch this CAK with the same or new key. Alternatively, you can delete this CAK if used for the fallback session.

updatedAt String

(String) The date and time the resource was last updated.

activeDeltas List<Property Map>

(List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:

Supporting Types

GetDlGatewayMacsecCakActiveDelta

Keys List<GetDlGatewayMacsecCakActiveDeltaKey>: (List) A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
Name string: (String) The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

Keys []GetDlGatewayMacsecCakActiveDeltaKey: (List) A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
Name string: (String) The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

keys List<GetDlGatewayMacsecCakActiveDeltaKey>: (List) A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
name String: (String) The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

keys GetDlGatewayMacsecCakActiveDeltaKey[]: (List) A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
name string: (String) The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

keys Sequence[GetDlGatewayMacsecCakActiveDeltaKey]: (List) A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
name str: (String) The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

keys List<Property Map>: (List) A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
name String: (String) The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

GetDlGatewayMacsecCakActiveDeltaKey

Crn string: (String) The CRN of the referenced key.

Crn string: (String) The CRN of the referenced key.

crn String: (String) The CRN of the referenced key.

crn string: (String) The CRN of the referenced key.

crn str: (String) The CRN of the referenced key.

crn String: (String) The CRN of the referenced key.

GetDlGatewayMacsecCakKey

Crn string: (String) The CRN of the referenced key.

Crn string: (String) The CRN of the referenced key.

crn String: (String) The CRN of the referenced key.

crn string: (String) The CRN of the referenced key.

crn str: (String) The CRN of the referenced key.

crn String: (String) The CRN of the referenced key.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.80.0-beta0 published on Tuesday, Jun 24, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

ibm.getDlGatewayMacsecCak

On this page

On this page

Example Usage

Using getDlGatewayMacsecCak

getDlGatewayMacsecCak Result

Supporting Types

GetDlGatewayMacsecCakActiveDelta

GetDlGatewayMacsecCakActiveDeltaKey

GetDlGatewayMacsecCakKey

Package Details

On this page

On this page