diff --git a/kong2tf/builder.go b/kong2tf/builder.go
index 1b1447986..7f4666cb9 100644
--- a/kong2tf/builder.go
+++ b/kong2tf/builder.go
@@ -5,15 +5,16 @@ import (
 )
 
 type ITerraformBuilder interface {
-	buildServices(*file.Content, *string, bool)
-	buildRoutes(*file.Content, *string, bool)
-	buildGlobalPlugins(*file.Content, *string, bool)
+	buildControlPlaneVar(*string)
+	buildServices(*file.Content, *string)
+	buildRoutes(*file.Content, *string)
+	buildGlobalPlugins(*file.Content, *string)
 	buildConsumers(*file.Content, *string, bool)
-	buildConsumerGroups(*file.Content, *string, bool)
-	buildUpstreams(*file.Content, *string, bool)
-	buildCACertificates(*file.Content, *string, bool)
-	buildCertificates(*file.Content, *string, bool)
-	buildVaults(*file.Content, *string, bool)
+	buildConsumerGroups(*file.Content, *string)
+	buildUpstreams(*file.Content, *string)
+	buildCACertificates(*file.Content, *string)
+	buildCertificates(*file.Content, *string)
+	buildVaults(*file.Content, *string)
 	getContent() string
 }
 
@@ -31,16 +32,20 @@ func newDirector(builder ITerraformBuilder) *Director {
 	}
 }
 
-func (d *Director) builTerraformResources(content *file.Content, generateImportsForControlPlaneID *string, ignoreCredentialChanges bool) string {
-
-	d.builder.buildGlobalPlugins(content, generateImportsForControlPlaneID, ignoreCredentialChanges)
-	d.builder.buildServices(content, generateImportsForControlPlaneID, ignoreCredentialChanges)
-	d.builder.buildUpstreams(content, generateImportsForControlPlaneID, ignoreCredentialChanges)
-	d.builder.buildRoutes(content, generateImportsForControlPlaneID, ignoreCredentialChanges)
+func (d *Director) builTerraformResources(
+	content *file.Content,
+	generateImportsForControlPlaneID *string,
+	ignoreCredentialChanges bool,
+) string {
+	d.builder.buildControlPlaneVar(generateImportsForControlPlaneID)
+	d.builder.buildGlobalPlugins(content, generateImportsForControlPlaneID)
+	d.builder.buildServices(content, generateImportsForControlPlaneID)
+	d.builder.buildUpstreams(content, generateImportsForControlPlaneID)
+	d.builder.buildRoutes(content, generateImportsForControlPlaneID)
 	d.builder.buildConsumers(content, generateImportsForControlPlaneID, ignoreCredentialChanges)
-	d.builder.buildConsumerGroups(content, generateImportsForControlPlaneID, ignoreCredentialChanges)
-	d.builder.buildCACertificates(content, generateImportsForControlPlaneID, ignoreCredentialChanges)
-	d.builder.buildCertificates(content, generateImportsForControlPlaneID, ignoreCredentialChanges)
-	d.builder.buildVaults(content, generateImportsForControlPlaneID, ignoreCredentialChanges)
+	d.builder.buildConsumerGroups(content, generateImportsForControlPlaneID)
+	d.builder.buildCACertificates(content, generateImportsForControlPlaneID)
+	d.builder.buildCertificates(content, generateImportsForControlPlaneID)
+	d.builder.buildVaults(content, generateImportsForControlPlaneID)
 	return d.builder.getContent()
 }
diff --git a/kong2tf/builder_default_terraform.go b/kong2tf/builder_default_terraform.go
index 02c24165a..fb11d791f 100644
--- a/kong2tf/builder_default_terraform.go
+++ b/kong2tf/builder_default_terraform.go
@@ -1,249 +1,438 @@
 package kong2tf
 
 import (
-	"bytes"
-	_ "embed"
+	"crypto/md5" //nolint:gosec
 	"encoding/json"
+	"fmt"
 	"log"
-	"regexp"
-	"text/template"
+	"strings"
 
-	"github.com/kong/go-apiops/logbasics"
 	"github.com/kong/go-database-reconciler/pkg/file"
-	"github.com/mitchellh/hashstructure"
 )
 
-// cleanField removes all characters from the input string that are not letters, digits, underscores, and dashes.
-func cleanField(input string) string {
-	// Regular expression to match disallowed characters and replace them
-	re := regexp.MustCompile(`[^a-zA-Z0-9_-]`)
-	return re.ReplaceAllString(input, "")
-}
-
-// dashToUnderscore replaces all dashes in the input string with underscores.
-func dashToUnderscore(input string) string {
-	// Regular expression to match dashes and replace them with underscores
-	re := regexp.MustCompile(`-`)
-	return re.ReplaceAllString(input, "_")
-}
-
-var funcs = template.FuncMap{
-	"hash":             hashstructure.Hash,
-	"jsonmarshal":      json.Marshal,
-	"cleanField":       cleanField,
-	"dashToUnderscore": dashToUnderscore,
-}
-
 type DefaultTerraformBuider struct {
 	content string
 }
 
-type TemplateObjectWrapper struct {
-	Content                          interface{}
-	GenerateImportsForControlPlaneID *string
-	IgnoreCredentialChanges          bool
-}
-
 func newDefaultTerraformBuilder() *DefaultTerraformBuider {
 	return &DefaultTerraformBuider{}
 }
 
-//go:embed templates/service.go.tmpl
-var terraformServiceTemplate string
-
-func (b *DefaultTerraformBuider) buildServices(content *file.Content, generateImportsForControlPlaneID *string, ignoreCredentialChanges bool) {
-	tmpl, err := template.New(terraformServiceTemplate).Funcs(funcs).Parse(terraformServiceTemplate)
+// Generic function that takes type T and returns map[string]any using JSON marshalling
+func toMapAny(resource any) map[string]any {
+	resourceMap := make(map[string]interface{})
+	resourceJSON, err := json.Marshal(resource)
 	if err != nil {
-		log.Fatal(err, "Failed to parse template")
-		return // Changed from log.Fatalf to return after logging the error
+		log.Fatal(err, "Failed to marshal resource")
+		return resourceMap
 	}
-
-	for index, service := range content.Services {
-
-		var buffer bytes.Buffer
-		err = tmpl.Execute(&buffer, service)
-		if err != nil {
-			log.Fatal(err, "Failed to execute template for service", "serviceIndex", index+1)
-		}
-
-		b.content += buffer.String()
+	err = json.Unmarshal(resourceJSON, &resourceMap)
+	if err != nil {
+		log.Fatal(err, "Failed to unmarshal resource")
+		return resourceMap
 	}
+	return resourceMap
 }
 
-//go:embed templates/route.go.tmpl
-var terraformRouteTemplate string
-
-func (b *DefaultTerraformBuider) buildRoutes(content *file.Content, generateImportsForControlPlaneID *string, ignoreCredentialChanges bool) {
-	logbasics.Info("Starting to build routes")
-	logbasics.Info("Template content before parsing", "template", terraformRouteTemplate)
-
-	tmpl, err := template.New(terraformRouteTemplate).Funcs(funcs).Parse(terraformRouteTemplate)
-	if err != nil {
-		log.Fatal(err)
+func (b *DefaultTerraformBuider) buildControlPlaneVar(controlPlaneID *string) {
+	cpID := "YOUR_CONTROL_PLANE_ID"
+	if controlPlaneID != nil {
+		cpID = *controlPlaneID
 	}
+	b.content += fmt.Sprintf(`variable "control_plane_id" {
+  type = "string"
+  default = "%s"
+}`, cpID) + "\n\n"
+}
 
+func (b *DefaultTerraformBuider) buildServices(content *file.Content, controlPlaneID *string) {
 	for _, service := range content.Services {
-		var buffer bytes.Buffer
+		parentResourceName := strings.ReplaceAll(*service.Name, "-", "_")
+		b.content += generateResource(
+			"gateway_service",
+			parentResourceName,
+			toMapAny(service),
+			map[string]string{},
+			importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id": service.ID,
+				},
+			},
+			[]string{},
+		)
+
+		for _, route := range service.Routes {
+			resourceName := strings.ReplaceAll(*route.Name, "-", "_")
+			b.content += generateResource("gateway_route", resourceName, toMapAny(route), map[string]string{
+				"service": parentResourceName,
+			}, importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id": route.ID,
+				},
+			}, []string{})
+
+			for _, plugin := range route.Plugins {
+				pluginName := strings.ReplaceAll(*plugin.Name, "-", "_")
+				b.content += generateResource("gateway_plugin", pluginName, toMapAny(plugin), map[string]string{
+					"route": resourceName,
+				}, importConfig{
+					controlPlaneID: controlPlaneID,
+					importValues: map[string]*string{
+						"id": plugin.ID,
+					},
+				}, []string{})
+			}
+		}
 
-		err = tmpl.Execute(&buffer, service)
-		if err != nil {
-			log.Fatal(err)
+		for _, plugin := range service.Plugins {
+			resourceName := strings.ReplaceAll(*plugin.Name, "-", "_")
+			b.content += generateResource("gateway_plugin", resourceName, toMapAny(plugin), map[string]string{
+				"service": parentResourceName,
+			}, importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id": plugin.ID,
+				},
+			}, []string{})
 		}
-		b.content += buffer.String()
 	}
 }
 
-//go:embed templates/global_plugin.go.tmpl
-var terraformGlobalPluginTemplate string
-
-func (b *DefaultTerraformBuider) buildGlobalPlugins(content *file.Content, generateImportsForControlPlaneID *string, ignoreCredentialChanges bool) {
-	logbasics.Info("Starting to build global plugins")
-	logbasics.Info("Template content before parsing", "template", terraformGlobalPluginTemplate)
-
-	tmpl, err := template.New(terraformGlobalPluginTemplate).Funcs(funcs).Parse(terraformGlobalPluginTemplate)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, globalPlugin := range content.Plugins {
-		var buffer bytes.Buffer
-
-		err = tmpl.Execute(&buffer, globalPlugin)
-		if err != nil {
-			log.Fatal(err)
+func (b *DefaultTerraformBuider) buildRoutes(content *file.Content, controlPlaneID *string) {
+	for _, route := range content.Routes {
+		parentResourceName := strings.ReplaceAll(*route.Name, "-", "_")
+		parents := map[string]string{}
+		if route.Service != nil {
+			parents["service"] = strings.ReplaceAll(*route.Service.Name, "-", "_")
+		}
+		b.content += generateResource("gateway_route", parentResourceName, toMapAny(route), parents, importConfig{
+			controlPlaneID: controlPlaneID,
+			importValues: map[string]*string{
+				"id": route.ID,
+			},
+		}, []string{})
+
+		for _, plugin := range route.Plugins {
+			resourceName := strings.ReplaceAll(*plugin.Name, "-", "_")
+			b.content += generateResource("gateway_plugin", resourceName, toMapAny(plugin), map[string]string{
+				"route": parentResourceName,
+			}, importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id": plugin.ID,
+				},
+			}, []string{})
 		}
-		b.content += buffer.String()
 	}
 }
 
-//go:embed templates/consumer.go.tmpl
-var terraformConsumerTemplate string
-
-func (b *DefaultTerraformBuider) buildConsumers(content *file.Content, generateImportsForControlPlaneID *string, ignoreCredentialChanges bool) {
-	logbasics.Info("Starting to build consumers")
-	logbasics.Info("Template content before parsing", "template", terraformConsumerTemplate)
-
-	tmpl, err := template.New(terraformConsumerTemplate).Funcs(funcs).Parse(terraformConsumerTemplate)
-	if err != nil {
-		log.Fatal(err)
+func (b *DefaultTerraformBuider) buildGlobalPlugins(content *file.Content, controlPlaneID *string) {
+	for _, globalPlugin := range content.Plugins {
+		resourceName := strings.ReplaceAll(*globalPlugin.Name, "-", "_")
+		b.content += generateResource(
+			"gateway_plugin",
+			resourceName,
+			toMapAny(globalPlugin),
+			map[string]string{},
+			importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id": globalPlugin.ID,
+				},
+			},
+			[]string{},
+		)
 	}
+}
 
+func (b *DefaultTerraformBuider) buildConsumers(
+	content *file.Content,
+	controlPlaneID *string,
+	ignoreCredentialChanges bool,
+) {
 	for _, consumer := range content.Consumers {
-		wrapper := TemplateObjectWrapper{
-			Content:                          consumer,
-			GenerateImportsForControlPlaneID: generateImportsForControlPlaneID,
-			IgnoreCredentialChanges:          ignoreCredentialChanges,
+		parentResourceName := strings.ReplaceAll(*consumer.Username, "-", "_")
+		b.content += generateResource(
+			"gateway_consumer",
+			parentResourceName,
+			toMapAny(consumer),
+			map[string]string{},
+			importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id": consumer.ID,
+				},
+			},
+			[]string{},
+		)
+
+		for _, cg := range consumer.Groups {
+			resourceName := strings.ReplaceAll(*cg.Name, "-", "_")
+
+			b.content += generateRelationship(
+				"gateway_consumer_group_member",
+				resourceName+"_"+parentResourceName,
+				map[string]string{
+					"consumer":       parentResourceName,
+					"consumer_group": resourceName,
+				},
+				toMapAny(consumer),
+				importConfig{
+					controlPlaneID: controlPlaneID,
+					importValues: map[string]*string{
+						"consumer_id":       consumer.ID,
+						"consumer_group_id": cg.ID,
+					},
+				},
+			)
 		}
-		var buffer bytes.Buffer
 
-		err = tmpl.Execute(&buffer, wrapper)
-		if err != nil {
-			log.Fatal(err)
+		for _, acl := range consumer.ACLGroups {
+			resourceName := "acl_" + strings.ReplaceAll(*acl.Group, "-", "_")
+			b.content += generateResource("gateway_acl", resourceName, toMapAny(acl), map[string]string{
+				"consumer_id": parentResourceName,
+			}, importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id":          acl.ID,
+					"consumer_id": consumer.ID,
+				},
+			}, []string{})
 		}
-		b.content += buffer.String()
-	}
-}
 
-//go:embed templates/consumer_group.go.tmpl
-var terraformConsumerGroupTemplate string
+		for _, basicauth := range consumer.BasicAuths {
+			lifecycle := []string{}
+
+			if ignoreCredentialChanges {
+				lifecycle = []string{
+					"password",
+				}
+			}
+
+			resourceName := "basic_auth_" + strings.ReplaceAll(*basicauth.Username, "-", "_")
+			b.content += generateResource("gateway_basic_auth", resourceName, toMapAny(basicauth), map[string]string{
+				"consumer_id": parentResourceName,
+			}, importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id":          basicauth.ID,
+					"consumer_id": consumer.ID,
+				},
+			}, lifecycle)
+		}
 
-func (b *DefaultTerraformBuider) buildConsumerGroups(content *file.Content, generateImportsForControlPlaneID *string, ignoreCredentialChanges bool) {
-	logbasics.Info("Starting to build consumer groups")
-	logbasics.Info("Template content before parsing", "template", terraformConsumerGroupTemplate)
+		for _, keyauth := range consumer.KeyAuths {
+			resourceName := "key_auth_" + strings.ReplaceAll(*keyauth.Key, "-", "_")
+			b.content += generateResource("gateway_key_auth", resourceName, toMapAny(keyauth), map[string]string{
+				"consumer_id": parentResourceName,
+			}, importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id":          keyauth.ID,
+					"consumer_id": consumer.ID,
+				},
+			}, []string{})
+		}
 
-	tmpl, err := template.New(terraformConsumerGroupTemplate).Funcs(funcs).Parse(terraformConsumerGroupTemplate)
-	if err != nil {
-		log.Fatal(err)
-	}
+		for _, jwt := range consumer.JWTAuths {
+			lifecycle := []string{}
+
+			if ignoreCredentialChanges {
+				lifecycle = []string{
+					"secret", "key",
+				}
+			}
+			resourceName := "jwt_" + strings.ReplaceAll(*jwt.Key, "-", "_")
+			b.content += generateResource("gateway_jwt", resourceName, toMapAny(jwt), map[string]string{
+				"consumer_id": parentResourceName,
+			}, importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id":          jwt.ID,
+					"consumer_id": consumer.ID,
+				},
+			}, lifecycle)
+		}
 
-	for _, consumerGroup := range content.ConsumerGroups {
-		var buffer bytes.Buffer
+		for _, hmacauth := range consumer.HMACAuths {
+			resourceName := "hmac_auth_" + strings.ReplaceAll(*hmacauth.Username, "-", "_")
+			b.content += generateResource("gateway_hmac_auth", resourceName, toMapAny(hmacauth), map[string]string{
+				"consumer_id": parentResourceName,
+			}, importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id":          hmacauth.ID,
+					"consumer_id": consumer.ID,
+				},
+			}, []string{})
+		}
 
-		err = tmpl.Execute(&buffer, consumerGroup)
-		if err != nil {
-			log.Fatal(err)
+		for _, plugin := range consumer.Plugins {
+			pluginName := strings.ReplaceAll(*plugin.Name, "-", "_")
+			b.content += generateResource("gateway_plugin", pluginName, toMapAny(plugin), map[string]string{
+				"consumer": parentResourceName,
+			}, importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id": plugin.ID,
+				},
+			}, []string{})
 		}
-		b.content += buffer.String()
+
 	}
 }
 
-//go:embed templates/upstream.go.tmpl
-var terraformUpstreamTemplate string
+func (b *DefaultTerraformBuider) buildConsumerGroups(content *file.Content, controlPlaneID *string) {
+	for _, cg := range content.ConsumerGroups {
+		parentResourceName := strings.ReplaceAll(*cg.Name, "-", "_")
+		parents := map[string]string{}
+		b.content += generateResource("gateway_consumer_group", parentResourceName, toMapAny(cg), parents, importConfig{
+			controlPlaneID: controlPlaneID,
+			importValues: map[string]*string{
+				"id": cg.ID,
+			},
+		}, []string{})
+
+		// We intentionally don't generate consumers here. Consumers is a FK reference, not a definition.
+		for _, consumer := range cg.Consumers {
+			resourceName := strings.ReplaceAll(*consumer.Username, "-", "_")
+
+			b.content += generateRelationship(
+				"gateway_consumer_group_member",
+				parentResourceName+"_"+resourceName,
+				map[string]string{
+					"consumer":       resourceName,
+					"consumer_group": parentResourceName,
+				},
+				toMapAny(consumer),
+				importConfig{
+					controlPlaneID: controlPlaneID,
+					importValues: map[string]*string{
+						"consumer_id":       consumer.ID,
+						"consumer_group_id": cg.ID,
+					},
+				},
+			)
+		}
 
-func (b *DefaultTerraformBuider) buildUpstreams(content *file.Content, generateImportsForControlPlaneID *string, ignoreCredentialChanges bool) {
-	tmpl, err := template.New(terraformUpstreamTemplate).Funcs(funcs).Parse(terraformUpstreamTemplate)
-	if err != nil {
-		log.Fatal(err)
+		for _, plugin := range cg.Plugins {
+			resourceName := strings.ReplaceAll(*plugin.Name, "-", "_")
+			b.content += generateResource("gateway_plugin", resourceName, toMapAny(plugin), map[string]string{
+				"consumer_group": parentResourceName,
+			}, importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id": plugin.ID,
+				},
+			}, []string{})
+		}
 	}
+}
 
+func (b *DefaultTerraformBuider) buildUpstreams(content *file.Content, controlPlaneID *string) {
 	for _, upstream := range content.Upstreams {
-		var buffer bytes.Buffer
-
-		err = tmpl.Execute(&buffer, upstream)
-		if err != nil {
-			log.Fatal(err)
+		parentResourceName := strings.ReplaceAll(*upstream.Name, "-", "_")
+		parentResourceName = "upstream_" + strings.ReplaceAll(parentResourceName, ".", "_")
+		parents := map[string]string{}
+		b.content += generateResource("gateway_upstream", parentResourceName, toMapAny(upstream), parents, importConfig{
+			controlPlaneID: controlPlaneID,
+			importValues: map[string]*string{
+				"id": upstream.ID,
+			},
+		}, []string{})
+
+		for _, target := range upstream.Targets {
+			resourceName := strings.ReplaceAll(*target.Target.Target, ".", "_")
+			resourceName = "target_" + strings.ReplaceAll(resourceName, ":", "_")
+			b.content += generateResource("gateway_target", resourceName, toMapAny(target), map[string]string{
+				"upstream_id": parentResourceName,
+			}, importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id":          target.ID,
+					"upstream_id": upstream.ID,
+				},
+			}, []string{})
 		}
-		b.content += buffer.String()
 	}
 }
 
-//go:embed templates/ca_certificate.go.tmpl
-var terraformCACertificateTemplate string
-
-func (b *DefaultTerraformBuider) buildCACertificates(content *file.Content, generateImportsForControlPlaneID *string, ignoreCredentialChanges bool) {
-	tmpl, err := template.New(terraformCACertificateTemplate).Funcs(funcs).Parse(terraformCACertificateTemplate)
-	if err != nil {
-		log.Fatal(err)
-	}
-
+func (b *DefaultTerraformBuider) buildCACertificates(content *file.Content, controlPlaneID *string) {
+	idx := 0
 	for _, caCertificate := range content.CACertificates {
-		var buffer bytes.Buffer
-
-		err = tmpl.Execute(&buffer, caCertificate)
-		if err != nil {
-			log.Fatal(err)
-		}
-		b.content += buffer.String()
+		hashedCert := fmt.Sprintf("%x", md5.Sum([]byte(*caCertificate.Cert))) //nolint:gosec
+		resourceName := "ca_cert_" + hashedCert
+		idx++
+		b.content += generateResource(
+			"gateway_ca_certificate",
+			resourceName,
+			toMapAny(caCertificate),
+			map[string]string{},
+			importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id": caCertificate.ID,
+				},
+			},
+			[]string{},
+		)
 	}
 }
 
-//go:embed templates/certificate.go.tmpl
-var terraformCertificateTemplate string
-
-func (b *DefaultTerraformBuider) buildCertificates(content *file.Content, generateImportsForControlPlaneID *string, ignoreCredentialChanges bool) {
-	tmpl, err := template.New(terraformCertificateTemplate).Funcs(funcs).Parse(terraformCertificateTemplate)
-	if err != nil {
-		log.Fatal(err)
-	}
-
+func (b *DefaultTerraformBuider) buildCertificates(content *file.Content, controlPlaneID *string) {
 	for _, certificate := range content.Certificates {
-		var buffer bytes.Buffer
-
-		err = tmpl.Execute(&buffer, certificate)
-		if err != nil {
-			log.Fatal(err)
+		hashedCert := fmt.Sprintf("%x", md5.Sum([]byte(*certificate.Cert))) //nolint:gosec
+		resourceName := "cert_" + hashedCert
+		b.content += generateResource(
+			"gateway_certificate",
+			resourceName,
+			toMapAny(certificate),
+			map[string]string{},
+			importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id": certificate.ID,
+				},
+			},
+			[]string{},
+		)
+
+		for _, sni := range certificate.SNIs {
+			resourceName := "sni_" + strings.ReplaceAll(*sni.Name, ".", "_")
+			b.content += generateResource("gateway_sni", resourceName, toMapAny(sni), map[string]string{
+				"certificate": "cert_" + hashedCert,
+			}, importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id": sni.ID,
+				},
+			}, []string{})
 		}
-		b.content += buffer.String()
 	}
 }
 
-//go:embed templates/vault.go.tmpl
-var terraformVaultTemplate string
-
-func (b *DefaultTerraformBuider) buildVaults(content *file.Content, generateImportsForControlPlaneID *string, ignoreCredentialChanges bool) {
-	tmpl, err := template.New(terraformVaultTemplate).Funcs(funcs).Parse(terraformVaultTemplate)
-	if err != nil {
-		log.Fatal(err)
-	}
-
+func (b *DefaultTerraformBuider) buildVaults(content *file.Content, controlPlaneID *string) {
 	for _, vault := range content.Vaults {
-		var buffer bytes.Buffer
-
-		err = tmpl.Execute(&buffer, vault)
-		if err != nil {
-			log.Fatal(err)
-		}
-		b.content += buffer.String()
+		parentResourceName := strings.ReplaceAll(*vault.Name, "-", "_")
+		parents := map[string]string{}
+		b.content += generateResourceWithCustomizations(
+			"gateway_vault",
+			parentResourceName,
+			toMapAny(vault),
+			parents,
+			map[string]string{
+				"config": "jsonencode",
+			},
+			importConfig{
+				controlPlaneID: controlPlaneID,
+				importValues: map[string]*string{
+					"id": vault.ID,
+				},
+			},
+			[]string{},
+		)
 	}
 }
 
diff --git a/kong2tf/generate_resource.go b/kong2tf/generate_resource.go
new file mode 100644
index 000000000..07295ee57
--- /dev/null
+++ b/kong2tf/generate_resource.go
@@ -0,0 +1,393 @@
+package kong2tf
+
+import (
+	"fmt"
+	"sort"
+	"strings"
+)
+
+type importConfig struct {
+	controlPlaneID *string
+	importValues   map[string]*string
+}
+
+func generateResource(
+	entityType,
+	name string,
+	entity map[string]any,
+	parents map[string]string,
+	imports importConfig,
+	lifecycle []string,
+) string {
+	return generateResourceWithCustomizations(entityType, name, entity, parents, map[string]string{}, imports, lifecycle)
+}
+
+func generateResourceWithCustomizations(
+	entityType,
+	name string,
+	entity map[string]any,
+	parents map[string]string,
+	customizations map[string]string,
+	imports importConfig,
+	lifecycle []string,
+) string {
+	// Cache ID in case we need to use it for imports
+	entityID := ""
+	if entity["id"] != nil {
+		entityID = entity["id"].(string)
+	}
+
+	// Populate parents with foreign keys as needed
+	parentKeys := []string{"service", "route", "consumer", "upstream", "certificate", "consumer_group"}
+
+	// Populate parents with foreign keys as needed
+	for _, key := range parentKeys {
+		if entity[key] != nil {
+			// Switch on type of parent
+			switch entity[key].(type) {
+			case string:
+				parents[key] = entity[key].(string)
+			case map[string]interface{}:
+				parents[key] = entity[key].(map[string]interface{})["name"].(string)
+			default:
+				panic(fmt.Sprintf("Unknown type for parent %s", key))
+			}
+		}
+	}
+
+	// List of keys to remove
+	removeKeys := []string{
+		"id",
+	}
+
+	// Build a map of entity types to keys
+	entityTypeToKeys := map[string][]string{
+		"gateway_service": {"routes", "plugins"},
+		"gateway_route":   {"plugins", "service"},
+		"gateway_plugin":  {"service", "route", "consumer"},
+		"gateway_consumer": {
+			"groups", "acls", "basicauth_credentials", "keyauth_credentials",
+			"jwt_secrets", "hmacauth_credentials", "basicauth_credentials", "plugins",
+		},
+		"gateway_upstream":       {"targets"},
+		"gateway_consumer_group": {"consumers", "plugins"},
+		"gateway_certificate":    {"snis"},
+	}
+
+	if additionalKeys := entityTypeToKeys[entityType]; additionalKeys != nil {
+		removeKeys = append(removeKeys, additionalKeys...)
+	}
+
+	// Remove keys that are not needed
+	for _, k := range removeKeys {
+		delete(entity, k)
+	}
+
+	if entityType == "gateway_plugin" {
+		entityType = fmt.Sprintf("%s_%s", entityType, name)
+		delete(entity, "name")
+	}
+
+	// We don't need to prefix SNIs with the Cert name
+	// Or routes with the service name
+	if entityType != "gateway_sni" && entityType != "gateway_route" {
+		for k := range parents {
+			name = fmt.Sprintf("%s_%s", strings.ReplaceAll(parents[k], "-", "_"), name)
+		}
+	}
+
+	s := fmt.Sprintf(`
+resource "konnect_%s" "%s" {
+%s
+
+%s  control_plane_id = var.control_plane_id%s
+}
+`,
+		entityType, name,
+		strings.TrimRight(output(entityType, entity, 1, true, "\n", customizations), "\n"),
+		generateParents(parents),
+		generateLifecycle(lifecycle))
+
+	// Generate imports
+	if imports.controlPlaneID != nil && entityID != "" {
+		entity["id"] = entityID
+		s += generateImports(entityType, name, imports.importValues, imports.controlPlaneID)
+	}
+
+	return strings.TrimSpace(s) + "\n\n"
+}
+
+func generateRelationship(
+	entityType string,
+	name string,
+	relations map[string]string,
+	_ map[string]any, // 'entity' when TODO is resolved
+	_ importConfig, // 'imports' when TODO is resolved
+) string {
+	// TODO: We don't support relationship importing in the provider yet
+	// entityID := entity["id"].(string)
+
+	s := fmt.Sprintf(`resource "konnect_%s" "%s" {`, entityType, name)
+
+	// Extract keys to iterate in a deterministic order
+	keys := make([]string, 0)
+	for k := range relations {
+		keys = append(keys, k)
+	}
+
+	sort.Strings(keys)
+
+	// Output each item in the relationship
+	for _, k := range keys {
+		s += fmt.Sprintf("\n"+`  %s_id = konnect_gateway_%s.%s.id`, k, k, relations[k])
+	}
+	s += "\n  control_plane_id = var.control_plane_id"
+	s += "\n}\n\n"
+
+	// TODO: We don't support relationship importing in the provider yet
+	/*
+		│ Error: Not Implemented
+		│
+		│ No available import state operation is available for resource gateway_consumer_group_member.
+	*/
+	//if imports.controlPlaneID != nil {
+	//	entity["id"] = entityID
+	//	s += generateImports(entityType, name, entity, imports.importValues, imports.controlPlaneID) + "\n\n"
+	//}
+
+	return s
+}
+
+func generateImports(
+	entityType string,
+	name string,
+	keysFromEntity map[string]*string,
+	cpID *string,
+) string {
+	if len(keysFromEntity) == 0 {
+		return ""
+	}
+
+	return fmt.Sprintf("\n"+`import {
+  to = konnect_%s.%s
+  id = "%s"
+}`, entityType, name, generateImportKeys(keysFromEntity, cpID))
+}
+
+func generateImportKeys(keys map[string]*string, cpID *string) string {
+	if len(keys) == 0 {
+		return ""
+	}
+
+	s := "{"
+	for k, val := range keys {
+		s += fmt.Sprintf(`\"%s\": \"%s\", `, k, *val)
+	}
+
+	s += fmt.Sprintf(`\"control_plane_id\": \"%s\", `, *cpID)
+
+	s = strings.TrimRight(s, ", ")
+
+	s += "}"
+
+	return s
+}
+
+func generateLifecycle(lifecycle []string) string {
+	if len(lifecycle) == 0 {
+		return ""
+	}
+
+	s := `
+  lifecycle {
+    ignore_changes = [`
+	for _, l := range lifecycle {
+		s += "\n      " + l + ","
+	}
+	s = strings.TrimRight(s, ",")
+
+	s += `
+    ]
+  }
+`
+
+	return s
+}
+
+func generateParents(parents map[string]string) string {
+	if len(parents) == 0 {
+		return ""
+	}
+
+	var result []string
+	for k, v := range parents {
+		v = strings.ReplaceAll(v, "-", "_")
+		// if parent ends with _id, use it as-is
+		if strings.HasSuffix(k, "_id") {
+			result = append(result, fmt.Sprintf(`  %s = konnect_gateway_%s.%s.id`, k, strings.TrimSuffix(k, "_id"), v)+"\n")
+			continue
+		}
+		result = append(result, fmt.Sprintf(`  %s = {
+    id = konnect_gateway_%s.%s.id
+  }`+"\n", k, k, v))
+	}
+
+	return strings.Join(result, "\n") + "\n"
+}
+
+// Output function that handles the dynamic data
+func output(
+	entityType string,
+	object map[string]interface{},
+	depth int,
+	isRoot bool,
+	eol string,
+	customizations map[string]string,
+) string {
+	var result []string
+
+	// Loop through object in order of keys
+	keys := make([]string, 0)
+	for k := range object {
+		keys = append(keys, k)
+	}
+
+	sort.Strings(keys)
+
+	// Move the most common keys to the front
+	var prioritizedKeys []string
+	for _, k := range []string{"enabled", "name", "username"} {
+		if _, exists := object[k]; exists {
+			prioritizedKeys = append(prioritizedKeys, k)
+		}
+	}
+
+	// Append the rest of the keys
+	for _, k := range keys {
+		if contains(prioritizedKeys, k) {
+			continue
+		}
+		if k != "name" && k != "enabled" {
+			prioritizedKeys = append(prioritizedKeys, k)
+		}
+	}
+	keys = prioritizedKeys
+
+	for _, k := range keys {
+		v := object[k]
+
+		// TODO: Remove this once deck dump doesn't export nil values
+		if v == nil {
+			continue
+		}
+
+		switch v := v.(type) {
+		case map[string]interface{}:
+			result = append(result, outputHash(entityType, k, v, depth, isRoot, eol, customizations))
+		case []interface{}:
+			result = append(result, outputList(entityType, k, v, depth))
+		default:
+			result = append(result, line(fmt.Sprintf("%s = %s", k, quote(v)), depth, eol))
+		}
+	}
+	return strings.Join(result, "")
+}
+
+// Handles rendering a map (hash) in Go
+func outputHash(
+	entityType string,
+	key string,
+	input map[string]interface{},
+	depth int,
+	isRoot bool,
+	eol string,
+	customizations map[string]string,
+) string {
+	s := ""
+	if !isRoot {
+		s += "\n"
+	}
+
+	custom := customizations[key]
+
+	if custom != "" {
+		s += line(fmt.Sprintf("%s = %s({", key, custom), depth, eol)
+	} else {
+		s += line(fmt.Sprintf("%s = {", key), depth, eol)
+	}
+
+	s += output(entityType, input, depth+1, true, eol, customizations)
+
+	if custom != "" {
+		s += line("})", depth, eol)
+	} else {
+		s += line("}", depth, eol)
+	}
+	return s
+}
+
+// Handles rendering a map within a list in Go
+func outputHashInList(entityType string, input map[string]interface{}, depth int) string {
+	s := "\n"
+	s += line("{", depth+1, "\n")
+	s += output(entityType, input, depth+2, false, "\n", map[string]string{})
+	s += line("},", depth+1, "\n")
+	return s
+}
+
+// Handles rendering a list (array) in Go
+func outputList(entityType string, key string, input []interface{}, depth int) string {
+	s := line(fmt.Sprintf("%s = [", key), depth, "")
+	for _, v := range input {
+		switch v := v.(type) {
+		case map[string]interface{}:
+			s += outputHashInList(entityType, v, depth)
+		default:
+			s += fmt.Sprintf("%s, ", quote(v))
+		}
+	}
+	s = strings.TrimRight(s, ", ")
+	s += endList(input, depth)
+	return s
+}
+
+// Ends a list rendering in Go
+func endList(input []interface{}, depth int) string {
+	lastLine := line("]", depth, "\n")
+	if _, ok := input[len(input)-1].(map[string]interface{}); ok {
+		return lastLine
+	}
+	return strings.TrimLeft(lastLine, " ")
+}
+
+// Formats a line with proper indentation and end-of-line characters
+func line(input string, depth int, eol string) string {
+	return strings.Repeat("  ", depth) + input + eol
+}
+
+// Properly quotes a value based on its type
+func quote(input interface{}) string {
+	switch v := input.(type) {
+	case nil:
+		return ""
+	case bool, int, float64:
+		return fmt.Sprintf("%v", v)
+	case string:
+		if strings.Contains(v, "\n") {
+			return fmt.Sprintf("<<EOF\n%s\nEOF", strings.TrimRight(v, "\n"))
+		}
+		return fmt.Sprintf("\"%s\"", strings.ReplaceAll(v, "\"", "\\\""))
+	default:
+		return fmt.Sprintf("\"%v\"", v)
+	}
+}
+
+// contains checks if a slice contains a specific element
+func contains(slice []string, item string) bool {
+	for _, v := range slice {
+		if v == item {
+			return true
+		}
+	}
+	return false
+}
diff --git a/kong2tf/generate_resource_test.go b/kong2tf/generate_resource_test.go
new file mode 100644
index 000000000..c5cf122d3
--- /dev/null
+++ b/kong2tf/generate_resource_test.go
@@ -0,0 +1,205 @@
+package kong2tf
+
+import (
+	"encoding/json"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestGenerateComplexLayout(t *testing.T) {
+	jsonInput := `{
+		"field1": "basic_string",
+		"field2": ["list", "of", "strings"],
+		"field3": {
+			"nested_field1": "nested_string",
+			"nested_field2": ["list", "of", "nested", "strings"],
+			"nested_field3": {
+				"nested_nested_field1": "nested_nested_string",
+				"nested_nested_field2": ["list", "of", "nested", "nested", "strings"],
+				"nested_nested_field3": {
+					"nested_nested_nested_field1": "nested_nested_nested_string"
+				}
+			}
+		}
+	}`
+
+	var entity map[string]any
+	err := json.Unmarshal([]byte(jsonInput), &entity)
+	require.NoError(t, err)
+
+	expected := `resource "konnect_entity_type" "some_service_name" {
+  field1 = "basic_string"
+  field2 = ["list", "of", "strings"]
+  field3 = {
+    nested_field1 = "nested_string"
+    nested_field2 = ["list", "of", "nested", "strings"]
+    nested_field3 = {
+      nested_nested_field1 = "nested_nested_string"
+      nested_nested_field2 = ["list", "of", "nested", "nested", "strings"]
+      nested_nested_field3 = {
+        nested_nested_nested_field1 = "nested_nested_nested_string"
+      }
+    }
+  }
+
+  service = {
+    id = konnect_gateway_service.some_service.id
+  }
+  control_plane_id = var.control_plane_id
+}
+`
+
+	result := generateResource("entity_type", "name", entity, map[string]string{
+		"service": "some_service",
+	}, importConfig{
+		controlPlaneID: new(string),
+		importValues:   map[string]*string{},
+	}, []string{})
+
+	require.Equal(t, strings.Fields(expected), strings.Fields(result))
+}
+
+func TestGenerateResourceWithoutParent(t *testing.T) {
+	entity := map[string]any{
+		"field1": "value1",
+		"field2": "value2",
+	}
+	parents := map[string]string{}
+
+	expected := `resource "konnect_entity_type" "name" {
+	field1 = "value1"
+	field2 = "value2"
+
+	control_plane_id = var.control_plane_id
+}
+`
+
+	result := generateResource("entity_type", "name", entity, parents, importConfig{
+		controlPlaneID: new(string),
+		importValues:   map[string]*string{},
+	}, []string{})
+	require.Equal(t, strings.Fields(expected), strings.Fields(result))
+}
+
+func TestGenerateResourceWithParent(t *testing.T) {
+	entity := map[string]any{
+		"field1": "value1",
+		"field2": "value2",
+	}
+	parents := map[string]string{
+		"parent1": "parent_value1",
+	}
+
+	expected := `resource "konnect_entity_type" "parent_value1_name" {
+	field1 = "value1"
+	field2 = "value2"
+
+	parent1 = {
+		id = konnect_gateway_parent1.parent_value1.id
+	}
+	control_plane_id = var.control_plane_id
+}
+`
+
+	result := generateResource("entity_type", "name", entity, parents, importConfig{
+		controlPlaneID: new(string),
+		importValues:   map[string]*string{},
+	}, []string{})
+	require.Equal(t, strings.Fields(expected), strings.Fields(result))
+}
+
+func TestGenerateRelationship(t *testing.T) {
+	entity := map[string]any{
+		"field1": "value1",
+		"field2": "value2",
+	}
+
+	relations := map[string]string{
+		"relation1": "relation_value1",
+		"relation2": "relation_value2",
+	}
+
+	expected := `resource "konnect_entity_type" "name" {
+	relation1_id = konnect_gateway_relation1.relation_value1.id
+	relation2_id = konnect_gateway_relation2.relation_value2.id
+	control_plane_id = var.control_plane_id
+}
+`
+
+	result := generateRelationship("entity_type", "name", relations, entity, importConfig{
+		controlPlaneID: new(string),
+		importValues:   map[string]*string{},
+	})
+	require.Equal(t, strings.Fields(expected), strings.Fields(result))
+}
+
+func TestLifecycle(t *testing.T) {
+	entity := map[string]any{
+		"field1": "value1",
+		"field2": "value2",
+	}
+
+	expected := `resource "konnect_entity_type" "name" {
+  field1 = "value1"
+  field2 = "value2"
+
+  control_plane_id = var.control_plane_id
+  lifecycle {
+    ignore_changes = [
+      ignore_this_one
+    ]
+  }
+
+}
+`
+
+	result := generateResource("entity_type", "name", entity, map[string]string{}, importConfig{
+		controlPlaneID: new(string),
+		importValues:   map[string]*string{},
+	}, []string{
+		"ignore_this_one",
+	})
+	require.Equal(t, strings.Fields(expected), strings.Fields(result))
+}
+
+func TestImports(t *testing.T) {
+	jsonInput := `{
+		"id": "some_id",
+		"field1": "basic_string",
+		"field2": {
+			"nested": "subkey"
+		}
+	}`
+
+	var entity map[string]any
+	err := json.Unmarshal([]byte(jsonInput), &entity)
+	require.NoError(t, err)
+
+	expected := `resource "konnect_entity_type" "name" {
+  field1 = "basic_string"
+  field2 = {
+    nested = "subkey"
+  }
+
+  control_plane_id = var.control_plane_id
+}
+
+import {
+  to = konnect_entity_type.name
+  id = "{\"id\": \"some_id\", \"field2_nested\": \"subkey\", \"control_plane_id\": \"abc-123\"}"
+}`
+
+	cpID := new(string)
+	*cpID = "abc-123"
+
+	result := generateResource("entity_type", "name", entity, map[string]string{}, importConfig{
+		controlPlaneID: cpID,
+		importValues: map[string]*string{
+			"id":            func() *string { s := "some_id"; return &s }(),
+			"field2_nested": func() *string { s := "subkey"; return &s }(),
+		},
+	}, []string{})
+	require.Equal(t, strings.Fields(expected), strings.Fields(result))
+}
diff --git a/kong2tf/kong2tf.go b/kong2tf/kong2tf.go
index 73c9d3099..d0ec74b20 100644
--- a/kong2tf/kong2tf.go
+++ b/kong2tf/kong2tf.go
@@ -6,8 +6,8 @@ type TfConfig struct {
 	ControlPlaneID string
 }
 
-func Convert(inputContent *file.Content, generateImportsForControlPlaneID *string, ignoreCredentialChanges bool) (string, error) {
+func Convert(inputContent *file.Content, generateImports *string, ignoreCredentialChanges bool) (string, error) {
 	builder := getTerraformBuilder()
 	director := newDirector(builder)
-	return director.builTerraformResources(inputContent, generateImportsForControlPlaneID, ignoreCredentialChanges), nil
+	return director.builTerraformResources(inputContent, generateImports, ignoreCredentialChanges), nil
 }
diff --git a/kong2tf/kong2tf_test.go b/kong2tf/kong2tf_test.go
index 3b179a95e..fe444a355 100644
--- a/kong2tf/kong2tf_test.go
+++ b/kong2tf/kong2tf_test.go
@@ -30,6 +30,40 @@ func compareFileContent(t *testing.T, expectedFilename string, actualContent []b
 	require.Equal(t, expectedFields, actualFields)
 }
 
+func Test_convertKongGatewayToTerraformWithImports(t *testing.T) {
+	tests := []struct {
+		name           string
+		inputFilename  string
+		outputFilename string
+		wantErr        bool
+	}{
+		{
+			name:           "consumer-jwt",
+			inputFilename:  "consumer-jwt-input.yaml",
+			outputFilename: "consumer-jwt-output-with-imports-expected.tf",
+			wantErr:        false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			inputContent, err := file.GetContentFromFiles([]string{baseLocation + tt.inputFilename}, false)
+			if err != nil {
+				assert.Fail(t, err.Error())
+			}
+
+			cpID := new(string)
+			*cpID = "abc-123"
+			output, err := Convert(inputContent, cpID, true)
+
+			if err == nil {
+				compareFileContent(t, tt.outputFilename, []byte(output))
+			} else if (err != nil) != tt.wantErr {
+				t.Errorf("KongToTerraform error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
 func Test_convertKongGatewayToTerraform(t *testing.T) {
 	tests := []struct {
 		name           string
@@ -116,9 +150,15 @@ func Test_convertKongGatewayToTerraform(t *testing.T) {
 			wantErr:        false,
 		},
 		{
-			name:           "global-plugin",
-			inputFilename:  "global-plugin-input.yaml",
-			outputFilename: "global-plugin-output-expected.tf",
+			name:           "global-plugin-oidc",
+			inputFilename:  "global-plugin-oidc-input.yaml",
+			outputFilename: "global-plugin-oidc-output-expected.tf",
+			wantErr:        false,
+		},
+		{
+			name:           "global-plugin-rate-limiting",
+			inputFilename:  "global-plugin-rate-limiting-input.yaml",
+			outputFilename: "global-plugin-rate-limiting-output-expected.tf",
 			wantErr:        false,
 		},
 		{
diff --git a/kong2tf/templates/ca_certificate.go.tmpl b/kong2tf/templates/ca_certificate.go.tmpl
deleted file mode 100644
index efcc7a58c..000000000
--- a/kong2tf/templates/ca_certificate.go.tmpl
+++ /dev/null
@@ -1,14 +0,0 @@
-resource "konnect_gateway_ca_certificate" "CA_{{ hash .Cert nil }}" {
-  {{- if .Cert }}
-  cert             = <<EOF
-  {{ .Cert -}}
-  EOF
-  {{- end }}
-  {{- if .CertDigest }}
-  cert_digest      = "{{ .CertDigest }}"
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  control_plane_id = var.control_plane_id
-}
diff --git a/kong2tf/templates/certificate.go.tmpl b/kong2tf/templates/certificate.go.tmpl
deleted file mode 100644
index 106d19462..000000000
--- a/kong2tf/templates/certificate.go.tmpl
+++ /dev/null
@@ -1,31 +0,0 @@
-resource "konnect_gateway_certificate" "Cert_{{ hash .Cert nil }}" {
-  {{- if .Cert }}
-  cert             = <<EOF
-  {{ .Cert }}
-  EOF
-  {{- end }}
-  {{- if .Key }}
-  key             = <<EOF
-  {{ .Key }}
-  EOF
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  control_plane_id = var.control_plane_id
-}
-
-{{- range .SNIs }}
-resource "konnect_gateway_sni" "{{ cleanField .Name }}" {
-  {{- if .Name }}
-  name             = "{{ .Name }}"
-  {{- end }}
-  certificate = {
-    id = konnect_gateway_certificate.Cert_{{ hash $.Cert nil }}.id
-  }
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  control_plane_id = var.control_plane_id
-}
-{{- end }}
diff --git a/kong2tf/templates/consumer.go.tmpl b/kong2tf/templates/consumer.go.tmpl
deleted file mode 100644
index bf2fb052c..000000000
--- a/kong2tf/templates/consumer.go.tmpl
+++ /dev/null
@@ -1,188 +0,0 @@
-resource "konnect_gateway_consumer" "{{ cleanField .Content.Username }}" {
-  {{- if .Content.Username }}
-  username         = "{{ .Content.Username }}"
-  {{- end }}
-  {{- if .Content.CustomID }}
-  custom_id        = "{{ .Content.CustomID }}"
-  {{- end }}
-  {{- if .Content.Tags }}
-  tags             = [{{ range $index, $value := .Content.Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  control_plane_id = var.control_plane_id
-}
-
-{{- if .GenerateImportsForControlPlaneID }}
-import {
-  to = konnect_gateway_consumer.{{ cleanField .Content.Username }}
-  id = "{ \"id\": \"{{ .Content.ID }}\", \"control_plane_id\": \"{{ .GenerateImportsForControlPlaneID }}\" }"
-}
-
-{{- end }}
-
-{{- range .Content.KeyAuths }}
-resource "konnect_gateway_key_auth" "{{ cleanField $.Content.Username }}_{{ cleanField .Key }}" {
-  {{- if .Key }}
-  key              = "{{ .Key }}"
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  consumer_id      = konnect_gateway_consumer.{{ cleanField $.Content.Username }}.id
-  control_plane_id = var.control_plane_id
-}
-
-{{- if $.GenerateImportsForControlPlaneID }}
-import {
-  to = konnect_gateway_key_auth.{{ cleanField $.Content.Username }}_{{ cleanField .Key }}
-  id = "{ \"id\": \"{{ .ID }}\", \"consumer_id\": \"{{ $.Content.ID }}\", \"control_plane_id\": \"{{ $.GenerateImportsForControlPlaneID }}\" }"
-}
-
-{{- end }}
-
-{{- end }}
-
-{{- range .Content.HMACAuths }}
-resource "konnect_gateway_hmac_auth" "{{ cleanField $.Content.Username }}_{{ cleanField .Username }}" {
-  {{- if .Content.Username }}
-  username         = "{{ .Content.Username }}"
-  {{- end }}
-  {{- if .Secret }}
-  secret           = "{{ .Secret }}"
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  consumer_id      = konnect_gateway_consumer.{{ cleanField $.Content.Username }}.id
-  control_plane_id = var.control_plane_id
-}
-
-{{- if $.GenerateImportsForControlPlaneID }}
-import {
-  to = konnect_gateway_hmac_auth.{{ cleanField $.Content.Username }}_{{ cleanField .Username }}
-  id = "{ \"id\": \"{{ .ID }}\", \"consumer_id\": \"{{ $.Content.ID }}\", \"control_plane_id\": \"{{ $.GenerateImportsForControlPlaneID }}\" }"
-}
-
-{{- end }}
-
-{{- end }}
-
-{{- range .Content.JWTAuths }}
-resource "konnect_gateway_jwt" "{{ cleanField $.Content.Username }}_{{ cleanField .Key }}" {
-  {{- if .Key }}
-  key              = "{{ .Key }}"
-  {{- end }}
-  {{- if .Algorithm }}
-  algorithm        = "{{ .Algorithm }}"
-  {{- end }}
-  {{- if .Secret }}
-  secret           = "{{ .Secret }}"
-  {{- end }}
-  {{- if .RSAPublicKey }}
-  rsa_public_key   = <<EOF
-  {{ .RSAPublicKey }}
-  EOF
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  consumer_id      = konnect_gateway_consumer.{{ cleanField $.Content.Username }}.id
-  control_plane_id = var.control_plane_id
-
-  {{- if $.IgnoreCredentialChanges }}
-  lifecycle {
-    ignore_changes = [ 
-      secret,
-      key,
-    ]
-  }
-  {{- end }}
-}
-
-import {
-  to = konnect_gateway_jwt.{{ cleanField $.Content.Username }}_{{ cleanField .Key }}
-  id = "{ \"id\": \"{{ .ID }}\", \"consumer_id\": \"{{ $.Content.ID }}\", \"control_plane_id\": \"{{ $.GenerateImportsForControlPlaneID }}\" }"
-}
-
-{{- end }}
-
-{{- range .Content.BasicAuths }}
-resource "konnect_gateway_basic_auth" "{{ cleanField $.Content.Username }}_{{ cleanField .Username }}" {
-  {{- if .Username }}
-  username         = "{{ .Username }}"
-  {{- end }}
-  {{- if .Password }}
-  password         = "{{ .Password }}"
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  consumer_id      = konnect_gateway_consumer.{{ cleanField $.Content.Username }}.id
-  control_plane_id = var.control_plane_id
-
-  {{- if $.IgnoreCredentialChanges }}
-  lifecycle {
-    ignore_changes = [ 
-      password,
-    ]
-  }
-  {{- end }}
-}
-
-import {
-  to = konnect_gateway_basic_auth.{{ cleanField $.Content.Username }}_{{ cleanField .Username }}
-  id = "{ \"id\": \"{{ .ID }}\", \"consumer_id\": \"{{ $.Content.ID }}\", \"control_plane_id\": \"{{ $.GenerateImportsForControlPlaneID }}\" }"
-}
-
-{{- end }}
-
-{{- range .Content.ACLGroups }}
-resource "konnect_gateway_acl" "{{ cleanField $.Content.Username }}_{{ cleanField .Group }}" {
-  {{- if .Group }}
-  group            = "{{ .Group }}"
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  consumer_id      = konnect_gateway_consumer.{{ cleanField $.Content.Username }}.id
-  control_plane_id = var.control_plane_id
-}
-
-import {
-  to = konnect_gateway_acl.{{ cleanField $.Content.Username }}_{{ cleanField .Group }}
-  id = "{ \"id\": \"{{ .ID }}\", \"consumer_id\": \"{{ $.Content.ID }}\", \"control_plane_id\": \"{{ $.GenerateImportsForControlPlaneID }}\" }"
-}
-
-{{- end }}
-
-{{- range .Content.Plugins }}
-resource "konnect_gateway_plugin_{{ dashToUnderscore .Name }}" "{{ cleanField $.Content.Username }}_{{ cleanField .Name }}" {
-  {{- if .InstanceName }}
-  instance_name = "{{ .InstanceName }}"
-  {{- end }}
-  {{- if .RunOn }}
-  run_on = "{{ .RunOn }}"
-  {{- end }}
-  {{- if .Enabled }}
-  enabled = {{ .Enabled }}
-  {{- end }}
-  {{- if .Config }}
-  config = {{ printf "%s" (jsonmarshal .Config) }}
-  {{- end }}
-  {{- if .Protocols }}
-  protocols = [{{ range $index, $value := .Protocols }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  consumer = {
-    id = konnect_gateway_consumer.{{ cleanField $.Content.Username }}.id
-  }
-  control_plane_id = var.control_plane_id
-}
-
-import {
-  to = konnect_gateway_plugin_{{ dashToUnderscore .Name }}.{{ cleanField $.Content.Username }}_{{ cleanField .Name }}
-  id = "{ \"id\": \"{{ .ID }}\", \"control_plane_id\": \"{{ $.GenerateImportsForControlPlaneID }}\" }"
-}
-
-{{- end }}
diff --git a/kong2tf/templates/consumer_group.go.tmpl b/kong2tf/templates/consumer_group.go.tmpl
deleted file mode 100644
index 2a77b08be..000000000
--- a/kong2tf/templates/consumer_group.go.tmpl
+++ /dev/null
@@ -1,29 +0,0 @@
-resource "konnect_gateway_consumer_group" "{{ cleanField .Name }}" {
-  {{- if .Name }}
-  name             = "{{ .Name }}"
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  control_plane_id = var.control_plane_id
-}
-
-{{- range .Consumers }}
-resource "konnect_gateway_consumer_group_member" "{{ cleanField .Username }}" {
-  consumer_id       = konnect_gateway_consumer.{{ cleanField .Username }}.id
-  consumer_group_id = konnect_gateway_consumer_group.{{ cleanField $.Name }}.id
-  control_plane_id  = var.control_plane_id
-}
-{{- end }}
-
-{{- range .Plugins }}
-resource "konnect_gateway_plugin_{{ dashToUnderscore .Name }}" "{{ cleanField $.Name }}_{{ cleanField .Name }}" {
-  {{- if .Config }}
-  config = {{ printf "%s" (jsonmarshal .Config) }}
-  {{- end }}
-  consumer_group = {
-    id = konnect_gateway_consumer_group.{{ cleanField $.Name }}.id
-  }
-  control_plane_id = var.control_plane_id
-}
-{{- end }}
diff --git a/kong2tf/templates/global_plugin.go.tmpl b/kong2tf/templates/global_plugin.go.tmpl
deleted file mode 100644
index 9cae6fb21..000000000
--- a/kong2tf/templates/global_plugin.go.tmpl
+++ /dev/null
@@ -1,21 +0,0 @@
-resource "konnect_gateway_plugin_{{ dashToUnderscore .Name }}" "{{ cleanField .Name }}" {
-  {{- if .InstanceName }}
-  instance_name = "{{ .InstanceName }}"
-  {{- end }}
-  {{- if .RunOn }}
-  run_on = "{{ .RunOn }}"
-  {{- end }}
-  {{- if .Enabled }}
-  enabled = {{ .Enabled }}
-  {{- end }}
-  {{- if .Config }}
-  config = {{ printf "%s" (jsonmarshal .Config) }}
-  {{- end }}
-  {{- if .Protocols }}
-  protocols = [{{ range $index, $value := .Protocols }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  control_plane_id = var.control_plane_id
-}
diff --git a/kong2tf/templates/route.go.tmpl b/kong2tf/templates/route.go.tmpl
deleted file mode 100644
index 2b06254c0..000000000
--- a/kong2tf/templates/route.go.tmpl
+++ /dev/null
@@ -1,124 +0,0 @@
-{{- range .Routes }}
-  {{/* Assign a variable to the current Route before iterating over Plugins */}}
-  {{- $route := .}}
-resource "konnect_gateway_route" "{{ cleanField .Name }}" {
-  {{- if .Name }}
-  name = "{{ .Name }}"
-  {{- end }}
-  {{- if .CreatedAt }}
-  created_at = {{ .CreatedAt }}
-  {{- end }}
-  {{- if .Expression }}
-  expression = "{{ .Expression }}"
-  {{- end }}
-  {{- if .Hosts }}
-  hosts = [{{ range $index, $host := .Hosts }}{{ if $index }}, {{ end }}"{{ $host }}"{{ end }}]
-  {{- end }}
-  {{- if .Headers }}
-  headers = {
-    {{- range $key, $value := .Headers }}
-    "{{ $key }}" = jsonencode({{ printf "%s" (jsonmarshal $value) }})
-    {{- end }}
-  }
-  {{- end }}
-  {{- if .Methods }}
-  methods = [{{ range $index, $method := .Methods }}{{ if $index }}, {{ end }}"{{ $method }}"{{ end }}]
-  {{- end }}
-  {{- if .Paths }}
-  paths = [{{ range $index, $path := .Paths }}{{ if $index }}, {{ end }}"{{ $path }}"{{ end }}]
-  {{- end }}
-  {{- if .PathHandling }}
-  path_handling = "{{ .PathHandling }}"
-  {{- end }}
-  {{- if .PreserveHost }}
-  preserve_host = {{ .PreserveHost }}
-  {{- end }}
-  {{- if .Priority }}
-  priority = {{ .Priority }}
-  {{- end }}
-  {{- if .Protocols }}
-  protocols = [{{ range $index, $protocol := .Protocols }}{{ if $index }}, {{ end }}"{{ $protocol }}"{{ end }}]
-  {{- end }}
-  {{- if .RegexPriority }}
-  regex_priority = {{ .RegexPriority }}
-  {{- end }}
-  {{- if $.Name }}
-  {{- end }}
-  {{- if .StripPath }}
-  strip_path = {{ .StripPath }}
-  {{- end }}
-  {{- if .UpdatedAt }}
-  updated_at = {{ .UpdatedAt }}
-  {{- end }}
-  {{- if .SNIs }}
-  snis = [{{ range $index, $sni := .SNIs }}{{ if $index }}, {{ end }}"{{ $sni }}"{{ end }}]
-  {{- end }}
-  {{- if .Sources }}
-  sources = [
-    {{- range $index, $source := .Sources }}
-    {{- if $index }},{{ end }}
-    {
-      ip   = "{{ $source.IP }}"
-      {{- if $source.Port }}
-      port = {{ $source.Port }}
-      {{- end }}
-    }
-    {{- end }}
-  ]
-  {{- end }}
-  {{- if .Destinations }}
-  destinations = [
-    {{- range $index, $destination := .Destinations }}
-    {{- if $index }},{{ end }}
-    {
-      ip   = "{{ $destination.IP }}"
-      port = {{ $destination.Port }}
-    }
-    {{- end }}
-  ]
-  {{- end }}
-  {{- if .Tags }}
-  tags = [{{ range $index, $tag := .Tags }}{{ if $index }}, {{ end }}"{{ $tag }}"{{ end }}]
-  {{- end }}
-  {{- if .HTTPSRedirectStatusCode }}
-  https_redirect_status_code = {{ .HTTPSRedirectStatusCode }}
-  {{- end }}
-  {{- if .RequestBuffering }}
-  request_buffering = {{ .RequestBuffering }}
-  {{- end }}
-  {{- if .ResponseBuffering }}
-  response_buffering = {{ .ResponseBuffering }}
-  {{- end }}
-  service = {
-    id = konnect_gateway_service.{{ cleanField $.Name }}.id
-  }  
-  control_plane_id = var.control_plane_id
-}
-{{- range .Plugins }}
-resource "konnect_gateway_plugin_{{ dashToUnderscore .Name }}" "{{ cleanField $.Name }}_{{ cleanField $route.Name }}_{{ cleanField .Name }}" {
-  {{- if .InstanceName }}
-  instance_name = "{{ .InstanceName }}"
-  {{- end }}
-  {{- if .RunOn }}
-  run_on = "{{ .RunOn }}"
-  {{- end }}
-  {{- if .Enabled }}
-  enabled = {{ .Enabled }}
-  {{- end }}
-  {{- if .Config }}
-  config = {{ printf "%s" (jsonmarshal .Config) }}
-  {{- end }}
-  {{- if .Protocols }}
-  protocols = [{{ range $index, $value := .Protocols }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  route = {
-    id = konnect_gateway_route.{{ cleanField $route.Name }}.id
-  }
-  control_plane_id = var.control_plane_id
-}
-{{- end }}
-
-{{- end }}
diff --git a/kong2tf/templates/service.go.tmpl b/kong2tf/templates/service.go.tmpl
deleted file mode 100644
index 1f1907a04..000000000
--- a/kong2tf/templates/service.go.tmpl
+++ /dev/null
@@ -1,69 +0,0 @@
-resource "konnect_gateway_service" "{{ cleanField .Name }}" {
-  {{- if .Name }}
-  name             = "{{ .Name }}"
-  {{- end }}
-  {{- if .Protocol }}
-  protocol         = "{{ .Protocol }}"
-  {{- end }}
-  {{- if .Host }}
-  host             = "{{ .Host }}"
-  {{- end }}
-  {{- if .Port }}
-  port             = {{ .Port }}
-  {{- end }}
-  {{- if .Path }}
-  path             = "{{ .Path }}"
-  {{- end }}
-  {{- if .ConnectTimeout }}
-  connect_timeout  = {{ .ConnectTimeout }}
-  {{- end }}
-  {{- if .ReadTimeout }}
-  read_timeout     = {{ .ReadTimeout }}
-  {{- end }}
-  {{- if .WriteTimeout }}
-  write_timeout    = {{ .WriteTimeout }}
-  {{- end }}
-  {{- if .Retries }}
-  retries          = {{ .Retries }}
-  {{- end }}
-  {{- if .TLSVerify }}
-  tls_verify       = {{ .TLSVerify }}
-  {{- end }}
-  {{- if .TLSVerifyDepth }}
-  tls_verify_depth = {{ .TLSVerifyDepth }}
-  {{- end }}
-  {{- if .CACertificates }}
-  ca_certificates  = [{{ range $index, $value := .CACertificates }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  control_plane_id = var.control_plane_id
-}
-
-{{- range .Plugins }}
-resource "konnect_gateway_plugin_{{ dashToUnderscore .Name }}" "{{ cleanField $.Name }}_{{ cleanField .Name }}" {
-  {{- if .InstanceName }}
-  instance_name = "{{ .InstanceName }}"
-  {{- end }}
-  {{- if .RunOn }}
-  run_on = "{{ .RunOn }}"
-  {{- end }}
-  {{- if .Enabled }}
-  enabled = {{ .Enabled }}
-  {{- end }}
-  {{- if .Config }}
-  config = {{ printf "%s" (jsonmarshal .Config) }}
-  {{- end }}
-  {{- if .Protocols }}
-  protocols = [{{ range $index, $value := .Protocols }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  service = {
-    id = konnect_gateway_service.{{ cleanField $.Name }}.id
-  }
-  control_plane_id = var.control_plane_id
-}
-{{- end }}
diff --git a/kong2tf/templates/upstream.go.tmpl b/kong2tf/templates/upstream.go.tmpl
deleted file mode 100644
index d446a09f9..000000000
--- a/kong2tf/templates/upstream.go.tmpl
+++ /dev/null
@@ -1,176 +0,0 @@
-resource "konnect_gateway_upstream" "{{ cleanField .Name }}" {
-  {{- if .Name }}
-  name             = "{{ .Name }}"
-  {{- end }}
-  {{- if .Slots }}
-  slots            = {{ .Slots }}
-  {{- end }}
-  {{- if .HostHeader }}
-  host_header      = "{{ .HostHeader }}"
-  {{- end }}
-  {{- if .ClientCertificate }}
-  client_certificate  = {
-    id = "{{ .ClientCertificate.ID }}"
-  }
-  {{- end }}
-  {{- if .Algorithm }}
-  algorithm        = "{{ .Algorithm }}"
-  {{- end }}
-  {{- if .HashOn }}
-  hash_on          = "{{ .HashOn }}"
-  {{- end }}
-  {{- if .HashFallback }}
-  hash_fallback    = "{{ .HashFallback }}"
-  {{- end }}
-  {{- if .HashOnHeader }}
-  hash_on_header   = "{{ .HashOnHeader }}"
-  {{- end }}
-  {{- if .HashFallbackHeader }}
-  hash_fallback_header = "{{ .HashFallbackHeader }}"
-  {{- end }}
-  {{- if .HashOnCookie }}
-  hash_on_cookie   = "{{ .HashOnCookie }}"
-  {{- end }}
-  {{- if .HashOnCookiePath }}
-  hash_on_cookie_path = "{{ .HashOnCookiePath }}"
-  {{- end }}
-  {{- if .HashOnQueryArg }}
-  hash_on_query_arg = "{{ .HashOnQueryArg }}"
-  {{- end }}
-  {{- if .HashFallbackQueryArg }}
-  hash_fallback_query_arg = "{{ .HashFallbackQueryArg }}"
-  {{- end }}
-  {{- if .HashOnURICapture }}
-  hash_on_uri_capture = "{{ .HashOnURICapture }}"
-  {{- end }}
-  {{- if .HashFallbackURICapture }}
-  hash_fallback_uri_capture = "{{ .HashFallbackURICapture }}"
-  {{- end }}
-  {{- if .UseSrvName }}
-  use_srv_name     = {{ .UseSrvName }}
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  {{- if .Healthchecks }}
-  healthchecks = {
-    {{- if .Healthchecks.Active }}
-    active = {
-    {{- if .Healthchecks.Active.Concurrency }}
-        concurrency = {{ .Healthchecks.Active.Concurrency }}
-    {{- end }}
-    {{- if .Healthchecks.Active.HTTPPath }}
-        http_path = "{{ .Healthchecks.Active.HTTPPath }}"
-    {{- end }}
-    {{- if .Healthchecks.Active.HTTPSSni }}
-        https_sni = "{{ .Healthchecks.Active.HTTPSSni }}"
-    {{- end }}
-    {{- if .Healthchecks.Active.HTTPSVerifyCertificate }}
-        https_verify_certificate = {{ .Healthchecks.Active.HTTPSVerifyCertificate }}
-    {{- end }}
-    {{- if .Healthchecks.Active.Timeout }}
-        timeout = {{ .Healthchecks.Active.Timeout }}
-    {{- end }}
-    {{- if .Healthchecks.Active.Type }}
-        type = "{{ .Healthchecks.Active.Type }}"
-    {{- end }}
-    {{- if .Healthchecks.Active.Headers }}
-        headers = {
-          {{- range $key, $value := .Healthchecks.Active.Headers }}
-          "{{ $key }}" = jsonencode({{ printf "%s" (jsonmarshal $value) }})
-          {{- end }}
-        }
-    {{- end }}
-    {{- if .Healthchecks.Active.Healthy }}
-      healthy = {
-        {{- if .Healthchecks.Active.Healthy.HTTPStatuses }}
-        http_statuses = [{{ range $index, $value := .Healthchecks.Active.Healthy.HTTPStatuses }}{{ if $index }}, {{ end }}{{ $value }}{{ end }}]
-        {{- end }}
-        {{- if .Healthchecks.Active.Healthy.Interval }}
-        interval = {{ .Healthchecks.Active.Healthy.Interval }}
-        {{- end }}
-        {{- if .Healthchecks.Active.Healthy.Successes }}
-        successes = {{ .Healthchecks.Active.Healthy.Successes }}
-        {{- end }}
-      }
-    {{- end }}
-    {{- if .Healthchecks.Active.Unhealthy }}
-      unhealthy = {
-        {{- if .Healthchecks.Active.Unhealthy.HTTPFailures }}
-        http_failures = {{ .Healthchecks.Active.Unhealthy.HTTPFailures }}
-        {{- end }}
-        {{- if .Healthchecks.Active.Unhealthy.HTTPStatuses }}
-        http_statuses = [{{ range $index, $value := .Healthchecks.Active.Unhealthy.HTTPStatuses }}{{ if $index }}, {{ end }}{{ $value }}{{ end }}]
-        {{- end }}
-        {{- if .Healthchecks.Active.Unhealthy.TCPFailures }}
-        tcp_failures = {{ .Healthchecks.Active.Unhealthy.TCPFailures }}
-        {{- end }}
-        {{- if .Healthchecks.Active.Unhealthy.Timeouts }}
-        timeouts = {{ .Healthchecks.Active.Unhealthy.Timeouts }}
-        {{- end }}
-        {{- if .Healthchecks.Active.Unhealthy.Interval }}
-        interval = {{ .Healthchecks.Active.Unhealthy.Interval }}
-        {{- end }}
-      }
-    {{- end }}
-    }
-    {{- end }}
-    {{- if .Healthchecks.Passive }}
-    passive = {
-        {{- if .Healthchecks.Passive.Healthy}}
-        healthy = {
-            {{- if .Healthchecks.Passive.Healthy.HTTPStatuses }}
-            http_statuses = [{{ range $index, $value := .Healthchecks.Passive.Healthy.HTTPStatuses }}{{ if $index }}, {{ end }}{{ $value }}{{ end }}]
-            {{- end }}
-            {{- if .Healthchecks.Passive.Healthy.Interval }}
-            interval = {{ .Healthchecks.Passive.Healthy.Interval }}
-            {{- end }}
-            {{- if .Healthchecks.Passive.Healthy.Successes }}
-            successes = {{ .Healthchecks.Passive.Healthy.Successes }}
-            {{- end }}
-        }
-        {{- end }}
-        {{- if .Healthchecks.Passive.Unhealthy}}
-        unhealthy = {
-            {{- if .Healthchecks.Passive.Unhealthy.HTTPFailures }}
-            http_failures = {{ .Healthchecks.Passive.Unhealthy.HTTPFailures }}
-            {{- end }}
-            {{- if .Healthchecks.Passive.Unhealthy.HTTPStatuses }}
-            http_statuses = [{{ range $index, $value := .Healthchecks.Passive.Unhealthy.HTTPStatuses }}{{ if $index }}, {{ end }}{{ $value }}{{ end }}]
-            {{- end }}
-            {{- if .Healthchecks.Passive.Unhealthy.TCPFailures }}
-            tcp_failures = {{ .Healthchecks.Passive.Unhealthy.TCPFailures }}
-            {{- end }}
-            {{- if .Healthchecks.Passive.Unhealthy.Timeouts }}
-            timeouts = {{ .Healthchecks.Passive.Unhealthy.Timeouts }}
-            {{- end }}
-            {{- if .Healthchecks.Passive.Unhealthy.Interval }}
-            interval = {{ .Healthchecks.Passive.Unhealthy.Interval }}
-            {{- end }}
-        }
-        {{- end }}
-        {{- if .Healthchecks.Passive.Type }}
-        type = "{{ .Healthchecks.Passive.Type }}"
-        {{- end }}
-    }
-    {{- end }}
-  }
-  {{- end }}
-  control_plane_id = var.control_plane_id
-}
-
-{{- range .Targets }}
-resource "konnect_gateway_target" "{{ cleanField $.Name }}_{{ cleanField .Target.Target }}" {
-  {{- if .Target.Target }}
-  target           = "{{ .Target.Target }}"
-  {{- end }}
-  {{- if .Weight }}
-  weight           = {{ .Weight }}
-  {{- end }}
-  {{- if .Tags }}
-  tags             = [{{ range $index, $value := .Tags }}{{ if $index }}, {{ end }}"{{ $value }}"{{ end }}]
-  {{- end }}
-  upstream_id      = konnect_gateway_upstream.{{ cleanField $.Name }}.id
-  control_plane_id = var.control_plane_id
-}
-{{- end }}
diff --git a/kong2tf/templates/vault.go.tmpl b/kong2tf/templates/vault.go.tmpl
deleted file mode 100644
index 7aba04f2d..000000000
--- a/kong2tf/templates/vault.go.tmpl
+++ /dev/null
@@ -1,12 +0,0 @@
-resource "konnect_gateway_vault" "{{ cleanField .Name }}" {
-  {{- if .Name }}
-  name   = "{{ .Name }}"
-  {{- end }}
-  {{- if .Prefix }}
-  prefix = "{{ .Prefix }}"
-  {{- end }}
-  {{- if .Config }}
-  config = jsonencode({{ printf "%s" (jsonmarshal .Config) }})
-  {{- end }}
-  control_plane_id = var.control_plane_id
-}
\ No newline at end of file
diff --git a/kong2tf/testdata/ca-certificate-output-expected.tf b/kong2tf/testdata/ca-certificate-output-expected.tf
index f56e20a7d..90d22b371 100644
--- a/kong2tf/testdata/ca-certificate-output-expected.tf
+++ b/kong2tf/testdata/ca-certificate-output-expected.tf
@@ -1,6 +1,11 @@
-resource "konnect_gateway_ca_certificate" "CA_1979456360678781371" {
-  cert             = <<EOF
-  -----BEGIN CERTIFICATE-----
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_ca_certificate" "ca_cert_236f23c811e37d144f92767e6c845006" {
+  cert = <<EOF
+-----BEGIN CERTIFICATE-----
 MIIBfDCCASKgAwIBAgIRAJqcZC1VSvSQLMN1+7yAeswwCgYIKoZIzj0EAwIwHDEa
 MBgGA1UEAxMRRGVtbyBLb25nIFJvb3QgQ0EwHhcNMjIwNjEzMTMzNzMzWhcNMjcw
 NjEzMTkzNzMzWjAcMRowGAYDVQQDExFEZW1vIEtvbmcgUm9vdCBDQTBZMBMGByqG
@@ -11,7 +16,9 @@ ScRDxX4IzDOrNzAKBggqhkjOPQQDAgNIADBFAiEAw6Dov0c0L++1W9VufAfSMdNR
 PSDfPU0MiUiG59/VIBICIEFn/6c5eQc3hUUBL74/RmNT2b1zxBmp7RiPXJAnAAwJ
 -----END CERTIFICATE-----
 EOF
-  cert_digest      = "f1baffe9fe9cf8497e38a4271d67fab44423678b7e7c0f677a50f37c113d81b5"
-  tags             = ["root-ca"]
+  cert_digest = "f1baffe9fe9cf8497e38a4271d67fab44423678b7e7c0f677a50f37c113d81b5"
+  tags = ["root-ca"]
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/certificate-sni-output-expected.tf b/kong2tf/testdata/certificate-sni-output-expected.tf
index 97cdd2cca..28bc8f451 100644
--- a/kong2tf/testdata/certificate-sni-output-expected.tf
+++ b/kong2tf/testdata/certificate-sni-output-expected.tf
@@ -1,6 +1,11 @@
-resource "konnect_gateway_certificate" "Cert_3549910271731929142" {
-  cert             = <<EOF
-  -----BEGIN CERTIFICATE-----
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_certificate" "cert_724715fca2416fb3c8f215f45d07fd43" {
+  cert = <<EOF
+-----BEGIN CERTIFICATE-----
 MIIECTCCAvGgAwIBAgIUAusYGP9BwoLFFAJdB/jY6eUzUyAwDQYJKoZIhvcNAQEL
 BQAwgZIxCzAJBgNVBAYTAlVLMRIwEAYDVQQIDAlIYW1wc2hpcmUxEjAQBgNVBAcM
 CUFsZGVyc2hvdDEQMA4GA1UECgwHS29uZyBVSzEQMA4GA1UECwwHU3VwcG9ydDEY
@@ -24,9 +29,9 @@ ovZgZo+OlhWRsDVT/qy5SFtA0vlVNtdBr2egXb1H7J8UDC+fax/iKa7+fBUHZOO9
 Fk9U8bxgfQ+jPIVVL8CfAtR68Sos7NpWH0S2emqZRnQvf0MSNdkTQKWn4qR9sckj
 Ewxs5FbrMmgCOgwk1PtgRmdP3RME0HwK/B03saQ=
 -----END CERTIFICATE-----
-  EOF
-  key             = <<EOF
-  -----BEGIN PRIVATE KEY-----
+EOF
+  key = <<EOF
+-----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCVGyoqqAitQUzZ
 P+5eNp+rpMkxLni8gdt3v/dD80/6M/MGc4ME6Hc2xQEtlbRa9RCqhc6K9A616fQi
 53mznYgEdyOiw/1mP8dClt5cdxd+XxolDkiz0x/M3og0zMddQnCg8XrAPjNv7Oat
@@ -54,14 +59,19 @@ LwIVvkm5NpeIlKQtDNrqG1QvUhqyZ2/Xitc4FyiccW7WHxkGKGZyj7GbmpqEOnyY
 iVku0LSftZgycet2uMdp0HaVAgi5S6aVf5yN0U/8R5ToxcbuEfqwrBIyRgse8lx3
 NNSvLxPAempmiFPSk9AtobYV
 -----END PRIVATE KEY-----
-  EOF
-  tags             = ["proxy.kong.lan"]
+EOF
+  tags = ["proxy.kong.lan"]
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_sni" "proxykonglan" {
-  name             = "proxy.kong.lan"
+
+resource "konnect_gateway_sni" "sni_proxy_kong_lan" {
+  name = "proxy.kong.lan"
+
   certificate = {
-    id = konnect_gateway_certificate.Cert_3549910271731929142.id
+    id = konnect_gateway_certificate.cert_724715fca2416fb3c8f215f45d07fd43.id
   }
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/consumer-acl-input.yaml b/kong2tf/testdata/consumer-acl-input.yaml
index 86ac68559..67fd7d240 100644
--- a/kong2tf/testdata/consumer-acl-input.yaml
+++ b/kong2tf/testdata/consumer-acl-input.yaml
@@ -1,6 +1,6 @@
 consumers:
   - username: example-user
     acls:
-      - group: acl_group
+      - group: demo_group
         tags:
-          - internal
\ No newline at end of file
+          - internal
diff --git a/kong2tf/testdata/consumer-acl-output-expected.tf b/kong2tf/testdata/consumer-acl-output-expected.tf
index 319fce08c..daee55d7b 100644
--- a/kong2tf/testdata/consumer-acl-output-expected.tf
+++ b/kong2tf/testdata/consumer-acl-output-expected.tf
@@ -1,10 +1,20 @@
-resource "konnect_gateway_consumer" "example-user" {
-  username         = "example-user"
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_consumer" "example_user" {
+  username = "example-user"
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_acl" "example-user_acl_group" {
-  group            = "acl_group"
-  tags             = ["internal"]
-  consumer_id      = konnect_gateway_consumer.example-user.id
+
+resource "konnect_gateway_acl" "example_user_acl_demo_group" {
+  group = "demo_group"
+  tags = ["internal"]
+
+  consumer_id = konnect_gateway_consumer.example_user.id
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/consumer-basic-auth-output-expected.tf b/kong2tf/testdata/consumer-basic-auth-output-expected.tf
index 7bdb322a0..c46d19c61 100644
--- a/kong2tf/testdata/consumer-basic-auth-output-expected.tf
+++ b/kong2tf/testdata/consumer-basic-auth-output-expected.tf
@@ -1,11 +1,21 @@
-resource "konnect_gateway_consumer" "example-user" {
-  username         = "example-user"
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_consumer" "example_user" {
+  username = "example-user"
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_basic_auth" "example-user_my_basic_user" {
-  username         = "my_basic_user"
-  password         = "my_basic_password"
-  tags             = ["internal"]
-  consumer_id      = konnect_gateway_consumer.example-user.id
+
+resource "konnect_gateway_basic_auth" "example_user_basic_auth_my_basic_user" {
+  username = "my_basic_user"
+  password = "my_basic_password"
+  tags = ["internal"]
+
+  consumer_id = konnect_gateway_consumer.example_user.id
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/consumer-group-output-expected.tf b/kong2tf/testdata/consumer-group-output-expected.tf
index cdb11ec9e..7d4ceca0e 100644
--- a/kong2tf/testdata/consumer-group-output-expected.tf
+++ b/kong2tf/testdata/consumer-group-output-expected.tf
@@ -1,9 +1,17 @@
-resource "konnect_gateway_consumer_group" "example-consumer-group" {
-  name             = "example-consumer-group"
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_consumer_group" "example_consumer_group" {
+  name = "example-consumer-group"
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_consumer_group_member" "example-user" {
-  consumer_id       = konnect_gateway_consumer.example-user.id
-  consumer_group_id = konnect_gateway_consumer_group.example-consumer-group.id
-  control_plane_id  = var.control_plane_id
+
+resource "konnect_gateway_consumer_group_member" "example_consumer_group_example_user" {
+  consumer_id = konnect_gateway_consumer.example_user.id
+  consumer_group_id = konnect_gateway_consumer_group.example_consumer_group.id
+  control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/consumer-group-plugin-output-expected.tf b/kong2tf/testdata/consumer-group-plugin-output-expected.tf
index 4970ea521..7a8b82d2d 100644
--- a/kong2tf/testdata/consumer-group-plugin-output-expected.tf
+++ b/kong2tf/testdata/consumer-group-plugin-output-expected.tf
@@ -1,11 +1,31 @@
-resource "konnect_gateway_consumer_group" "example-consumer-group" {
-  name             = "example-consumer-group"
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_consumer_group" "example_consumer_group" {
+  name = "example-consumer-group"
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_plugin_rate_limiting_advanced" "example-consumer-group_rate-limiting-advanced" {
-  config = {"hide_client_headers":false,"identifier":"consumer","limit":[5],"namespace":"example_namespace","retry_after_jitter_max":0,"strategy":"local","sync_rate":-1,"window_size":[30],"window_type":"sliding"}
+
+resource "konnect_gateway_plugin_rate_limiting_advanced" "example_consumer_group_rate_limiting_advanced" {
+  config = {
+    hide_client_headers = false
+    identifier = "consumer"
+    limit = [5]
+    namespace = "example_namespace"
+    retry_after_jitter_max = 0
+    strategy = "local"
+    sync_rate = -1
+    window_size = [30]
+    window_type = "sliding"
+  }
+
   consumer_group = {
-    id = konnect_gateway_consumer_group.example-consumer-group.id
+    id = konnect_gateway_consumer_group.example_consumer_group.id
   }
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/consumer-hmac-auth-output-expected.tf b/kong2tf/testdata/consumer-hmac-auth-output-expected.tf
index 612b0e168..24675be71 100644
--- a/kong2tf/testdata/consumer-hmac-auth-output-expected.tf
+++ b/kong2tf/testdata/consumer-hmac-auth-output-expected.tf
@@ -1,10 +1,20 @@
-resource "konnect_gateway_consumer" "example-user" {
-  username         = "example-user"
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_consumer" "example_user" {
+  username = "example-user"
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_hmac_auth" "example-user_example-user" {
-  username         = "example-user"
-  secret           = "just-a-secret"
-  consumer_id      = konnect_gateway_consumer.example-user.id
+
+resource "konnect_gateway_hmac_auth" "example_user_hmac_auth_example_user" {
+  username = "example-user"
+  secret = "just-a-secret"
+
+  consumer_id = konnect_gateway_consumer.example_user.id
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/consumer-jwt-output-expected.tf b/kong2tf/testdata/consumer-jwt-output-expected.tf
index ee63cd9f8..b126ce540 100644
--- a/kong2tf/testdata/consumer-jwt-output-expected.tf
+++ b/kong2tf/testdata/consumer-jwt-output-expected.tf
@@ -1,12 +1,22 @@
-resource "konnect_gateway_consumer" "example-user" {
-  username         = "example-user"
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_consumer" "example_user" {
+  username = "example-user"
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_jwt" "example-user_my_jwt_secret" {
-  key              = "my_jwt_secret"
-  algorithm        = "HS256"
-  secret           = "my_secret_key"
-  tags             = ["internal"]
-  consumer_id      = konnect_gateway_consumer.example-user.id
+
+resource "konnect_gateway_jwt" "example_user_jwt_my_jwt_secret" {
+  algorithm = "HS256"
+  key = "my_jwt_secret"
+  secret = "my_secret_key"
+  tags = ["internal"]
+
+  consumer_id = konnect_gateway_consumer.example_user.id
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/consumer-jwt-output-with-imports-expected.tf b/kong2tf/testdata/consumer-jwt-output-with-imports-expected.tf
new file mode 100644
index 000000000..698018209
--- /dev/null
+++ b/kong2tf/testdata/consumer-jwt-output-with-imports-expected.tf
@@ -0,0 +1,29 @@
+variable "control_plane_id" {
+  type = "string"
+  default = "abc-123"
+}
+
+resource "konnect_gateway_consumer" "example_user" {
+  username = "example-user"
+
+  control_plane_id = var.control_plane_id
+}
+
+resource "konnect_gateway_jwt" "example_user_jwt_my_jwt_secret" {
+  algorithm = "HS256"
+  key = "my_jwt_secret"
+  secret = "my_secret_key"
+  tags = ["internal"]
+
+  consumer_id = konnect_gateway_consumer.example_user.id
+
+  control_plane_id = var.control_plane_id
+  lifecycle {
+    ignore_changes = [
+      secret,
+      key
+    ]
+  }
+
+}
+
diff --git a/kong2tf/testdata/consumer-key-auth-output-expected.tf b/kong2tf/testdata/consumer-key-auth-output-expected.tf
index 5496fc981..753478f3c 100644
--- a/kong2tf/testdata/consumer-key-auth-output-expected.tf
+++ b/kong2tf/testdata/consumer-key-auth-output-expected.tf
@@ -1,10 +1,20 @@
-resource "konnect_gateway_consumer" "example-user" {
-  username         = "example-user"
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_consumer" "example_user" {
+  username = "example-user"
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_key_auth" "example-user_my_api_key" {
-  key              = "my_api_key"
-  tags             = ["internal"]
-  consumer_id      = konnect_gateway_consumer.example-user.id
+
+resource "konnect_gateway_key_auth" "example_user_key_auth_my_api_key" {
+  key = "my_api_key"
+  tags = ["internal"]
+
+  consumer_id = konnect_gateway_consumer.example_user.id
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/consumer-no-auth-output-expected.tf b/kong2tf/testdata/consumer-no-auth-output-expected.tf
index a9e047b0a..d218747a3 100644
--- a/kong2tf/testdata/consumer-no-auth-output-expected.tf
+++ b/kong2tf/testdata/consumer-no-auth-output-expected.tf
@@ -1,6 +1,13 @@
-resource "konnect_gateway_consumer" "example-user" {
-  username         = "example-user"
-  custom_id        = "1234567890"
-  tags             = ["internal"]
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_consumer" "example_user" {
+  username = "example-user"
+  custom_id = "1234567890"
+  tags = ["internal"]
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/consumer-plugin-output-expected.tf b/kong2tf/testdata/consumer-plugin-output-expected.tf
index 33b745c33..0650f0cad 100644
--- a/kong2tf/testdata/consumer-plugin-output-expected.tf
+++ b/kong2tf/testdata/consumer-plugin-output-expected.tf
@@ -1,11 +1,29 @@
-resource "konnect_gateway_consumer" "example-user" {
-  username         = "example-user"
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_consumer" "example_user" {
+  username = "example-user"
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_plugin_rate_limiting_advanced" "example-user_rate-limiting-advanced" {
-  config = {"hide_client_headers":false,"identifier":"consumer","limit":[5],"namespace":"example_namespace","strategy":"local","sync_rate":-1,"window_size":[30]}
+
+resource "konnect_gateway_plugin_rate_limiting_advanced" "example_user_rate_limiting_advanced" {
+  config = {
+    hide_client_headers = false
+    identifier = "consumer"
+    limit = [5]
+    namespace = "example_namespace"
+    strategy = "local"
+    sync_rate = -1
+    window_size = [30]
+  }
+
   consumer = {
-    id = konnect_gateway_consumer.example-user.id
+    id = konnect_gateway_consumer.example_user.id
   }
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/global-plugin-input.yaml b/kong2tf/testdata/global-plugin-input.yaml
deleted file mode 100644
index 08338e71c..000000000
--- a/kong2tf/testdata/global-plugin-input.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-plugins:
-- name: openid-connect
-  config:
-    auth_methods:
-    - authorization_code
-    - session
-    issuer: http://example.org
-    client_id:
-    - "<client-id>"
-    client_secret:
-    - "<client-secret>"
-    session_secret: "<session-secret>"
-    response_mode: form_post
\ No newline at end of file
diff --git a/kong2tf/testdata/global-plugin-oidc-input.yaml b/kong2tf/testdata/global-plugin-oidc-input.yaml
new file mode 100644
index 000000000..de3a90503
--- /dev/null
+++ b/kong2tf/testdata/global-plugin-oidc-input.yaml
@@ -0,0 +1,14 @@
+plugins:
+  - name: openid-connect
+    enabled: true
+    config:
+      auth_methods:
+        - authorization_code
+        - session
+      issuer: http://example.org
+      client_id:
+        - "<client-id>"
+      client_secret:
+        - "<client-secret>"
+      session_secret: "<session-secret>"
+      response_mode: form_post
diff --git a/kong2tf/testdata/global-plugin-oidc-output-expected.tf b/kong2tf/testdata/global-plugin-oidc-output-expected.tf
new file mode 100644
index 000000000..0b402b1f4
--- /dev/null
+++ b/kong2tf/testdata/global-plugin-oidc-output-expected.tf
@@ -0,0 +1,19 @@
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_plugin_openid_connect" "openid_connect" {
+  enabled = true
+  config = {
+    auth_methods = ["authorization_code", "session"]
+    client_id = ["<client-id>"]
+    client_secret = ["<client-secret>"]
+    issuer = "http://example.org"
+    response_mode = "form_post"
+    session_secret = "<session-secret>"
+  }
+
+  control_plane_id = var.control_plane_id
+}
+
diff --git a/kong2tf/testdata/global-plugin-output-expected.tf b/kong2tf/testdata/global-plugin-output-expected.tf
deleted file mode 100644
index 80a2915a6..000000000
--- a/kong2tf/testdata/global-plugin-output-expected.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-resource "konnect_gateway_plugin_openid_connect" "openid-connect" {
-  config = {"auth_methods":["authorization_code","session"],"client_id":["\u003cclient-id\u003e"],"client_secret":["\u003cclient-secret\u003e"],"issuer":"http://example.org","response_mode":"form_post","session_secret":"\u003csession-secret\u003e"}
-  control_plane_id = var.control_plane_id
-}
diff --git a/kong2tf/testdata/global-plugin-rate-limiting-input.yaml b/kong2tf/testdata/global-plugin-rate-limiting-input.yaml
new file mode 100644
index 000000000..121a06a1e
--- /dev/null
+++ b/kong2tf/testdata/global-plugin-rate-limiting-input.yaml
@@ -0,0 +1,7 @@
+plugins:
+  - name: rate-limiting
+    enabled: false
+    config:
+      second: 5
+      hour: 10000
+      policy: local
diff --git a/kong2tf/testdata/global-plugin-rate-limiting-output-expected.tf b/kong2tf/testdata/global-plugin-rate-limiting-output-expected.tf
new file mode 100644
index 000000000..5a19a1acb
--- /dev/null
+++ b/kong2tf/testdata/global-plugin-rate-limiting-output-expected.tf
@@ -0,0 +1,16 @@
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_plugin_rate_limiting" "rate_limiting" {
+  enabled = false
+  config = {
+    hour = 10000
+    policy = "local"
+    second = 5
+  }
+
+  control_plane_id = var.control_plane_id
+}
+
diff --git a/kong2tf/testdata/route-input.yaml b/kong2tf/testdata/route-input.yaml
index e739ffb7d..b4c32430c 100644
--- a/kong2tf/testdata/route-input.yaml
+++ b/kong2tf/testdata/route-input.yaml
@@ -35,4 +35,14 @@ services:
           - ip: 192.168.0.1
         destinations:
           - ip: 10.10.10.10
-            port: 8080
\ No newline at end of file
+            port: 8080
+
+routes:
+  - name: top-level-route
+    hosts:
+      - top-level.example.com
+  - name: top-level-with-service-route
+    service:
+      name: example-service
+    hosts:
+      - top-level-with-service.example.com
diff --git a/kong2tf/testdata/route-output-expected.tf b/kong2tf/testdata/route-output-expected.tf
index 30f2bc8bf..bc879c61d 100644
--- a/kong2tf/testdata/route-output-expected.tf
+++ b/kong2tf/testdata/route-output-expected.tf
@@ -1,41 +1,67 @@
-resource "konnect_gateway_service" "example-service" {
-  name             = "example-service"
-  protocol         = "http"
-  host             = "example-api.com"
-  port             = 80
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_service" "example_service" {
+  name = "example-service"
+  host = "example-api.com"
+  port = 80
+  protocol = "http"
+
   control_plane_id = var.control_plane_id
 }
 
-  
-resource "konnect_gateway_route" "example-route" {
+resource "konnect_gateway_route" "example_route" {
   name = "example-route"
-  hosts = ["example.com", "another-example.com", "yet-another-example.com"]
+  destinations = [
+    {
+      ip = "10.10.10.10"
+      port = 8080
+    },
+  ]
   headers = {
-    "x-another-header" = jsonencode(["first-header-value","second-header-value"])
-    "x-my-header" = jsonencode(["~*foos?bar$"])
+    x-another-header = ["first-header-value", "second-header-value"]
+    x-my-header = ["~*foos?bar$"]
   }
+  hosts = ["example.com", "another-example.com", "yet-another-example.com"]
+  https_redirect_status_code = 302
   methods = ["GET", "POST"]
   paths = ["~/v1/example/?$", "/v1/another-example", "/v1/yet-another-example"]
   preserve_host = true
   protocols = ["http", "https"]
   regex_priority = 1
-  strip_path = false
   snis = ["example.com"]
   sources = [
     {
-      ip   = "192.168.0.1"
-    }
-  ]
-  destinations = [
-    {
-      ip   = "10.10.10.10"
-      port = 8080
-    }
+      ip = "192.168.0.1"
+    },
   ]
+  strip_path = false
   tags = ["version:v1"]
-  https_redirect_status_code = 302
+
+  service = {
+    id = konnect_gateway_service.example_service.id
+  }
+
+  control_plane_id = var.control_plane_id
+}
+
+resource "konnect_gateway_route" "top_level_route" {
+  name = "top-level-route"
+  hosts = ["top-level.example.com"]
+
+  control_plane_id = var.control_plane_id
+}
+
+resource "konnect_gateway_route" "top_level_with_service_route" {
+  name = "top-level-with-service-route"
+  hosts = ["top-level-with-service.example.com"]
+
   service = {
-    id = konnect_gateway_service.example-service.id
-  }  
+    id = konnect_gateway_service.example_service.id
+  }
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/route-plugin-output-expected.tf b/kong2tf/testdata/route-plugin-output-expected.tf
index 71d06815e..662d8b4ea 100644
--- a/kong2tf/testdata/route-plugin-output-expected.tf
+++ b/kong2tf/testdata/route-plugin-output-expected.tf
@@ -1,24 +1,42 @@
-resource "konnect_gateway_service" "example-service" {
-  name             = "example-service"
-  protocol         = "http"
-  host             = "example-api.com"
-  port             = 80
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_service" "example_service" {
+  name = "example-service"
+  host = "example-api.com"
+  port = 80
+  protocol = "http"
+
   control_plane_id = var.control_plane_id
 }
 
-  
-resource "konnect_gateway_route" "example-route" {
+resource "konnect_gateway_route" "example_route" {
   name = "example-route"
   paths = ["~/v1/example/?$"]
+
   service = {
-    id = konnect_gateway_service.example-service.id
-  }  
+    id = konnect_gateway_service.example_service.id
+  }
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_plugin_cors" "example-service_example-route_cors" {
-  config = {"credentials":true,"exposed_headers":["X-My-Header"],"headers":["Authorization"],"max_age":3600,"methods":["GET","POST"],"origins":["example.com"]}
+
+resource "konnect_gateway_plugin_cors" "example_route_cors" {
+  config = {
+    credentials = true
+    exposed_headers = ["X-My-Header"]
+    headers = ["Authorization"]
+    max_age = 3600
+    methods = ["GET", "POST"]
+    origins = ["example.com"]
+  }
+
   route = {
-    id = konnect_gateway_route.example-route.id
+    id = konnect_gateway_route.example_route.id
   }
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/service-output-expected.tf b/kong2tf/testdata/service-output-expected.tf
index b8a317591..59128051e 100644
--- a/kong2tf/testdata/service-output-expected.tf
+++ b/kong2tf/testdata/service-output-expected.tf
@@ -1,16 +1,24 @@
-resource "konnect_gateway_service" "example-service" {
-  name             = "example-service"
-  protocol         = "http"
-  host             = "example-api.com"
-  port             = 80
-  path             = "/v1"
-  connect_timeout  = 5000
-  read_timeout     = 60000
-  write_timeout    = 60000
-  retries          = 5
-  tls_verify       = true
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_service" "example_service" {
+  enabled = true
+  name = "example-service"
+  client_certificate = "4e3ad2e4-0bc4-4638-8e34-c84a417ba39b"
+  connect_timeout = 5000
+  host = "example-api.com"
+  path = "/v1"
+  port = 80
+  protocol = "http"
+  read_timeout = 60000
+  retries = 5
+  tags = ["example", "api"]
+  tls_verify = true
   tls_verify_depth = 1
-  tags             = ["example", "api"]
+  write_timeout = 60000
+
   control_plane_id = var.control_plane_id
 }
 
diff --git a/kong2tf/testdata/service-plugin-output-expected.tf b/kong2tf/testdata/service-plugin-output-expected.tf
index 232b724af..ea871a4f1 100644
--- a/kong2tf/testdata/service-plugin-output-expected.tf
+++ b/kong2tf/testdata/service-plugin-output-expected.tf
@@ -1,15 +1,40 @@
-resource "konnect_gateway_service" "example-service" {
-  name             = "example-service"
-  protocol         = "http"
-  host             = "example-api.com"
-  port             = 80
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_service" "example_service" {
+  name = "example-service"
+  host = "example-api.com"
+  port = 80
+  protocol = "http"
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_plugin_rate_limiting_advanced" "example-service_rate-limiting-advanced" {
-  config = {"hide_client_headers":false,"identifier":"consumer","limit":[5],"namespace":"example_namespace","strategy":"local","sync_rate":-1,"window_size":[30]}
+
+resource "konnect_gateway_plugin_rate_limiting_advanced" "example_service_rate_limiting_advanced" {
+  config = {
+    hide_client_headers = false
+    identifier = "consumer"
+    limit = [5]
+    namespace = "example_namespace"
+    strategy = "local"
+    sync_rate = -1
+    window_size = [30]
+  }
+  ordering = {
+    after = {
+      access = ["yet-another-plugin"]
+    }
+    before = {
+      access = ["another-plugin"]
+    }
+  }
+
   service = {
-    id = konnect_gateway_service.example-service.id
+    id = konnect_gateway_service.example_service.id
   }
+
   control_plane_id = var.control_plane_id
 }
 
diff --git a/kong2tf/testdata/upstream-target-input.yaml b/kong2tf/testdata/upstream-target-input.yaml
index 16dc59b34..285ca28f8 100644
--- a/kong2tf/testdata/upstream-target-input.yaml
+++ b/kong2tf/testdata/upstream-target-input.yaml
@@ -81,4 +81,4 @@ upstreams:
     - target: 10.10.10.10:8000
       weight: 100
     - target: 10.10.10.11:8000
-      weight: 100
\ No newline at end of file
+      weight: 200
\ No newline at end of file
diff --git a/kong2tf/testdata/upstream-target-output-expected.tf b/kong2tf/testdata/upstream-target-output-expected.tf
index 3f8d23615..fdb9eb0a1 100644
--- a/kong2tf/testdata/upstream-target-output-expected.tf
+++ b/kong2tf/testdata/upstream-target-output-expected.tf
@@ -1,63 +1,77 @@
-resource "konnect_gateway_upstream" "example-apicom" {
-  name             = "example-api.com"
-  slots            = 10000
-  host_header      = "example.com"
-  algorithm        = "round-robin"
-  hash_on          = "none"
-  hash_fallback    = "none"
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
+resource "konnect_gateway_upstream" "upstream_example_api_com" {
+  name = "example-api.com"
+  algorithm = "round-robin"
+  hash_fallback = "none"
+  hash_on = "none"
   hash_on_cookie_path = "/"
-  use_srv_name     = false
-  tags             = ["user-level", "low-priority"]
   healthchecks = {
     active = {
-        concurrency = 10
-        http_path = "/"
-        https_sni = "example.com"
-        https_verify_certificate = true
-        timeout = 1
-        type = "http"
-        headers = {
-          "x-another-header" = jsonencode(["bla"])
-          "x-my-header" = jsonencode(["foo","bar"])
-        }
+      concurrency = 10
+      headers = {
+        x-another-header = ["bla"]
+        x-my-header = ["foo", "bar"]
+      }
       healthy = {
         http_statuses = [200, 302]
         interval = 0
         successes = 0
       }
+      http_path = "/"
+      https_sni = "example.com"
+      https_verify_certificate = true
+      timeout = 1
+      type = "http"
       unhealthy = {
         http_failures = 0
         http_statuses = [429, 404, 500, 501, 502, 503, 504, 505]
+        interval = 0
         tcp_failures = 0
         timeouts = 0
-        interval = 0
       }
     }
     passive = {
-        healthy = {
-            http_statuses = [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
-            successes = 0
-        }
-        unhealthy = {
-            http_failures = 0
-            http_statuses = [429, 500, 503]
-            tcp_failures = 0
-            timeouts = 0
-        }
-        type = "http"
+      healthy = {
+        http_statuses = [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+        successes = 0
+      }
+      type = "http"
+      unhealthy = {
+        http_failures = 0
+        http_statuses = [429, 500, 503]
+        tcp_failures = 0
+        timeouts = 0
+      }
     }
+    threshold = 0
   }
+  host_header = "example.com"
+  slots = 10000
+  tags = ["user-level", "low-priority"]
+  use_srv_name = false
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_target" "example-apicom_101010108000" {
-  target           = "10.10.10.10:8000"
-  weight           = 100
-  upstream_id      = konnect_gateway_upstream.example-apicom.id
+
+resource "konnect_gateway_target" "upstream_example_api_com_target_10_10_10_10_8000" {
+  target = "10.10.10.10:8000"
+  weight = 100
+
+  upstream_id = konnect_gateway_upstream.upstream_example_api_com.id
+
   control_plane_id = var.control_plane_id
 }
-resource "konnect_gateway_target" "example-apicom_101010118000" {
-  target           = "10.10.10.11:8000"
-  weight           = 100
-  upstream_id      = konnect_gateway_upstream.example-apicom.id
+
+resource "konnect_gateway_target" "upstream_example_api_com_target_10_10_10_11_8000" {
+  target = "10.10.10.11:8000"
+  weight = 200
+
+  upstream_id = konnect_gateway_upstream.upstream_example_api_com.id
+
   control_plane_id = var.control_plane_id
 }
+
diff --git a/kong2tf/testdata/vault-output-expected.tf b/kong2tf/testdata/vault-output-expected.tf
index 434453062..1c1af8d8b 100644
--- a/kong2tf/testdata/vault-output-expected.tf
+++ b/kong2tf/testdata/vault-output-expected.tf
@@ -1,6 +1,17 @@
+variable "control_plane_id" {
+  type = "string"
+  default = "YOUR_CONTROL_PLANE_ID"
+}
+
 resource "konnect_gateway_vault" "env" {
-  name   = "env"
+  name = "env"
+  config = jsonencode({
+    prefix = "MY_SECRET_"
+  })
+  description = "ENV vault for secrets"
   prefix = "my-env-vault"
-  config = jsonencode({"prefix":"MY_SECRET_"})
+  tags = ["env-vault"]
+
   control_plane_id = var.control_plane_id
-}
\ No newline at end of file
+}
+