kms

package
v0.18.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2019 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CryptoKey 

type CryptoKey struct {
	// contains filtered or unexported fields
}

Allows creation of a Google Cloud Platform KMS CryptoKey. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).

A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.

> Note: CryptoKeys cannot be deleted from Google Cloud Platform. Destroying a Terraform-managed CryptoKey will remove it from state and delete all CryptoKeyVersions, rendering the key unusable, but **will not delete the resource on the server**. When Terraform destroys these keys, any data previously encrypted with these keys will be irrecoverable. For this reason, it is strongly recommended that you add lifecycle hooks to the resource to prevent accidental destruction.

func GetCryptoKey 

func GetCryptoKey(ctx *pulumi.Context,
	name string, id pulumi.ID, state *CryptoKeyState, opts ...pulumi.ResourceOpt) (*CryptoKey, error)

GetCryptoKey gets an existing CryptoKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCryptoKey 

func NewCryptoKey(ctx *pulumi.Context,
	name string, args *CryptoKeyArgs, opts ...pulumi.ResourceOpt) (*CryptoKey, error)

NewCryptoKey registers a new resource with the given unique name, arguments, and options.

func (*CryptoKey) ID 

func (r *CryptoKey) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*CryptoKey) KeyRing 

func (r *CryptoKey) KeyRing() *pulumi.StringOutput

The id of the Google Cloud Platform KeyRing to which the key shall belong.

func (*CryptoKey) Name 

func (r *CryptoKey) Name() *pulumi.StringOutput

The CryptoKey's name. A CryptoKey’s name must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`

func (*CryptoKey) RotationPeriod 

func (r *CryptoKey) RotationPeriod() *pulumi.StringOutput

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400). 

func (r *CryptoKey) SelfLink() *pulumi.StringOutput

The self link of the created CryptoKey. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}`.

func (*CryptoKey) URN 

func (r *CryptoKey) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

func (*CryptoKey) VersionTemplate added in v0.18.0 

func (r *CryptoKey) VersionTemplate() *pulumi.Output

A template describing settings for new crypto key versions. Structure is documented below.

type CryptoKeyArgs 

type CryptoKeyArgs struct {
	// The id of the Google Cloud Platform KeyRing to which the key shall belong.
	KeyRing interface{}
	// The CryptoKey's name.
	// A CryptoKey’s name must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	Name interface{}
	// Every time this period passes, generate a new CryptoKeyVersion and set it as
	// the primary. The first rotation will take place after the specified period. The rotation period has the format
	// of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than
	// a day (ie, 86400).
	RotationPeriod interface{}
	// A template describing settings for new crypto key versions. Structure is documented below.
	VersionTemplate interface{}
}

The set of arguments for constructing a CryptoKey resource.

type CryptoKeyIAMBinding 

type CryptoKeyIAMBinding struct {
	// contains filtered or unexported fields
}

Allows creation and management of a single binding within IAM policy for an existing Google Cloud KMS crypto key.

> **Note:** On create, this resource will overwrite members of any existing roles. 

Use `terraform import` and inspect the `terraform plan` output to ensure
your existing members are preserved.

func GetCryptoKeyIAMBinding 

func GetCryptoKeyIAMBinding(ctx *pulumi.Context,
	name string, id pulumi.ID, state *CryptoKeyIAMBindingState, opts ...pulumi.ResourceOpt) (*CryptoKeyIAMBinding, error)

GetCryptoKeyIAMBinding gets an existing CryptoKeyIAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCryptoKeyIAMBinding 

func NewCryptoKeyIAMBinding(ctx *pulumi.Context,
	name string, args *CryptoKeyIAMBindingArgs, opts ...pulumi.ResourceOpt) (*CryptoKeyIAMBinding, error)

NewCryptoKeyIAMBinding registers a new resource with the given unique name, arguments, and options.

func (*CryptoKeyIAMBinding) CryptoKeyId 

func (r *CryptoKeyIAMBinding) CryptoKeyId() *pulumi.StringOutput

The crypto key ID, in the form `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback.

func (*CryptoKeyIAMBinding) Etag 

func (r *CryptoKeyIAMBinding) Etag() *pulumi.StringOutput

(Computed) The etag of the crypto key's IAM policy.

func (*CryptoKeyIAMBinding) ID 

func (r *CryptoKeyIAMBinding) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*CryptoKeyIAMBinding) Members 

func (r *CryptoKeyIAMBinding) Members() *pulumi.ArrayOutput

A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

func (*CryptoKeyIAMBinding) Role 

func (r *CryptoKeyIAMBinding) Role() *pulumi.StringOutput

The role that should be applied. Only one `google_kms_crypto_key_iam_binding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (*CryptoKeyIAMBinding) URN 

func (r *CryptoKeyIAMBinding) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type CryptoKeyIAMBindingArgs 

type CryptoKeyIAMBindingArgs struct {
	// The crypto key ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`.
	// In the second form, the provider's project setting will be used as a fallback.
	CryptoKeyId interface{}
	// A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
	Members interface{}
	// The role that should be applied. Only one
	// `google_kms_crypto_key_iam_binding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role interface{}
}

The set of arguments for constructing a CryptoKeyIAMBinding resource.

type CryptoKeyIAMBindingState 

type CryptoKeyIAMBindingState struct {
	// The crypto key ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`.
	// In the second form, the provider's project setting will be used as a fallback.
	CryptoKeyId interface{}
	// (Computed) The etag of the crypto key's IAM policy.
	Etag interface{}
	// A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
	Members interface{}
	// The role that should be applied. Only one
	// `google_kms_crypto_key_iam_binding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role interface{}
}

Input properties used for looking up and filtering CryptoKeyIAMBinding resources.

type CryptoKeyIAMMember 

type CryptoKeyIAMMember struct {
	// contains filtered or unexported fields
}

Allows creation and management of a single member for a single binding within the IAM policy for an existing Google Cloud KMS crypto key.

> **Note:** This resource _must not_ be used in conjunction with 

`google_kms_crypto_key_iam_policy` or they will fight over what your policy
should be. Similarly, roles controlled by `google_kms_crypto_key_iam_binding`
should not be assigned to using `google_kms_crypto_key_iam_member`.

func GetCryptoKeyIAMMember 

func GetCryptoKeyIAMMember(ctx *pulumi.Context,
	name string, id pulumi.ID, state *CryptoKeyIAMMemberState, opts ...pulumi.ResourceOpt) (*CryptoKeyIAMMember, error)

GetCryptoKeyIAMMember gets an existing CryptoKeyIAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCryptoKeyIAMMember 

func NewCryptoKeyIAMMember(ctx *pulumi.Context,
	name string, args *CryptoKeyIAMMemberArgs, opts ...pulumi.ResourceOpt) (*CryptoKeyIAMMember, error)

NewCryptoKeyIAMMember registers a new resource with the given unique name, arguments, and options.

func (*CryptoKeyIAMMember) CryptoKeyId 

func (r *CryptoKeyIAMMember) CryptoKeyId() *pulumi.StringOutput

The key ring ID, in the form `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback.

func (*CryptoKeyIAMMember) Etag 

func (r *CryptoKeyIAMMember) Etag() *pulumi.StringOutput

(Computed) The etag of the project's IAM policy.

func (*CryptoKeyIAMMember) ID 

func (r *CryptoKeyIAMMember) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*CryptoKeyIAMMember) Member 

func (r *CryptoKeyIAMMember) Member() *pulumi.StringOutput

The user that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

func (*CryptoKeyIAMMember) Role 

func (r *CryptoKeyIAMMember) Role() *pulumi.StringOutput

The role that should be applied. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (*CryptoKeyIAMMember) URN 

func (r *CryptoKeyIAMMember) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type CryptoKeyIAMMemberArgs 

type CryptoKeyIAMMemberArgs struct {
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,
	// the provider's project setting will be used as a fallback.
	CryptoKeyId interface{}
	// The user that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
	Member interface{}
	// The role that should be applied. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role interface{}
}

The set of arguments for constructing a CryptoKeyIAMMember resource.

type CryptoKeyIAMMemberState 

type CryptoKeyIAMMemberState struct {
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,
	// the provider's project setting will be used as a fallback.
	CryptoKeyId interface{}
	// (Computed) The etag of the project's IAM policy.
	Etag interface{}
	// The user that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding
	Member interface{}
	// The role that should be applied. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role interface{}
}

Input properties used for looking up and filtering CryptoKeyIAMMember resources.

type CryptoKeyState 

type CryptoKeyState struct {
	// The id of the Google Cloud Platform KeyRing to which the key shall belong.
	KeyRing interface{}
	// The CryptoKey's name.
	// A CryptoKey’s name must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	Name interface{}
	// Every time this period passes, generate a new CryptoKeyVersion and set it as
	// the primary. The first rotation will take place after the specified period. The rotation period has the format
	// of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than
	// a day (ie, 86400).
	RotationPeriod interface{}
	// The self link of the created CryptoKey. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}`.
	SelfLink interface{}
	// A template describing settings for new crypto key versions. Structure is documented below.
	VersionTemplate interface{}
}

Input properties used for looking up and filtering CryptoKey resources.

type GetKMSCryptoKeyArgs added in v0.18.0 

type GetKMSCryptoKeyArgs struct {
	// The `self_link` of the Google Cloud Platform KeyRing to which the key belongs.
	KeyRing interface{}
	// The CryptoKey's name.
	// A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	Name interface{}
}

A collection of arguments for invoking getKMSCryptoKey.

type GetKMSCryptoKeyResult added in v0.18.0 

type GetKMSCryptoKeyResult struct {
	// Every time this period passes, generate a new CryptoKeyVersion and set it as
	// the primary. The first rotation will take place after the specified period. The rotation period has the format
	// of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
	RotationPeriod interface{}
	// The self link of the created CryptoKey. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}`.
	SelfLink         interface{}
	VersionTemplates interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getKMSCryptoKey.

func LookupKMSCryptoKey added in v0.18.0 

func LookupKMSCryptoKey(ctx *pulumi.Context, args *GetKMSCryptoKeyArgs) (*GetKMSCryptoKeyResult, error)

Provides access to a Google Cloud Platform KMS CryptoKey. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).

A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.

type GetKMSKeyRingArgs added in v0.18.0 

type GetKMSKeyRingArgs struct {
	// The Google Cloud Platform location for the KeyRing.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	Location interface{}
	// The KeyRing's name.
	// A KeyRing name must exist within the provided location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	Name interface{}
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project interface{}
}

A collection of arguments for invoking getKMSKeyRing.

type GetKMSKeyRingResult added in v0.18.0 

type GetKMSKeyRingResult struct {
	// The self link of the created KeyRing. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}`.
	SelfLink interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getKMSKeyRing.

func LookupKMSKeyRing added in v0.18.0 

func LookupKMSKeyRing(ctx *pulumi.Context, args *GetKMSKeyRingArgs) (*GetKMSKeyRingResult, error)

Provides access to Google Cloud Platform KMS KeyRing. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).

A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project and resides in a specific location.

type GetKMSSecretArgs 

type GetKMSSecretArgs struct {
	// The ciphertext to be decrypted, encoded in base64
	Ciphertext interface{}
	// The id of the CryptoKey that will be used to
	// decrypt the provided ciphertext. This is represented by the format
	// `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`.
	CryptoKey interface{}
}

A collection of arguments for invoking getKMSSecret.

type GetKMSSecretResult 

type GetKMSSecretResult struct {
	// Contains the result of decrypting the provided ciphertext.
	Plaintext interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getKMSSecret.

func LookupKMSSecret 

func LookupKMSSecret(ctx *pulumi.Context, args *GetKMSSecretArgs) (*GetKMSSecretResult, error)

This data source allows you to use data encrypted with Google Cloud KMS within your resource definitions.

For more information see [the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).

> **NOTE**: Using this data provider will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.

type KeyRing 

type KeyRing struct {
	// contains filtered or unexported fields
}

Allows creation of a Google Cloud Platform KMS KeyRing. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).

A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project and resides in a specific location.

> Note: KeyRings cannot be deleted from Google Cloud Platform. Destroying a Terraform-managed KeyRing will remove it from state but **will not delete the resource on the server**.

func GetKeyRing 

func GetKeyRing(ctx *pulumi.Context,
	name string, id pulumi.ID, state *KeyRingState, opts ...pulumi.ResourceOpt) (*KeyRing, error)

GetKeyRing gets an existing KeyRing resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRing 

func NewKeyRing(ctx *pulumi.Context,
	name string, args *KeyRingArgs, opts ...pulumi.ResourceOpt) (*KeyRing, error)

NewKeyRing registers a new resource with the given unique name, arguments, and options.

func (*KeyRing) ID 

func (r *KeyRing) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*KeyRing) Location 

func (r *KeyRing) Location() *pulumi.StringOutput

The Google Cloud Platform location for the KeyRing. A full list of valid locations can be found by running `gcloud kms locations list`.

func (*KeyRing) Name 

func (r *KeyRing) Name() *pulumi.StringOutput

The KeyRing's name. A KeyRing’s name must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`

func (*KeyRing) Project 

func (r *KeyRing) Project() *pulumi.StringOutput

The project in which the resource belongs. If it is not provided, the provider project is used. 

func (r *KeyRing) SelfLink() *pulumi.StringOutput

The self link of the created KeyRing. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}`.

func (*KeyRing) URN 

func (r *KeyRing) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type KeyRingArgs 

type KeyRingArgs struct {
	// The Google Cloud Platform location for the KeyRing.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	Location interface{}
	// The KeyRing's name.
	// A KeyRing’s name must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	Name interface{}
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project interface{}
}

The set of arguments for constructing a KeyRing resource.

type KeyRingIAMBinding 

type KeyRingIAMBinding struct {
	// contains filtered or unexported fields
}

Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:

* `google_kms_key_ring_iam_policy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached. * `google_kms_key_ring_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved. * `google_kms_key_ring_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.

> **Note:** `google_kms_key_ring_iam_policy` **cannot** be used in conjunction with `google_kms_key_ring_iam_binding` and `google_kms_key_ring_iam_member` or they will fight over what your policy should be.

> **Note:** `google_kms_key_ring_iam_binding` resources **can be** used in conjunction with `google_kms_key_ring_iam_member` resources **only if** they do not grant privilege to the same role.

func GetKeyRingIAMBinding 

func GetKeyRingIAMBinding(ctx *pulumi.Context,
	name string, id pulumi.ID, state *KeyRingIAMBindingState, opts ...pulumi.ResourceOpt) (*KeyRingIAMBinding, error)

GetKeyRingIAMBinding gets an existing KeyRingIAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingIAMBinding 

func NewKeyRingIAMBinding(ctx *pulumi.Context,
	name string, args *KeyRingIAMBindingArgs, opts ...pulumi.ResourceOpt) (*KeyRingIAMBinding, error)

NewKeyRingIAMBinding registers a new resource with the given unique name, arguments, and options.

func (*KeyRingIAMBinding) Etag 

func (r *KeyRingIAMBinding) Etag() *pulumi.StringOutput

(Computed) The etag of the key ring's IAM policy.

func (*KeyRingIAMBinding) ID 

func (r *KeyRingIAMBinding) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*KeyRingIAMBinding) KeyRingId 

func (r *KeyRingIAMBinding) KeyRingId() *pulumi.StringOutput

The key ring ID, in the form `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback.

func (*KeyRingIAMBinding) Members 

func (r *KeyRingIAMBinding) Members() *pulumi.ArrayOutput

func (*KeyRingIAMBinding) Role 

func (r *KeyRingIAMBinding) Role() *pulumi.StringOutput

The role that should be applied. Only one `google_kms_key_ring_iam_binding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (*KeyRingIAMBinding) URN 

func (r *KeyRingIAMBinding) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type KeyRingIAMBindingArgs 

type KeyRingIAMBindingArgs struct {
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId interface{}
	Members   interface{}
	// The role that should be applied. Only one
	// `google_kms_key_ring_iam_binding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role interface{}
}

The set of arguments for constructing a KeyRingIAMBinding resource.

type KeyRingIAMBindingState 

type KeyRingIAMBindingState struct {
	// (Computed) The etag of the key ring's IAM policy.
	Etag interface{}
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId interface{}
	Members   interface{}
	// The role that should be applied. Only one
	// `google_kms_key_ring_iam_binding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role interface{}
}

Input properties used for looking up and filtering KeyRingIAMBinding resources.

type KeyRingIAMMember 

type KeyRingIAMMember struct {
	// contains filtered or unexported fields
}

Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:

* `google_kms_key_ring_iam_policy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached. * `google_kms_key_ring_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved. * `google_kms_key_ring_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.

> **Note:** `google_kms_key_ring_iam_policy` **cannot** be used in conjunction with `google_kms_key_ring_iam_binding` and `google_kms_key_ring_iam_member` or they will fight over what your policy should be.

> **Note:** `google_kms_key_ring_iam_binding` resources **can be** used in conjunction with `google_kms_key_ring_iam_member` resources **only if** they do not grant privilege to the same role.

func GetKeyRingIAMMember 

func GetKeyRingIAMMember(ctx *pulumi.Context,
	name string, id pulumi.ID, state *KeyRingIAMMemberState, opts ...pulumi.ResourceOpt) (*KeyRingIAMMember, error)

GetKeyRingIAMMember gets an existing KeyRingIAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingIAMMember 

func NewKeyRingIAMMember(ctx *pulumi.Context,
	name string, args *KeyRingIAMMemberArgs, opts ...pulumi.ResourceOpt) (*KeyRingIAMMember, error)

NewKeyRingIAMMember registers a new resource with the given unique name, arguments, and options.

func (*KeyRingIAMMember) Etag 

func (r *KeyRingIAMMember) Etag() *pulumi.StringOutput

(Computed) The etag of the key ring's IAM policy.

func (*KeyRingIAMMember) ID 

func (r *KeyRingIAMMember) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*KeyRingIAMMember) KeyRingId 

func (r *KeyRingIAMMember) KeyRingId() *pulumi.StringOutput

The key ring ID, in the form `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback.

func (*KeyRingIAMMember) Member 

func (r *KeyRingIAMMember) Member() *pulumi.StringOutput

func (*KeyRingIAMMember) Role 

func (r *KeyRingIAMMember) Role() *pulumi.StringOutput

The role that should be applied. Only one `google_kms_key_ring_iam_binding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (*KeyRingIAMMember) URN 

func (r *KeyRingIAMMember) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type KeyRingIAMMemberArgs 

type KeyRingIAMMemberArgs struct {
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId interface{}
	Member    interface{}
	// The role that should be applied. Only one
	// `google_kms_key_ring_iam_binding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role interface{}
}

The set of arguments for constructing a KeyRingIAMMember resource.

type KeyRingIAMMemberState 

type KeyRingIAMMemberState struct {
	// (Computed) The etag of the key ring's IAM policy.
	Etag interface{}
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId interface{}
	Member    interface{}
	// The role that should be applied. Only one
	// `google_kms_key_ring_iam_binding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role interface{}
}

Input properties used for looking up and filtering KeyRingIAMMember resources.

type KeyRingIAMPolicy 

type KeyRingIAMPolicy struct {
	// contains filtered or unexported fields
}

Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:

* `google_kms_key_ring_iam_policy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached. * `google_kms_key_ring_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved. * `google_kms_key_ring_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.

> **Note:** `google_kms_key_ring_iam_policy` **cannot** be used in conjunction with `google_kms_key_ring_iam_binding` and `google_kms_key_ring_iam_member` or they will fight over what your policy should be.

> **Note:** `google_kms_key_ring_iam_binding` resources **can be** used in conjunction with `google_kms_key_ring_iam_member` resources **only if** they do not grant privilege to the same role.

func GetKeyRingIAMPolicy 

func GetKeyRingIAMPolicy(ctx *pulumi.Context,
	name string, id pulumi.ID, state *KeyRingIAMPolicyState, opts ...pulumi.ResourceOpt) (*KeyRingIAMPolicy, error)

GetKeyRingIAMPolicy gets an existing KeyRingIAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingIAMPolicy 

func NewKeyRingIAMPolicy(ctx *pulumi.Context,
	name string, args *KeyRingIAMPolicyArgs, opts ...pulumi.ResourceOpt) (*KeyRingIAMPolicy, error)

NewKeyRingIAMPolicy registers a new resource with the given unique name, arguments, and options.

func (*KeyRingIAMPolicy) Etag 

func (r *KeyRingIAMPolicy) Etag() *pulumi.StringOutput

(Computed) The etag of the key ring's IAM policy.

func (*KeyRingIAMPolicy) ID 

func (r *KeyRingIAMPolicy) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*KeyRingIAMPolicy) KeyRingId 

func (r *KeyRingIAMPolicy) KeyRingId() *pulumi.StringOutput

The key ring ID, in the form `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback.

func (*KeyRingIAMPolicy) PolicyData 

func (r *KeyRingIAMPolicy) PolicyData() *pulumi.StringOutput

The policy data generated by a `google_iam_policy` data source.

func (*KeyRingIAMPolicy) URN 

func (r *KeyRingIAMPolicy) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type KeyRingIAMPolicyArgs 

type KeyRingIAMPolicyArgs struct {
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId interface{}
	// The policy data generated by
	// a `google_iam_policy` data source.
	PolicyData interface{}
}

The set of arguments for constructing a KeyRingIAMPolicy resource.

type KeyRingIAMPolicyState 

type KeyRingIAMPolicyState struct {
	// (Computed) The etag of the key ring's IAM policy.
	Etag interface{}
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId interface{}
	// The policy data generated by
	// a `google_iam_policy` data source.
	PolicyData interface{}
}

Input properties used for looking up and filtering KeyRingIAMPolicy resources.

type KeyRingState 

type KeyRingState struct {
	// The Google Cloud Platform location for the KeyRing.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	Location interface{}
	// The KeyRing's name.
	// A KeyRing’s name must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	Name interface{}
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project interface{}
	// The self link of the created KeyRing. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}`.
	SelfLink interface{}
}

Input properties used for looking up and filtering KeyRing resources.

type Registry 

type Registry struct {
	// contains filtered or unexported fields
}
Creates a device registry in Google's Cloud IoT Core platform. For more information see

[the official documentation](https://cloud.google.com/iot/docs/) and [API](https://cloud.google.com/iot/docs/reference/cloudiot/rest/v1/projects.locations.registries).

func GetRegistry 

func GetRegistry(ctx *pulumi.Context,
	name string, id pulumi.ID, state *RegistryState, opts ...pulumi.ResourceOpt) (*Registry, error)

GetRegistry gets an existing Registry resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRegistry 

func NewRegistry(ctx *pulumi.Context,
	name string, args *RegistryArgs, opts ...pulumi.ResourceOpt) (*Registry, error)

NewRegistry registers a new resource with the given unique name, arguments, and options.

func (*Registry) Credentials 

func (r *Registry) Credentials() *pulumi.ArrayOutput

List of public key certificates to authenticate devices. Structure is documented below.

func (*Registry) EventNotificationConfig 

func (r *Registry) EventNotificationConfig() *pulumi.Output

A PubSub topics to publish device events. Structure is documented below.

func (*Registry) HttpConfig 

func (r *Registry) HttpConfig() *pulumi.Output

Activate or deactivate HTTP. Structure is documented below.

func (*Registry) ID 

func (r *Registry) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*Registry) MqttConfig 

func (r *Registry) MqttConfig() *pulumi.Output

Activate or deactivate MQTT. Structure is documented below.

func (*Registry) Name 

func (r *Registry) Name() *pulumi.StringOutput

A unique name for the resource, required by device registry. Changing this forces a new resource to be created.

func (*Registry) Project 

func (r *Registry) Project() *pulumi.StringOutput

The project in which the resource belongs. If it is not provided, the provider project is used.

func (*Registry) Region 

func (r *Registry) Region() *pulumi.StringOutput

The Region in which the created address should reside. If it is not provided, the provider region is used.

func (*Registry) StateNotificationConfig 

func (r *Registry) StateNotificationConfig() *pulumi.Output

A PubSub topic to publish device state updates. Structure is documented below.

func (*Registry) URN 

func (r *Registry) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type RegistryArgs 

type RegistryArgs struct {
	// List of public key certificates to authenticate devices. Structure is documented below.
	Credentials interface{}
	// A PubSub topics to publish device events. Structure is documented below.
	EventNotificationConfig interface{}
	// Activate or deactivate HTTP. Structure is documented below.
	HttpConfig interface{}
	// Activate or deactivate MQTT. Structure is documented below.
	MqttConfig interface{}
	// A unique name for the resource, required by device registry.
	// Changing this forces a new resource to be created.
	Name interface{}
	// The project in which the resource belongs. If it is not provided, the provider project is used.
	Project interface{}
	// The Region in which the created address should reside. If it is not provided, the provider region is used.
	Region interface{}
	// A PubSub topic to publish device state updates. Structure is documented below.
	StateNotificationConfig interface{}
}

The set of arguments for constructing a Registry resource.

type RegistryState 

type RegistryState struct {
	// List of public key certificates to authenticate devices. Structure is documented below.
	Credentials interface{}
	// A PubSub topics to publish device events. Structure is documented below.
	EventNotificationConfig interface{}
	// Activate or deactivate HTTP. Structure is documented below.
	HttpConfig interface{}
	// Activate or deactivate MQTT. Structure is documented below.
	MqttConfig interface{}
	// A unique name for the resource, required by device registry.
	// Changing this forces a new resource to be created.
	Name interface{}
	// The project in which the resource belongs. If it is not provided, the provider project is used.
	Project interface{}
	// The Region in which the created address should reside. If it is not provided, the provider region is used.
	Region interface{}
	// A PubSub topic to publish device state updates. Structure is documented below.
	StateNotificationConfig interface{}
}

Input properties used for looking up and filtering Registry resources.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.