kms

package
v8.12.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2024 License: Apache-2.0 Imports: 7 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AutokeyConfig 

type AutokeyConfig struct {
	pulumi.CustomResourceState

	// The folder for which to retrieve config.
	//
	// ***
	Folder pulumi.StringOutput `pulumi:"folder"`
	// The target key project for a given folder where KMS Autokey will provision a
	// CryptoKey for any new KeyHandle the Developer creates. Should have the form
	// `projects/<project_id_or_number>`.
	KeyProject pulumi.StringPtrOutput `pulumi:"keyProject"`
}

## Example Usage

### Kms Autokey Config All

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects"
"github.com/pulumi/pulumi-time/sdk/go/time"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// Create Folder in GCP Organization
		autokmsFolder, err := organizations.NewFolder(ctx, "autokms_folder", &organizations.FolderArgs{
			DisplayName:        pulumi.String("my-folder"),
			Parent:             pulumi.String("organizations/123456789"),
			DeletionProtection: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		// Create the key project
		keyProject, err := organizations.NewProject(ctx, "key_project", &organizations.ProjectArgs{
			ProjectId:      pulumi.String("key-proj"),
			Name:           pulumi.String("key-proj"),
			FolderId:       autokmsFolder.FolderId,
			BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
			DeletionPolicy: pulumi.String("DELETE"),
		}, pulumi.DependsOn([]pulumi.Resource{
			autokmsFolder,
		}))
		if err != nil {
			return err
		}
		// Enable the Cloud KMS API
		kmsApiService, err := projects.NewService(ctx, "kms_api_service", &projects.ServiceArgs{
			Service:                  pulumi.String("cloudkms.googleapis.com"),
			Project:                  keyProject.ProjectId,
			DisableOnDestroy:         pulumi.Bool(false),
			DisableDependentServices: pulumi.Bool(true),
		}, pulumi.DependsOn([]pulumi.Resource{
			keyProject,
		}))
		if err != nil {
			return err
		}
		// Wait delay after enabling APIs
		waitEnableServiceApi, err := time.NewSleep(ctx, "wait_enable_service_api", &time.SleepArgs{
			CreateDuration: "30s",
		}, pulumi.DependsOn([]pulumi.Resource{
			kmsApiService,
		}))
		if err != nil {
			return err
		}
		// Create KMS Service Agent
		kmsServiceAgent, err := projects.NewServiceIdentity(ctx, "kms_service_agent", &projects.ServiceIdentityArgs{
			Service: pulumi.String("cloudkms.googleapis.com"),
			Project: keyProject.Number,
		}, pulumi.DependsOn([]pulumi.Resource{
			waitEnableServiceApi,
		}))
		if err != nil {
			return err
		}
		// Wait delay after creating service agent.
		waitServiceAgent, err := time.NewSleep(ctx, "wait_service_agent", &time.SleepArgs{
			CreateDuration: "10s",
		}, pulumi.DependsOn([]pulumi.Resource{
			kmsServiceAgent,
		}))
		if err != nil {
			return err
		}
		// Grant the KMS Service Agent the Cloud KMS Admin role
		autokeyProjectAdmin, err := projects.NewIAMMember(ctx, "autokey_project_admin", &projects.IAMMemberArgs{
			Project: keyProject.ProjectId,
			Role:    pulumi.String("roles/cloudkms.admin"),
			Member: keyProject.Number.ApplyT(func(number string) (string, error) {
				return fmt.Sprintf("serviceAccount:service-%v@gcp-sa-cloudkms.iam.gserviceaccount.com", number), nil
			}).(pulumi.StringOutput),
		}, pulumi.DependsOn([]pulumi.Resource{
			waitServiceAgent,
		}))
		if err != nil {
			return err
		}
		// Wait delay after granting IAM permissions
		waitSrvAccPermissions, err := time.NewSleep(ctx, "wait_srv_acc_permissions", &time.SleepArgs{
			CreateDuration: "10s",
		}, pulumi.DependsOn([]pulumi.Resource{
			autokeyProjectAdmin,
		}))
		if err != nil {
			return err
		}
		_, err = kms.NewAutokeyConfig(ctx, "example-autokeyconfig", &kms.AutokeyConfigArgs{
			Folder: autokmsFolder.ID(),
			KeyProject: keyProject.ProjectId.ApplyT(func(projectId string) (string, error) {
				return fmt.Sprintf("projects/%v", projectId), nil
			}).(pulumi.StringOutput),
		}, pulumi.DependsOn([]pulumi.Resource{
			waitSrvAccPermissions,
		}))
		if err != nil {
			return err
		}
		// Wait delay after setting AutokeyConfig, to prevent diffs on reapply,
		// because setting the config takes a little to fully propagate.
		_, err = time.NewSleep(ctx, "wait_autokey_propagation", &time.SleepArgs{
			CreateDuration: "30s",
		}, pulumi.DependsOn([]pulumi.Resource{
			example_autokeyconfig,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AutokeyConfig can be imported using any of these accepted formats:

* `folders/{{folder}}/autokeyConfig`

* `{{folder}}`

When using the `pulumi import` command, AutokeyConfig can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:kms/autokeyConfig:AutokeyConfig default folders/{{folder}}/autokeyConfig ```

```sh $ pulumi import gcp:kms/autokeyConfig:AutokeyConfig default {{folder}} ```

func GetAutokeyConfig 

func GetAutokeyConfig(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AutokeyConfigState, opts ...pulumi.ResourceOption) (*AutokeyConfig, error)

GetAutokeyConfig gets an existing AutokeyConfig resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAutokeyConfig 

func NewAutokeyConfig(ctx *pulumi.Context,
	name string, args *AutokeyConfigArgs, opts ...pulumi.ResourceOption) (*AutokeyConfig, error)

NewAutokeyConfig registers a new resource with the given unique name, arguments, and options.

func (*AutokeyConfig) ElementType 

func (*AutokeyConfig) ElementType() reflect.Type

func (*AutokeyConfig) ToAutokeyConfigOutput 

func (i *AutokeyConfig) ToAutokeyConfigOutput() AutokeyConfigOutput

func (*AutokeyConfig) ToAutokeyConfigOutputWithContext 

func (i *AutokeyConfig) ToAutokeyConfigOutputWithContext(ctx context.Context) AutokeyConfigOutput

type AutokeyConfigArgs 

type AutokeyConfigArgs struct {
	// The folder for which to retrieve config.
	//
	// ***
	Folder pulumi.StringInput
	// The target key project for a given folder where KMS Autokey will provision a
	// CryptoKey for any new KeyHandle the Developer creates. Should have the form
	// `projects/<project_id_or_number>`.
	KeyProject pulumi.StringPtrInput
}

The set of arguments for constructing a AutokeyConfig resource.

func (AutokeyConfigArgs) ElementType 

func (AutokeyConfigArgs) ElementType() reflect.Type

type AutokeyConfigArray 

type AutokeyConfigArray []AutokeyConfigInput

func (AutokeyConfigArray) ElementType 

func (AutokeyConfigArray) ElementType() reflect.Type

func (AutokeyConfigArray) ToAutokeyConfigArrayOutput 

func (i AutokeyConfigArray) ToAutokeyConfigArrayOutput() AutokeyConfigArrayOutput

func (AutokeyConfigArray) ToAutokeyConfigArrayOutputWithContext 

func (i AutokeyConfigArray) ToAutokeyConfigArrayOutputWithContext(ctx context.Context) AutokeyConfigArrayOutput

type AutokeyConfigArrayInput 

type AutokeyConfigArrayInput interface {
	pulumi.Input

	ToAutokeyConfigArrayOutput() AutokeyConfigArrayOutput
	ToAutokeyConfigArrayOutputWithContext(context.Context) AutokeyConfigArrayOutput
}

AutokeyConfigArrayInput is an input type that accepts AutokeyConfigArray and AutokeyConfigArrayOutput values. You can construct a concrete instance of `AutokeyConfigArrayInput` via: 

AutokeyConfigArray{ AutokeyConfigArgs{...} }

type AutokeyConfigArrayOutput 

type AutokeyConfigArrayOutput struct{ *pulumi.OutputState }

func (AutokeyConfigArrayOutput) ElementType 

func (AutokeyConfigArrayOutput) ElementType() reflect.Type

func (AutokeyConfigArrayOutput) Index 

func (o AutokeyConfigArrayOutput) Index(i pulumi.IntInput) AutokeyConfigOutput

func (AutokeyConfigArrayOutput) ToAutokeyConfigArrayOutput 

func (o AutokeyConfigArrayOutput) ToAutokeyConfigArrayOutput() AutokeyConfigArrayOutput

func (AutokeyConfigArrayOutput) ToAutokeyConfigArrayOutputWithContext 

func (o AutokeyConfigArrayOutput) ToAutokeyConfigArrayOutputWithContext(ctx context.Context) AutokeyConfigArrayOutput

type AutokeyConfigInput 

type AutokeyConfigInput interface {
	pulumi.Input

	ToAutokeyConfigOutput() AutokeyConfigOutput
	ToAutokeyConfigOutputWithContext(ctx context.Context) AutokeyConfigOutput
}

type AutokeyConfigMap 

type AutokeyConfigMap map[string]AutokeyConfigInput

func (AutokeyConfigMap) ElementType 

func (AutokeyConfigMap) ElementType() reflect.Type

func (AutokeyConfigMap) ToAutokeyConfigMapOutput 

func (i AutokeyConfigMap) ToAutokeyConfigMapOutput() AutokeyConfigMapOutput

func (AutokeyConfigMap) ToAutokeyConfigMapOutputWithContext 

func (i AutokeyConfigMap) ToAutokeyConfigMapOutputWithContext(ctx context.Context) AutokeyConfigMapOutput

type AutokeyConfigMapInput 

type AutokeyConfigMapInput interface {
	pulumi.Input

	ToAutokeyConfigMapOutput() AutokeyConfigMapOutput
	ToAutokeyConfigMapOutputWithContext(context.Context) AutokeyConfigMapOutput
}

AutokeyConfigMapInput is an input type that accepts AutokeyConfigMap and AutokeyConfigMapOutput values. You can construct a concrete instance of `AutokeyConfigMapInput` via: 

AutokeyConfigMap{ "key": AutokeyConfigArgs{...} }

type AutokeyConfigMapOutput 

type AutokeyConfigMapOutput struct{ *pulumi.OutputState }

func (AutokeyConfigMapOutput) ElementType 

func (AutokeyConfigMapOutput) ElementType() reflect.Type

func (AutokeyConfigMapOutput) MapIndex 

func (o AutokeyConfigMapOutput) MapIndex(k pulumi.StringInput) AutokeyConfigOutput

func (AutokeyConfigMapOutput) ToAutokeyConfigMapOutput 

func (o AutokeyConfigMapOutput) ToAutokeyConfigMapOutput() AutokeyConfigMapOutput

func (AutokeyConfigMapOutput) ToAutokeyConfigMapOutputWithContext 

func (o AutokeyConfigMapOutput) ToAutokeyConfigMapOutputWithContext(ctx context.Context) AutokeyConfigMapOutput

type AutokeyConfigOutput 

type AutokeyConfigOutput struct{ *pulumi.OutputState }

func (AutokeyConfigOutput) ElementType 

func (AutokeyConfigOutput) ElementType() reflect.Type

func (AutokeyConfigOutput) Folder 

func (o AutokeyConfigOutput) Folder() pulumi.StringOutput

The folder for which to retrieve config.

***

func (AutokeyConfigOutput) KeyProject 

func (o AutokeyConfigOutput) KeyProject() pulumi.StringPtrOutput

The target key project for a given folder where KMS Autokey will provision a CryptoKey for any new KeyHandle the Developer creates. Should have the form `projects/<project_id_or_number>`.

func (AutokeyConfigOutput) ToAutokeyConfigOutput 

func (o AutokeyConfigOutput) ToAutokeyConfigOutput() AutokeyConfigOutput

func (AutokeyConfigOutput) ToAutokeyConfigOutputWithContext 

func (o AutokeyConfigOutput) ToAutokeyConfigOutputWithContext(ctx context.Context) AutokeyConfigOutput

type AutokeyConfigState 

type AutokeyConfigState struct {
	// The folder for which to retrieve config.
	//
	// ***
	Folder pulumi.StringPtrInput
	// The target key project for a given folder where KMS Autokey will provision a
	// CryptoKey for any new KeyHandle the Developer creates. Should have the form
	// `projects/<project_id_or_number>`.
	KeyProject pulumi.StringPtrInput
}

func (AutokeyConfigState) ElementType 

func (AutokeyConfigState) ElementType() reflect.Type

type CryptoKey 

type CryptoKey struct {
	pulumi.CustomResourceState

	// The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.
	// The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
	CryptoKeyBackend pulumi.StringOutput `pulumi:"cryptoKeyBackend"`
	// The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
	// If not specified at creation time, the default duration is 30 days.
	DestroyScheduledDuration pulumi.StringOutput `pulumi:"destroyScheduledDuration"`
	// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
	EffectiveLabels pulumi.StringMapOutput `pulumi:"effectiveLabels"`
	// Whether this key may contain imported versions only.
	ImportOnly pulumi.BoolOutput `pulumi:"importOnly"`
	// The policy used for Key Access Justifications Policy Enforcement. If this
	// field is present and this key is enrolled in Key Access Justifications
	// Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
	// sign operations, and the operation will fail if rejected by the policy. The
	// policy is defined by specifying zero or more allowed justification codes.
	// https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
	// By default, this field is absent, and all justification codes are allowed.
	// This field is currently in beta and is subject to change.
	// Structure is documented below.
	KeyAccessJustificationsPolicy CryptoKeyKeyAccessJustificationsPolicyOutput `pulumi:"keyAccessJustificationsPolicy"`
	// The KeyRing that this key belongs to.
	// Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
	//
	// ***
	KeyRing pulumi.StringOutput `pulumi:"keyRing"`
	// Labels with user-defined metadata to apply to this resource.
	//
	// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
	// Please refer to the field `effectiveLabels` for all of the labels present on the resource.
	Labels pulumi.StringMapOutput `pulumi:"labels"`
	// The resource name for the CryptoKey.
	Name pulumi.StringOutput `pulumi:"name"`
	// A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.
	// Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
	// Structure is documented below.
	Primaries CryptoKeyPrimaryArrayOutput `pulumi:"primaries"`
	// The combination of labels configured directly on the resource
	// and default labels configured on the provider.
	PulumiLabels pulumi.StringMapOutput `pulumi:"pulumiLabels"`
	// The immutable purpose of this CryptoKey. See the
	// [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)
	// for possible inputs.
	// Default value is "ENCRYPT_DECRYPT".
	Purpose pulumi.StringPtrOutput `pulumi:"purpose"`
	// Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.
	// The first rotation will take place after the specified period. The rotation period has
	// the format of a decimal number with up to 9 fractional digits, followed by the
	// letter `s` (seconds). It must be greater than a day (ie, 86400).
	RotationPeriod pulumi.StringPtrOutput `pulumi:"rotationPeriod"`
	// If set to true, the request will create a CryptoKey without any CryptoKeyVersions.
	// You must use the `kms.CryptoKeyVersion` resource to create a new CryptoKeyVersion
	// or `kms.KeyRingImportJob` resource to import the CryptoKeyVersion.
	SkipInitialVersionCreation pulumi.BoolPtrOutput `pulumi:"skipInitialVersionCreation"`
	// A template describing settings for new crypto key versions.
	// Structure is documented below.
	VersionTemplate CryptoKeyVersionTemplateOutput `pulumi:"versionTemplate"`
}

A `CryptoKey` represents a logical key that can be used for cryptographic operations.

> **Note:** CryptoKeys cannot be deleted from Google Cloud Platform. Destroying a provider-managed CryptoKey will remove it from state and delete all CryptoKeyVersions, rendering the key unusable, but *will not delete the resource from the project.* When the provider destroys these keys, any data previously encrypted with these keys will be irrecoverable. For this reason, it is strongly recommended that you use Pulumi's [protect resource option](https://www.pulumi.com/docs/concepts/options/protect/).

To get more information about CryptoKey, see:

* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) * How-to Guides

## Example Usage

### Kms Crypto Key Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = kms.NewCryptoKey(ctx, "example-key", &kms.CryptoKeyArgs{
			Name:           pulumi.String("crypto-key-example"),
			KeyRing:        keyring.ID(),
			RotationPeriod: pulumi.String("7776000s"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Kms Crypto Key Asymmetric Sign

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = kms.NewCryptoKey(ctx, "example-asymmetric-sign-key", &kms.CryptoKeyArgs{
			Name:    pulumi.String("crypto-key-example"),
			KeyRing: keyring.ID(),
			Purpose: pulumi.String("ASYMMETRIC_SIGN"),
			VersionTemplate: &kms.CryptoKeyVersionTemplateArgs{
				Algorithm: pulumi.String("EC_SIGN_P384_SHA384"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

CryptoKey can be imported using any of these accepted formats:

* `{{key_ring}}/cryptoKeys/{{name}}`

* `{{key_ring}}/{{name}}`

When using the `pulumi import` command, CryptoKey can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:kms/cryptoKey:CryptoKey default {{key_ring}}/cryptoKeys/{{name}} ```

```sh $ pulumi import gcp:kms/cryptoKey:CryptoKey default {{key_ring}}/{{name}} ```

func GetCryptoKey 

func GetCryptoKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CryptoKeyState, opts ...pulumi.ResourceOption) (*CryptoKey, error)

GetCryptoKey gets an existing CryptoKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCryptoKey 

func NewCryptoKey(ctx *pulumi.Context,
	name string, args *CryptoKeyArgs, opts ...pulumi.ResourceOption) (*CryptoKey, error)

NewCryptoKey registers a new resource with the given unique name, arguments, and options.

func (*CryptoKey) ElementType 

func (*CryptoKey) ElementType() reflect.Type

func (*CryptoKey) ToCryptoKeyOutput 

func (i *CryptoKey) ToCryptoKeyOutput() CryptoKeyOutput

func (*CryptoKey) ToCryptoKeyOutputWithContext 

func (i *CryptoKey) ToCryptoKeyOutputWithContext(ctx context.Context) CryptoKeyOutput

type CryptoKeyArgs 

type CryptoKeyArgs struct {
	// The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.
	// The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
	CryptoKeyBackend pulumi.StringPtrInput
	// The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
	// If not specified at creation time, the default duration is 30 days.
	DestroyScheduledDuration pulumi.StringPtrInput
	// Whether this key may contain imported versions only.
	ImportOnly pulumi.BoolPtrInput
	// The policy used for Key Access Justifications Policy Enforcement. If this
	// field is present and this key is enrolled in Key Access Justifications
	// Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
	// sign operations, and the operation will fail if rejected by the policy. The
	// policy is defined by specifying zero or more allowed justification codes.
	// https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
	// By default, this field is absent, and all justification codes are allowed.
	// This field is currently in beta and is subject to change.
	// Structure is documented below.
	KeyAccessJustificationsPolicy CryptoKeyKeyAccessJustificationsPolicyPtrInput
	// The KeyRing that this key belongs to.
	// Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
	//
	// ***
	KeyRing pulumi.StringInput
	// Labels with user-defined metadata to apply to this resource.
	//
	// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
	// Please refer to the field `effectiveLabels` for all of the labels present on the resource.
	Labels pulumi.StringMapInput
	// The resource name for the CryptoKey.
	Name pulumi.StringPtrInput
	// The immutable purpose of this CryptoKey. See the
	// [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)
	// for possible inputs.
	// Default value is "ENCRYPT_DECRYPT".
	Purpose pulumi.StringPtrInput
	// Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.
	// The first rotation will take place after the specified period. The rotation period has
	// the format of a decimal number with up to 9 fractional digits, followed by the
	// letter `s` (seconds). It must be greater than a day (ie, 86400).
	RotationPeriod pulumi.StringPtrInput
	// If set to true, the request will create a CryptoKey without any CryptoKeyVersions.
	// You must use the `kms.CryptoKeyVersion` resource to create a new CryptoKeyVersion
	// or `kms.KeyRingImportJob` resource to import the CryptoKeyVersion.
	SkipInitialVersionCreation pulumi.BoolPtrInput
	// A template describing settings for new crypto key versions.
	// Structure is documented below.
	VersionTemplate CryptoKeyVersionTemplatePtrInput
}

The set of arguments for constructing a CryptoKey resource.

func (CryptoKeyArgs) ElementType 

func (CryptoKeyArgs) ElementType() reflect.Type

type CryptoKeyArray 

type CryptoKeyArray []CryptoKeyInput

func (CryptoKeyArray) ElementType 

func (CryptoKeyArray) ElementType() reflect.Type

func (CryptoKeyArray) ToCryptoKeyArrayOutput 

func (i CryptoKeyArray) ToCryptoKeyArrayOutput() CryptoKeyArrayOutput

func (CryptoKeyArray) ToCryptoKeyArrayOutputWithContext 

func (i CryptoKeyArray) ToCryptoKeyArrayOutputWithContext(ctx context.Context) CryptoKeyArrayOutput

type CryptoKeyArrayInput 

type CryptoKeyArrayInput interface {
	pulumi.Input

	ToCryptoKeyArrayOutput() CryptoKeyArrayOutput
	ToCryptoKeyArrayOutputWithContext(context.Context) CryptoKeyArrayOutput
}

CryptoKeyArrayInput is an input type that accepts CryptoKeyArray and CryptoKeyArrayOutput values. You can construct a concrete instance of `CryptoKeyArrayInput` via: 

CryptoKeyArray{ CryptoKeyArgs{...} }

type CryptoKeyArrayOutput 

type CryptoKeyArrayOutput struct{ *pulumi.OutputState }

func (CryptoKeyArrayOutput) ElementType 

func (CryptoKeyArrayOutput) ElementType() reflect.Type

func (CryptoKeyArrayOutput) Index 

func (o CryptoKeyArrayOutput) Index(i pulumi.IntInput) CryptoKeyOutput

func (CryptoKeyArrayOutput) ToCryptoKeyArrayOutput 

func (o CryptoKeyArrayOutput) ToCryptoKeyArrayOutput() CryptoKeyArrayOutput

func (CryptoKeyArrayOutput) ToCryptoKeyArrayOutputWithContext 

func (o CryptoKeyArrayOutput) ToCryptoKeyArrayOutputWithContext(ctx context.Context) CryptoKeyArrayOutput

type CryptoKeyIAMBinding 

type CryptoKeyIAMBinding struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition CryptoKeyIAMBindingConditionPtrOutput `pulumi:"condition"`
	// The crypto key ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,
	// the provider's project setting will be used as a fallback.
	CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"`
	// (Computed) The etag of the project's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The role that should be applied. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:

* `kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached. * `kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved. * `kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.

> **Note:** `kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `kms.CryptoKeyIAMBinding` and `kms.CryptoKeyIAMMember` or they will fight over what your policy should be.

> **Note:** `kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		key, err := kms.NewCryptoKey(ctx, "key", &kms.CryptoKeyArgs{
			Name:           pulumi.String("crypto-key-example"),
			KeyRing:        keyring.ID(),
			RotationPeriod: pulumi.String("7776000s"),
		})
		if err != nil {
			return err
		}
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/cloudkms.cryptoKeyEncrypter",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewCryptoKeyIAMPolicy(ctx, "crypto_key", &kms.CryptoKeyIAMPolicyArgs{
			CryptoKeyId: key.ID(),
			PolicyData:  pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/cloudkms.cryptoKeyEncrypter",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{
			CryptoKeyId: pulumi.Any(key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{
			CryptoKeyId: pulumi.Any(key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.CryptoKeyIAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{
			CryptoKeyId: pulumi.Any(key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Member:      pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{
			CryptoKeyId: pulumi.Any(key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Member:      pulumi.String("user:jane@example.com"),
			Condition: &kms.CryptoKeyIAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

### Importing IAM policies

IAM policy imports use the identifier of the KMS crypto key only. For example:

* `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`

An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:

tf

import { 

id = "{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}"

to = google_kms_crypto_key_iam_policy.default

}

The `pulumi import` command can also be used:

```sh $ pulumi import gcp:kms/cryptoKeyIAMBinding:CryptoKeyIAMBinding default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}} ```

func GetCryptoKeyIAMBinding 

func GetCryptoKeyIAMBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CryptoKeyIAMBindingState, opts ...pulumi.ResourceOption) (*CryptoKeyIAMBinding, error)

GetCryptoKeyIAMBinding gets an existing CryptoKeyIAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCryptoKeyIAMBinding 

func NewCryptoKeyIAMBinding(ctx *pulumi.Context,
	name string, args *CryptoKeyIAMBindingArgs, opts ...pulumi.ResourceOption) (*CryptoKeyIAMBinding, error)

NewCryptoKeyIAMBinding registers a new resource with the given unique name, arguments, and options.

func (*CryptoKeyIAMBinding) ElementType 

func (*CryptoKeyIAMBinding) ElementType() reflect.Type

func (*CryptoKeyIAMBinding) ToCryptoKeyIAMBindingOutput 

func (i *CryptoKeyIAMBinding) ToCryptoKeyIAMBindingOutput() CryptoKeyIAMBindingOutput

func (*CryptoKeyIAMBinding) ToCryptoKeyIAMBindingOutputWithContext 

func (i *CryptoKeyIAMBinding) ToCryptoKeyIAMBindingOutputWithContext(ctx context.Context) CryptoKeyIAMBindingOutput

type CryptoKeyIAMBindingArgs 

type CryptoKeyIAMBindingArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition CryptoKeyIAMBindingConditionPtrInput
	// The crypto key ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,
	// the provider's project setting will be used as a fallback.
	CryptoKeyId pulumi.StringInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The role that should be applied. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a CryptoKeyIAMBinding resource.

func (CryptoKeyIAMBindingArgs) ElementType 

func (CryptoKeyIAMBindingArgs) ElementType() reflect.Type

type CryptoKeyIAMBindingArray 

type CryptoKeyIAMBindingArray []CryptoKeyIAMBindingInput

func (CryptoKeyIAMBindingArray) ElementType 

func (CryptoKeyIAMBindingArray) ElementType() reflect.Type

func (CryptoKeyIAMBindingArray) ToCryptoKeyIAMBindingArrayOutput 

func (i CryptoKeyIAMBindingArray) ToCryptoKeyIAMBindingArrayOutput() CryptoKeyIAMBindingArrayOutput

func (CryptoKeyIAMBindingArray) ToCryptoKeyIAMBindingArrayOutputWithContext 

func (i CryptoKeyIAMBindingArray) ToCryptoKeyIAMBindingArrayOutputWithContext(ctx context.Context) CryptoKeyIAMBindingArrayOutput

type CryptoKeyIAMBindingArrayInput 

type CryptoKeyIAMBindingArrayInput interface {
	pulumi.Input

	ToCryptoKeyIAMBindingArrayOutput() CryptoKeyIAMBindingArrayOutput
	ToCryptoKeyIAMBindingArrayOutputWithContext(context.Context) CryptoKeyIAMBindingArrayOutput
}

CryptoKeyIAMBindingArrayInput is an input type that accepts CryptoKeyIAMBindingArray and CryptoKeyIAMBindingArrayOutput values. You can construct a concrete instance of `CryptoKeyIAMBindingArrayInput` via: 

CryptoKeyIAMBindingArray{ CryptoKeyIAMBindingArgs{...} }

type CryptoKeyIAMBindingArrayOutput 

type CryptoKeyIAMBindingArrayOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMBindingArrayOutput) ElementType 

func (CryptoKeyIAMBindingArrayOutput) ElementType() reflect.Type

func (CryptoKeyIAMBindingArrayOutput) Index 

func (o CryptoKeyIAMBindingArrayOutput) Index(i pulumi.IntInput) CryptoKeyIAMBindingOutput

func (CryptoKeyIAMBindingArrayOutput) ToCryptoKeyIAMBindingArrayOutput 

func (o CryptoKeyIAMBindingArrayOutput) ToCryptoKeyIAMBindingArrayOutput() CryptoKeyIAMBindingArrayOutput

func (CryptoKeyIAMBindingArrayOutput) ToCryptoKeyIAMBindingArrayOutputWithContext 

func (o CryptoKeyIAMBindingArrayOutput) ToCryptoKeyIAMBindingArrayOutputWithContext(ctx context.Context) CryptoKeyIAMBindingArrayOutput

type CryptoKeyIAMBindingCondition 

type CryptoKeyIAMBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	//
	// > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the
	// identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will
	// consider it to be an entirely different resource and will treat it as such.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type CryptoKeyIAMBindingConditionArgs 

type CryptoKeyIAMBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	//
	// > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the
	// identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will
	// consider it to be an entirely different resource and will treat it as such.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (CryptoKeyIAMBindingConditionArgs) ElementType 

func (CryptoKeyIAMBindingConditionArgs) ElementType() reflect.Type

func (CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionOutput 

func (i CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionOutput() CryptoKeyIAMBindingConditionOutput

func (CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionOutputWithContext 

func (i CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionOutput

func (CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionPtrOutput 

func (i CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionPtrOutput() CryptoKeyIAMBindingConditionPtrOutput

func (CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionPtrOutputWithContext 

func (i CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionPtrOutput

type CryptoKeyIAMBindingConditionInput 

type CryptoKeyIAMBindingConditionInput interface {
	pulumi.Input

	ToCryptoKeyIAMBindingConditionOutput() CryptoKeyIAMBindingConditionOutput
	ToCryptoKeyIAMBindingConditionOutputWithContext(context.Context) CryptoKeyIAMBindingConditionOutput
}

CryptoKeyIAMBindingConditionInput is an input type that accepts CryptoKeyIAMBindingConditionArgs and CryptoKeyIAMBindingConditionOutput values. You can construct a concrete instance of `CryptoKeyIAMBindingConditionInput` via: 

CryptoKeyIAMBindingConditionArgs{...}

type CryptoKeyIAMBindingConditionOutput 

type CryptoKeyIAMBindingConditionOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMBindingConditionOutput) Description 

func (o CryptoKeyIAMBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.

func (CryptoKeyIAMBindingConditionOutput) ElementType 

func (CryptoKeyIAMBindingConditionOutput) ElementType() reflect.Type

func (CryptoKeyIAMBindingConditionOutput) Expression 

func (o CryptoKeyIAMBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (CryptoKeyIAMBindingConditionOutput) Title 

func (o CryptoKeyIAMBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionOutput 

func (o CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionOutput() CryptoKeyIAMBindingConditionOutput

func (CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionOutputWithContext 

func (o CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionOutput

func (CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionPtrOutput 

func (o CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionPtrOutput() CryptoKeyIAMBindingConditionPtrOutput

func (CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionPtrOutputWithContext 

func (o CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionPtrOutput

type CryptoKeyIAMBindingConditionPtrInput 

type CryptoKeyIAMBindingConditionPtrInput interface {
	pulumi.Input

	ToCryptoKeyIAMBindingConditionPtrOutput() CryptoKeyIAMBindingConditionPtrOutput
	ToCryptoKeyIAMBindingConditionPtrOutputWithContext(context.Context) CryptoKeyIAMBindingConditionPtrOutput
}

CryptoKeyIAMBindingConditionPtrInput is an input type that accepts CryptoKeyIAMBindingConditionArgs, CryptoKeyIAMBindingConditionPtr and CryptoKeyIAMBindingConditionPtrOutput values. You can construct a concrete instance of `CryptoKeyIAMBindingConditionPtrInput` via: 

        CryptoKeyIAMBindingConditionArgs{...}

or:

        nil

func CryptoKeyIAMBindingConditionPtr 

func CryptoKeyIAMBindingConditionPtr(v *CryptoKeyIAMBindingConditionArgs) CryptoKeyIAMBindingConditionPtrInput

type CryptoKeyIAMBindingConditionPtrOutput 

type CryptoKeyIAMBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMBindingConditionPtrOutput) Description 

func (o CryptoKeyIAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.

func (CryptoKeyIAMBindingConditionPtrOutput) Elem 

func (o CryptoKeyIAMBindingConditionPtrOutput) Elem() CryptoKeyIAMBindingConditionOutput

func (CryptoKeyIAMBindingConditionPtrOutput) ElementType 

func (CryptoKeyIAMBindingConditionPtrOutput) ElementType() reflect.Type

func (CryptoKeyIAMBindingConditionPtrOutput) Expression 

func (o CryptoKeyIAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (CryptoKeyIAMBindingConditionPtrOutput) Title 

func (o CryptoKeyIAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (CryptoKeyIAMBindingConditionPtrOutput) ToCryptoKeyIAMBindingConditionPtrOutput 

func (o CryptoKeyIAMBindingConditionPtrOutput) ToCryptoKeyIAMBindingConditionPtrOutput() CryptoKeyIAMBindingConditionPtrOutput

func (CryptoKeyIAMBindingConditionPtrOutput) ToCryptoKeyIAMBindingConditionPtrOutputWithContext 

func (o CryptoKeyIAMBindingConditionPtrOutput) ToCryptoKeyIAMBindingConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionPtrOutput

type CryptoKeyIAMBindingInput 

type CryptoKeyIAMBindingInput interface {
	pulumi.Input

	ToCryptoKeyIAMBindingOutput() CryptoKeyIAMBindingOutput
	ToCryptoKeyIAMBindingOutputWithContext(ctx context.Context) CryptoKeyIAMBindingOutput
}

type CryptoKeyIAMBindingMap 

type CryptoKeyIAMBindingMap map[string]CryptoKeyIAMBindingInput

func (CryptoKeyIAMBindingMap) ElementType 

func (CryptoKeyIAMBindingMap) ElementType() reflect.Type

func (CryptoKeyIAMBindingMap) ToCryptoKeyIAMBindingMapOutput 

func (i CryptoKeyIAMBindingMap) ToCryptoKeyIAMBindingMapOutput() CryptoKeyIAMBindingMapOutput

func (CryptoKeyIAMBindingMap) ToCryptoKeyIAMBindingMapOutputWithContext 

func (i CryptoKeyIAMBindingMap) ToCryptoKeyIAMBindingMapOutputWithContext(ctx context.Context) CryptoKeyIAMBindingMapOutput

type CryptoKeyIAMBindingMapInput 

type CryptoKeyIAMBindingMapInput interface {
	pulumi.Input

	ToCryptoKeyIAMBindingMapOutput() CryptoKeyIAMBindingMapOutput
	ToCryptoKeyIAMBindingMapOutputWithContext(context.Context) CryptoKeyIAMBindingMapOutput
}

CryptoKeyIAMBindingMapInput is an input type that accepts CryptoKeyIAMBindingMap and CryptoKeyIAMBindingMapOutput values. You can construct a concrete instance of `CryptoKeyIAMBindingMapInput` via: 

CryptoKeyIAMBindingMap{ "key": CryptoKeyIAMBindingArgs{...} }

type CryptoKeyIAMBindingMapOutput 

type CryptoKeyIAMBindingMapOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMBindingMapOutput) ElementType 

func (CryptoKeyIAMBindingMapOutput) ElementType() reflect.Type

func (CryptoKeyIAMBindingMapOutput) MapIndex 

func (o CryptoKeyIAMBindingMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyIAMBindingOutput

func (CryptoKeyIAMBindingMapOutput) ToCryptoKeyIAMBindingMapOutput 

func (o CryptoKeyIAMBindingMapOutput) ToCryptoKeyIAMBindingMapOutput() CryptoKeyIAMBindingMapOutput

func (CryptoKeyIAMBindingMapOutput) ToCryptoKeyIAMBindingMapOutputWithContext 

func (o CryptoKeyIAMBindingMapOutput) ToCryptoKeyIAMBindingMapOutputWithContext(ctx context.Context) CryptoKeyIAMBindingMapOutput

type CryptoKeyIAMBindingOutput 

type CryptoKeyIAMBindingOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMBindingOutput) Condition 

func (o CryptoKeyIAMBindingOutput) Condition() CryptoKeyIAMBindingConditionPtrOutput

An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.

func (CryptoKeyIAMBindingOutput) CryptoKeyId 

func (o CryptoKeyIAMBindingOutput) CryptoKeyId() pulumi.StringOutput

The crypto key ID, in the form `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback.

func (CryptoKeyIAMBindingOutput) ElementType 

func (CryptoKeyIAMBindingOutput) ElementType() reflect.Type

func (CryptoKeyIAMBindingOutput) Etag 

func (o CryptoKeyIAMBindingOutput) Etag() pulumi.StringOutput

(Computed) The etag of the project's IAM policy.

func (CryptoKeyIAMBindingOutput) Members 

func (o CryptoKeyIAMBindingOutput) Members() pulumi.StringArrayOutput

Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (CryptoKeyIAMBindingOutput) Role 

func (o CryptoKeyIAMBindingOutput) Role() pulumi.StringOutput

The role that should be applied. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (CryptoKeyIAMBindingOutput) ToCryptoKeyIAMBindingOutput 

func (o CryptoKeyIAMBindingOutput) ToCryptoKeyIAMBindingOutput() CryptoKeyIAMBindingOutput

func (CryptoKeyIAMBindingOutput) ToCryptoKeyIAMBindingOutputWithContext 

func (o CryptoKeyIAMBindingOutput) ToCryptoKeyIAMBindingOutputWithContext(ctx context.Context) CryptoKeyIAMBindingOutput

type CryptoKeyIAMBindingState 

type CryptoKeyIAMBindingState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition CryptoKeyIAMBindingConditionPtrInput
	// The crypto key ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,
	// the provider's project setting will be used as a fallback.
	CryptoKeyId pulumi.StringPtrInput
	// (Computed) The etag of the project's IAM policy.
	Etag pulumi.StringPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The role that should be applied. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (CryptoKeyIAMBindingState) ElementType 

func (CryptoKeyIAMBindingState) ElementType() reflect.Type

type CryptoKeyIAMMember 

type CryptoKeyIAMMember struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition CryptoKeyIAMMemberConditionPtrOutput `pulumi:"condition"`
	// The crypto key ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,
	// the provider's project setting will be used as a fallback.
	CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"`
	// (Computed) The etag of the project's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringOutput `pulumi:"member"`
	// The role that should be applied. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:

* `kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached. * `kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved. * `kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.

> **Note:** `kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `kms.CryptoKeyIAMBinding` and `kms.CryptoKeyIAMMember` or they will fight over what your policy should be.

> **Note:** `kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		key, err := kms.NewCryptoKey(ctx, "key", &kms.CryptoKeyArgs{
			Name:           pulumi.String("crypto-key-example"),
			KeyRing:        keyring.ID(),
			RotationPeriod: pulumi.String("7776000s"),
		})
		if err != nil {
			return err
		}
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/cloudkms.cryptoKeyEncrypter",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewCryptoKeyIAMPolicy(ctx, "crypto_key", &kms.CryptoKeyIAMPolicyArgs{
			CryptoKeyId: key.ID(),
			PolicyData:  pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/cloudkms.cryptoKeyEncrypter",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{
			CryptoKeyId: pulumi.Any(key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{
			CryptoKeyId: pulumi.Any(key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.CryptoKeyIAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{
			CryptoKeyId: pulumi.Any(key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Member:      pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{
			CryptoKeyId: pulumi.Any(key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Member:      pulumi.String("user:jane@example.com"),
			Condition: &kms.CryptoKeyIAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

### Importing IAM policies

IAM policy imports use the identifier of the KMS crypto key only. For example:

* `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`

An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:

tf

import { 

id = "{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}"

to = google_kms_crypto_key_iam_policy.default

}

The `pulumi import` command can also be used:

```sh $ pulumi import gcp:kms/cryptoKeyIAMMember:CryptoKeyIAMMember default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}} ```

func GetCryptoKeyIAMMember 

func GetCryptoKeyIAMMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CryptoKeyIAMMemberState, opts ...pulumi.ResourceOption) (*CryptoKeyIAMMember, error)

GetCryptoKeyIAMMember gets an existing CryptoKeyIAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCryptoKeyIAMMember 

func NewCryptoKeyIAMMember(ctx *pulumi.Context,
	name string, args *CryptoKeyIAMMemberArgs, opts ...pulumi.ResourceOption) (*CryptoKeyIAMMember, error)

NewCryptoKeyIAMMember registers a new resource with the given unique name, arguments, and options.

func (*CryptoKeyIAMMember) ElementType 

func (*CryptoKeyIAMMember) ElementType() reflect.Type

func (*CryptoKeyIAMMember) ToCryptoKeyIAMMemberOutput 

func (i *CryptoKeyIAMMember) ToCryptoKeyIAMMemberOutput() CryptoKeyIAMMemberOutput

func (*CryptoKeyIAMMember) ToCryptoKeyIAMMemberOutputWithContext 

func (i *CryptoKeyIAMMember) ToCryptoKeyIAMMemberOutputWithContext(ctx context.Context) CryptoKeyIAMMemberOutput

type CryptoKeyIAMMemberArgs 

type CryptoKeyIAMMemberArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition CryptoKeyIAMMemberConditionPtrInput
	// The crypto key ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,
	// the provider's project setting will be used as a fallback.
	CryptoKeyId pulumi.StringInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The role that should be applied. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a CryptoKeyIAMMember resource.

func (CryptoKeyIAMMemberArgs) ElementType 

func (CryptoKeyIAMMemberArgs) ElementType() reflect.Type

type CryptoKeyIAMMemberArray 

type CryptoKeyIAMMemberArray []CryptoKeyIAMMemberInput

func (CryptoKeyIAMMemberArray) ElementType 

func (CryptoKeyIAMMemberArray) ElementType() reflect.Type

func (CryptoKeyIAMMemberArray) ToCryptoKeyIAMMemberArrayOutput 

func (i CryptoKeyIAMMemberArray) ToCryptoKeyIAMMemberArrayOutput() CryptoKeyIAMMemberArrayOutput

func (CryptoKeyIAMMemberArray) ToCryptoKeyIAMMemberArrayOutputWithContext 

func (i CryptoKeyIAMMemberArray) ToCryptoKeyIAMMemberArrayOutputWithContext(ctx context.Context) CryptoKeyIAMMemberArrayOutput

type CryptoKeyIAMMemberArrayInput 

type CryptoKeyIAMMemberArrayInput interface {
	pulumi.Input

	ToCryptoKeyIAMMemberArrayOutput() CryptoKeyIAMMemberArrayOutput
	ToCryptoKeyIAMMemberArrayOutputWithContext(context.Context) CryptoKeyIAMMemberArrayOutput
}

CryptoKeyIAMMemberArrayInput is an input type that accepts CryptoKeyIAMMemberArray and CryptoKeyIAMMemberArrayOutput values. You can construct a concrete instance of `CryptoKeyIAMMemberArrayInput` via: 

CryptoKeyIAMMemberArray{ CryptoKeyIAMMemberArgs{...} }

type CryptoKeyIAMMemberArrayOutput 

type CryptoKeyIAMMemberArrayOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMMemberArrayOutput) ElementType 

func (CryptoKeyIAMMemberArrayOutput) ElementType() reflect.Type

func (CryptoKeyIAMMemberArrayOutput) Index 

func (o CryptoKeyIAMMemberArrayOutput) Index(i pulumi.IntInput) CryptoKeyIAMMemberOutput

func (CryptoKeyIAMMemberArrayOutput) ToCryptoKeyIAMMemberArrayOutput 

func (o CryptoKeyIAMMemberArrayOutput) ToCryptoKeyIAMMemberArrayOutput() CryptoKeyIAMMemberArrayOutput

func (CryptoKeyIAMMemberArrayOutput) ToCryptoKeyIAMMemberArrayOutputWithContext 

func (o CryptoKeyIAMMemberArrayOutput) ToCryptoKeyIAMMemberArrayOutputWithContext(ctx context.Context) CryptoKeyIAMMemberArrayOutput

type CryptoKeyIAMMemberCondition 

type CryptoKeyIAMMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	//
	// > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the
	// identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will
	// consider it to be an entirely different resource and will treat it as such.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type CryptoKeyIAMMemberConditionArgs 

type CryptoKeyIAMMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	//
	// > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the
	// identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will
	// consider it to be an entirely different resource and will treat it as such.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (CryptoKeyIAMMemberConditionArgs) ElementType 

func (CryptoKeyIAMMemberConditionArgs) ElementType() reflect.Type

func (CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionOutput 

func (i CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionOutput() CryptoKeyIAMMemberConditionOutput

func (CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionOutputWithContext 

func (i CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionOutput

func (CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionPtrOutput 

func (i CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionPtrOutput() CryptoKeyIAMMemberConditionPtrOutput

func (CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionPtrOutputWithContext 

func (i CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionPtrOutput

type CryptoKeyIAMMemberConditionInput 

type CryptoKeyIAMMemberConditionInput interface {
	pulumi.Input

	ToCryptoKeyIAMMemberConditionOutput() CryptoKeyIAMMemberConditionOutput
	ToCryptoKeyIAMMemberConditionOutputWithContext(context.Context) CryptoKeyIAMMemberConditionOutput
}

CryptoKeyIAMMemberConditionInput is an input type that accepts CryptoKeyIAMMemberConditionArgs and CryptoKeyIAMMemberConditionOutput values. You can construct a concrete instance of `CryptoKeyIAMMemberConditionInput` via: 

CryptoKeyIAMMemberConditionArgs{...}

type CryptoKeyIAMMemberConditionOutput 

type CryptoKeyIAMMemberConditionOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMMemberConditionOutput) Description 

func (o CryptoKeyIAMMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.

func (CryptoKeyIAMMemberConditionOutput) ElementType 

func (CryptoKeyIAMMemberConditionOutput) ElementType() reflect.Type

func (CryptoKeyIAMMemberConditionOutput) Expression 

func (o CryptoKeyIAMMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (CryptoKeyIAMMemberConditionOutput) Title 

func (o CryptoKeyIAMMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionOutput 

func (o CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionOutput() CryptoKeyIAMMemberConditionOutput

func (CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionOutputWithContext 

func (o CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionOutput

func (CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionPtrOutput 

func (o CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionPtrOutput() CryptoKeyIAMMemberConditionPtrOutput

func (CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionPtrOutputWithContext 

func (o CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionPtrOutput

type CryptoKeyIAMMemberConditionPtrInput 

type CryptoKeyIAMMemberConditionPtrInput interface {
	pulumi.Input

	ToCryptoKeyIAMMemberConditionPtrOutput() CryptoKeyIAMMemberConditionPtrOutput
	ToCryptoKeyIAMMemberConditionPtrOutputWithContext(context.Context) CryptoKeyIAMMemberConditionPtrOutput
}

CryptoKeyIAMMemberConditionPtrInput is an input type that accepts CryptoKeyIAMMemberConditionArgs, CryptoKeyIAMMemberConditionPtr and CryptoKeyIAMMemberConditionPtrOutput values. You can construct a concrete instance of `CryptoKeyIAMMemberConditionPtrInput` via: 

        CryptoKeyIAMMemberConditionArgs{...}

or:

        nil

func CryptoKeyIAMMemberConditionPtr 

func CryptoKeyIAMMemberConditionPtr(v *CryptoKeyIAMMemberConditionArgs) CryptoKeyIAMMemberConditionPtrInput

type CryptoKeyIAMMemberConditionPtrOutput 

type CryptoKeyIAMMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMMemberConditionPtrOutput) Description 

func (o CryptoKeyIAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.

func (CryptoKeyIAMMemberConditionPtrOutput) Elem 

func (o CryptoKeyIAMMemberConditionPtrOutput) Elem() CryptoKeyIAMMemberConditionOutput

func (CryptoKeyIAMMemberConditionPtrOutput) ElementType 

func (CryptoKeyIAMMemberConditionPtrOutput) ElementType() reflect.Type

func (CryptoKeyIAMMemberConditionPtrOutput) Expression 

func (o CryptoKeyIAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (CryptoKeyIAMMemberConditionPtrOutput) Title 

func (o CryptoKeyIAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (CryptoKeyIAMMemberConditionPtrOutput) ToCryptoKeyIAMMemberConditionPtrOutput 

func (o CryptoKeyIAMMemberConditionPtrOutput) ToCryptoKeyIAMMemberConditionPtrOutput() CryptoKeyIAMMemberConditionPtrOutput

func (CryptoKeyIAMMemberConditionPtrOutput) ToCryptoKeyIAMMemberConditionPtrOutputWithContext 

func (o CryptoKeyIAMMemberConditionPtrOutput) ToCryptoKeyIAMMemberConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionPtrOutput

type CryptoKeyIAMMemberInput 

type CryptoKeyIAMMemberInput interface {
	pulumi.Input

	ToCryptoKeyIAMMemberOutput() CryptoKeyIAMMemberOutput
	ToCryptoKeyIAMMemberOutputWithContext(ctx context.Context) CryptoKeyIAMMemberOutput
}

type CryptoKeyIAMMemberMap 

type CryptoKeyIAMMemberMap map[string]CryptoKeyIAMMemberInput

func (CryptoKeyIAMMemberMap) ElementType 

func (CryptoKeyIAMMemberMap) ElementType() reflect.Type

func (CryptoKeyIAMMemberMap) ToCryptoKeyIAMMemberMapOutput 

func (i CryptoKeyIAMMemberMap) ToCryptoKeyIAMMemberMapOutput() CryptoKeyIAMMemberMapOutput

func (CryptoKeyIAMMemberMap) ToCryptoKeyIAMMemberMapOutputWithContext 

func (i CryptoKeyIAMMemberMap) ToCryptoKeyIAMMemberMapOutputWithContext(ctx context.Context) CryptoKeyIAMMemberMapOutput

type CryptoKeyIAMMemberMapInput 

type CryptoKeyIAMMemberMapInput interface {
	pulumi.Input

	ToCryptoKeyIAMMemberMapOutput() CryptoKeyIAMMemberMapOutput
	ToCryptoKeyIAMMemberMapOutputWithContext(context.Context) CryptoKeyIAMMemberMapOutput
}

CryptoKeyIAMMemberMapInput is an input type that accepts CryptoKeyIAMMemberMap and CryptoKeyIAMMemberMapOutput values. You can construct a concrete instance of `CryptoKeyIAMMemberMapInput` via: 

CryptoKeyIAMMemberMap{ "key": CryptoKeyIAMMemberArgs{...} }

type CryptoKeyIAMMemberMapOutput 

type CryptoKeyIAMMemberMapOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMMemberMapOutput) ElementType 

func (CryptoKeyIAMMemberMapOutput) ElementType() reflect.Type

func (CryptoKeyIAMMemberMapOutput) MapIndex 

func (o CryptoKeyIAMMemberMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyIAMMemberOutput

func (CryptoKeyIAMMemberMapOutput) ToCryptoKeyIAMMemberMapOutput 

func (o CryptoKeyIAMMemberMapOutput) ToCryptoKeyIAMMemberMapOutput() CryptoKeyIAMMemberMapOutput

func (CryptoKeyIAMMemberMapOutput) ToCryptoKeyIAMMemberMapOutputWithContext 

func (o CryptoKeyIAMMemberMapOutput) ToCryptoKeyIAMMemberMapOutputWithContext(ctx context.Context) CryptoKeyIAMMemberMapOutput

type CryptoKeyIAMMemberOutput 

type CryptoKeyIAMMemberOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMMemberOutput) Condition 

func (o CryptoKeyIAMMemberOutput) Condition() CryptoKeyIAMMemberConditionPtrOutput

An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.

func (CryptoKeyIAMMemberOutput) CryptoKeyId 

func (o CryptoKeyIAMMemberOutput) CryptoKeyId() pulumi.StringOutput

The crypto key ID, in the form `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback.

func (CryptoKeyIAMMemberOutput) ElementType 

func (CryptoKeyIAMMemberOutput) ElementType() reflect.Type

func (CryptoKeyIAMMemberOutput) Etag 

func (o CryptoKeyIAMMemberOutput) Etag() pulumi.StringOutput

(Computed) The etag of the project's IAM policy.

func (CryptoKeyIAMMemberOutput) Member 

func (o CryptoKeyIAMMemberOutput) Member() pulumi.StringOutput

Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (CryptoKeyIAMMemberOutput) Role 

func (o CryptoKeyIAMMemberOutput) Role() pulumi.StringOutput

The role that should be applied. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (CryptoKeyIAMMemberOutput) ToCryptoKeyIAMMemberOutput 

func (o CryptoKeyIAMMemberOutput) ToCryptoKeyIAMMemberOutput() CryptoKeyIAMMemberOutput

func (CryptoKeyIAMMemberOutput) ToCryptoKeyIAMMemberOutputWithContext 

func (o CryptoKeyIAMMemberOutput) ToCryptoKeyIAMMemberOutputWithContext(ctx context.Context) CryptoKeyIAMMemberOutput

type CryptoKeyIAMMemberState 

type CryptoKeyIAMMemberState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition CryptoKeyIAMMemberConditionPtrInput
	// The crypto key ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,
	// the provider's project setting will be used as a fallback.
	CryptoKeyId pulumi.StringPtrInput
	// (Computed) The etag of the project's IAM policy.
	Etag pulumi.StringPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringPtrInput
	// The role that should be applied. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (CryptoKeyIAMMemberState) ElementType 

func (CryptoKeyIAMMemberState) ElementType() reflect.Type

type CryptoKeyIAMPolicy 

type CryptoKeyIAMPolicy struct {
	pulumi.CustomResourceState

	// The crypto key ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,
	// the provider's project setting will be used as a fallback.
	CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"`
	// (Computed) The etag of the project's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
}

Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:

* `kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached. * `kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved. * `kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.

> **Note:** `kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `kms.CryptoKeyIAMBinding` and `kms.CryptoKeyIAMMember` or they will fight over what your policy should be.

> **Note:** `kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		key, err := kms.NewCryptoKey(ctx, "key", &kms.CryptoKeyArgs{
			Name:           pulumi.String("crypto-key-example"),
			KeyRing:        keyring.ID(),
			RotationPeriod: pulumi.String("7776000s"),
		})
		if err != nil {
			return err
		}
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/cloudkms.cryptoKeyEncrypter",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewCryptoKeyIAMPolicy(ctx, "crypto_key", &kms.CryptoKeyIAMPolicyArgs{
			CryptoKeyId: key.ID(),
			PolicyData:  pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/cloudkms.cryptoKeyEncrypter",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{
			CryptoKeyId: pulumi.Any(key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{
			CryptoKeyId: pulumi.Any(key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.CryptoKeyIAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{
			CryptoKeyId: pulumi.Any(key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Member:      pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{
			CryptoKeyId: pulumi.Any(key.Id),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
			Member:      pulumi.String("user:jane@example.com"),
			Condition: &kms.CryptoKeyIAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

### Importing IAM policies

IAM policy imports use the identifier of the KMS crypto key only. For example:

* `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`

An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:

tf

import { 

id = "{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}"

to = google_kms_crypto_key_iam_policy.default

}

The `pulumi import` command can also be used:

```sh $ pulumi import gcp:kms/cryptoKeyIAMPolicy:CryptoKeyIAMPolicy default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}} ```

func GetCryptoKeyIAMPolicy 

func GetCryptoKeyIAMPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CryptoKeyIAMPolicyState, opts ...pulumi.ResourceOption) (*CryptoKeyIAMPolicy, error)

GetCryptoKeyIAMPolicy gets an existing CryptoKeyIAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCryptoKeyIAMPolicy 

func NewCryptoKeyIAMPolicy(ctx *pulumi.Context,
	name string, args *CryptoKeyIAMPolicyArgs, opts ...pulumi.ResourceOption) (*CryptoKeyIAMPolicy, error)

NewCryptoKeyIAMPolicy registers a new resource with the given unique name, arguments, and options.

func (*CryptoKeyIAMPolicy) ElementType 

func (*CryptoKeyIAMPolicy) ElementType() reflect.Type

func (*CryptoKeyIAMPolicy) ToCryptoKeyIAMPolicyOutput 

func (i *CryptoKeyIAMPolicy) ToCryptoKeyIAMPolicyOutput() CryptoKeyIAMPolicyOutput

func (*CryptoKeyIAMPolicy) ToCryptoKeyIAMPolicyOutputWithContext 

func (i *CryptoKeyIAMPolicy) ToCryptoKeyIAMPolicyOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyOutput

type CryptoKeyIAMPolicyArgs 

type CryptoKeyIAMPolicyArgs struct {
	// The crypto key ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,
	// the provider's project setting will be used as a fallback.
	CryptoKeyId pulumi.StringInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
}

The set of arguments for constructing a CryptoKeyIAMPolicy resource.

func (CryptoKeyIAMPolicyArgs) ElementType 

func (CryptoKeyIAMPolicyArgs) ElementType() reflect.Type

type CryptoKeyIAMPolicyArray 

type CryptoKeyIAMPolicyArray []CryptoKeyIAMPolicyInput

func (CryptoKeyIAMPolicyArray) ElementType 

func (CryptoKeyIAMPolicyArray) ElementType() reflect.Type

func (CryptoKeyIAMPolicyArray) ToCryptoKeyIAMPolicyArrayOutput 

func (i CryptoKeyIAMPolicyArray) ToCryptoKeyIAMPolicyArrayOutput() CryptoKeyIAMPolicyArrayOutput

func (CryptoKeyIAMPolicyArray) ToCryptoKeyIAMPolicyArrayOutputWithContext 

func (i CryptoKeyIAMPolicyArray) ToCryptoKeyIAMPolicyArrayOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyArrayOutput

type CryptoKeyIAMPolicyArrayInput 

type CryptoKeyIAMPolicyArrayInput interface {
	pulumi.Input

	ToCryptoKeyIAMPolicyArrayOutput() CryptoKeyIAMPolicyArrayOutput
	ToCryptoKeyIAMPolicyArrayOutputWithContext(context.Context) CryptoKeyIAMPolicyArrayOutput
}

CryptoKeyIAMPolicyArrayInput is an input type that accepts CryptoKeyIAMPolicyArray and CryptoKeyIAMPolicyArrayOutput values. You can construct a concrete instance of `CryptoKeyIAMPolicyArrayInput` via: 

CryptoKeyIAMPolicyArray{ CryptoKeyIAMPolicyArgs{...} }

type CryptoKeyIAMPolicyArrayOutput 

type CryptoKeyIAMPolicyArrayOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMPolicyArrayOutput) ElementType 

func (CryptoKeyIAMPolicyArrayOutput) ElementType() reflect.Type

func (CryptoKeyIAMPolicyArrayOutput) Index 

func (o CryptoKeyIAMPolicyArrayOutput) Index(i pulumi.IntInput) CryptoKeyIAMPolicyOutput

func (CryptoKeyIAMPolicyArrayOutput) ToCryptoKeyIAMPolicyArrayOutput 

func (o CryptoKeyIAMPolicyArrayOutput) ToCryptoKeyIAMPolicyArrayOutput() CryptoKeyIAMPolicyArrayOutput

func (CryptoKeyIAMPolicyArrayOutput) ToCryptoKeyIAMPolicyArrayOutputWithContext 

func (o CryptoKeyIAMPolicyArrayOutput) ToCryptoKeyIAMPolicyArrayOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyArrayOutput

type CryptoKeyIAMPolicyInput 

type CryptoKeyIAMPolicyInput interface {
	pulumi.Input

	ToCryptoKeyIAMPolicyOutput() CryptoKeyIAMPolicyOutput
	ToCryptoKeyIAMPolicyOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyOutput
}

type CryptoKeyIAMPolicyMap 

type CryptoKeyIAMPolicyMap map[string]CryptoKeyIAMPolicyInput

func (CryptoKeyIAMPolicyMap) ElementType 

func (CryptoKeyIAMPolicyMap) ElementType() reflect.Type

func (CryptoKeyIAMPolicyMap) ToCryptoKeyIAMPolicyMapOutput 

func (i CryptoKeyIAMPolicyMap) ToCryptoKeyIAMPolicyMapOutput() CryptoKeyIAMPolicyMapOutput

func (CryptoKeyIAMPolicyMap) ToCryptoKeyIAMPolicyMapOutputWithContext 

func (i CryptoKeyIAMPolicyMap) ToCryptoKeyIAMPolicyMapOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyMapOutput

type CryptoKeyIAMPolicyMapInput 

type CryptoKeyIAMPolicyMapInput interface {
	pulumi.Input

	ToCryptoKeyIAMPolicyMapOutput() CryptoKeyIAMPolicyMapOutput
	ToCryptoKeyIAMPolicyMapOutputWithContext(context.Context) CryptoKeyIAMPolicyMapOutput
}

CryptoKeyIAMPolicyMapInput is an input type that accepts CryptoKeyIAMPolicyMap and CryptoKeyIAMPolicyMapOutput values. You can construct a concrete instance of `CryptoKeyIAMPolicyMapInput` via: 

CryptoKeyIAMPolicyMap{ "key": CryptoKeyIAMPolicyArgs{...} }

type CryptoKeyIAMPolicyMapOutput 

type CryptoKeyIAMPolicyMapOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMPolicyMapOutput) ElementType 

func (CryptoKeyIAMPolicyMapOutput) ElementType() reflect.Type

func (CryptoKeyIAMPolicyMapOutput) MapIndex 

func (o CryptoKeyIAMPolicyMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyIAMPolicyOutput

func (CryptoKeyIAMPolicyMapOutput) ToCryptoKeyIAMPolicyMapOutput 

func (o CryptoKeyIAMPolicyMapOutput) ToCryptoKeyIAMPolicyMapOutput() CryptoKeyIAMPolicyMapOutput

func (CryptoKeyIAMPolicyMapOutput) ToCryptoKeyIAMPolicyMapOutputWithContext 

func (o CryptoKeyIAMPolicyMapOutput) ToCryptoKeyIAMPolicyMapOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyMapOutput

type CryptoKeyIAMPolicyOutput 

type CryptoKeyIAMPolicyOutput struct{ *pulumi.OutputState }

func (CryptoKeyIAMPolicyOutput) CryptoKeyId 

func (o CryptoKeyIAMPolicyOutput) CryptoKeyId() pulumi.StringOutput

The crypto key ID, in the form `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback.

func (CryptoKeyIAMPolicyOutput) ElementType 

func (CryptoKeyIAMPolicyOutput) ElementType() reflect.Type

func (CryptoKeyIAMPolicyOutput) Etag 

func (o CryptoKeyIAMPolicyOutput) Etag() pulumi.StringOutput

(Computed) The etag of the project's IAM policy.

func (CryptoKeyIAMPolicyOutput) PolicyData 

func (o CryptoKeyIAMPolicyOutput) PolicyData() pulumi.StringOutput

The policy data generated by a `organizations.getIAMPolicy` data source.

func (CryptoKeyIAMPolicyOutput) ToCryptoKeyIAMPolicyOutput 

func (o CryptoKeyIAMPolicyOutput) ToCryptoKeyIAMPolicyOutput() CryptoKeyIAMPolicyOutput

func (CryptoKeyIAMPolicyOutput) ToCryptoKeyIAMPolicyOutputWithContext 

func (o CryptoKeyIAMPolicyOutput) ToCryptoKeyIAMPolicyOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyOutput

type CryptoKeyIAMPolicyState 

type CryptoKeyIAMPolicyState struct {
	// The crypto key ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
	// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,
	// the provider's project setting will be used as a fallback.
	CryptoKeyId pulumi.StringPtrInput
	// (Computed) The etag of the project's IAM policy.
	Etag pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
}

func (CryptoKeyIAMPolicyState) ElementType 

func (CryptoKeyIAMPolicyState) ElementType() reflect.Type

type CryptoKeyInput 

type CryptoKeyInput interface {
	pulumi.Input

	ToCryptoKeyOutput() CryptoKeyOutput
	ToCryptoKeyOutputWithContext(ctx context.Context) CryptoKeyOutput
}

type CryptoKeyKeyAccessJustificationsPolicy 

type CryptoKeyKeyAccessJustificationsPolicy struct {
	// The list of allowed reasons for access to this CryptoKey. Zero allowed
	// access reasons means all encrypt, decrypt, and sign operations for
	// this CryptoKey will fail.
	AllowedAccessReasons []string `pulumi:"allowedAccessReasons"`
}

type CryptoKeyKeyAccessJustificationsPolicyArgs 

type CryptoKeyKeyAccessJustificationsPolicyArgs struct {
	// The list of allowed reasons for access to this CryptoKey. Zero allowed
	// access reasons means all encrypt, decrypt, and sign operations for
	// this CryptoKey will fail.
	AllowedAccessReasons pulumi.StringArrayInput `pulumi:"allowedAccessReasons"`
}

func (CryptoKeyKeyAccessJustificationsPolicyArgs) ElementType 

func (CryptoKeyKeyAccessJustificationsPolicyArgs) ElementType() reflect.Type

func (CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyOutput 

func (i CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyOutput() CryptoKeyKeyAccessJustificationsPolicyOutput

func (CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyOutputWithContext 

func (i CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyOutput

func (CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput 

func (i CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput() CryptoKeyKeyAccessJustificationsPolicyPtrOutput

func (CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext 

func (i CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyPtrOutput

type CryptoKeyKeyAccessJustificationsPolicyInput 

type CryptoKeyKeyAccessJustificationsPolicyInput interface {
	pulumi.Input

	ToCryptoKeyKeyAccessJustificationsPolicyOutput() CryptoKeyKeyAccessJustificationsPolicyOutput
	ToCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(context.Context) CryptoKeyKeyAccessJustificationsPolicyOutput
}

CryptoKeyKeyAccessJustificationsPolicyInput is an input type that accepts CryptoKeyKeyAccessJustificationsPolicyArgs and CryptoKeyKeyAccessJustificationsPolicyOutput values. You can construct a concrete instance of `CryptoKeyKeyAccessJustificationsPolicyInput` via: 

CryptoKeyKeyAccessJustificationsPolicyArgs{...}

type CryptoKeyKeyAccessJustificationsPolicyOutput 

type CryptoKeyKeyAccessJustificationsPolicyOutput struct{ *pulumi.OutputState }

func (CryptoKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons 

func (o CryptoKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons() pulumi.StringArrayOutput

The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.

func (CryptoKeyKeyAccessJustificationsPolicyOutput) ElementType 

func (CryptoKeyKeyAccessJustificationsPolicyOutput) ElementType() reflect.Type

func (CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyOutput 

func (o CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyOutput() CryptoKeyKeyAccessJustificationsPolicyOutput

func (CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyOutputWithContext 

func (o CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyOutput

func (CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput 

func (o CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput() CryptoKeyKeyAccessJustificationsPolicyPtrOutput

func (CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext 

func (o CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyPtrOutput

type CryptoKeyKeyAccessJustificationsPolicyPtrInput 

type CryptoKeyKeyAccessJustificationsPolicyPtrInput interface {
	pulumi.Input

	ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput() CryptoKeyKeyAccessJustificationsPolicyPtrOutput
	ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext(context.Context) CryptoKeyKeyAccessJustificationsPolicyPtrOutput
}

CryptoKeyKeyAccessJustificationsPolicyPtrInput is an input type that accepts CryptoKeyKeyAccessJustificationsPolicyArgs, CryptoKeyKeyAccessJustificationsPolicyPtr and CryptoKeyKeyAccessJustificationsPolicyPtrOutput values. You can construct a concrete instance of `CryptoKeyKeyAccessJustificationsPolicyPtrInput` via: 

        CryptoKeyKeyAccessJustificationsPolicyArgs{...}

or:

        nil

func CryptoKeyKeyAccessJustificationsPolicyPtr 

func CryptoKeyKeyAccessJustificationsPolicyPtr(v *CryptoKeyKeyAccessJustificationsPolicyArgs) CryptoKeyKeyAccessJustificationsPolicyPtrInput

type CryptoKeyKeyAccessJustificationsPolicyPtrOutput 

type CryptoKeyKeyAccessJustificationsPolicyPtrOutput struct{ *pulumi.OutputState }

func (CryptoKeyKeyAccessJustificationsPolicyPtrOutput) AllowedAccessReasons 

func (o CryptoKeyKeyAccessJustificationsPolicyPtrOutput) AllowedAccessReasons() pulumi.StringArrayOutput

The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.

func (CryptoKeyKeyAccessJustificationsPolicyPtrOutput) Elem 

func (o CryptoKeyKeyAccessJustificationsPolicyPtrOutput) Elem() CryptoKeyKeyAccessJustificationsPolicyOutput

func (CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ElementType 

func (CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ElementType() reflect.Type

func (CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput 

func (o CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput() CryptoKeyKeyAccessJustificationsPolicyPtrOutput

func (CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext 

func (o CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyPtrOutput

type CryptoKeyMap 

type CryptoKeyMap map[string]CryptoKeyInput

func (CryptoKeyMap) ElementType 

func (CryptoKeyMap) ElementType() reflect.Type

func (CryptoKeyMap) ToCryptoKeyMapOutput 

func (i CryptoKeyMap) ToCryptoKeyMapOutput() CryptoKeyMapOutput

func (CryptoKeyMap) ToCryptoKeyMapOutputWithContext 

func (i CryptoKeyMap) ToCryptoKeyMapOutputWithContext(ctx context.Context) CryptoKeyMapOutput

type CryptoKeyMapInput 

type CryptoKeyMapInput interface {
	pulumi.Input

	ToCryptoKeyMapOutput() CryptoKeyMapOutput
	ToCryptoKeyMapOutputWithContext(context.Context) CryptoKeyMapOutput
}

CryptoKeyMapInput is an input type that accepts CryptoKeyMap and CryptoKeyMapOutput values. You can construct a concrete instance of `CryptoKeyMapInput` via: 

CryptoKeyMap{ "key": CryptoKeyArgs{...} }

type CryptoKeyMapOutput 

type CryptoKeyMapOutput struct{ *pulumi.OutputState }

func (CryptoKeyMapOutput) ElementType 

func (CryptoKeyMapOutput) ElementType() reflect.Type

func (CryptoKeyMapOutput) MapIndex 

func (o CryptoKeyMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyOutput

func (CryptoKeyMapOutput) ToCryptoKeyMapOutput 

func (o CryptoKeyMapOutput) ToCryptoKeyMapOutput() CryptoKeyMapOutput

func (CryptoKeyMapOutput) ToCryptoKeyMapOutputWithContext 

func (o CryptoKeyMapOutput) ToCryptoKeyMapOutputWithContext(ctx context.Context) CryptoKeyMapOutput

type CryptoKeyOutput 

type CryptoKeyOutput struct{ *pulumi.OutputState }

func (CryptoKeyOutput) CryptoKeyBackend 

func (o CryptoKeyOutput) CryptoKeyBackend() pulumi.StringOutput

The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.

func (CryptoKeyOutput) DestroyScheduledDuration 

func (o CryptoKeyOutput) DestroyScheduledDuration() pulumi.StringOutput

The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.

func (CryptoKeyOutput) EffectiveLabels 

func (o CryptoKeyOutput) EffectiveLabels() pulumi.StringMapOutput

All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.

func (CryptoKeyOutput) ElementType 

func (CryptoKeyOutput) ElementType() reflect.Type

func (CryptoKeyOutput) ImportOnly 

func (o CryptoKeyOutput) ImportOnly() pulumi.BoolOutput

Whether this key may contain imported versions only.

func (CryptoKeyOutput) KeyAccessJustificationsPolicy 

func (o CryptoKeyOutput) KeyAccessJustificationsPolicy() CryptoKeyKeyAccessJustificationsPolicyOutput

The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. This field is currently in beta and is subject to change. Structure is documented below.

func (CryptoKeyOutput) KeyRing 

func (o CryptoKeyOutput) KeyRing() pulumi.StringOutput

The KeyRing that this key belongs to. Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.

***

func (CryptoKeyOutput) Labels 

func (o CryptoKeyOutput) Labels() pulumi.StringMapOutput

Labels with user-defined metadata to apply to this resource.

**Note**: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field `effectiveLabels` for all of the labels present on the resource.

func (CryptoKeyOutput) Name 

func (o CryptoKeyOutput) Name() pulumi.StringOutput

The resource name for the CryptoKey.

func (CryptoKeyOutput) Primaries 

func (o CryptoKeyOutput) Primaries() CryptoKeyPrimaryArrayOutput

A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset. Structure is documented below.

func (CryptoKeyOutput) PulumiLabels 

func (o CryptoKeyOutput) PulumiLabels() pulumi.StringMapOutput

The combination of labels configured directly on the resource and default labels configured on the provider.

func (CryptoKeyOutput) Purpose 

func (o CryptoKeyOutput) Purpose() pulumi.StringPtrOutput

The immutable purpose of this CryptoKey. See the [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) for possible inputs. Default value is "ENCRYPT_DECRYPT".

func (CryptoKeyOutput) RotationPeriod 

func (o CryptoKeyOutput) RotationPeriod() pulumi.StringPtrOutput

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter `s` (seconds). It must be greater than a day (ie, 86400).

func (CryptoKeyOutput) SkipInitialVersionCreation 

func (o CryptoKeyOutput) SkipInitialVersionCreation() pulumi.BoolPtrOutput

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the `kms.CryptoKeyVersion` resource to create a new CryptoKeyVersion or `kms.KeyRingImportJob` resource to import the CryptoKeyVersion.

func (CryptoKeyOutput) ToCryptoKeyOutput 

func (o CryptoKeyOutput) ToCryptoKeyOutput() CryptoKeyOutput

func (CryptoKeyOutput) ToCryptoKeyOutputWithContext 

func (o CryptoKeyOutput) ToCryptoKeyOutputWithContext(ctx context.Context) CryptoKeyOutput

func (CryptoKeyOutput) VersionTemplate 

func (o CryptoKeyOutput) VersionTemplate() CryptoKeyVersionTemplateOutput

A template describing settings for new crypto key versions. Structure is documented below.

type CryptoKeyPrimary 

type CryptoKeyPrimary struct {
	// The resource name for the CryptoKey.
	Name *string `pulumi:"name"`
	// (Output)
	// The current state of the CryptoKeyVersion.
	State *string `pulumi:"state"`
}

type CryptoKeyPrimaryArgs 

type CryptoKeyPrimaryArgs struct {
	// The resource name for the CryptoKey.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// (Output)
	// The current state of the CryptoKeyVersion.
	State pulumi.StringPtrInput `pulumi:"state"`
}

func (CryptoKeyPrimaryArgs) ElementType 

func (CryptoKeyPrimaryArgs) ElementType() reflect.Type

func (CryptoKeyPrimaryArgs) ToCryptoKeyPrimaryOutput 

func (i CryptoKeyPrimaryArgs) ToCryptoKeyPrimaryOutput() CryptoKeyPrimaryOutput

func (CryptoKeyPrimaryArgs) ToCryptoKeyPrimaryOutputWithContext 

func (i CryptoKeyPrimaryArgs) ToCryptoKeyPrimaryOutputWithContext(ctx context.Context) CryptoKeyPrimaryOutput

type CryptoKeyPrimaryArray 

type CryptoKeyPrimaryArray []CryptoKeyPrimaryInput

func (CryptoKeyPrimaryArray) ElementType 

func (CryptoKeyPrimaryArray) ElementType() reflect.Type

func (CryptoKeyPrimaryArray) ToCryptoKeyPrimaryArrayOutput 

func (i CryptoKeyPrimaryArray) ToCryptoKeyPrimaryArrayOutput() CryptoKeyPrimaryArrayOutput

func (CryptoKeyPrimaryArray) ToCryptoKeyPrimaryArrayOutputWithContext 

func (i CryptoKeyPrimaryArray) ToCryptoKeyPrimaryArrayOutputWithContext(ctx context.Context) CryptoKeyPrimaryArrayOutput

type CryptoKeyPrimaryArrayInput 

type CryptoKeyPrimaryArrayInput interface {
	pulumi.Input

	ToCryptoKeyPrimaryArrayOutput() CryptoKeyPrimaryArrayOutput
	ToCryptoKeyPrimaryArrayOutputWithContext(context.Context) CryptoKeyPrimaryArrayOutput
}

CryptoKeyPrimaryArrayInput is an input type that accepts CryptoKeyPrimaryArray and CryptoKeyPrimaryArrayOutput values. You can construct a concrete instance of `CryptoKeyPrimaryArrayInput` via: 

CryptoKeyPrimaryArray{ CryptoKeyPrimaryArgs{...} }

type CryptoKeyPrimaryArrayOutput 

type CryptoKeyPrimaryArrayOutput struct{ *pulumi.OutputState }

func (CryptoKeyPrimaryArrayOutput) ElementType 

func (CryptoKeyPrimaryArrayOutput) ElementType() reflect.Type

func (CryptoKeyPrimaryArrayOutput) Index 

func (o CryptoKeyPrimaryArrayOutput) Index(i pulumi.IntInput) CryptoKeyPrimaryOutput

func (CryptoKeyPrimaryArrayOutput) ToCryptoKeyPrimaryArrayOutput 

func (o CryptoKeyPrimaryArrayOutput) ToCryptoKeyPrimaryArrayOutput() CryptoKeyPrimaryArrayOutput

func (CryptoKeyPrimaryArrayOutput) ToCryptoKeyPrimaryArrayOutputWithContext 

func (o CryptoKeyPrimaryArrayOutput) ToCryptoKeyPrimaryArrayOutputWithContext(ctx context.Context) CryptoKeyPrimaryArrayOutput

type CryptoKeyPrimaryInput 

type CryptoKeyPrimaryInput interface {
	pulumi.Input

	ToCryptoKeyPrimaryOutput() CryptoKeyPrimaryOutput
	ToCryptoKeyPrimaryOutputWithContext(context.Context) CryptoKeyPrimaryOutput
}

CryptoKeyPrimaryInput is an input type that accepts CryptoKeyPrimaryArgs and CryptoKeyPrimaryOutput values. You can construct a concrete instance of `CryptoKeyPrimaryInput` via: 

CryptoKeyPrimaryArgs{...}

type CryptoKeyPrimaryOutput 

type CryptoKeyPrimaryOutput struct{ *pulumi.OutputState }

func (CryptoKeyPrimaryOutput) ElementType 

func (CryptoKeyPrimaryOutput) ElementType() reflect.Type

func (CryptoKeyPrimaryOutput) Name 

func (o CryptoKeyPrimaryOutput) Name() pulumi.StringPtrOutput

The resource name for the CryptoKey.

func (CryptoKeyPrimaryOutput) State 

func (o CryptoKeyPrimaryOutput) State() pulumi.StringPtrOutput

(Output) The current state of the CryptoKeyVersion.

func (CryptoKeyPrimaryOutput) ToCryptoKeyPrimaryOutput 

func (o CryptoKeyPrimaryOutput) ToCryptoKeyPrimaryOutput() CryptoKeyPrimaryOutput

func (CryptoKeyPrimaryOutput) ToCryptoKeyPrimaryOutputWithContext 

func (o CryptoKeyPrimaryOutput) ToCryptoKeyPrimaryOutputWithContext(ctx context.Context) CryptoKeyPrimaryOutput

type CryptoKeyState 

type CryptoKeyState struct {
	// The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.
	// The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
	CryptoKeyBackend pulumi.StringPtrInput
	// The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
	// If not specified at creation time, the default duration is 30 days.
	DestroyScheduledDuration pulumi.StringPtrInput
	// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
	EffectiveLabels pulumi.StringMapInput
	// Whether this key may contain imported versions only.
	ImportOnly pulumi.BoolPtrInput
	// The policy used for Key Access Justifications Policy Enforcement. If this
	// field is present and this key is enrolled in Key Access Justifications
	// Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
	// sign operations, and the operation will fail if rejected by the policy. The
	// policy is defined by specifying zero or more allowed justification codes.
	// https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
	// By default, this field is absent, and all justification codes are allowed.
	// This field is currently in beta and is subject to change.
	// Structure is documented below.
	KeyAccessJustificationsPolicy CryptoKeyKeyAccessJustificationsPolicyPtrInput
	// The KeyRing that this key belongs to.
	// Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
	//
	// ***
	KeyRing pulumi.StringPtrInput
	// Labels with user-defined metadata to apply to this resource.
	//
	// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
	// Please refer to the field `effectiveLabels` for all of the labels present on the resource.
	Labels pulumi.StringMapInput
	// The resource name for the CryptoKey.
	Name pulumi.StringPtrInput
	// A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.
	// Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
	// Structure is documented below.
	Primaries CryptoKeyPrimaryArrayInput
	// The combination of labels configured directly on the resource
	// and default labels configured on the provider.
	PulumiLabels pulumi.StringMapInput
	// The immutable purpose of this CryptoKey. See the
	// [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)
	// for possible inputs.
	// Default value is "ENCRYPT_DECRYPT".
	Purpose pulumi.StringPtrInput
	// Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.
	// The first rotation will take place after the specified period. The rotation period has
	// the format of a decimal number with up to 9 fractional digits, followed by the
	// letter `s` (seconds). It must be greater than a day (ie, 86400).
	RotationPeriod pulumi.StringPtrInput
	// If set to true, the request will create a CryptoKey without any CryptoKeyVersions.
	// You must use the `kms.CryptoKeyVersion` resource to create a new CryptoKeyVersion
	// or `kms.KeyRingImportJob` resource to import the CryptoKeyVersion.
	SkipInitialVersionCreation pulumi.BoolPtrInput
	// A template describing settings for new crypto key versions.
	// Structure is documented below.
	VersionTemplate CryptoKeyVersionTemplatePtrInput
}

func (CryptoKeyState) ElementType 

func (CryptoKeyState) ElementType() reflect.Type

type CryptoKeyVersion 

type CryptoKeyVersion struct {
	pulumi.CustomResourceState

	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm pulumi.StringOutput `pulumi:"algorithm"`
	// Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google.
	// Only provided for key versions with protectionLevel HSM.
	// Structure is documented below.
	Attestations CryptoKeyVersionAttestationArrayOutput `pulumi:"attestations"`
	// The name of the cryptoKey associated with the CryptoKeyVersions.
	// Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'`
	//
	// ***
	CryptoKey pulumi.StringOutput `pulumi:"cryptoKey"`
	// ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
	// Structure is documented below.
	ExternalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput `pulumi:"externalProtectionLevelOptions"`
	// The time this CryptoKeyVersion key material was generated
	GenerateTime pulumi.StringOutput `pulumi:"generateTime"`
	// The resource name for this CryptoKeyVersion.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
	ProtectionLevel pulumi.StringOutput `pulumi:"protectionLevel"`
	// The current state of the CryptoKeyVersion.
	// Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`.
	State pulumi.StringOutput `pulumi:"state"`
}

A `CryptoKeyVersion` represents an individual cryptographic key, and the associated key material.

Destroying a cryptoKeyVersion will not delete the resource from the project.

To get more information about CryptoKeyVersion, see:

* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) * How-to Guides

## Example Usage

### Kms Crypto Key Version Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		cryptokey, err := kms.NewCryptoKey(ctx, "cryptokey", &kms.CryptoKeyArgs{
			Name:           pulumi.String("crypto-key-example"),
			KeyRing:        keyring.ID(),
			RotationPeriod: pulumi.String("7776000s"),
		})
		if err != nil {
			return err
		}
		_, err = kms.NewCryptoKeyVersion(ctx, "example-key", &kms.CryptoKeyVersionArgs{
			CryptoKey: cryptokey.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

CryptoKeyVersion can be imported using any of these accepted formats:

* `{{name}}`

When using the `pulumi import` command, CryptoKeyVersion can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:kms/cryptoKeyVersion:CryptoKeyVersion default {{name}} ```

func GetCryptoKeyVersion 

func GetCryptoKeyVersion(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CryptoKeyVersionState, opts ...pulumi.ResourceOption) (*CryptoKeyVersion, error)

GetCryptoKeyVersion gets an existing CryptoKeyVersion resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCryptoKeyVersion 

func NewCryptoKeyVersion(ctx *pulumi.Context,
	name string, args *CryptoKeyVersionArgs, opts ...pulumi.ResourceOption) (*CryptoKeyVersion, error)

NewCryptoKeyVersion registers a new resource with the given unique name, arguments, and options.

func (*CryptoKeyVersion) ElementType 

func (*CryptoKeyVersion) ElementType() reflect.Type

func (*CryptoKeyVersion) ToCryptoKeyVersionOutput 

func (i *CryptoKeyVersion) ToCryptoKeyVersionOutput() CryptoKeyVersionOutput

func (*CryptoKeyVersion) ToCryptoKeyVersionOutputWithContext 

func (i *CryptoKeyVersion) ToCryptoKeyVersionOutputWithContext(ctx context.Context) CryptoKeyVersionOutput

type CryptoKeyVersionArgs 

type CryptoKeyVersionArgs struct {
	// The name of the cryptoKey associated with the CryptoKeyVersions.
	// Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'`
	//
	// ***
	CryptoKey pulumi.StringInput
	// ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
	// Structure is documented below.
	ExternalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptionsPtrInput
	// The current state of the CryptoKeyVersion.
	// Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`.
	State pulumi.StringPtrInput
}

The set of arguments for constructing a CryptoKeyVersion resource.

func (CryptoKeyVersionArgs) ElementType 

func (CryptoKeyVersionArgs) ElementType() reflect.Type

type CryptoKeyVersionArray 

type CryptoKeyVersionArray []CryptoKeyVersionInput

func (CryptoKeyVersionArray) ElementType 

func (CryptoKeyVersionArray) ElementType() reflect.Type

func (CryptoKeyVersionArray) ToCryptoKeyVersionArrayOutput 

func (i CryptoKeyVersionArray) ToCryptoKeyVersionArrayOutput() CryptoKeyVersionArrayOutput

func (CryptoKeyVersionArray) ToCryptoKeyVersionArrayOutputWithContext 

func (i CryptoKeyVersionArray) ToCryptoKeyVersionArrayOutputWithContext(ctx context.Context) CryptoKeyVersionArrayOutput

type CryptoKeyVersionArrayInput 

type CryptoKeyVersionArrayInput interface {
	pulumi.Input

	ToCryptoKeyVersionArrayOutput() CryptoKeyVersionArrayOutput
	ToCryptoKeyVersionArrayOutputWithContext(context.Context) CryptoKeyVersionArrayOutput
}

CryptoKeyVersionArrayInput is an input type that accepts CryptoKeyVersionArray and CryptoKeyVersionArrayOutput values. You can construct a concrete instance of `CryptoKeyVersionArrayInput` via: 

CryptoKeyVersionArray{ CryptoKeyVersionArgs{...} }

type CryptoKeyVersionArrayOutput 

type CryptoKeyVersionArrayOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionArrayOutput) ElementType 

func (CryptoKeyVersionArrayOutput) ElementType() reflect.Type

func (CryptoKeyVersionArrayOutput) Index 

func (o CryptoKeyVersionArrayOutput) Index(i pulumi.IntInput) CryptoKeyVersionOutput

func (CryptoKeyVersionArrayOutput) ToCryptoKeyVersionArrayOutput 

func (o CryptoKeyVersionArrayOutput) ToCryptoKeyVersionArrayOutput() CryptoKeyVersionArrayOutput

func (CryptoKeyVersionArrayOutput) ToCryptoKeyVersionArrayOutputWithContext 

func (o CryptoKeyVersionArrayOutput) ToCryptoKeyVersionArrayOutputWithContext(ctx context.Context) CryptoKeyVersionArrayOutput

type CryptoKeyVersionAttestation 

type CryptoKeyVersionAttestation struct {
	// The certificate chains needed to validate the attestation
	// Structure is documented below.
	CertChains *CryptoKeyVersionAttestationCertChains `pulumi:"certChains"`
	// (Output)
	// The attestation data provided by the HSM when the key operation was performed.
	Content *string `pulumi:"content"`
	// ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
	// Structure is documented below.
	//
	// Deprecated: `externalProtectionLevelOptions` is being un-nested from the `attestation` field. Please use the top level `externalProtectionLevelOptions` field instead.
	ExternalProtectionLevelOptions *CryptoKeyVersionAttestationExternalProtectionLevelOptions `pulumi:"externalProtectionLevelOptions"`
	// (Output)
	// The format of the attestation data.
	Format *string `pulumi:"format"`
}

type CryptoKeyVersionAttestationArgs 

type CryptoKeyVersionAttestationArgs struct {
	// The certificate chains needed to validate the attestation
	// Structure is documented below.
	CertChains CryptoKeyVersionAttestationCertChainsPtrInput `pulumi:"certChains"`
	// (Output)
	// The attestation data provided by the HSM when the key operation was performed.
	Content pulumi.StringPtrInput `pulumi:"content"`
	// ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
	// Structure is documented below.
	//
	// Deprecated: `externalProtectionLevelOptions` is being un-nested from the `attestation` field. Please use the top level `externalProtectionLevelOptions` field instead.
	ExternalProtectionLevelOptions CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput `pulumi:"externalProtectionLevelOptions"`
	// (Output)
	// The format of the attestation data.
	Format pulumi.StringPtrInput `pulumi:"format"`
}

func (CryptoKeyVersionAttestationArgs) ElementType 

func (CryptoKeyVersionAttestationArgs) ElementType() reflect.Type

func (CryptoKeyVersionAttestationArgs) ToCryptoKeyVersionAttestationOutput 

func (i CryptoKeyVersionAttestationArgs) ToCryptoKeyVersionAttestationOutput() CryptoKeyVersionAttestationOutput

func (CryptoKeyVersionAttestationArgs) ToCryptoKeyVersionAttestationOutputWithContext 

func (i CryptoKeyVersionAttestationArgs) ToCryptoKeyVersionAttestationOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationOutput

type CryptoKeyVersionAttestationArray 

type CryptoKeyVersionAttestationArray []CryptoKeyVersionAttestationInput

func (CryptoKeyVersionAttestationArray) ElementType 

func (CryptoKeyVersionAttestationArray) ElementType() reflect.Type

func (CryptoKeyVersionAttestationArray) ToCryptoKeyVersionAttestationArrayOutput 

func (i CryptoKeyVersionAttestationArray) ToCryptoKeyVersionAttestationArrayOutput() CryptoKeyVersionAttestationArrayOutput

func (CryptoKeyVersionAttestationArray) ToCryptoKeyVersionAttestationArrayOutputWithContext 

func (i CryptoKeyVersionAttestationArray) ToCryptoKeyVersionAttestationArrayOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationArrayOutput

type CryptoKeyVersionAttestationArrayInput 

type CryptoKeyVersionAttestationArrayInput interface {
	pulumi.Input

	ToCryptoKeyVersionAttestationArrayOutput() CryptoKeyVersionAttestationArrayOutput
	ToCryptoKeyVersionAttestationArrayOutputWithContext(context.Context) CryptoKeyVersionAttestationArrayOutput
}

CryptoKeyVersionAttestationArrayInput is an input type that accepts CryptoKeyVersionAttestationArray and CryptoKeyVersionAttestationArrayOutput values. You can construct a concrete instance of `CryptoKeyVersionAttestationArrayInput` via: 

CryptoKeyVersionAttestationArray{ CryptoKeyVersionAttestationArgs{...} }

type CryptoKeyVersionAttestationArrayOutput 

type CryptoKeyVersionAttestationArrayOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionAttestationArrayOutput) ElementType 

func (CryptoKeyVersionAttestationArrayOutput) ElementType() reflect.Type

func (CryptoKeyVersionAttestationArrayOutput) Index 

func (o CryptoKeyVersionAttestationArrayOutput) Index(i pulumi.IntInput) CryptoKeyVersionAttestationOutput

func (CryptoKeyVersionAttestationArrayOutput) ToCryptoKeyVersionAttestationArrayOutput 

func (o CryptoKeyVersionAttestationArrayOutput) ToCryptoKeyVersionAttestationArrayOutput() CryptoKeyVersionAttestationArrayOutput

func (CryptoKeyVersionAttestationArrayOutput) ToCryptoKeyVersionAttestationArrayOutputWithContext 

func (o CryptoKeyVersionAttestationArrayOutput) ToCryptoKeyVersionAttestationArrayOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationArrayOutput

type CryptoKeyVersionAttestationCertChains 

type CryptoKeyVersionAttestationCertChains struct {
	// Cavium certificate chain corresponding to the attestation.
	CaviumCerts []string `pulumi:"caviumCerts"`
	// Google card certificate chain corresponding to the attestation.
	GoogleCardCerts []string `pulumi:"googleCardCerts"`
	// Google partition certificate chain corresponding to the attestation.
	GooglePartitionCerts []string `pulumi:"googlePartitionCerts"`
}

type CryptoKeyVersionAttestationCertChainsArgs 

type CryptoKeyVersionAttestationCertChainsArgs struct {
	// Cavium certificate chain corresponding to the attestation.
	CaviumCerts pulumi.StringArrayInput `pulumi:"caviumCerts"`
	// Google card certificate chain corresponding to the attestation.
	GoogleCardCerts pulumi.StringArrayInput `pulumi:"googleCardCerts"`
	// Google partition certificate chain corresponding to the attestation.
	GooglePartitionCerts pulumi.StringArrayInput `pulumi:"googlePartitionCerts"`
}

func (CryptoKeyVersionAttestationCertChainsArgs) ElementType 

func (CryptoKeyVersionAttestationCertChainsArgs) ElementType() reflect.Type

func (CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsOutput 

func (i CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsOutput() CryptoKeyVersionAttestationCertChainsOutput

func (CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsOutputWithContext 

func (i CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsOutput

func (CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsPtrOutput 

func (i CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsPtrOutput() CryptoKeyVersionAttestationCertChainsPtrOutput

func (CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext 

func (i CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsPtrOutput

type CryptoKeyVersionAttestationCertChainsInput 

type CryptoKeyVersionAttestationCertChainsInput interface {
	pulumi.Input

	ToCryptoKeyVersionAttestationCertChainsOutput() CryptoKeyVersionAttestationCertChainsOutput
	ToCryptoKeyVersionAttestationCertChainsOutputWithContext(context.Context) CryptoKeyVersionAttestationCertChainsOutput
}

CryptoKeyVersionAttestationCertChainsInput is an input type that accepts CryptoKeyVersionAttestationCertChainsArgs and CryptoKeyVersionAttestationCertChainsOutput values. You can construct a concrete instance of `CryptoKeyVersionAttestationCertChainsInput` via: 

CryptoKeyVersionAttestationCertChainsArgs{...}

type CryptoKeyVersionAttestationCertChainsOutput 

type CryptoKeyVersionAttestationCertChainsOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionAttestationCertChainsOutput) CaviumCerts 

func (o CryptoKeyVersionAttestationCertChainsOutput) CaviumCerts() pulumi.StringArrayOutput

Cavium certificate chain corresponding to the attestation.

func (CryptoKeyVersionAttestationCertChainsOutput) ElementType 

func (CryptoKeyVersionAttestationCertChainsOutput) ElementType() reflect.Type

func (CryptoKeyVersionAttestationCertChainsOutput) GoogleCardCerts 

func (o CryptoKeyVersionAttestationCertChainsOutput) GoogleCardCerts() pulumi.StringArrayOutput

Google card certificate chain corresponding to the attestation.

func (CryptoKeyVersionAttestationCertChainsOutput) GooglePartitionCerts 

func (o CryptoKeyVersionAttestationCertChainsOutput) GooglePartitionCerts() pulumi.StringArrayOutput

Google partition certificate chain corresponding to the attestation.

func (CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsOutput 

func (o CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsOutput() CryptoKeyVersionAttestationCertChainsOutput

func (CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsOutputWithContext 

func (o CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsOutput

func (CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutput 

func (o CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutput() CryptoKeyVersionAttestationCertChainsPtrOutput

func (CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext 

func (o CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsPtrOutput

type CryptoKeyVersionAttestationCertChainsPtrInput 

type CryptoKeyVersionAttestationCertChainsPtrInput interface {
	pulumi.Input

	ToCryptoKeyVersionAttestationCertChainsPtrOutput() CryptoKeyVersionAttestationCertChainsPtrOutput
	ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext(context.Context) CryptoKeyVersionAttestationCertChainsPtrOutput
}

CryptoKeyVersionAttestationCertChainsPtrInput is an input type that accepts CryptoKeyVersionAttestationCertChainsArgs, CryptoKeyVersionAttestationCertChainsPtr and CryptoKeyVersionAttestationCertChainsPtrOutput values. You can construct a concrete instance of `CryptoKeyVersionAttestationCertChainsPtrInput` via: 

        CryptoKeyVersionAttestationCertChainsArgs{...}

or:

        nil

func CryptoKeyVersionAttestationCertChainsPtr 

func CryptoKeyVersionAttestationCertChainsPtr(v *CryptoKeyVersionAttestationCertChainsArgs) CryptoKeyVersionAttestationCertChainsPtrInput

type CryptoKeyVersionAttestationCertChainsPtrOutput 

type CryptoKeyVersionAttestationCertChainsPtrOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionAttestationCertChainsPtrOutput) CaviumCerts 

func (o CryptoKeyVersionAttestationCertChainsPtrOutput) CaviumCerts() pulumi.StringArrayOutput

Cavium certificate chain corresponding to the attestation.

func (CryptoKeyVersionAttestationCertChainsPtrOutput) Elem 

func (o CryptoKeyVersionAttestationCertChainsPtrOutput) Elem() CryptoKeyVersionAttestationCertChainsOutput

func (CryptoKeyVersionAttestationCertChainsPtrOutput) ElementType 

func (CryptoKeyVersionAttestationCertChainsPtrOutput) ElementType() reflect.Type

func (CryptoKeyVersionAttestationCertChainsPtrOutput) GoogleCardCerts 

func (o CryptoKeyVersionAttestationCertChainsPtrOutput) GoogleCardCerts() pulumi.StringArrayOutput

Google card certificate chain corresponding to the attestation.

func (CryptoKeyVersionAttestationCertChainsPtrOutput) GooglePartitionCerts 

func (o CryptoKeyVersionAttestationCertChainsPtrOutput) GooglePartitionCerts() pulumi.StringArrayOutput

Google partition certificate chain corresponding to the attestation.

func (CryptoKeyVersionAttestationCertChainsPtrOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutput 

func (o CryptoKeyVersionAttestationCertChainsPtrOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutput() CryptoKeyVersionAttestationCertChainsPtrOutput

func (CryptoKeyVersionAttestationCertChainsPtrOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext 

func (o CryptoKeyVersionAttestationCertChainsPtrOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsPtrOutput

type CryptoKeyVersionAttestationExternalProtectionLevelOptions 

type CryptoKeyVersionAttestationExternalProtectionLevelOptions struct {
	// The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
	EkmConnectionKeyPath *string `pulumi:"ekmConnectionKeyPath"`
	// The URI for an external resource that this CryptoKeyVersion represents.
	ExternalKeyUri *string `pulumi:"externalKeyUri"`
}

type CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs 

type CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs struct {
	// The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
	EkmConnectionKeyPath pulumi.StringPtrInput `pulumi:"ekmConnectionKeyPath"`
	// The URI for an external resource that this CryptoKeyVersion represents.
	ExternalKeyUri pulumi.StringPtrInput `pulumi:"externalKeyUri"`
}

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ElementType 

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ElementType() reflect.Type

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput 

func (i CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutputWithContext 

func (i CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput 

func (i CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext 

func (i CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput

type CryptoKeyVersionAttestationExternalProtectionLevelOptionsInput 

type CryptoKeyVersionAttestationExternalProtectionLevelOptionsInput interface {
	pulumi.Input

	ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput
	ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutputWithContext(context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput
}

CryptoKeyVersionAttestationExternalProtectionLevelOptionsInput is an input type that accepts CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs and CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput values. You can construct a concrete instance of `CryptoKeyVersionAttestationExternalProtectionLevelOptionsInput` via: 

CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs{...}

type CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput 

type CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) EkmConnectionKeyPath 

func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ElementType 

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ElementType() reflect.Type

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ExternalKeyUri 

func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ExternalKeyUri() pulumi.StringPtrOutput

The URI for an external resource that this CryptoKeyVersion represents.

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput 

func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutputWithContext 

func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput 

func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext 

func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput

type CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput 

type CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput interface {
	pulumi.Input

	ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
	ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext(context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
}

CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput is an input type that accepts CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs, CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtr and CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput values. You can construct a concrete instance of `CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput` via: 

        CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs{...}

or:

        nil

func CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtr 

func CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtr(v *CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput

type CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput 

type CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) EkmConnectionKeyPath 

func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) Elem 

func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) Elem() CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ElementType 

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ElementType() reflect.Type

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ExternalKeyUri 

func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ExternalKeyUri() pulumi.StringPtrOutput

The URI for an external resource that this CryptoKeyVersion represents.

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput 

func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput

func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext 

func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput

type CryptoKeyVersionAttestationInput 

type CryptoKeyVersionAttestationInput interface {
	pulumi.Input

	ToCryptoKeyVersionAttestationOutput() CryptoKeyVersionAttestationOutput
	ToCryptoKeyVersionAttestationOutputWithContext(context.Context) CryptoKeyVersionAttestationOutput
}

CryptoKeyVersionAttestationInput is an input type that accepts CryptoKeyVersionAttestationArgs and CryptoKeyVersionAttestationOutput values. You can construct a concrete instance of `CryptoKeyVersionAttestationInput` via: 

CryptoKeyVersionAttestationArgs{...}

type CryptoKeyVersionAttestationOutput 

type CryptoKeyVersionAttestationOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionAttestationOutput) CertChains 

func (o CryptoKeyVersionAttestationOutput) CertChains() CryptoKeyVersionAttestationCertChainsPtrOutput

The certificate chains needed to validate the attestation Structure is documented below.

func (CryptoKeyVersionAttestationOutput) Content 

func (o CryptoKeyVersionAttestationOutput) Content() pulumi.StringPtrOutput

(Output) The attestation data provided by the HSM when the key operation was performed.

func (CryptoKeyVersionAttestationOutput) ElementType 

func (CryptoKeyVersionAttestationOutput) ElementType() reflect.Type

func (CryptoKeyVersionAttestationOutput) ExternalProtectionLevelOptions deprecated 

func (o CryptoKeyVersionAttestationOutput) ExternalProtectionLevelOptions() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.

Deprecated: `externalProtectionLevelOptions` is being un-nested from the `attestation` field. Please use the top level `externalProtectionLevelOptions` field instead.

func (CryptoKeyVersionAttestationOutput) Format 

func (o CryptoKeyVersionAttestationOutput) Format() pulumi.StringPtrOutput

(Output) The format of the attestation data.

func (CryptoKeyVersionAttestationOutput) ToCryptoKeyVersionAttestationOutput 

func (o CryptoKeyVersionAttestationOutput) ToCryptoKeyVersionAttestationOutput() CryptoKeyVersionAttestationOutput

func (CryptoKeyVersionAttestationOutput) ToCryptoKeyVersionAttestationOutputWithContext 

func (o CryptoKeyVersionAttestationOutput) ToCryptoKeyVersionAttestationOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationOutput

type CryptoKeyVersionExternalProtectionLevelOptions 

type CryptoKeyVersionExternalProtectionLevelOptions struct {
	// The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
	EkmConnectionKeyPath *string `pulumi:"ekmConnectionKeyPath"`
	// The URI for an external resource that this CryptoKeyVersion represents.
	ExternalKeyUri *string `pulumi:"externalKeyUri"`
}

type CryptoKeyVersionExternalProtectionLevelOptionsArgs 

type CryptoKeyVersionExternalProtectionLevelOptionsArgs struct {
	// The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
	EkmConnectionKeyPath pulumi.StringPtrInput `pulumi:"ekmConnectionKeyPath"`
	// The URI for an external resource that this CryptoKeyVersion represents.
	ExternalKeyUri pulumi.StringPtrInput `pulumi:"externalKeyUri"`
}

func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ElementType 

func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ElementType() reflect.Type

func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsOutput 

func (i CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsOutput() CryptoKeyVersionExternalProtectionLevelOptionsOutput

func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsOutputWithContext 

func (i CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsOutput

func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput 

func (i CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput

func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext 

func (i CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput

type CryptoKeyVersionExternalProtectionLevelOptionsInput 

type CryptoKeyVersionExternalProtectionLevelOptionsInput interface {
	pulumi.Input

	ToCryptoKeyVersionExternalProtectionLevelOptionsOutput() CryptoKeyVersionExternalProtectionLevelOptionsOutput
	ToCryptoKeyVersionExternalProtectionLevelOptionsOutputWithContext(context.Context) CryptoKeyVersionExternalProtectionLevelOptionsOutput
}

CryptoKeyVersionExternalProtectionLevelOptionsInput is an input type that accepts CryptoKeyVersionExternalProtectionLevelOptionsArgs and CryptoKeyVersionExternalProtectionLevelOptionsOutput values. You can construct a concrete instance of `CryptoKeyVersionExternalProtectionLevelOptionsInput` via: 

CryptoKeyVersionExternalProtectionLevelOptionsArgs{...}

type CryptoKeyVersionExternalProtectionLevelOptionsOutput 

type CryptoKeyVersionExternalProtectionLevelOptionsOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) EkmConnectionKeyPath 

func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.

func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ElementType 

func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ElementType() reflect.Type

func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ExternalKeyUri 

func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ExternalKeyUri() pulumi.StringPtrOutput

The URI for an external resource that this CryptoKeyVersion represents.

func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsOutput 

func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsOutput() CryptoKeyVersionExternalProtectionLevelOptionsOutput

func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsOutputWithContext 

func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsOutput

func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput 

func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput

func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext 

func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput

type CryptoKeyVersionExternalProtectionLevelOptionsPtrInput 

type CryptoKeyVersionExternalProtectionLevelOptionsPtrInput interface {
	pulumi.Input

	ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
	ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext(context.Context) CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
}

CryptoKeyVersionExternalProtectionLevelOptionsPtrInput is an input type that accepts CryptoKeyVersionExternalProtectionLevelOptionsArgs, CryptoKeyVersionExternalProtectionLevelOptionsPtr and CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput values. You can construct a concrete instance of `CryptoKeyVersionExternalProtectionLevelOptionsPtrInput` via: 

        CryptoKeyVersionExternalProtectionLevelOptionsArgs{...}

or:

        nil

func CryptoKeyVersionExternalProtectionLevelOptionsPtr 

func CryptoKeyVersionExternalProtectionLevelOptionsPtr(v *CryptoKeyVersionExternalProtectionLevelOptionsArgs) CryptoKeyVersionExternalProtectionLevelOptionsPtrInput

type CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput 

type CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) EkmConnectionKeyPath 

func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.

func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) Elem 

func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) Elem() CryptoKeyVersionExternalProtectionLevelOptionsOutput

func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ElementType 

func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ElementType() reflect.Type

func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ExternalKeyUri 

func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ExternalKeyUri() pulumi.StringPtrOutput

The URI for an external resource that this CryptoKeyVersion represents.

func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput 

func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput

func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext 

func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput

type CryptoKeyVersionInput 

type CryptoKeyVersionInput interface {
	pulumi.Input

	ToCryptoKeyVersionOutput() CryptoKeyVersionOutput
	ToCryptoKeyVersionOutputWithContext(ctx context.Context) CryptoKeyVersionOutput
}

type CryptoKeyVersionMap 

type CryptoKeyVersionMap map[string]CryptoKeyVersionInput

func (CryptoKeyVersionMap) ElementType 

func (CryptoKeyVersionMap) ElementType() reflect.Type

func (CryptoKeyVersionMap) ToCryptoKeyVersionMapOutput 

func (i CryptoKeyVersionMap) ToCryptoKeyVersionMapOutput() CryptoKeyVersionMapOutput

func (CryptoKeyVersionMap) ToCryptoKeyVersionMapOutputWithContext 

func (i CryptoKeyVersionMap) ToCryptoKeyVersionMapOutputWithContext(ctx context.Context) CryptoKeyVersionMapOutput

type CryptoKeyVersionMapInput 

type CryptoKeyVersionMapInput interface {
	pulumi.Input

	ToCryptoKeyVersionMapOutput() CryptoKeyVersionMapOutput
	ToCryptoKeyVersionMapOutputWithContext(context.Context) CryptoKeyVersionMapOutput
}

CryptoKeyVersionMapInput is an input type that accepts CryptoKeyVersionMap and CryptoKeyVersionMapOutput values. You can construct a concrete instance of `CryptoKeyVersionMapInput` via: 

CryptoKeyVersionMap{ "key": CryptoKeyVersionArgs{...} }

type CryptoKeyVersionMapOutput 

type CryptoKeyVersionMapOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionMapOutput) ElementType 

func (CryptoKeyVersionMapOutput) ElementType() reflect.Type

func (CryptoKeyVersionMapOutput) MapIndex 

func (o CryptoKeyVersionMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyVersionOutput

func (CryptoKeyVersionMapOutput) ToCryptoKeyVersionMapOutput 

func (o CryptoKeyVersionMapOutput) ToCryptoKeyVersionMapOutput() CryptoKeyVersionMapOutput

func (CryptoKeyVersionMapOutput) ToCryptoKeyVersionMapOutputWithContext 

func (o CryptoKeyVersionMapOutput) ToCryptoKeyVersionMapOutputWithContext(ctx context.Context) CryptoKeyVersionMapOutput

type CryptoKeyVersionOutput 

type CryptoKeyVersionOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionOutput) Algorithm 

func (o CryptoKeyVersionOutput) Algorithm() pulumi.StringOutput

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

func (CryptoKeyVersionOutput) Attestations 

func (o CryptoKeyVersionOutput) Attestations() CryptoKeyVersionAttestationArrayOutput

Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.

func (CryptoKeyVersionOutput) CryptoKey 

func (o CryptoKeyVersionOutput) CryptoKey() pulumi.StringOutput

The name of the cryptoKey associated with the CryptoKeyVersions. Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'`

***

func (CryptoKeyVersionOutput) ElementType 

func (CryptoKeyVersionOutput) ElementType() reflect.Type

func (CryptoKeyVersionOutput) ExternalProtectionLevelOptions 

func (o CryptoKeyVersionOutput) ExternalProtectionLevelOptions() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.

func (CryptoKeyVersionOutput) GenerateTime 

func (o CryptoKeyVersionOutput) GenerateTime() pulumi.StringOutput

The time this CryptoKeyVersion key material was generated

func (CryptoKeyVersionOutput) Name 

func (o CryptoKeyVersionOutput) Name() pulumi.StringOutput

The resource name for this CryptoKeyVersion.

func (CryptoKeyVersionOutput) ProtectionLevel 

func (o CryptoKeyVersionOutput) ProtectionLevel() pulumi.StringOutput

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

func (CryptoKeyVersionOutput) State 

func (o CryptoKeyVersionOutput) State() pulumi.StringOutput

The current state of the CryptoKeyVersion. Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`.

func (CryptoKeyVersionOutput) ToCryptoKeyVersionOutput 

func (o CryptoKeyVersionOutput) ToCryptoKeyVersionOutput() CryptoKeyVersionOutput

func (CryptoKeyVersionOutput) ToCryptoKeyVersionOutputWithContext 

func (o CryptoKeyVersionOutput) ToCryptoKeyVersionOutputWithContext(ctx context.Context) CryptoKeyVersionOutput

type CryptoKeyVersionState 

type CryptoKeyVersionState struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm pulumi.StringPtrInput
	// Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google.
	// Only provided for key versions with protectionLevel HSM.
	// Structure is documented below.
	Attestations CryptoKeyVersionAttestationArrayInput
	// The name of the cryptoKey associated with the CryptoKeyVersions.
	// Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'`
	//
	// ***
	CryptoKey pulumi.StringPtrInput
	// ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
	// Structure is documented below.
	ExternalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptionsPtrInput
	// The time this CryptoKeyVersion key material was generated
	GenerateTime pulumi.StringPtrInput
	// The resource name for this CryptoKeyVersion.
	Name pulumi.StringPtrInput
	// The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
	ProtectionLevel pulumi.StringPtrInput
	// The current state of the CryptoKeyVersion.
	// Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`.
	State pulumi.StringPtrInput
}

func (CryptoKeyVersionState) ElementType 

func (CryptoKeyVersionState) ElementType() reflect.Type

type CryptoKeyVersionTemplate 

type CryptoKeyVersionTemplate struct {
	// The algorithm to use when creating a version based on this template.
	// See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
	Algorithm string `pulumi:"algorithm"`
	// The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
	ProtectionLevel *string `pulumi:"protectionLevel"`
}

type CryptoKeyVersionTemplateArgs 

type CryptoKeyVersionTemplateArgs struct {
	// The algorithm to use when creating a version based on this template.
	// See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
	Algorithm pulumi.StringInput `pulumi:"algorithm"`
	// The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
	ProtectionLevel pulumi.StringPtrInput `pulumi:"protectionLevel"`
}

func (CryptoKeyVersionTemplateArgs) ElementType 

func (CryptoKeyVersionTemplateArgs) ElementType() reflect.Type

func (CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutput 

func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutput() CryptoKeyVersionTemplateOutput

func (CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutputWithContext 

func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateOutput

func (CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutput 

func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput

func (CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutputWithContext 

func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplatePtrOutput

type CryptoKeyVersionTemplateInput 

type CryptoKeyVersionTemplateInput interface {
	pulumi.Input

	ToCryptoKeyVersionTemplateOutput() CryptoKeyVersionTemplateOutput
	ToCryptoKeyVersionTemplateOutputWithContext(context.Context) CryptoKeyVersionTemplateOutput
}

CryptoKeyVersionTemplateInput is an input type that accepts CryptoKeyVersionTemplateArgs and CryptoKeyVersionTemplateOutput values. You can construct a concrete instance of `CryptoKeyVersionTemplateInput` via: 

CryptoKeyVersionTemplateArgs{...}

type CryptoKeyVersionTemplateOutput 

type CryptoKeyVersionTemplateOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionTemplateOutput) Algorithm 

func (o CryptoKeyVersionTemplateOutput) Algorithm() pulumi.StringOutput

The algorithm to use when creating a version based on this template. See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.

func (CryptoKeyVersionTemplateOutput) ElementType 

func (CryptoKeyVersionTemplateOutput) ElementType() reflect.Type

func (CryptoKeyVersionTemplateOutput) ProtectionLevel 

func (o CryptoKeyVersionTemplateOutput) ProtectionLevel() pulumi.StringPtrOutput

The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".

func (CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutput 

func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutput() CryptoKeyVersionTemplateOutput

func (CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutputWithContext 

func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateOutput

func (CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutput 

func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput

func (CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext 

func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplatePtrOutput

type CryptoKeyVersionTemplatePtrInput 

type CryptoKeyVersionTemplatePtrInput interface {
	pulumi.Input

	ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput
	ToCryptoKeyVersionTemplatePtrOutputWithContext(context.Context) CryptoKeyVersionTemplatePtrOutput
}

CryptoKeyVersionTemplatePtrInput is an input type that accepts CryptoKeyVersionTemplateArgs, CryptoKeyVersionTemplatePtr and CryptoKeyVersionTemplatePtrOutput values. You can construct a concrete instance of `CryptoKeyVersionTemplatePtrInput` via: 

        CryptoKeyVersionTemplateArgs{...}

or:

        nil

func CryptoKeyVersionTemplatePtr 

func CryptoKeyVersionTemplatePtr(v *CryptoKeyVersionTemplateArgs) CryptoKeyVersionTemplatePtrInput

type CryptoKeyVersionTemplatePtrOutput 

type CryptoKeyVersionTemplatePtrOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionTemplatePtrOutput) Algorithm 

func (o CryptoKeyVersionTemplatePtrOutput) Algorithm() pulumi.StringPtrOutput

The algorithm to use when creating a version based on this template. See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.

func (CryptoKeyVersionTemplatePtrOutput) Elem 

func (o CryptoKeyVersionTemplatePtrOutput) Elem() CryptoKeyVersionTemplateOutput

func (CryptoKeyVersionTemplatePtrOutput) ElementType 

func (CryptoKeyVersionTemplatePtrOutput) ElementType() reflect.Type

func (CryptoKeyVersionTemplatePtrOutput) ProtectionLevel 

func (o CryptoKeyVersionTemplatePtrOutput) ProtectionLevel() pulumi.StringPtrOutput

The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".

func (CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutput 

func (o CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput

func (CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext 

func (o CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplatePtrOutput

type EkmConnection 

type EkmConnection struct {
	pulumi.CustomResourceState

	// Output only. The time at which the EkmConnection was created.
	// A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
	CreateTime pulumi.StringOutput `pulumi:"createTime"`
	// Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if
	// KeyManagementMode is CLOUD_KMS.
	CryptoSpacePath pulumi.StringOutput `pulumi:"cryptoSpacePath"`
	// Optional. Etag of the currently stored EkmConnection.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL Default
	// value: "MANUAL" Possible values: ["MANUAL", "CLOUD_KMS"]
	KeyManagementMode pulumi.StringPtrOutput `pulumi:"keyManagementMode"`
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	Location pulumi.StringOutput `pulumi:"location"`
	// The resource name for the EkmConnection.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
	// A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported
	// Structure is documented below.
	ServiceResolvers EkmConnectionServiceResolverArrayOutput `pulumi:"serviceResolvers"`
}

`Ekm Connections` are used to control the connection settings for an `EXTERNAL_VPC` CryptoKey. It is used to connect customer's external key manager to Google Cloud EKM.

> **Note:** Ekm Connections cannot be deleted from Google Cloud Platform.

To get more information about EkmConnection, see:

* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.ekmConnections) * How-to Guides

## Example Usage

### Kms Ekm Connection Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnection(ctx, "example-ekmconnection", &kms.EkmConnectionArgs{
			Name:              pulumi.String("ekmconnection_example"),
			Location:          pulumi.String("us-central1"),
			KeyManagementMode: pulumi.String("MANUAL"),
			ServiceResolvers: kms.EkmConnectionServiceResolverArray{
				&kms.EkmConnectionServiceResolverArgs{
					ServiceDirectoryService: pulumi.String("projects/project_id/locations/us-central1/namespaces/namespace_name/services/service_name"),
					Hostname:                pulumi.String("example-ekm.goog"),
					ServerCertificates: kms.EkmConnectionServiceResolverServerCertificateArray{
						&kms.EkmConnectionServiceResolverServerCertificateArgs{
							RawDer: pulumi.String("==HAwIBCCAr6gAwIBAgIUWR+EV4lqiV7Ql12VY=="),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

EkmConnection can be imported using any of these accepted formats:

* `projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}`

* `{{project}}/{{location}}/{{name}}`

* `{{location}}/{{name}}`

When using the `pulumi import` command, EkmConnection can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:kms/ekmConnection:EkmConnection default projects/{{project}}/locations/{{location}}/ekmConnections/{{name}} ```

```sh $ pulumi import gcp:kms/ekmConnection:EkmConnection default {{project}}/{{location}}/{{name}} ```

```sh $ pulumi import gcp:kms/ekmConnection:EkmConnection default {{location}}/{{name}} ```

func GetEkmConnection 

func GetEkmConnection(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EkmConnectionState, opts ...pulumi.ResourceOption) (*EkmConnection, error)

GetEkmConnection gets an existing EkmConnection resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEkmConnection 

func NewEkmConnection(ctx *pulumi.Context,
	name string, args *EkmConnectionArgs, opts ...pulumi.ResourceOption) (*EkmConnection, error)

NewEkmConnection registers a new resource with the given unique name, arguments, and options.

func (*EkmConnection) ElementType 

func (*EkmConnection) ElementType() reflect.Type

func (*EkmConnection) ToEkmConnectionOutput 

func (i *EkmConnection) ToEkmConnectionOutput() EkmConnectionOutput

func (*EkmConnection) ToEkmConnectionOutputWithContext 

func (i *EkmConnection) ToEkmConnectionOutputWithContext(ctx context.Context) EkmConnectionOutput

type EkmConnectionArgs 

type EkmConnectionArgs struct {
	// Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if
	// KeyManagementMode is CLOUD_KMS.
	CryptoSpacePath pulumi.StringPtrInput
	// Optional. Etag of the currently stored EkmConnection.
	Etag pulumi.StringPtrInput
	// Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL Default
	// value: "MANUAL" Possible values: ["MANUAL", "CLOUD_KMS"]
	KeyManagementMode pulumi.StringPtrInput
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	Location pulumi.StringInput
	// The resource name for the EkmConnection.
	Name    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
	// A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported
	// Structure is documented below.
	ServiceResolvers EkmConnectionServiceResolverArrayInput
}

The set of arguments for constructing a EkmConnection resource.

func (EkmConnectionArgs) ElementType 

func (EkmConnectionArgs) ElementType() reflect.Type

type EkmConnectionArray 

type EkmConnectionArray []EkmConnectionInput

func (EkmConnectionArray) ElementType 

func (EkmConnectionArray) ElementType() reflect.Type

func (EkmConnectionArray) ToEkmConnectionArrayOutput 

func (i EkmConnectionArray) ToEkmConnectionArrayOutput() EkmConnectionArrayOutput

func (EkmConnectionArray) ToEkmConnectionArrayOutputWithContext 

func (i EkmConnectionArray) ToEkmConnectionArrayOutputWithContext(ctx context.Context) EkmConnectionArrayOutput

type EkmConnectionArrayInput 

type EkmConnectionArrayInput interface {
	pulumi.Input

	ToEkmConnectionArrayOutput() EkmConnectionArrayOutput
	ToEkmConnectionArrayOutputWithContext(context.Context) EkmConnectionArrayOutput
}

EkmConnectionArrayInput is an input type that accepts EkmConnectionArray and EkmConnectionArrayOutput values. You can construct a concrete instance of `EkmConnectionArrayInput` via: 

EkmConnectionArray{ EkmConnectionArgs{...} }

type EkmConnectionArrayOutput 

type EkmConnectionArrayOutput struct{ *pulumi.OutputState }

func (EkmConnectionArrayOutput) ElementType 

func (EkmConnectionArrayOutput) ElementType() reflect.Type

func (EkmConnectionArrayOutput) Index 

func (o EkmConnectionArrayOutput) Index(i pulumi.IntInput) EkmConnectionOutput

func (EkmConnectionArrayOutput) ToEkmConnectionArrayOutput 

func (o EkmConnectionArrayOutput) ToEkmConnectionArrayOutput() EkmConnectionArrayOutput

func (EkmConnectionArrayOutput) ToEkmConnectionArrayOutputWithContext 

func (o EkmConnectionArrayOutput) ToEkmConnectionArrayOutputWithContext(ctx context.Context) EkmConnectionArrayOutput

type EkmConnectionIamBinding 

type EkmConnectionIamBinding struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition EkmConnectionIamBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	// Used to find the parent resource to bind the IAM policy to. If not specified,
	// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
	// location is specified, it is taken from the provider configuration.
	Location pulumi.StringOutput `pulumi:"location"`
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// Used to find the parent resource to bind the IAM policy to
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:

* `kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached. * `kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved. * `kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.

A data source can be used to retrieve policy data in advent you do not need creation

* `kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection

> **Note:** `kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `kms.EkmConnectionIamBinding` and `kms.EkmConnectionIamMember` or they will fight over what your policy should be.

> **Note:** `kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.

> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.

## kms.EkmConnectionIamPolicy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{
			Project:    pulumi.Any(example_ekmconnection.Project),
			Location:   pulumi.Any(example_ekmconnection.Location),
			Name:       pulumi.Any(example_ekmconnection.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{
			Project:    pulumi.Any(example_ekmconnection.Project),
			Location:   pulumi.Any(example_ekmconnection.Location),
			Name:       pulumi.Any(example_ekmconnection.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## kms.EkmConnectionIamBinding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.EkmConnectionIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## kms.EkmConnectionIamMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
			Condition: &kms.EkmConnectionIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## This resource supports User Project Overrides.

-

# IAM policy for Cloud Key Management Service EkmConnection Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:

* `kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached. * `kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved. * `kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.

A data source can be used to retrieve policy data in advent you do not need creation

* `kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection

> **Note:** `kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `kms.EkmConnectionIamBinding` and `kms.EkmConnectionIamMember` or they will fight over what your policy should be.

> **Note:** `kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.

> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.

## kms.EkmConnectionIamPolicy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{
			Project:    pulumi.Any(example_ekmconnection.Project),
			Location:   pulumi.Any(example_ekmconnection.Location),
			Name:       pulumi.Any(example_ekmconnection.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{
			Project:    pulumi.Any(example_ekmconnection.Project),
			Location:   pulumi.Any(example_ekmconnection.Location),
			Name:       pulumi.Any(example_ekmconnection.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## kms.EkmConnectionIamBinding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.EkmConnectionIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## kms.EkmConnectionIamMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
			Condition: &kms.EkmConnectionIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms:

* projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}

* {{project}}/{{location}}/{{name}}

* {{location}}/{{name}}

Any variables not passed in the import command will be taken from the provider configuration.

Cloud Key Management Service ekmconnection IAM resources can be imported using the resource identifiers, role, and member.

IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.

```sh $ pulumi import gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding editor "projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer user:jane@example.com" ```

IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.

```sh $ pulumi import gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding editor "projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer" ```

IAM policy imports use the identifier of the resource in question, e.g.

```sh $ pulumi import gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding editor projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} ```

-> **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the 

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetEkmConnectionIamBinding 

func GetEkmConnectionIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EkmConnectionIamBindingState, opts ...pulumi.ResourceOption) (*EkmConnectionIamBinding, error)

GetEkmConnectionIamBinding gets an existing EkmConnectionIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEkmConnectionIamBinding 

func NewEkmConnectionIamBinding(ctx *pulumi.Context,
	name string, args *EkmConnectionIamBindingArgs, opts ...pulumi.ResourceOption) (*EkmConnectionIamBinding, error)

NewEkmConnectionIamBinding registers a new resource with the given unique name, arguments, and options.

func (*EkmConnectionIamBinding) ElementType 

func (*EkmConnectionIamBinding) ElementType() reflect.Type

func (*EkmConnectionIamBinding) ToEkmConnectionIamBindingOutput 

func (i *EkmConnectionIamBinding) ToEkmConnectionIamBindingOutput() EkmConnectionIamBindingOutput

func (*EkmConnectionIamBinding) ToEkmConnectionIamBindingOutputWithContext 

func (i *EkmConnectionIamBinding) ToEkmConnectionIamBindingOutputWithContext(ctx context.Context) EkmConnectionIamBindingOutput

type EkmConnectionIamBindingArgs 

type EkmConnectionIamBindingArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition EkmConnectionIamBindingConditionPtrInput
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	// Used to find the parent resource to bind the IAM policy to. If not specified,
	// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
	// location is specified, it is taken from the provider configuration.
	Location pulumi.StringPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Members pulumi.StringArrayInput
	// Used to find the parent resource to bind the IAM policy to
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a EkmConnectionIamBinding resource.

func (EkmConnectionIamBindingArgs) ElementType 

func (EkmConnectionIamBindingArgs) ElementType() reflect.Type

type EkmConnectionIamBindingArray 

type EkmConnectionIamBindingArray []EkmConnectionIamBindingInput

func (EkmConnectionIamBindingArray) ElementType 

func (EkmConnectionIamBindingArray) ElementType() reflect.Type

func (EkmConnectionIamBindingArray) ToEkmConnectionIamBindingArrayOutput 

func (i EkmConnectionIamBindingArray) ToEkmConnectionIamBindingArrayOutput() EkmConnectionIamBindingArrayOutput

func (EkmConnectionIamBindingArray) ToEkmConnectionIamBindingArrayOutputWithContext 

func (i EkmConnectionIamBindingArray) ToEkmConnectionIamBindingArrayOutputWithContext(ctx context.Context) EkmConnectionIamBindingArrayOutput

type EkmConnectionIamBindingArrayInput 

type EkmConnectionIamBindingArrayInput interface {
	pulumi.Input

	ToEkmConnectionIamBindingArrayOutput() EkmConnectionIamBindingArrayOutput
	ToEkmConnectionIamBindingArrayOutputWithContext(context.Context) EkmConnectionIamBindingArrayOutput
}

EkmConnectionIamBindingArrayInput is an input type that accepts EkmConnectionIamBindingArray and EkmConnectionIamBindingArrayOutput values. You can construct a concrete instance of `EkmConnectionIamBindingArrayInput` via: 

EkmConnectionIamBindingArray{ EkmConnectionIamBindingArgs{...} }

type EkmConnectionIamBindingArrayOutput 

type EkmConnectionIamBindingArrayOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamBindingArrayOutput) ElementType 

func (EkmConnectionIamBindingArrayOutput) ElementType() reflect.Type

func (EkmConnectionIamBindingArrayOutput) Index 

func (o EkmConnectionIamBindingArrayOutput) Index(i pulumi.IntInput) EkmConnectionIamBindingOutput

func (EkmConnectionIamBindingArrayOutput) ToEkmConnectionIamBindingArrayOutput 

func (o EkmConnectionIamBindingArrayOutput) ToEkmConnectionIamBindingArrayOutput() EkmConnectionIamBindingArrayOutput

func (EkmConnectionIamBindingArrayOutput) ToEkmConnectionIamBindingArrayOutputWithContext 

func (o EkmConnectionIamBindingArrayOutput) ToEkmConnectionIamBindingArrayOutputWithContext(ctx context.Context) EkmConnectionIamBindingArrayOutput

type EkmConnectionIamBindingCondition 

type EkmConnectionIamBindingCondition struct {
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type EkmConnectionIamBindingConditionArgs 

type EkmConnectionIamBindingConditionArgs struct {
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (EkmConnectionIamBindingConditionArgs) ElementType 

func (EkmConnectionIamBindingConditionArgs) ElementType() reflect.Type

func (EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionOutput 

func (i EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionOutput() EkmConnectionIamBindingConditionOutput

func (EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionOutputWithContext 

func (i EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionOutput

func (EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionPtrOutput 

func (i EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionPtrOutput() EkmConnectionIamBindingConditionPtrOutput

func (EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionPtrOutputWithContext 

func (i EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionPtrOutput

type EkmConnectionIamBindingConditionInput 

type EkmConnectionIamBindingConditionInput interface {
	pulumi.Input

	ToEkmConnectionIamBindingConditionOutput() EkmConnectionIamBindingConditionOutput
	ToEkmConnectionIamBindingConditionOutputWithContext(context.Context) EkmConnectionIamBindingConditionOutput
}

EkmConnectionIamBindingConditionInput is an input type that accepts EkmConnectionIamBindingConditionArgs and EkmConnectionIamBindingConditionOutput values. You can construct a concrete instance of `EkmConnectionIamBindingConditionInput` via: 

EkmConnectionIamBindingConditionArgs{...}

type EkmConnectionIamBindingConditionOutput 

type EkmConnectionIamBindingConditionOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamBindingConditionOutput) Description 

func (o EkmConnectionIamBindingConditionOutput) Description() pulumi.StringPtrOutput

func (EkmConnectionIamBindingConditionOutput) ElementType 

func (EkmConnectionIamBindingConditionOutput) ElementType() reflect.Type

func (EkmConnectionIamBindingConditionOutput) Expression 

func (o EkmConnectionIamBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (EkmConnectionIamBindingConditionOutput) Title 

func (o EkmConnectionIamBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionOutput 

func (o EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionOutput() EkmConnectionIamBindingConditionOutput

func (EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionOutputWithContext 

func (o EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionOutput

func (EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionPtrOutput 

func (o EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionPtrOutput() EkmConnectionIamBindingConditionPtrOutput

func (EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionPtrOutputWithContext 

func (o EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionPtrOutput

type EkmConnectionIamBindingConditionPtrInput 

type EkmConnectionIamBindingConditionPtrInput interface {
	pulumi.Input

	ToEkmConnectionIamBindingConditionPtrOutput() EkmConnectionIamBindingConditionPtrOutput
	ToEkmConnectionIamBindingConditionPtrOutputWithContext(context.Context) EkmConnectionIamBindingConditionPtrOutput
}

EkmConnectionIamBindingConditionPtrInput is an input type that accepts EkmConnectionIamBindingConditionArgs, EkmConnectionIamBindingConditionPtr and EkmConnectionIamBindingConditionPtrOutput values. You can construct a concrete instance of `EkmConnectionIamBindingConditionPtrInput` via: 

        EkmConnectionIamBindingConditionArgs{...}

or:

        nil

func EkmConnectionIamBindingConditionPtr 

func EkmConnectionIamBindingConditionPtr(v *EkmConnectionIamBindingConditionArgs) EkmConnectionIamBindingConditionPtrInput

type EkmConnectionIamBindingConditionPtrOutput 

type EkmConnectionIamBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamBindingConditionPtrOutput) Description 

func (o EkmConnectionIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

func (EkmConnectionIamBindingConditionPtrOutput) Elem 

func (o EkmConnectionIamBindingConditionPtrOutput) Elem() EkmConnectionIamBindingConditionOutput

func (EkmConnectionIamBindingConditionPtrOutput) ElementType 

func (EkmConnectionIamBindingConditionPtrOutput) ElementType() reflect.Type

func (EkmConnectionIamBindingConditionPtrOutput) Expression 

func (o EkmConnectionIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (EkmConnectionIamBindingConditionPtrOutput) Title 

func (o EkmConnectionIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (EkmConnectionIamBindingConditionPtrOutput) ToEkmConnectionIamBindingConditionPtrOutput 

func (o EkmConnectionIamBindingConditionPtrOutput) ToEkmConnectionIamBindingConditionPtrOutput() EkmConnectionIamBindingConditionPtrOutput

func (EkmConnectionIamBindingConditionPtrOutput) ToEkmConnectionIamBindingConditionPtrOutputWithContext 

func (o EkmConnectionIamBindingConditionPtrOutput) ToEkmConnectionIamBindingConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionPtrOutput

type EkmConnectionIamBindingInput 

type EkmConnectionIamBindingInput interface {
	pulumi.Input

	ToEkmConnectionIamBindingOutput() EkmConnectionIamBindingOutput
	ToEkmConnectionIamBindingOutputWithContext(ctx context.Context) EkmConnectionIamBindingOutput
}

type EkmConnectionIamBindingMap 

type EkmConnectionIamBindingMap map[string]EkmConnectionIamBindingInput

func (EkmConnectionIamBindingMap) ElementType 

func (EkmConnectionIamBindingMap) ElementType() reflect.Type

func (EkmConnectionIamBindingMap) ToEkmConnectionIamBindingMapOutput 

func (i EkmConnectionIamBindingMap) ToEkmConnectionIamBindingMapOutput() EkmConnectionIamBindingMapOutput

func (EkmConnectionIamBindingMap) ToEkmConnectionIamBindingMapOutputWithContext 

func (i EkmConnectionIamBindingMap) ToEkmConnectionIamBindingMapOutputWithContext(ctx context.Context) EkmConnectionIamBindingMapOutput

type EkmConnectionIamBindingMapInput 

type EkmConnectionIamBindingMapInput interface {
	pulumi.Input

	ToEkmConnectionIamBindingMapOutput() EkmConnectionIamBindingMapOutput
	ToEkmConnectionIamBindingMapOutputWithContext(context.Context) EkmConnectionIamBindingMapOutput
}

EkmConnectionIamBindingMapInput is an input type that accepts EkmConnectionIamBindingMap and EkmConnectionIamBindingMapOutput values. You can construct a concrete instance of `EkmConnectionIamBindingMapInput` via: 

EkmConnectionIamBindingMap{ "key": EkmConnectionIamBindingArgs{...} }

type EkmConnectionIamBindingMapOutput 

type EkmConnectionIamBindingMapOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamBindingMapOutput) ElementType 

func (EkmConnectionIamBindingMapOutput) ElementType() reflect.Type

func (EkmConnectionIamBindingMapOutput) MapIndex 

func (o EkmConnectionIamBindingMapOutput) MapIndex(k pulumi.StringInput) EkmConnectionIamBindingOutput

func (EkmConnectionIamBindingMapOutput) ToEkmConnectionIamBindingMapOutput 

func (o EkmConnectionIamBindingMapOutput) ToEkmConnectionIamBindingMapOutput() EkmConnectionIamBindingMapOutput

func (EkmConnectionIamBindingMapOutput) ToEkmConnectionIamBindingMapOutputWithContext 

func (o EkmConnectionIamBindingMapOutput) ToEkmConnectionIamBindingMapOutputWithContext(ctx context.Context) EkmConnectionIamBindingMapOutput

type EkmConnectionIamBindingOutput 

type EkmConnectionIamBindingOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamBindingOutput) Condition 

func (o EkmConnectionIamBindingOutput) Condition() EkmConnectionIamBindingConditionPtrOutput

An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.

func (EkmConnectionIamBindingOutput) ElementType 

func (EkmConnectionIamBindingOutput) ElementType() reflect.Type

func (EkmConnectionIamBindingOutput) Etag 

func (o EkmConnectionIamBindingOutput) Etag() pulumi.StringOutput

(Computed) The etag of the IAM policy.

func (EkmConnectionIamBindingOutput) Location 

func (o EkmConnectionIamBindingOutput) Location() pulumi.StringOutput

The location for the EkmConnection. A full list of valid locations can be found by running `gcloud kms locations list`. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration.

func (EkmConnectionIamBindingOutput) Members 

func (o EkmConnectionIamBindingOutput) Members() pulumi.StringArrayOutput

Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"

func (EkmConnectionIamBindingOutput) Name 

func (o EkmConnectionIamBindingOutput) Name() pulumi.StringOutput

Used to find the parent resource to bind the IAM policy to

func (EkmConnectionIamBindingOutput) Project 

func (o EkmConnectionIamBindingOutput) Project() pulumi.StringOutput

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

func (EkmConnectionIamBindingOutput) Role 

func (o EkmConnectionIamBindingOutput) Role() pulumi.StringOutput

The role that should be applied. Only one `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutput 

func (o EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutput() EkmConnectionIamBindingOutput

func (EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutputWithContext 

func (o EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutputWithContext(ctx context.Context) EkmConnectionIamBindingOutput

type EkmConnectionIamBindingState 

type EkmConnectionIamBindingState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition EkmConnectionIamBindingConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	// Used to find the parent resource to bind the IAM policy to. If not specified,
	// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
	// location is specified, it is taken from the provider configuration.
	Location pulumi.StringPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Members pulumi.StringArrayInput
	// Used to find the parent resource to bind the IAM policy to
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (EkmConnectionIamBindingState) ElementType 

func (EkmConnectionIamBindingState) ElementType() reflect.Type

type EkmConnectionIamMember 

type EkmConnectionIamMember struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition EkmConnectionIamMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	// Used to find the parent resource to bind the IAM policy to. If not specified,
	// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
	// location is specified, it is taken from the provider configuration.
	Location pulumi.StringOutput `pulumi:"location"`
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Member pulumi.StringOutput `pulumi:"member"`
	// Used to find the parent resource to bind the IAM policy to
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:

* `kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached. * `kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved. * `kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.

A data source can be used to retrieve policy data in advent you do not need creation

* `kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection

> **Note:** `kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `kms.EkmConnectionIamBinding` and `kms.EkmConnectionIamMember` or they will fight over what your policy should be.

> **Note:** `kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.

> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.

## kms.EkmConnectionIamPolicy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{
			Project:    pulumi.Any(example_ekmconnection.Project),
			Location:   pulumi.Any(example_ekmconnection.Location),
			Name:       pulumi.Any(example_ekmconnection.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{
			Project:    pulumi.Any(example_ekmconnection.Project),
			Location:   pulumi.Any(example_ekmconnection.Location),
			Name:       pulumi.Any(example_ekmconnection.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## kms.EkmConnectionIamBinding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.EkmConnectionIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## kms.EkmConnectionIamMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
			Condition: &kms.EkmConnectionIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## This resource supports User Project Overrides.

-

# IAM policy for Cloud Key Management Service EkmConnection Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:

* `kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached. * `kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved. * `kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.

A data source can be used to retrieve policy data in advent you do not need creation

* `kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection

> **Note:** `kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `kms.EkmConnectionIamBinding` and `kms.EkmConnectionIamMember` or they will fight over what your policy should be.

> **Note:** `kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.

> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.

## kms.EkmConnectionIamPolicy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{
			Project:    pulumi.Any(example_ekmconnection.Project),
			Location:   pulumi.Any(example_ekmconnection.Location),
			Name:       pulumi.Any(example_ekmconnection.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{
			Project:    pulumi.Any(example_ekmconnection.Project),
			Location:   pulumi.Any(example_ekmconnection.Location),
			Name:       pulumi.Any(example_ekmconnection.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## kms.EkmConnectionIamBinding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.EkmConnectionIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## kms.EkmConnectionIamMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
			Condition: &kms.EkmConnectionIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms:

* projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}

* {{project}}/{{location}}/{{name}}

* {{location}}/{{name}}

Any variables not passed in the import command will be taken from the provider configuration.

Cloud Key Management Service ekmconnection IAM resources can be imported using the resource identifiers, role, and member.

IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.

```sh $ pulumi import gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember editor "projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer user:jane@example.com" ```

IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.

```sh $ pulumi import gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember editor "projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer" ```

IAM policy imports use the identifier of the resource in question, e.g.

```sh $ pulumi import gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember editor projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} ```

-> **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the 

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetEkmConnectionIamMember 

func GetEkmConnectionIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EkmConnectionIamMemberState, opts ...pulumi.ResourceOption) (*EkmConnectionIamMember, error)

GetEkmConnectionIamMember gets an existing EkmConnectionIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEkmConnectionIamMember 

func NewEkmConnectionIamMember(ctx *pulumi.Context,
	name string, args *EkmConnectionIamMemberArgs, opts ...pulumi.ResourceOption) (*EkmConnectionIamMember, error)

NewEkmConnectionIamMember registers a new resource with the given unique name, arguments, and options.

func (*EkmConnectionIamMember) ElementType 

func (*EkmConnectionIamMember) ElementType() reflect.Type

func (*EkmConnectionIamMember) ToEkmConnectionIamMemberOutput 

func (i *EkmConnectionIamMember) ToEkmConnectionIamMemberOutput() EkmConnectionIamMemberOutput

func (*EkmConnectionIamMember) ToEkmConnectionIamMemberOutputWithContext 

func (i *EkmConnectionIamMember) ToEkmConnectionIamMemberOutputWithContext(ctx context.Context) EkmConnectionIamMemberOutput

type EkmConnectionIamMemberArgs 

type EkmConnectionIamMemberArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition EkmConnectionIamMemberConditionPtrInput
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	// Used to find the parent resource to bind the IAM policy to. If not specified,
	// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
	// location is specified, it is taken from the provider configuration.
	Location pulumi.StringPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Member pulumi.StringInput
	// Used to find the parent resource to bind the IAM policy to
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a EkmConnectionIamMember resource.

func (EkmConnectionIamMemberArgs) ElementType 

func (EkmConnectionIamMemberArgs) ElementType() reflect.Type

type EkmConnectionIamMemberArray 

type EkmConnectionIamMemberArray []EkmConnectionIamMemberInput

func (EkmConnectionIamMemberArray) ElementType 

func (EkmConnectionIamMemberArray) ElementType() reflect.Type

func (EkmConnectionIamMemberArray) ToEkmConnectionIamMemberArrayOutput 

func (i EkmConnectionIamMemberArray) ToEkmConnectionIamMemberArrayOutput() EkmConnectionIamMemberArrayOutput

func (EkmConnectionIamMemberArray) ToEkmConnectionIamMemberArrayOutputWithContext 

func (i EkmConnectionIamMemberArray) ToEkmConnectionIamMemberArrayOutputWithContext(ctx context.Context) EkmConnectionIamMemberArrayOutput

type EkmConnectionIamMemberArrayInput 

type EkmConnectionIamMemberArrayInput interface {
	pulumi.Input

	ToEkmConnectionIamMemberArrayOutput() EkmConnectionIamMemberArrayOutput
	ToEkmConnectionIamMemberArrayOutputWithContext(context.Context) EkmConnectionIamMemberArrayOutput
}

EkmConnectionIamMemberArrayInput is an input type that accepts EkmConnectionIamMemberArray and EkmConnectionIamMemberArrayOutput values. You can construct a concrete instance of `EkmConnectionIamMemberArrayInput` via: 

EkmConnectionIamMemberArray{ EkmConnectionIamMemberArgs{...} }

type EkmConnectionIamMemberArrayOutput 

type EkmConnectionIamMemberArrayOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamMemberArrayOutput) ElementType 

func (EkmConnectionIamMemberArrayOutput) ElementType() reflect.Type

func (EkmConnectionIamMemberArrayOutput) Index 

func (o EkmConnectionIamMemberArrayOutput) Index(i pulumi.IntInput) EkmConnectionIamMemberOutput

func (EkmConnectionIamMemberArrayOutput) ToEkmConnectionIamMemberArrayOutput 

func (o EkmConnectionIamMemberArrayOutput) ToEkmConnectionIamMemberArrayOutput() EkmConnectionIamMemberArrayOutput

func (EkmConnectionIamMemberArrayOutput) ToEkmConnectionIamMemberArrayOutputWithContext 

func (o EkmConnectionIamMemberArrayOutput) ToEkmConnectionIamMemberArrayOutputWithContext(ctx context.Context) EkmConnectionIamMemberArrayOutput

type EkmConnectionIamMemberCondition 

type EkmConnectionIamMemberCondition struct {
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type EkmConnectionIamMemberConditionArgs 

type EkmConnectionIamMemberConditionArgs struct {
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (EkmConnectionIamMemberConditionArgs) ElementType 

func (EkmConnectionIamMemberConditionArgs) ElementType() reflect.Type

func (EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionOutput 

func (i EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionOutput() EkmConnectionIamMemberConditionOutput

func (EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionOutputWithContext 

func (i EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionOutput

func (EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionPtrOutput 

func (i EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionPtrOutput() EkmConnectionIamMemberConditionPtrOutput

func (EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionPtrOutputWithContext 

func (i EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionPtrOutput

type EkmConnectionIamMemberConditionInput 

type EkmConnectionIamMemberConditionInput interface {
	pulumi.Input

	ToEkmConnectionIamMemberConditionOutput() EkmConnectionIamMemberConditionOutput
	ToEkmConnectionIamMemberConditionOutputWithContext(context.Context) EkmConnectionIamMemberConditionOutput
}

EkmConnectionIamMemberConditionInput is an input type that accepts EkmConnectionIamMemberConditionArgs and EkmConnectionIamMemberConditionOutput values. You can construct a concrete instance of `EkmConnectionIamMemberConditionInput` via: 

EkmConnectionIamMemberConditionArgs{...}

type EkmConnectionIamMemberConditionOutput 

type EkmConnectionIamMemberConditionOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamMemberConditionOutput) Description 

func (o EkmConnectionIamMemberConditionOutput) Description() pulumi.StringPtrOutput

func (EkmConnectionIamMemberConditionOutput) ElementType 

func (EkmConnectionIamMemberConditionOutput) ElementType() reflect.Type

func (EkmConnectionIamMemberConditionOutput) Expression 

func (o EkmConnectionIamMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (EkmConnectionIamMemberConditionOutput) Title 

func (o EkmConnectionIamMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionOutput 

func (o EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionOutput() EkmConnectionIamMemberConditionOutput

func (EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionOutputWithContext 

func (o EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionOutput

func (EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionPtrOutput 

func (o EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionPtrOutput() EkmConnectionIamMemberConditionPtrOutput

func (EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionPtrOutputWithContext 

func (o EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionPtrOutput

type EkmConnectionIamMemberConditionPtrInput 

type EkmConnectionIamMemberConditionPtrInput interface {
	pulumi.Input

	ToEkmConnectionIamMemberConditionPtrOutput() EkmConnectionIamMemberConditionPtrOutput
	ToEkmConnectionIamMemberConditionPtrOutputWithContext(context.Context) EkmConnectionIamMemberConditionPtrOutput
}

EkmConnectionIamMemberConditionPtrInput is an input type that accepts EkmConnectionIamMemberConditionArgs, EkmConnectionIamMemberConditionPtr and EkmConnectionIamMemberConditionPtrOutput values. You can construct a concrete instance of `EkmConnectionIamMemberConditionPtrInput` via: 

        EkmConnectionIamMemberConditionArgs{...}

or:

        nil

func EkmConnectionIamMemberConditionPtr 

func EkmConnectionIamMemberConditionPtr(v *EkmConnectionIamMemberConditionArgs) EkmConnectionIamMemberConditionPtrInput

type EkmConnectionIamMemberConditionPtrOutput 

type EkmConnectionIamMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamMemberConditionPtrOutput) Description 

func (o EkmConnectionIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

func (EkmConnectionIamMemberConditionPtrOutput) Elem 

func (o EkmConnectionIamMemberConditionPtrOutput) Elem() EkmConnectionIamMemberConditionOutput

func (EkmConnectionIamMemberConditionPtrOutput) ElementType 

func (EkmConnectionIamMemberConditionPtrOutput) ElementType() reflect.Type

func (EkmConnectionIamMemberConditionPtrOutput) Expression 

func (o EkmConnectionIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (EkmConnectionIamMemberConditionPtrOutput) Title 

func (o EkmConnectionIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (EkmConnectionIamMemberConditionPtrOutput) ToEkmConnectionIamMemberConditionPtrOutput 

func (o EkmConnectionIamMemberConditionPtrOutput) ToEkmConnectionIamMemberConditionPtrOutput() EkmConnectionIamMemberConditionPtrOutput

func (EkmConnectionIamMemberConditionPtrOutput) ToEkmConnectionIamMemberConditionPtrOutputWithContext 

func (o EkmConnectionIamMemberConditionPtrOutput) ToEkmConnectionIamMemberConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionPtrOutput

type EkmConnectionIamMemberInput 

type EkmConnectionIamMemberInput interface {
	pulumi.Input

	ToEkmConnectionIamMemberOutput() EkmConnectionIamMemberOutput
	ToEkmConnectionIamMemberOutputWithContext(ctx context.Context) EkmConnectionIamMemberOutput
}

type EkmConnectionIamMemberMap 

type EkmConnectionIamMemberMap map[string]EkmConnectionIamMemberInput

func (EkmConnectionIamMemberMap) ElementType 

func (EkmConnectionIamMemberMap) ElementType() reflect.Type

func (EkmConnectionIamMemberMap) ToEkmConnectionIamMemberMapOutput 

func (i EkmConnectionIamMemberMap) ToEkmConnectionIamMemberMapOutput() EkmConnectionIamMemberMapOutput

func (EkmConnectionIamMemberMap) ToEkmConnectionIamMemberMapOutputWithContext 

func (i EkmConnectionIamMemberMap) ToEkmConnectionIamMemberMapOutputWithContext(ctx context.Context) EkmConnectionIamMemberMapOutput

type EkmConnectionIamMemberMapInput 

type EkmConnectionIamMemberMapInput interface {
	pulumi.Input

	ToEkmConnectionIamMemberMapOutput() EkmConnectionIamMemberMapOutput
	ToEkmConnectionIamMemberMapOutputWithContext(context.Context) EkmConnectionIamMemberMapOutput
}

EkmConnectionIamMemberMapInput is an input type that accepts EkmConnectionIamMemberMap and EkmConnectionIamMemberMapOutput values. You can construct a concrete instance of `EkmConnectionIamMemberMapInput` via: 

EkmConnectionIamMemberMap{ "key": EkmConnectionIamMemberArgs{...} }

type EkmConnectionIamMemberMapOutput 

type EkmConnectionIamMemberMapOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamMemberMapOutput) ElementType 

func (EkmConnectionIamMemberMapOutput) ElementType() reflect.Type

func (EkmConnectionIamMemberMapOutput) MapIndex 

func (o EkmConnectionIamMemberMapOutput) MapIndex(k pulumi.StringInput) EkmConnectionIamMemberOutput

func (EkmConnectionIamMemberMapOutput) ToEkmConnectionIamMemberMapOutput 

func (o EkmConnectionIamMemberMapOutput) ToEkmConnectionIamMemberMapOutput() EkmConnectionIamMemberMapOutput

func (EkmConnectionIamMemberMapOutput) ToEkmConnectionIamMemberMapOutputWithContext 

func (o EkmConnectionIamMemberMapOutput) ToEkmConnectionIamMemberMapOutputWithContext(ctx context.Context) EkmConnectionIamMemberMapOutput

type EkmConnectionIamMemberOutput 

type EkmConnectionIamMemberOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamMemberOutput) Condition 

func (o EkmConnectionIamMemberOutput) Condition() EkmConnectionIamMemberConditionPtrOutput

An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.

func (EkmConnectionIamMemberOutput) ElementType 

func (EkmConnectionIamMemberOutput) ElementType() reflect.Type

func (EkmConnectionIamMemberOutput) Etag 

func (o EkmConnectionIamMemberOutput) Etag() pulumi.StringOutput

(Computed) The etag of the IAM policy.

func (EkmConnectionIamMemberOutput) Location 

func (o EkmConnectionIamMemberOutput) Location() pulumi.StringOutput

The location for the EkmConnection. A full list of valid locations can be found by running `gcloud kms locations list`. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration.

func (EkmConnectionIamMemberOutput) Member 

func (o EkmConnectionIamMemberOutput) Member() pulumi.StringOutput

Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"

func (EkmConnectionIamMemberOutput) Name 

func (o EkmConnectionIamMemberOutput) Name() pulumi.StringOutput

Used to find the parent resource to bind the IAM policy to

func (EkmConnectionIamMemberOutput) Project 

func (o EkmConnectionIamMemberOutput) Project() pulumi.StringOutput

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

func (EkmConnectionIamMemberOutput) Role 

func (o EkmConnectionIamMemberOutput) Role() pulumi.StringOutput

The role that should be applied. Only one `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutput 

func (o EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutput() EkmConnectionIamMemberOutput

func (EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutputWithContext 

func (o EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutputWithContext(ctx context.Context) EkmConnectionIamMemberOutput

type EkmConnectionIamMemberState 

type EkmConnectionIamMemberState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition EkmConnectionIamMemberConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	// Used to find the parent resource to bind the IAM policy to. If not specified,
	// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
	// location is specified, it is taken from the provider configuration.
	Location pulumi.StringPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Member pulumi.StringPtrInput
	// Used to find the parent resource to bind the IAM policy to
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (EkmConnectionIamMemberState) ElementType 

func (EkmConnectionIamMemberState) ElementType() reflect.Type

type EkmConnectionIamPolicy 

type EkmConnectionIamPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	// Used to find the parent resource to bind the IAM policy to. If not specified,
	// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
	// location is specified, it is taken from the provider configuration.
	Location pulumi.StringOutput `pulumi:"location"`
	// Used to find the parent resource to bind the IAM policy to
	Name pulumi.StringOutput `pulumi:"name"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
}

Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:

* `kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached. * `kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved. * `kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.

A data source can be used to retrieve policy data in advent you do not need creation

* `kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection

> **Note:** `kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `kms.EkmConnectionIamBinding` and `kms.EkmConnectionIamMember` or they will fight over what your policy should be.

> **Note:** `kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.

> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.

## kms.EkmConnectionIamPolicy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{
			Project:    pulumi.Any(example_ekmconnection.Project),
			Location:   pulumi.Any(example_ekmconnection.Location),
			Name:       pulumi.Any(example_ekmconnection.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{
			Project:    pulumi.Any(example_ekmconnection.Project),
			Location:   pulumi.Any(example_ekmconnection.Location),
			Name:       pulumi.Any(example_ekmconnection.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## kms.EkmConnectionIamBinding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.EkmConnectionIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## kms.EkmConnectionIamMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
			Condition: &kms.EkmConnectionIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## This resource supports User Project Overrides.

-

# IAM policy for Cloud Key Management Service EkmConnection Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:

* `kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached. * `kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved. * `kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.

A data source can be used to retrieve policy data in advent you do not need creation

* `kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection

> **Note:** `kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `kms.EkmConnectionIamBinding` and `kms.EkmConnectionIamMember` or they will fight over what your policy should be.

> **Note:** `kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.

> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.

## kms.EkmConnectionIamPolicy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{
			Project:    pulumi.Any(example_ekmconnection.Project),
			Location:   pulumi.Any(example_ekmconnection.Location),
			Name:       pulumi.Any(example_ekmconnection.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{
			Project:    pulumi.Any(example_ekmconnection.Project),
			Location:   pulumi.Any(example_ekmconnection.Location),
			Name:       pulumi.Any(example_ekmconnection.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## kms.EkmConnectionIamBinding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.EkmConnectionIamBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ## kms.EkmConnectionIamMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{
			Project:  pulumi.Any(example_ekmconnection.Project),
			Location: pulumi.Any(example_ekmconnection.Location),
			Name:     pulumi.Any(example_ekmconnection.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
			Condition: &kms.EkmConnectionIamMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms:

* projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}

* {{project}}/{{location}}/{{name}}

* {{location}}/{{name}}

Any variables not passed in the import command will be taken from the provider configuration.

Cloud Key Management Service ekmconnection IAM resources can be imported using the resource identifiers, role, and member.

IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.

```sh $ pulumi import gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy editor "projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer user:jane@example.com" ```

IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.

```sh $ pulumi import gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy editor "projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer" ```

IAM policy imports use the identifier of the resource in question, e.g.

```sh $ pulumi import gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy editor projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} ```

-> **Custom Roles** If you're importing a IAM resource with a custom role, make sure to use the 

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetEkmConnectionIamPolicy 

func GetEkmConnectionIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EkmConnectionIamPolicyState, opts ...pulumi.ResourceOption) (*EkmConnectionIamPolicy, error)

GetEkmConnectionIamPolicy gets an existing EkmConnectionIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEkmConnectionIamPolicy 

func NewEkmConnectionIamPolicy(ctx *pulumi.Context,
	name string, args *EkmConnectionIamPolicyArgs, opts ...pulumi.ResourceOption) (*EkmConnectionIamPolicy, error)

NewEkmConnectionIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*EkmConnectionIamPolicy) ElementType 

func (*EkmConnectionIamPolicy) ElementType() reflect.Type

func (*EkmConnectionIamPolicy) ToEkmConnectionIamPolicyOutput 

func (i *EkmConnectionIamPolicy) ToEkmConnectionIamPolicyOutput() EkmConnectionIamPolicyOutput

func (*EkmConnectionIamPolicy) ToEkmConnectionIamPolicyOutputWithContext 

func (i *EkmConnectionIamPolicy) ToEkmConnectionIamPolicyOutputWithContext(ctx context.Context) EkmConnectionIamPolicyOutput

type EkmConnectionIamPolicyArgs 

type EkmConnectionIamPolicyArgs struct {
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	// Used to find the parent resource to bind the IAM policy to. If not specified,
	// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
	// location is specified, it is taken from the provider configuration.
	Location pulumi.StringPtrInput
	// Used to find the parent resource to bind the IAM policy to
	Name pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a EkmConnectionIamPolicy resource.

func (EkmConnectionIamPolicyArgs) ElementType 

func (EkmConnectionIamPolicyArgs) ElementType() reflect.Type

type EkmConnectionIamPolicyArray 

type EkmConnectionIamPolicyArray []EkmConnectionIamPolicyInput

func (EkmConnectionIamPolicyArray) ElementType 

func (EkmConnectionIamPolicyArray) ElementType() reflect.Type

func (EkmConnectionIamPolicyArray) ToEkmConnectionIamPolicyArrayOutput 

func (i EkmConnectionIamPolicyArray) ToEkmConnectionIamPolicyArrayOutput() EkmConnectionIamPolicyArrayOutput

func (EkmConnectionIamPolicyArray) ToEkmConnectionIamPolicyArrayOutputWithContext 

func (i EkmConnectionIamPolicyArray) ToEkmConnectionIamPolicyArrayOutputWithContext(ctx context.Context) EkmConnectionIamPolicyArrayOutput

type EkmConnectionIamPolicyArrayInput 

type EkmConnectionIamPolicyArrayInput interface {
	pulumi.Input

	ToEkmConnectionIamPolicyArrayOutput() EkmConnectionIamPolicyArrayOutput
	ToEkmConnectionIamPolicyArrayOutputWithContext(context.Context) EkmConnectionIamPolicyArrayOutput
}

EkmConnectionIamPolicyArrayInput is an input type that accepts EkmConnectionIamPolicyArray and EkmConnectionIamPolicyArrayOutput values. You can construct a concrete instance of `EkmConnectionIamPolicyArrayInput` via: 

EkmConnectionIamPolicyArray{ EkmConnectionIamPolicyArgs{...} }

type EkmConnectionIamPolicyArrayOutput 

type EkmConnectionIamPolicyArrayOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamPolicyArrayOutput) ElementType 

func (EkmConnectionIamPolicyArrayOutput) ElementType() reflect.Type

func (EkmConnectionIamPolicyArrayOutput) Index 

func (o EkmConnectionIamPolicyArrayOutput) Index(i pulumi.IntInput) EkmConnectionIamPolicyOutput

func (EkmConnectionIamPolicyArrayOutput) ToEkmConnectionIamPolicyArrayOutput 

func (o EkmConnectionIamPolicyArrayOutput) ToEkmConnectionIamPolicyArrayOutput() EkmConnectionIamPolicyArrayOutput

func (EkmConnectionIamPolicyArrayOutput) ToEkmConnectionIamPolicyArrayOutputWithContext 

func (o EkmConnectionIamPolicyArrayOutput) ToEkmConnectionIamPolicyArrayOutputWithContext(ctx context.Context) EkmConnectionIamPolicyArrayOutput

type EkmConnectionIamPolicyInput 

type EkmConnectionIamPolicyInput interface {
	pulumi.Input

	ToEkmConnectionIamPolicyOutput() EkmConnectionIamPolicyOutput
	ToEkmConnectionIamPolicyOutputWithContext(ctx context.Context) EkmConnectionIamPolicyOutput
}

type EkmConnectionIamPolicyMap 

type EkmConnectionIamPolicyMap map[string]EkmConnectionIamPolicyInput

func (EkmConnectionIamPolicyMap) ElementType 

func (EkmConnectionIamPolicyMap) ElementType() reflect.Type

func (EkmConnectionIamPolicyMap) ToEkmConnectionIamPolicyMapOutput 

func (i EkmConnectionIamPolicyMap) ToEkmConnectionIamPolicyMapOutput() EkmConnectionIamPolicyMapOutput

func (EkmConnectionIamPolicyMap) ToEkmConnectionIamPolicyMapOutputWithContext 

func (i EkmConnectionIamPolicyMap) ToEkmConnectionIamPolicyMapOutputWithContext(ctx context.Context) EkmConnectionIamPolicyMapOutput

type EkmConnectionIamPolicyMapInput 

type EkmConnectionIamPolicyMapInput interface {
	pulumi.Input

	ToEkmConnectionIamPolicyMapOutput() EkmConnectionIamPolicyMapOutput
	ToEkmConnectionIamPolicyMapOutputWithContext(context.Context) EkmConnectionIamPolicyMapOutput
}

EkmConnectionIamPolicyMapInput is an input type that accepts EkmConnectionIamPolicyMap and EkmConnectionIamPolicyMapOutput values. You can construct a concrete instance of `EkmConnectionIamPolicyMapInput` via: 

EkmConnectionIamPolicyMap{ "key": EkmConnectionIamPolicyArgs{...} }

type EkmConnectionIamPolicyMapOutput 

type EkmConnectionIamPolicyMapOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamPolicyMapOutput) ElementType 

func (EkmConnectionIamPolicyMapOutput) ElementType() reflect.Type

func (EkmConnectionIamPolicyMapOutput) MapIndex 

func (o EkmConnectionIamPolicyMapOutput) MapIndex(k pulumi.StringInput) EkmConnectionIamPolicyOutput

func (EkmConnectionIamPolicyMapOutput) ToEkmConnectionIamPolicyMapOutput 

func (o EkmConnectionIamPolicyMapOutput) ToEkmConnectionIamPolicyMapOutput() EkmConnectionIamPolicyMapOutput

func (EkmConnectionIamPolicyMapOutput) ToEkmConnectionIamPolicyMapOutputWithContext 

func (o EkmConnectionIamPolicyMapOutput) ToEkmConnectionIamPolicyMapOutputWithContext(ctx context.Context) EkmConnectionIamPolicyMapOutput

type EkmConnectionIamPolicyOutput 

type EkmConnectionIamPolicyOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamPolicyOutput) ElementType 

func (EkmConnectionIamPolicyOutput) ElementType() reflect.Type

func (EkmConnectionIamPolicyOutput) Etag 

func (o EkmConnectionIamPolicyOutput) Etag() pulumi.StringOutput

(Computed) The etag of the IAM policy.

func (EkmConnectionIamPolicyOutput) Location 

func (o EkmConnectionIamPolicyOutput) Location() pulumi.StringOutput

The location for the EkmConnection. A full list of valid locations can be found by running `gcloud kms locations list`. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration.

func (EkmConnectionIamPolicyOutput) Name 

func (o EkmConnectionIamPolicyOutput) Name() pulumi.StringOutput

Used to find the parent resource to bind the IAM policy to

func (EkmConnectionIamPolicyOutput) PolicyData 

func (o EkmConnectionIamPolicyOutput) PolicyData() pulumi.StringOutput

The policy data generated by a `organizations.getIAMPolicy` data source.

func (EkmConnectionIamPolicyOutput) Project 

func (o EkmConnectionIamPolicyOutput) Project() pulumi.StringOutput

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

func (EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutput 

func (o EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutput() EkmConnectionIamPolicyOutput

func (EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutputWithContext 

func (o EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutputWithContext(ctx context.Context) EkmConnectionIamPolicyOutput

type EkmConnectionIamPolicyState 

type EkmConnectionIamPolicyState struct {
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	// Used to find the parent resource to bind the IAM policy to. If not specified,
	// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
	// location is specified, it is taken from the provider configuration.
	Location pulumi.StringPtrInput
	// Used to find the parent resource to bind the IAM policy to
	Name pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
}

func (EkmConnectionIamPolicyState) ElementType 

func (EkmConnectionIamPolicyState) ElementType() reflect.Type

type EkmConnectionInput 

type EkmConnectionInput interface {
	pulumi.Input

	ToEkmConnectionOutput() EkmConnectionOutput
	ToEkmConnectionOutputWithContext(ctx context.Context) EkmConnectionOutput
}

type EkmConnectionMap 

type EkmConnectionMap map[string]EkmConnectionInput

func (EkmConnectionMap) ElementType 

func (EkmConnectionMap) ElementType() reflect.Type

func (EkmConnectionMap) ToEkmConnectionMapOutput 

func (i EkmConnectionMap) ToEkmConnectionMapOutput() EkmConnectionMapOutput

func (EkmConnectionMap) ToEkmConnectionMapOutputWithContext 

func (i EkmConnectionMap) ToEkmConnectionMapOutputWithContext(ctx context.Context) EkmConnectionMapOutput

type EkmConnectionMapInput 

type EkmConnectionMapInput interface {
	pulumi.Input

	ToEkmConnectionMapOutput() EkmConnectionMapOutput
	ToEkmConnectionMapOutputWithContext(context.Context) EkmConnectionMapOutput
}

EkmConnectionMapInput is an input type that accepts EkmConnectionMap and EkmConnectionMapOutput values. You can construct a concrete instance of `EkmConnectionMapInput` via: 

EkmConnectionMap{ "key": EkmConnectionArgs{...} }

type EkmConnectionMapOutput 

type EkmConnectionMapOutput struct{ *pulumi.OutputState }

func (EkmConnectionMapOutput) ElementType 

func (EkmConnectionMapOutput) ElementType() reflect.Type

func (EkmConnectionMapOutput) MapIndex 

func (o EkmConnectionMapOutput) MapIndex(k pulumi.StringInput) EkmConnectionOutput

func (EkmConnectionMapOutput) ToEkmConnectionMapOutput 

func (o EkmConnectionMapOutput) ToEkmConnectionMapOutput() EkmConnectionMapOutput

func (EkmConnectionMapOutput) ToEkmConnectionMapOutputWithContext 

func (o EkmConnectionMapOutput) ToEkmConnectionMapOutputWithContext(ctx context.Context) EkmConnectionMapOutput

type EkmConnectionOutput 

type EkmConnectionOutput struct{ *pulumi.OutputState }

func (EkmConnectionOutput) CreateTime 

func (o EkmConnectionOutput) CreateTime() pulumi.StringOutput

Output only. The time at which the EkmConnection was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

func (EkmConnectionOutput) CryptoSpacePath 

func (o EkmConnectionOutput) CryptoSpacePath() pulumi.StringOutput

Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.

func (EkmConnectionOutput) ElementType 

func (EkmConnectionOutput) ElementType() reflect.Type

func (EkmConnectionOutput) Etag 

func (o EkmConnectionOutput) Etag() pulumi.StringOutput

Optional. Etag of the currently stored EkmConnection.

func (EkmConnectionOutput) KeyManagementMode 

func (o EkmConnectionOutput) KeyManagementMode() pulumi.StringPtrOutput

Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL Default value: "MANUAL" Possible values: ["MANUAL", "CLOUD_KMS"]

func (EkmConnectionOutput) Location 

func (o EkmConnectionOutput) Location() pulumi.StringOutput

The location for the EkmConnection. A full list of valid locations can be found by running `gcloud kms locations list`.

func (EkmConnectionOutput) Name 

func (o EkmConnectionOutput) Name() pulumi.StringOutput

The resource name for the EkmConnection.

func (EkmConnectionOutput) Project 

func (o EkmConnectionOutput) Project() pulumi.StringOutput

func (EkmConnectionOutput) ServiceResolvers 

func (o EkmConnectionOutput) ServiceResolvers() EkmConnectionServiceResolverArrayOutput

A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported Structure is documented below.

func (EkmConnectionOutput) ToEkmConnectionOutput 

func (o EkmConnectionOutput) ToEkmConnectionOutput() EkmConnectionOutput

func (EkmConnectionOutput) ToEkmConnectionOutputWithContext 

func (o EkmConnectionOutput) ToEkmConnectionOutputWithContext(ctx context.Context) EkmConnectionOutput

type EkmConnectionServiceResolver 

type EkmConnectionServiceResolver struct {
	// Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
	EndpointFilter *string `pulumi:"endpointFilter"`
	// Required. The hostname of the EKM replica used at TLS and HTTP layers.
	Hostname string `pulumi:"hostname"`
	// Required. A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported.
	// Structure is documented below.
	ServerCertificates []EkmConnectionServiceResolverServerCertificate `pulumi:"serverCertificates"`
	// Required. The resource name of the Service Directory service pointing to an EKM replica, in the format projects/*/locations/*/namespaces/*/services/*
	ServiceDirectoryService string `pulumi:"serviceDirectoryService"`
}

type EkmConnectionServiceResolverArgs 

type EkmConnectionServiceResolverArgs struct {
	// Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
	EndpointFilter pulumi.StringPtrInput `pulumi:"endpointFilter"`
	// Required. The hostname of the EKM replica used at TLS and HTTP layers.
	Hostname pulumi.StringInput `pulumi:"hostname"`
	// Required. A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported.
	// Structure is documented below.
	ServerCertificates EkmConnectionServiceResolverServerCertificateArrayInput `pulumi:"serverCertificates"`
	// Required. The resource name of the Service Directory service pointing to an EKM replica, in the format projects/*/locations/*/namespaces/*/services/*
	ServiceDirectoryService pulumi.StringInput `pulumi:"serviceDirectoryService"`
}

func (EkmConnectionServiceResolverArgs) ElementType 

func (EkmConnectionServiceResolverArgs) ElementType() reflect.Type

func (EkmConnectionServiceResolverArgs) ToEkmConnectionServiceResolverOutput 

func (i EkmConnectionServiceResolverArgs) ToEkmConnectionServiceResolverOutput() EkmConnectionServiceResolverOutput

func (EkmConnectionServiceResolverArgs) ToEkmConnectionServiceResolverOutputWithContext 

func (i EkmConnectionServiceResolverArgs) ToEkmConnectionServiceResolverOutputWithContext(ctx context.Context) EkmConnectionServiceResolverOutput

type EkmConnectionServiceResolverArray 

type EkmConnectionServiceResolverArray []EkmConnectionServiceResolverInput

func (EkmConnectionServiceResolverArray) ElementType 

func (EkmConnectionServiceResolverArray) ElementType() reflect.Type

func (EkmConnectionServiceResolverArray) ToEkmConnectionServiceResolverArrayOutput 

func (i EkmConnectionServiceResolverArray) ToEkmConnectionServiceResolverArrayOutput() EkmConnectionServiceResolverArrayOutput

func (EkmConnectionServiceResolverArray) ToEkmConnectionServiceResolverArrayOutputWithContext 

func (i EkmConnectionServiceResolverArray) ToEkmConnectionServiceResolverArrayOutputWithContext(ctx context.Context) EkmConnectionServiceResolverArrayOutput

type EkmConnectionServiceResolverArrayInput 

type EkmConnectionServiceResolverArrayInput interface {
	pulumi.Input

	ToEkmConnectionServiceResolverArrayOutput() EkmConnectionServiceResolverArrayOutput
	ToEkmConnectionServiceResolverArrayOutputWithContext(context.Context) EkmConnectionServiceResolverArrayOutput
}

EkmConnectionServiceResolverArrayInput is an input type that accepts EkmConnectionServiceResolverArray and EkmConnectionServiceResolverArrayOutput values. You can construct a concrete instance of `EkmConnectionServiceResolverArrayInput` via: 

EkmConnectionServiceResolverArray{ EkmConnectionServiceResolverArgs{...} }

type EkmConnectionServiceResolverArrayOutput 

type EkmConnectionServiceResolverArrayOutput struct{ *pulumi.OutputState }

func (EkmConnectionServiceResolverArrayOutput) ElementType 

func (EkmConnectionServiceResolverArrayOutput) ElementType() reflect.Type

func (EkmConnectionServiceResolverArrayOutput) Index 

func (o EkmConnectionServiceResolverArrayOutput) Index(i pulumi.IntInput) EkmConnectionServiceResolverOutput

func (EkmConnectionServiceResolverArrayOutput) ToEkmConnectionServiceResolverArrayOutput 

func (o EkmConnectionServiceResolverArrayOutput) ToEkmConnectionServiceResolverArrayOutput() EkmConnectionServiceResolverArrayOutput

func (EkmConnectionServiceResolverArrayOutput) ToEkmConnectionServiceResolverArrayOutputWithContext 

func (o EkmConnectionServiceResolverArrayOutput) ToEkmConnectionServiceResolverArrayOutputWithContext(ctx context.Context) EkmConnectionServiceResolverArrayOutput

type EkmConnectionServiceResolverInput 

type EkmConnectionServiceResolverInput interface {
	pulumi.Input

	ToEkmConnectionServiceResolverOutput() EkmConnectionServiceResolverOutput
	ToEkmConnectionServiceResolverOutputWithContext(context.Context) EkmConnectionServiceResolverOutput
}

EkmConnectionServiceResolverInput is an input type that accepts EkmConnectionServiceResolverArgs and EkmConnectionServiceResolverOutput values. You can construct a concrete instance of `EkmConnectionServiceResolverInput` via: 

EkmConnectionServiceResolverArgs{...}

type EkmConnectionServiceResolverOutput 

type EkmConnectionServiceResolverOutput struct{ *pulumi.OutputState }

func (EkmConnectionServiceResolverOutput) ElementType 

func (EkmConnectionServiceResolverOutput) ElementType() reflect.Type

func (EkmConnectionServiceResolverOutput) EndpointFilter 

func (o EkmConnectionServiceResolverOutput) EndpointFilter() pulumi.StringPtrOutput

Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.

func (EkmConnectionServiceResolverOutput) Hostname 

func (o EkmConnectionServiceResolverOutput) Hostname() pulumi.StringOutput

Required. The hostname of the EKM replica used at TLS and HTTP layers.

func (EkmConnectionServiceResolverOutput) ServerCertificates 

func (o EkmConnectionServiceResolverOutput) ServerCertificates() EkmConnectionServiceResolverServerCertificateArrayOutput

Required. A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported. Structure is documented below.

func (EkmConnectionServiceResolverOutput) ServiceDirectoryService 

func (o EkmConnectionServiceResolverOutput) ServiceDirectoryService() pulumi.StringOutput

Required. The resource name of the Service Directory service pointing to an EKM replica, in the format projects/*/locations/*/namespaces/*/services/*

func (EkmConnectionServiceResolverOutput) ToEkmConnectionServiceResolverOutput 

func (o EkmConnectionServiceResolverOutput) ToEkmConnectionServiceResolverOutput() EkmConnectionServiceResolverOutput

func (EkmConnectionServiceResolverOutput) ToEkmConnectionServiceResolverOutputWithContext 

func (o EkmConnectionServiceResolverOutput) ToEkmConnectionServiceResolverOutputWithContext(ctx context.Context) EkmConnectionServiceResolverOutput

type EkmConnectionServiceResolverServerCertificate 

type EkmConnectionServiceResolverServerCertificate struct {
	// (Output)
	// Output only. The issuer distinguished name in RFC 2253 format. Only present if parsed is true.
	Issuer *string `pulumi:"issuer"`
	// (Output)
	// Output only. The certificate is not valid after this time. Only present if parsed is true.
	// A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
	NotAfterTime *string `pulumi:"notAfterTime"`
	// (Output)
	// Output only. The certificate is not valid before this time. Only present if parsed is true.
	// A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
	NotBeforeTime *string `pulumi:"notBeforeTime"`
	// (Output)
	// Output only. True if the certificate was parsed successfully.
	Parsed *bool `pulumi:"parsed"`
	// Required. The raw certificate bytes in DER format. A base64-encoded string.
	RawDer string `pulumi:"rawDer"`
	// (Output)
	// Output only. The certificate serial number as a hex string. Only present if parsed is true.
	SerialNumber *string `pulumi:"serialNumber"`
	// (Output)
	// Output only. The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true.
	Sha256Fingerprint *string `pulumi:"sha256Fingerprint"`
	// (Output)
	// Output only. The subject distinguished name in RFC 2253 format. Only present if parsed is true.
	Subject *string `pulumi:"subject"`
	// (Output)
	// Output only. The subject Alternative DNS names. Only present if parsed is true.
	//
	// ***
	SubjectAlternativeDnsNames []string `pulumi:"subjectAlternativeDnsNames"`
}

type EkmConnectionServiceResolverServerCertificateArgs 

type EkmConnectionServiceResolverServerCertificateArgs struct {
	// (Output)
	// Output only. The issuer distinguished name in RFC 2253 format. Only present if parsed is true.
	Issuer pulumi.StringPtrInput `pulumi:"issuer"`
	// (Output)
	// Output only. The certificate is not valid after this time. Only present if parsed is true.
	// A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
	NotAfterTime pulumi.StringPtrInput `pulumi:"notAfterTime"`
	// (Output)
	// Output only. The certificate is not valid before this time. Only present if parsed is true.
	// A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
	NotBeforeTime pulumi.StringPtrInput `pulumi:"notBeforeTime"`
	// (Output)
	// Output only. True if the certificate was parsed successfully.
	Parsed pulumi.BoolPtrInput `pulumi:"parsed"`
	// Required. The raw certificate bytes in DER format. A base64-encoded string.
	RawDer pulumi.StringInput `pulumi:"rawDer"`
	// (Output)
	// Output only. The certificate serial number as a hex string. Only present if parsed is true.
	SerialNumber pulumi.StringPtrInput `pulumi:"serialNumber"`
	// (Output)
	// Output only. The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true.
	Sha256Fingerprint pulumi.StringPtrInput `pulumi:"sha256Fingerprint"`
	// (Output)
	// Output only. The subject distinguished name in RFC 2253 format. Only present if parsed is true.
	Subject pulumi.StringPtrInput `pulumi:"subject"`
	// (Output)
	// Output only. The subject Alternative DNS names. Only present if parsed is true.
	//
	// ***
	SubjectAlternativeDnsNames pulumi.StringArrayInput `pulumi:"subjectAlternativeDnsNames"`
}

func (EkmConnectionServiceResolverServerCertificateArgs) ElementType 

func (EkmConnectionServiceResolverServerCertificateArgs) ElementType() reflect.Type

func (EkmConnectionServiceResolverServerCertificateArgs) ToEkmConnectionServiceResolverServerCertificateOutput 

func (i EkmConnectionServiceResolverServerCertificateArgs) ToEkmConnectionServiceResolverServerCertificateOutput() EkmConnectionServiceResolverServerCertificateOutput

func (EkmConnectionServiceResolverServerCertificateArgs) ToEkmConnectionServiceResolverServerCertificateOutputWithContext 

func (i EkmConnectionServiceResolverServerCertificateArgs) ToEkmConnectionServiceResolverServerCertificateOutputWithContext(ctx context.Context) EkmConnectionServiceResolverServerCertificateOutput

type EkmConnectionServiceResolverServerCertificateArray 

type EkmConnectionServiceResolverServerCertificateArray []EkmConnectionServiceResolverServerCertificateInput

func (EkmConnectionServiceResolverServerCertificateArray) ElementType 

func (EkmConnectionServiceResolverServerCertificateArray) ElementType() reflect.Type

func (EkmConnectionServiceResolverServerCertificateArray) ToEkmConnectionServiceResolverServerCertificateArrayOutput 

func (i EkmConnectionServiceResolverServerCertificateArray) ToEkmConnectionServiceResolverServerCertificateArrayOutput() EkmConnectionServiceResolverServerCertificateArrayOutput

func (EkmConnectionServiceResolverServerCertificateArray) ToEkmConnectionServiceResolverServerCertificateArrayOutputWithContext 

func (i EkmConnectionServiceResolverServerCertificateArray) ToEkmConnectionServiceResolverServerCertificateArrayOutputWithContext(ctx context.Context) EkmConnectionServiceResolverServerCertificateArrayOutput

type EkmConnectionServiceResolverServerCertificateArrayInput 

type EkmConnectionServiceResolverServerCertificateArrayInput interface {
	pulumi.Input

	ToEkmConnectionServiceResolverServerCertificateArrayOutput() EkmConnectionServiceResolverServerCertificateArrayOutput
	ToEkmConnectionServiceResolverServerCertificateArrayOutputWithContext(context.Context) EkmConnectionServiceResolverServerCertificateArrayOutput
}

EkmConnectionServiceResolverServerCertificateArrayInput is an input type that accepts EkmConnectionServiceResolverServerCertificateArray and EkmConnectionServiceResolverServerCertificateArrayOutput values. You can construct a concrete instance of `EkmConnectionServiceResolverServerCertificateArrayInput` via: 

EkmConnectionServiceResolverServerCertificateArray{ EkmConnectionServiceResolverServerCertificateArgs{...} }

type EkmConnectionServiceResolverServerCertificateArrayOutput 

type EkmConnectionServiceResolverServerCertificateArrayOutput struct{ *pulumi.OutputState }

func (EkmConnectionServiceResolverServerCertificateArrayOutput) ElementType 

func (EkmConnectionServiceResolverServerCertificateArrayOutput) ElementType() reflect.Type

func (EkmConnectionServiceResolverServerCertificateArrayOutput) Index 

func (o EkmConnectionServiceResolverServerCertificateArrayOutput) Index(i pulumi.IntInput) EkmConnectionServiceResolverServerCertificateOutput

func (EkmConnectionServiceResolverServerCertificateArrayOutput) ToEkmConnectionServiceResolverServerCertificateArrayOutput 

func (o EkmConnectionServiceResolverServerCertificateArrayOutput) ToEkmConnectionServiceResolverServerCertificateArrayOutput() EkmConnectionServiceResolverServerCertificateArrayOutput

func (EkmConnectionServiceResolverServerCertificateArrayOutput) ToEkmConnectionServiceResolverServerCertificateArrayOutputWithContext 

func (o EkmConnectionServiceResolverServerCertificateArrayOutput) ToEkmConnectionServiceResolverServerCertificateArrayOutputWithContext(ctx context.Context) EkmConnectionServiceResolverServerCertificateArrayOutput

type EkmConnectionServiceResolverServerCertificateInput 

type EkmConnectionServiceResolverServerCertificateInput interface {
	pulumi.Input

	ToEkmConnectionServiceResolverServerCertificateOutput() EkmConnectionServiceResolverServerCertificateOutput
	ToEkmConnectionServiceResolverServerCertificateOutputWithContext(context.Context) EkmConnectionServiceResolverServerCertificateOutput
}

EkmConnectionServiceResolverServerCertificateInput is an input type that accepts EkmConnectionServiceResolverServerCertificateArgs and EkmConnectionServiceResolverServerCertificateOutput values. You can construct a concrete instance of `EkmConnectionServiceResolverServerCertificateInput` via: 

EkmConnectionServiceResolverServerCertificateArgs{...}

type EkmConnectionServiceResolverServerCertificateOutput 

type EkmConnectionServiceResolverServerCertificateOutput struct{ *pulumi.OutputState }

func (EkmConnectionServiceResolverServerCertificateOutput) ElementType 

func (EkmConnectionServiceResolverServerCertificateOutput) ElementType() reflect.Type

func (EkmConnectionServiceResolverServerCertificateOutput) Issuer 

func (o EkmConnectionServiceResolverServerCertificateOutput) Issuer() pulumi.StringPtrOutput

(Output) Output only. The issuer distinguished name in RFC 2253 format. Only present if parsed is true.

func (EkmConnectionServiceResolverServerCertificateOutput) NotAfterTime 

func (o EkmConnectionServiceResolverServerCertificateOutput) NotAfterTime() pulumi.StringPtrOutput

(Output) Output only. The certificate is not valid after this time. Only present if parsed is true. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

func (EkmConnectionServiceResolverServerCertificateOutput) NotBeforeTime 

func (o EkmConnectionServiceResolverServerCertificateOutput) NotBeforeTime() pulumi.StringPtrOutput

(Output) Output only. The certificate is not valid before this time. Only present if parsed is true. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

func (EkmConnectionServiceResolverServerCertificateOutput) Parsed 

func (o EkmConnectionServiceResolverServerCertificateOutput) Parsed() pulumi.BoolPtrOutput

(Output) Output only. True if the certificate was parsed successfully.

func (EkmConnectionServiceResolverServerCertificateOutput) RawDer 

func (o EkmConnectionServiceResolverServerCertificateOutput) RawDer() pulumi.StringOutput

Required. The raw certificate bytes in DER format. A base64-encoded string.

func (EkmConnectionServiceResolverServerCertificateOutput) SerialNumber 

func (o EkmConnectionServiceResolverServerCertificateOutput) SerialNumber() pulumi.StringPtrOutput

(Output) Output only. The certificate serial number as a hex string. Only present if parsed is true.

func (EkmConnectionServiceResolverServerCertificateOutput) Sha256Fingerprint 

func (o EkmConnectionServiceResolverServerCertificateOutput) Sha256Fingerprint() pulumi.StringPtrOutput

(Output) Output only. The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true.

func (EkmConnectionServiceResolverServerCertificateOutput) Subject 

func (o EkmConnectionServiceResolverServerCertificateOutput) Subject() pulumi.StringPtrOutput

(Output) Output only. The subject distinguished name in RFC 2253 format. Only present if parsed is true.

func (EkmConnectionServiceResolverServerCertificateOutput) SubjectAlternativeDnsNames 

func (o EkmConnectionServiceResolverServerCertificateOutput) SubjectAlternativeDnsNames() pulumi.StringArrayOutput

(Output) Output only. The subject Alternative DNS names. Only present if parsed is true.

***

func (EkmConnectionServiceResolverServerCertificateOutput) ToEkmConnectionServiceResolverServerCertificateOutput 

func (o EkmConnectionServiceResolverServerCertificateOutput) ToEkmConnectionServiceResolverServerCertificateOutput() EkmConnectionServiceResolverServerCertificateOutput

func (EkmConnectionServiceResolverServerCertificateOutput) ToEkmConnectionServiceResolverServerCertificateOutputWithContext 

func (o EkmConnectionServiceResolverServerCertificateOutput) ToEkmConnectionServiceResolverServerCertificateOutputWithContext(ctx context.Context) EkmConnectionServiceResolverServerCertificateOutput

type EkmConnectionState 

type EkmConnectionState struct {
	// Output only. The time at which the EkmConnection was created.
	// A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
	CreateTime pulumi.StringPtrInput
	// Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if
	// KeyManagementMode is CLOUD_KMS.
	CryptoSpacePath pulumi.StringPtrInput
	// Optional. Etag of the currently stored EkmConnection.
	Etag pulumi.StringPtrInput
	// Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL Default
	// value: "MANUAL" Possible values: ["MANUAL", "CLOUD_KMS"]
	KeyManagementMode pulumi.StringPtrInput
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	Location pulumi.StringPtrInput
	// The resource name for the EkmConnection.
	Name    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
	// A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported
	// Structure is documented below.
	ServiceResolvers EkmConnectionServiceResolverArrayInput
}

func (EkmConnectionState) ElementType 

func (EkmConnectionState) ElementType() reflect.Type

type GetCryptoKeyIamPolicyArgs 

type GetCryptoKeyIamPolicyArgs struct {
	// The crypto key ID, in the form
	CryptoKeyId string `pulumi:"cryptoKeyId"`
}

A collection of arguments for invoking getCryptoKeyIamPolicy.

type GetCryptoKeyIamPolicyOutputArgs 

type GetCryptoKeyIamPolicyOutputArgs struct {
	// The crypto key ID, in the form
	CryptoKeyId pulumi.StringInput `pulumi:"cryptoKeyId"`
}

A collection of arguments for invoking getCryptoKeyIamPolicy.

func (GetCryptoKeyIamPolicyOutputArgs) ElementType 

func (GetCryptoKeyIamPolicyOutputArgs) ElementType() reflect.Type

type GetCryptoKeyIamPolicyResult 

type GetCryptoKeyIamPolicyResult struct {
	CryptoKeyId string `pulumi:"cryptoKeyId"`
	// (Computed) The etag of the IAM policy.
	Etag string `pulumi:"etag"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// (Computed) The policy data
	PolicyData string `pulumi:"policyData"`
}

A collection of values returned by getCryptoKeyIamPolicy.

func GetCryptoKeyIamPolicy 

func GetCryptoKeyIamPolicy(ctx *pulumi.Context, args *GetCryptoKeyIamPolicyArgs, opts ...pulumi.InvokeOption) (*GetCryptoKeyIamPolicyResult, error)

Retrieves the current IAM policy data for a Google Cloud KMS crypto key.

## example

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.GetCryptoKeyIamPolicy(ctx, &kms.GetCryptoKeyIamPolicyArgs{
			CryptoKeyId: cryptoKey.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetCryptoKeyIamPolicyResultOutput 

type GetCryptoKeyIamPolicyResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getCryptoKeyIamPolicy.

func GetCryptoKeyIamPolicyOutput 

func GetCryptoKeyIamPolicyOutput(ctx *pulumi.Context, args GetCryptoKeyIamPolicyOutputArgs, opts ...pulumi.InvokeOption) GetCryptoKeyIamPolicyResultOutput

func (GetCryptoKeyIamPolicyResultOutput) CryptoKeyId 

func (o GetCryptoKeyIamPolicyResultOutput) CryptoKeyId() pulumi.StringOutput

func (GetCryptoKeyIamPolicyResultOutput) ElementType 

func (GetCryptoKeyIamPolicyResultOutput) ElementType() reflect.Type

func (GetCryptoKeyIamPolicyResultOutput) Etag 

func (o GetCryptoKeyIamPolicyResultOutput) Etag() pulumi.StringOutput

(Computed) The etag of the IAM policy.

func (GetCryptoKeyIamPolicyResultOutput) Id 

func (o GetCryptoKeyIamPolicyResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetCryptoKeyIamPolicyResultOutput) PolicyData 

func (o GetCryptoKeyIamPolicyResultOutput) PolicyData() pulumi.StringOutput

(Computed) The policy data

func (GetCryptoKeyIamPolicyResultOutput) ToGetCryptoKeyIamPolicyResultOutput 

func (o GetCryptoKeyIamPolicyResultOutput) ToGetCryptoKeyIamPolicyResultOutput() GetCryptoKeyIamPolicyResultOutput

func (GetCryptoKeyIamPolicyResultOutput) ToGetCryptoKeyIamPolicyResultOutputWithContext 

func (o GetCryptoKeyIamPolicyResultOutput) ToGetCryptoKeyIamPolicyResultOutputWithContext(ctx context.Context) GetCryptoKeyIamPolicyResultOutput

type GetCryptoKeyLatestVersionArgs added in v8.1.0 

type GetCryptoKeyLatestVersionArgs struct {
	// The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the
	// `kms.CryptoKey` resource/datasource.
	CryptoKey string `pulumi:"cryptoKey"`
	// The filter argument is used to add a filter query parameter that limits which type of cryptoKeyVersion is retrieved as the latest by the data source: ?filter={{filter}}. When no value is provided there is no filtering.
	//
	// Example filter values if filtering on state.
	//
	// * `"state:ENABLED"` will retrieve the latest cryptoKeyVersion that has the state "ENABLED".
	//
	// [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)
	Filter *string `pulumi:"filter"`
}

A collection of arguments for invoking getCryptoKeyLatestVersion.

type GetCryptoKeyLatestVersionOutputArgs added in v8.1.0 

type GetCryptoKeyLatestVersionOutputArgs struct {
	// The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the
	// `kms.CryptoKey` resource/datasource.
	CryptoKey pulumi.StringInput `pulumi:"cryptoKey"`
	// The filter argument is used to add a filter query parameter that limits which type of cryptoKeyVersion is retrieved as the latest by the data source: ?filter={{filter}}. When no value is provided there is no filtering.
	//
	// Example filter values if filtering on state.
	//
	// * `"state:ENABLED"` will retrieve the latest cryptoKeyVersion that has the state "ENABLED".
	//
	// [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)
	Filter pulumi.StringPtrInput `pulumi:"filter"`
}

A collection of arguments for invoking getCryptoKeyLatestVersion.

func (GetCryptoKeyLatestVersionOutputArgs) ElementType added in v8.1.0 

func (GetCryptoKeyLatestVersionOutputArgs) ElementType() reflect.Type

type GetCryptoKeyLatestVersionPublicKey added in v8.1.0 

type GetCryptoKeyLatestVersionPublicKey struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm string `pulumi:"algorithm"`
	// The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
	Pem string `pulumi:"pem"`
}

type GetCryptoKeyLatestVersionPublicKeyArgs added in v8.1.0 

type GetCryptoKeyLatestVersionPublicKeyArgs struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm pulumi.StringInput `pulumi:"algorithm"`
	// The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
	Pem pulumi.StringInput `pulumi:"pem"`
}

func (GetCryptoKeyLatestVersionPublicKeyArgs) ElementType added in v8.1.0 

func (GetCryptoKeyLatestVersionPublicKeyArgs) ElementType() reflect.Type

func (GetCryptoKeyLatestVersionPublicKeyArgs) ToGetCryptoKeyLatestVersionPublicKeyOutput added in v8.1.0 

func (i GetCryptoKeyLatestVersionPublicKeyArgs) ToGetCryptoKeyLatestVersionPublicKeyOutput() GetCryptoKeyLatestVersionPublicKeyOutput

func (GetCryptoKeyLatestVersionPublicKeyArgs) ToGetCryptoKeyLatestVersionPublicKeyOutputWithContext added in v8.1.0 

func (i GetCryptoKeyLatestVersionPublicKeyArgs) ToGetCryptoKeyLatestVersionPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionPublicKeyOutput

type GetCryptoKeyLatestVersionPublicKeyArray added in v8.1.0 

type GetCryptoKeyLatestVersionPublicKeyArray []GetCryptoKeyLatestVersionPublicKeyInput

func (GetCryptoKeyLatestVersionPublicKeyArray) ElementType added in v8.1.0 

func (GetCryptoKeyLatestVersionPublicKeyArray) ElementType() reflect.Type

func (GetCryptoKeyLatestVersionPublicKeyArray) ToGetCryptoKeyLatestVersionPublicKeyArrayOutput added in v8.1.0 

func (i GetCryptoKeyLatestVersionPublicKeyArray) ToGetCryptoKeyLatestVersionPublicKeyArrayOutput() GetCryptoKeyLatestVersionPublicKeyArrayOutput

func (GetCryptoKeyLatestVersionPublicKeyArray) ToGetCryptoKeyLatestVersionPublicKeyArrayOutputWithContext added in v8.1.0 

func (i GetCryptoKeyLatestVersionPublicKeyArray) ToGetCryptoKeyLatestVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionPublicKeyArrayOutput

type GetCryptoKeyLatestVersionPublicKeyArrayInput added in v8.1.0 

type GetCryptoKeyLatestVersionPublicKeyArrayInput interface {
	pulumi.Input

	ToGetCryptoKeyLatestVersionPublicKeyArrayOutput() GetCryptoKeyLatestVersionPublicKeyArrayOutput
	ToGetCryptoKeyLatestVersionPublicKeyArrayOutputWithContext(context.Context) GetCryptoKeyLatestVersionPublicKeyArrayOutput
}

GetCryptoKeyLatestVersionPublicKeyArrayInput is an input type that accepts GetCryptoKeyLatestVersionPublicKeyArray and GetCryptoKeyLatestVersionPublicKeyArrayOutput values. You can construct a concrete instance of `GetCryptoKeyLatestVersionPublicKeyArrayInput` via: 

GetCryptoKeyLatestVersionPublicKeyArray{ GetCryptoKeyLatestVersionPublicKeyArgs{...} }

type GetCryptoKeyLatestVersionPublicKeyArrayOutput added in v8.1.0 

type GetCryptoKeyLatestVersionPublicKeyArrayOutput struct{ *pulumi.OutputState }

func (GetCryptoKeyLatestVersionPublicKeyArrayOutput) ElementType added in v8.1.0 

func (GetCryptoKeyLatestVersionPublicKeyArrayOutput) ElementType() reflect.Type

func (GetCryptoKeyLatestVersionPublicKeyArrayOutput) Index added in v8.1.0 

func (o GetCryptoKeyLatestVersionPublicKeyArrayOutput) Index(i pulumi.IntInput) GetCryptoKeyLatestVersionPublicKeyOutput

func (GetCryptoKeyLatestVersionPublicKeyArrayOutput) ToGetCryptoKeyLatestVersionPublicKeyArrayOutput added in v8.1.0 

func (o GetCryptoKeyLatestVersionPublicKeyArrayOutput) ToGetCryptoKeyLatestVersionPublicKeyArrayOutput() GetCryptoKeyLatestVersionPublicKeyArrayOutput

func (GetCryptoKeyLatestVersionPublicKeyArrayOutput) ToGetCryptoKeyLatestVersionPublicKeyArrayOutputWithContext added in v8.1.0 

func (o GetCryptoKeyLatestVersionPublicKeyArrayOutput) ToGetCryptoKeyLatestVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionPublicKeyArrayOutput

type GetCryptoKeyLatestVersionPublicKeyInput added in v8.1.0 

type GetCryptoKeyLatestVersionPublicKeyInput interface {
	pulumi.Input

	ToGetCryptoKeyLatestVersionPublicKeyOutput() GetCryptoKeyLatestVersionPublicKeyOutput
	ToGetCryptoKeyLatestVersionPublicKeyOutputWithContext(context.Context) GetCryptoKeyLatestVersionPublicKeyOutput
}

GetCryptoKeyLatestVersionPublicKeyInput is an input type that accepts GetCryptoKeyLatestVersionPublicKeyArgs and GetCryptoKeyLatestVersionPublicKeyOutput values. You can construct a concrete instance of `GetCryptoKeyLatestVersionPublicKeyInput` via: 

GetCryptoKeyLatestVersionPublicKeyArgs{...}

type GetCryptoKeyLatestVersionPublicKeyOutput added in v8.1.0 

type GetCryptoKeyLatestVersionPublicKeyOutput struct{ *pulumi.OutputState }

func (GetCryptoKeyLatestVersionPublicKeyOutput) Algorithm added in v8.1.0 

func (o GetCryptoKeyLatestVersionPublicKeyOutput) Algorithm() pulumi.StringOutput

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

func (GetCryptoKeyLatestVersionPublicKeyOutput) ElementType added in v8.1.0 

func (GetCryptoKeyLatestVersionPublicKeyOutput) ElementType() reflect.Type

func (GetCryptoKeyLatestVersionPublicKeyOutput) Pem added in v8.1.0 

func (o GetCryptoKeyLatestVersionPublicKeyOutput) Pem() pulumi.StringOutput

The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.

func (GetCryptoKeyLatestVersionPublicKeyOutput) ToGetCryptoKeyLatestVersionPublicKeyOutput added in v8.1.0 

func (o GetCryptoKeyLatestVersionPublicKeyOutput) ToGetCryptoKeyLatestVersionPublicKeyOutput() GetCryptoKeyLatestVersionPublicKeyOutput

func (GetCryptoKeyLatestVersionPublicKeyOutput) ToGetCryptoKeyLatestVersionPublicKeyOutputWithContext added in v8.1.0 

func (o GetCryptoKeyLatestVersionPublicKeyOutput) ToGetCryptoKeyLatestVersionPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionPublicKeyOutput

type GetCryptoKeyLatestVersionResult added in v8.1.0 

type GetCryptoKeyLatestVersionResult struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm string  `pulumi:"algorithm"`
	CryptoKey string  `pulumi:"cryptoKey"`
	Filter    *string `pulumi:"filter"`
	// The provider-assigned unique ID for this managed resource.
	Id   string `pulumi:"id"`
	Name string `pulumi:"name"`
	// The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. See the [protectionLevel reference](https://cloud.google.com/kms/docs/reference/rest/v1/ProtectionLevel) for possible outputs.
	ProtectionLevel string `pulumi:"protectionLevel"`
	// If the enclosing CryptoKey has purpose `ASYMMETRIC_SIGN` or `ASYMMETRIC_DECRYPT`, this block contains details about the public key associated to this CryptoKeyVersion. Structure is documented below.
	PublicKeys []GetCryptoKeyLatestVersionPublicKey `pulumi:"publicKeys"`
	// The current state of the latest CryptoKeyVersion. See the [state reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions#CryptoKeyVersion.CryptoKeyVersionState) for possible outputs.
	State   string `pulumi:"state"`
	Version int    `pulumi:"version"`
}

A collection of values returned by getCryptoKeyLatestVersion.

func GetCryptoKeyLatestVersion added in v8.1.0 

func GetCryptoKeyLatestVersion(ctx *pulumi.Context, args *GetCryptoKeyLatestVersionArgs, opts ...pulumi.InvokeOption) (*GetCryptoKeyLatestVersionResult, error)

Provides access to the latest Google Cloud Platform KMS CryptoKeyVersion in a CryptoKey. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{
			Name:     "my-key-ring",
			Location: "us-central1",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{
			Name:    "my-crypto-key",
			KeyRing: myKeyRing.Id,
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.GetCryptoKeyLatestVersion(ctx, &kms.GetCryptoKeyLatestVersionArgs{
			CryptoKey: myKey.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetCryptoKeyLatestVersionResultOutput added in v8.1.0 

type GetCryptoKeyLatestVersionResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getCryptoKeyLatestVersion.

func GetCryptoKeyLatestVersionOutput added in v8.1.0 

func GetCryptoKeyLatestVersionOutput(ctx *pulumi.Context, args GetCryptoKeyLatestVersionOutputArgs, opts ...pulumi.InvokeOption) GetCryptoKeyLatestVersionResultOutput

func (GetCryptoKeyLatestVersionResultOutput) Algorithm added in v8.1.0 

func (o GetCryptoKeyLatestVersionResultOutput) Algorithm() pulumi.StringOutput

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

func (GetCryptoKeyLatestVersionResultOutput) CryptoKey added in v8.1.0 

func (o GetCryptoKeyLatestVersionResultOutput) CryptoKey() pulumi.StringOutput

func (GetCryptoKeyLatestVersionResultOutput) ElementType added in v8.1.0 

func (GetCryptoKeyLatestVersionResultOutput) ElementType() reflect.Type

func (GetCryptoKeyLatestVersionResultOutput) Filter added in v8.1.0 

func (o GetCryptoKeyLatestVersionResultOutput) Filter() pulumi.StringPtrOutput

func (GetCryptoKeyLatestVersionResultOutput) Id added in v8.1.0 

func (o GetCryptoKeyLatestVersionResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetCryptoKeyLatestVersionResultOutput) Name added in v8.1.0 

func (o GetCryptoKeyLatestVersionResultOutput) Name() pulumi.StringOutput

func (GetCryptoKeyLatestVersionResultOutput) ProtectionLevel added in v8.1.0 

func (o GetCryptoKeyLatestVersionResultOutput) ProtectionLevel() pulumi.StringOutput

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. See the [protectionLevel reference](https://cloud.google.com/kms/docs/reference/rest/v1/ProtectionLevel) for possible outputs.

func (GetCryptoKeyLatestVersionResultOutput) PublicKeys added in v8.1.0 

func (o GetCryptoKeyLatestVersionResultOutput) PublicKeys() GetCryptoKeyLatestVersionPublicKeyArrayOutput

If the enclosing CryptoKey has purpose `ASYMMETRIC_SIGN` or `ASYMMETRIC_DECRYPT`, this block contains details about the public key associated to this CryptoKeyVersion. Structure is documented below.

func (GetCryptoKeyLatestVersionResultOutput) State added in v8.1.0 

func (o GetCryptoKeyLatestVersionResultOutput) State() pulumi.StringOutput

The current state of the latest CryptoKeyVersion. See the [state reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions#CryptoKeyVersion.CryptoKeyVersionState) for possible outputs.

func (GetCryptoKeyLatestVersionResultOutput) ToGetCryptoKeyLatestVersionResultOutput added in v8.1.0 

func (o GetCryptoKeyLatestVersionResultOutput) ToGetCryptoKeyLatestVersionResultOutput() GetCryptoKeyLatestVersionResultOutput

func (GetCryptoKeyLatestVersionResultOutput) ToGetCryptoKeyLatestVersionResultOutputWithContext added in v8.1.0 

func (o GetCryptoKeyLatestVersionResultOutput) ToGetCryptoKeyLatestVersionResultOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionResultOutput

func (GetCryptoKeyLatestVersionResultOutput) Version added in v8.1.0 

func (o GetCryptoKeyLatestVersionResultOutput) Version() pulumi.IntOutput

type GetCryptoKeyVersionsArgs added in v8.1.0 

type GetCryptoKeyVersionsArgs struct {
	// The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the
	// `kms.CryptoKey` resource/datasource.
	CryptoKey string `pulumi:"cryptoKey"`
	// The filter argument is used to add a filter query parameter that limits which versions are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering.
	//
	// Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}/cryptoKeyVersions.
	//
	// * `"name:my-key-"` will retrieve cryptoKeyVersions that contain "my-key-" anywhere in their name.
	// * `"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1/cryptoKeyVersions/my-version-1"` will only retrieve a key with that exact name.
	//
	// [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)
	Filter *string `pulumi:"filter"`
}

A collection of arguments for invoking getCryptoKeyVersions.

type GetCryptoKeyVersionsOutputArgs added in v8.1.0 

type GetCryptoKeyVersionsOutputArgs struct {
	// The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the
	// `kms.CryptoKey` resource/datasource.
	CryptoKey pulumi.StringInput `pulumi:"cryptoKey"`
	// The filter argument is used to add a filter query parameter that limits which versions are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering.
	//
	// Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}/cryptoKeyVersions.
	//
	// * `"name:my-key-"` will retrieve cryptoKeyVersions that contain "my-key-" anywhere in their name.
	// * `"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1/cryptoKeyVersions/my-version-1"` will only retrieve a key with that exact name.
	//
	// [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)
	Filter pulumi.StringPtrInput `pulumi:"filter"`
}

A collection of arguments for invoking getCryptoKeyVersions.

func (GetCryptoKeyVersionsOutputArgs) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsOutputArgs) ElementType() reflect.Type

type GetCryptoKeyVersionsPublicKey added in v8.1.0 

type GetCryptoKeyVersionsPublicKey struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm string `pulumi:"algorithm"`
	// The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
	Pem string `pulumi:"pem"`
}

type GetCryptoKeyVersionsPublicKeyArgs added in v8.1.0 

type GetCryptoKeyVersionsPublicKeyArgs struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm pulumi.StringInput `pulumi:"algorithm"`
	// The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
	Pem pulumi.StringInput `pulumi:"pem"`
}

func (GetCryptoKeyVersionsPublicKeyArgs) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsPublicKeyArgs) ElementType() reflect.Type

func (GetCryptoKeyVersionsPublicKeyArgs) ToGetCryptoKeyVersionsPublicKeyOutput added in v8.1.0 

func (i GetCryptoKeyVersionsPublicKeyArgs) ToGetCryptoKeyVersionsPublicKeyOutput() GetCryptoKeyVersionsPublicKeyOutput

func (GetCryptoKeyVersionsPublicKeyArgs) ToGetCryptoKeyVersionsPublicKeyOutputWithContext added in v8.1.0 

func (i GetCryptoKeyVersionsPublicKeyArgs) ToGetCryptoKeyVersionsPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyVersionsPublicKeyOutput

type GetCryptoKeyVersionsPublicKeyArray added in v8.1.0 

type GetCryptoKeyVersionsPublicKeyArray []GetCryptoKeyVersionsPublicKeyInput

func (GetCryptoKeyVersionsPublicKeyArray) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsPublicKeyArray) ElementType() reflect.Type

func (GetCryptoKeyVersionsPublicKeyArray) ToGetCryptoKeyVersionsPublicKeyArrayOutput added in v8.1.0 

func (i GetCryptoKeyVersionsPublicKeyArray) ToGetCryptoKeyVersionsPublicKeyArrayOutput() GetCryptoKeyVersionsPublicKeyArrayOutput

func (GetCryptoKeyVersionsPublicKeyArray) ToGetCryptoKeyVersionsPublicKeyArrayOutputWithContext added in v8.1.0 

func (i GetCryptoKeyVersionsPublicKeyArray) ToGetCryptoKeyVersionsPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsPublicKeyArrayOutput

type GetCryptoKeyVersionsPublicKeyArrayInput added in v8.1.0 

type GetCryptoKeyVersionsPublicKeyArrayInput interface {
	pulumi.Input

	ToGetCryptoKeyVersionsPublicKeyArrayOutput() GetCryptoKeyVersionsPublicKeyArrayOutput
	ToGetCryptoKeyVersionsPublicKeyArrayOutputWithContext(context.Context) GetCryptoKeyVersionsPublicKeyArrayOutput
}

GetCryptoKeyVersionsPublicKeyArrayInput is an input type that accepts GetCryptoKeyVersionsPublicKeyArray and GetCryptoKeyVersionsPublicKeyArrayOutput values. You can construct a concrete instance of `GetCryptoKeyVersionsPublicKeyArrayInput` via: 

GetCryptoKeyVersionsPublicKeyArray{ GetCryptoKeyVersionsPublicKeyArgs{...} }

type GetCryptoKeyVersionsPublicKeyArrayOutput added in v8.1.0 

type GetCryptoKeyVersionsPublicKeyArrayOutput struct{ *pulumi.OutputState }

func (GetCryptoKeyVersionsPublicKeyArrayOutput) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsPublicKeyArrayOutput) ElementType() reflect.Type

func (GetCryptoKeyVersionsPublicKeyArrayOutput) Index added in v8.1.0 

func (o GetCryptoKeyVersionsPublicKeyArrayOutput) Index(i pulumi.IntInput) GetCryptoKeyVersionsPublicKeyOutput

func (GetCryptoKeyVersionsPublicKeyArrayOutput) ToGetCryptoKeyVersionsPublicKeyArrayOutput added in v8.1.0 

func (o GetCryptoKeyVersionsPublicKeyArrayOutput) ToGetCryptoKeyVersionsPublicKeyArrayOutput() GetCryptoKeyVersionsPublicKeyArrayOutput

func (GetCryptoKeyVersionsPublicKeyArrayOutput) ToGetCryptoKeyVersionsPublicKeyArrayOutputWithContext added in v8.1.0 

func (o GetCryptoKeyVersionsPublicKeyArrayOutput) ToGetCryptoKeyVersionsPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsPublicKeyArrayOutput

type GetCryptoKeyVersionsPublicKeyInput added in v8.1.0 

type GetCryptoKeyVersionsPublicKeyInput interface {
	pulumi.Input

	ToGetCryptoKeyVersionsPublicKeyOutput() GetCryptoKeyVersionsPublicKeyOutput
	ToGetCryptoKeyVersionsPublicKeyOutputWithContext(context.Context) GetCryptoKeyVersionsPublicKeyOutput
}

GetCryptoKeyVersionsPublicKeyInput is an input type that accepts GetCryptoKeyVersionsPublicKeyArgs and GetCryptoKeyVersionsPublicKeyOutput values. You can construct a concrete instance of `GetCryptoKeyVersionsPublicKeyInput` via: 

GetCryptoKeyVersionsPublicKeyArgs{...}

type GetCryptoKeyVersionsPublicKeyOutput added in v8.1.0 

type GetCryptoKeyVersionsPublicKeyOutput struct{ *pulumi.OutputState }

func (GetCryptoKeyVersionsPublicKeyOutput) Algorithm added in v8.1.0 

func (o GetCryptoKeyVersionsPublicKeyOutput) Algorithm() pulumi.StringOutput

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

func (GetCryptoKeyVersionsPublicKeyOutput) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsPublicKeyOutput) ElementType() reflect.Type

func (GetCryptoKeyVersionsPublicKeyOutput) Pem added in v8.1.0 

func (o GetCryptoKeyVersionsPublicKeyOutput) Pem() pulumi.StringOutput

The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.

func (GetCryptoKeyVersionsPublicKeyOutput) ToGetCryptoKeyVersionsPublicKeyOutput added in v8.1.0 

func (o GetCryptoKeyVersionsPublicKeyOutput) ToGetCryptoKeyVersionsPublicKeyOutput() GetCryptoKeyVersionsPublicKeyOutput

func (GetCryptoKeyVersionsPublicKeyOutput) ToGetCryptoKeyVersionsPublicKeyOutputWithContext added in v8.1.0 

func (o GetCryptoKeyVersionsPublicKeyOutput) ToGetCryptoKeyVersionsPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyVersionsPublicKeyOutput

type GetCryptoKeyVersionsResult added in v8.1.0 

type GetCryptoKeyVersionsResult struct {
	CryptoKey string  `pulumi:"cryptoKey"`
	Filter    *string `pulumi:"filter"`
	// The provider-assigned unique ID for this managed resource.
	Id         string                          `pulumi:"id"`
	PublicKeys []GetCryptoKeyVersionsPublicKey `pulumi:"publicKeys"`
	// A list of all the retrieved crypto key versions from the provided crypto key. This list is influenced by the provided filter argument.
	Versions []GetCryptoKeyVersionsVersion `pulumi:"versions"`
}

A collection of values returned by getCryptoKeyVersions.

func GetCryptoKeyVersions added in v8.1.0 

func GetCryptoKeyVersions(ctx *pulumi.Context, args *GetCryptoKeyVersionsArgs, opts ...pulumi.InvokeOption) (*GetCryptoKeyVersionsResult, error)

Provides access to Google Cloud Platform KMS CryptoKeyVersions. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{
			Name:     "my-key-ring",
			Location: "us-central1",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{
			Name:    "my-crypto-key",
			KeyRing: myKeyRing.Id,
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.GetCryptoKeyVersions(ctx, &kms.GetCryptoKeyVersionsArgs{
			CryptoKey: myKey.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetCryptoKeyVersionsResultOutput added in v8.1.0 

type GetCryptoKeyVersionsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getCryptoKeyVersions.

func GetCryptoKeyVersionsOutput added in v8.1.0 

func GetCryptoKeyVersionsOutput(ctx *pulumi.Context, args GetCryptoKeyVersionsOutputArgs, opts ...pulumi.InvokeOption) GetCryptoKeyVersionsResultOutput

func (GetCryptoKeyVersionsResultOutput) CryptoKey added in v8.1.0 

func (o GetCryptoKeyVersionsResultOutput) CryptoKey() pulumi.StringOutput

func (GetCryptoKeyVersionsResultOutput) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsResultOutput) ElementType() reflect.Type

func (GetCryptoKeyVersionsResultOutput) Filter added in v8.1.0 

func (o GetCryptoKeyVersionsResultOutput) Filter() pulumi.StringPtrOutput

func (GetCryptoKeyVersionsResultOutput) Id added in v8.1.0 

func (o GetCryptoKeyVersionsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetCryptoKeyVersionsResultOutput) PublicKeys added in v8.1.0 

func (o GetCryptoKeyVersionsResultOutput) PublicKeys() GetCryptoKeyVersionsPublicKeyArrayOutput

func (GetCryptoKeyVersionsResultOutput) ToGetCryptoKeyVersionsResultOutput added in v8.1.0 

func (o GetCryptoKeyVersionsResultOutput) ToGetCryptoKeyVersionsResultOutput() GetCryptoKeyVersionsResultOutput

func (GetCryptoKeyVersionsResultOutput) ToGetCryptoKeyVersionsResultOutputWithContext added in v8.1.0 

func (o GetCryptoKeyVersionsResultOutput) ToGetCryptoKeyVersionsResultOutputWithContext(ctx context.Context) GetCryptoKeyVersionsResultOutput

func (GetCryptoKeyVersionsResultOutput) Versions added in v8.1.0 

func (o GetCryptoKeyVersionsResultOutput) Versions() GetCryptoKeyVersionsVersionArrayOutput

A list of all the retrieved crypto key versions from the provided crypto key. This list is influenced by the provided filter argument.

type GetCryptoKeyVersionsVersion added in v8.1.0 

type GetCryptoKeyVersionsVersion struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm string `pulumi:"algorithm"`
	// The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the
	// `kms.CryptoKey` resource/datasource.
	CryptoKey       string                                 `pulumi:"cryptoKey"`
	Id              string                                 `pulumi:"id"`
	Name            string                                 `pulumi:"name"`
	ProtectionLevel string                                 `pulumi:"protectionLevel"`
	PublicKeys      []GetCryptoKeyVersionsVersionPublicKey `pulumi:"publicKeys"`
	State           string                                 `pulumi:"state"`
	Version         int                                    `pulumi:"version"`
}

type GetCryptoKeyVersionsVersionArgs added in v8.1.0 

type GetCryptoKeyVersionsVersionArgs struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm pulumi.StringInput `pulumi:"algorithm"`
	// The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the
	// `kms.CryptoKey` resource/datasource.
	CryptoKey       pulumi.StringInput                             `pulumi:"cryptoKey"`
	Id              pulumi.StringInput                             `pulumi:"id"`
	Name            pulumi.StringInput                             `pulumi:"name"`
	ProtectionLevel pulumi.StringInput                             `pulumi:"protectionLevel"`
	PublicKeys      GetCryptoKeyVersionsVersionPublicKeyArrayInput `pulumi:"publicKeys"`
	State           pulumi.StringInput                             `pulumi:"state"`
	Version         pulumi.IntInput                                `pulumi:"version"`
}

func (GetCryptoKeyVersionsVersionArgs) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsVersionArgs) ElementType() reflect.Type

func (GetCryptoKeyVersionsVersionArgs) ToGetCryptoKeyVersionsVersionOutput added in v8.1.0 

func (i GetCryptoKeyVersionsVersionArgs) ToGetCryptoKeyVersionsVersionOutput() GetCryptoKeyVersionsVersionOutput

func (GetCryptoKeyVersionsVersionArgs) ToGetCryptoKeyVersionsVersionOutputWithContext added in v8.1.0 

func (i GetCryptoKeyVersionsVersionArgs) ToGetCryptoKeyVersionsVersionOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionOutput

type GetCryptoKeyVersionsVersionArray added in v8.1.0 

type GetCryptoKeyVersionsVersionArray []GetCryptoKeyVersionsVersionInput

func (GetCryptoKeyVersionsVersionArray) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsVersionArray) ElementType() reflect.Type

func (GetCryptoKeyVersionsVersionArray) ToGetCryptoKeyVersionsVersionArrayOutput added in v8.1.0 

func (i GetCryptoKeyVersionsVersionArray) ToGetCryptoKeyVersionsVersionArrayOutput() GetCryptoKeyVersionsVersionArrayOutput

func (GetCryptoKeyVersionsVersionArray) ToGetCryptoKeyVersionsVersionArrayOutputWithContext added in v8.1.0 

func (i GetCryptoKeyVersionsVersionArray) ToGetCryptoKeyVersionsVersionArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionArrayOutput

type GetCryptoKeyVersionsVersionArrayInput added in v8.1.0 

type GetCryptoKeyVersionsVersionArrayInput interface {
	pulumi.Input

	ToGetCryptoKeyVersionsVersionArrayOutput() GetCryptoKeyVersionsVersionArrayOutput
	ToGetCryptoKeyVersionsVersionArrayOutputWithContext(context.Context) GetCryptoKeyVersionsVersionArrayOutput
}

GetCryptoKeyVersionsVersionArrayInput is an input type that accepts GetCryptoKeyVersionsVersionArray and GetCryptoKeyVersionsVersionArrayOutput values. You can construct a concrete instance of `GetCryptoKeyVersionsVersionArrayInput` via: 

GetCryptoKeyVersionsVersionArray{ GetCryptoKeyVersionsVersionArgs{...} }

type GetCryptoKeyVersionsVersionArrayOutput added in v8.1.0 

type GetCryptoKeyVersionsVersionArrayOutput struct{ *pulumi.OutputState }

func (GetCryptoKeyVersionsVersionArrayOutput) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsVersionArrayOutput) ElementType() reflect.Type

func (GetCryptoKeyVersionsVersionArrayOutput) Index added in v8.1.0 

func (o GetCryptoKeyVersionsVersionArrayOutput) Index(i pulumi.IntInput) GetCryptoKeyVersionsVersionOutput

func (GetCryptoKeyVersionsVersionArrayOutput) ToGetCryptoKeyVersionsVersionArrayOutput added in v8.1.0 

func (o GetCryptoKeyVersionsVersionArrayOutput) ToGetCryptoKeyVersionsVersionArrayOutput() GetCryptoKeyVersionsVersionArrayOutput

func (GetCryptoKeyVersionsVersionArrayOutput) ToGetCryptoKeyVersionsVersionArrayOutputWithContext added in v8.1.0 

func (o GetCryptoKeyVersionsVersionArrayOutput) ToGetCryptoKeyVersionsVersionArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionArrayOutput

type GetCryptoKeyVersionsVersionInput added in v8.1.0 

type GetCryptoKeyVersionsVersionInput interface {
	pulumi.Input

	ToGetCryptoKeyVersionsVersionOutput() GetCryptoKeyVersionsVersionOutput
	ToGetCryptoKeyVersionsVersionOutputWithContext(context.Context) GetCryptoKeyVersionsVersionOutput
}

GetCryptoKeyVersionsVersionInput is an input type that accepts GetCryptoKeyVersionsVersionArgs and GetCryptoKeyVersionsVersionOutput values. You can construct a concrete instance of `GetCryptoKeyVersionsVersionInput` via: 

GetCryptoKeyVersionsVersionArgs{...}

type GetCryptoKeyVersionsVersionOutput added in v8.1.0 

type GetCryptoKeyVersionsVersionOutput struct{ *pulumi.OutputState }

func (GetCryptoKeyVersionsVersionOutput) Algorithm added in v8.1.0 

func (o GetCryptoKeyVersionsVersionOutput) Algorithm() pulumi.StringOutput

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

func (GetCryptoKeyVersionsVersionOutput) CryptoKey added in v8.1.0 

func (o GetCryptoKeyVersionsVersionOutput) CryptoKey() pulumi.StringOutput

The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the `kms.CryptoKey` resource/datasource.

func (GetCryptoKeyVersionsVersionOutput) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsVersionOutput) ElementType() reflect.Type

func (GetCryptoKeyVersionsVersionOutput) Id added in v8.1.0 

func (o GetCryptoKeyVersionsVersionOutput) Id() pulumi.StringOutput

func (GetCryptoKeyVersionsVersionOutput) Name added in v8.1.0 

func (o GetCryptoKeyVersionsVersionOutput) Name() pulumi.StringOutput

func (GetCryptoKeyVersionsVersionOutput) ProtectionLevel added in v8.1.0 

func (o GetCryptoKeyVersionsVersionOutput) ProtectionLevel() pulumi.StringOutput

func (GetCryptoKeyVersionsVersionOutput) PublicKeys added in v8.1.0 

func (o GetCryptoKeyVersionsVersionOutput) PublicKeys() GetCryptoKeyVersionsVersionPublicKeyArrayOutput

func (GetCryptoKeyVersionsVersionOutput) State added in v8.1.0 

func (o GetCryptoKeyVersionsVersionOutput) State() pulumi.StringOutput

func (GetCryptoKeyVersionsVersionOutput) ToGetCryptoKeyVersionsVersionOutput added in v8.1.0 

func (o GetCryptoKeyVersionsVersionOutput) ToGetCryptoKeyVersionsVersionOutput() GetCryptoKeyVersionsVersionOutput

func (GetCryptoKeyVersionsVersionOutput) ToGetCryptoKeyVersionsVersionOutputWithContext added in v8.1.0 

func (o GetCryptoKeyVersionsVersionOutput) ToGetCryptoKeyVersionsVersionOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionOutput

func (GetCryptoKeyVersionsVersionOutput) Version added in v8.1.0 

func (o GetCryptoKeyVersionsVersionOutput) Version() pulumi.IntOutput

type GetCryptoKeyVersionsVersionPublicKey added in v8.1.0 

type GetCryptoKeyVersionsVersionPublicKey struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm string `pulumi:"algorithm"`
	// The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
	Pem string `pulumi:"pem"`
}

type GetCryptoKeyVersionsVersionPublicKeyArgs added in v8.1.0 

type GetCryptoKeyVersionsVersionPublicKeyArgs struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm pulumi.StringInput `pulumi:"algorithm"`
	// The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
	Pem pulumi.StringInput `pulumi:"pem"`
}

func (GetCryptoKeyVersionsVersionPublicKeyArgs) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsVersionPublicKeyArgs) ElementType() reflect.Type

func (GetCryptoKeyVersionsVersionPublicKeyArgs) ToGetCryptoKeyVersionsVersionPublicKeyOutput added in v8.1.0 

func (i GetCryptoKeyVersionsVersionPublicKeyArgs) ToGetCryptoKeyVersionsVersionPublicKeyOutput() GetCryptoKeyVersionsVersionPublicKeyOutput

func (GetCryptoKeyVersionsVersionPublicKeyArgs) ToGetCryptoKeyVersionsVersionPublicKeyOutputWithContext added in v8.1.0 

func (i GetCryptoKeyVersionsVersionPublicKeyArgs) ToGetCryptoKeyVersionsVersionPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionPublicKeyOutput

type GetCryptoKeyVersionsVersionPublicKeyArray added in v8.1.0 

type GetCryptoKeyVersionsVersionPublicKeyArray []GetCryptoKeyVersionsVersionPublicKeyInput

func (GetCryptoKeyVersionsVersionPublicKeyArray) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsVersionPublicKeyArray) ElementType() reflect.Type

func (GetCryptoKeyVersionsVersionPublicKeyArray) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutput added in v8.1.0 

func (i GetCryptoKeyVersionsVersionPublicKeyArray) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutput() GetCryptoKeyVersionsVersionPublicKeyArrayOutput

func (GetCryptoKeyVersionsVersionPublicKeyArray) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutputWithContext added in v8.1.0 

func (i GetCryptoKeyVersionsVersionPublicKeyArray) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionPublicKeyArrayOutput

type GetCryptoKeyVersionsVersionPublicKeyArrayInput added in v8.1.0 

type GetCryptoKeyVersionsVersionPublicKeyArrayInput interface {
	pulumi.Input

	ToGetCryptoKeyVersionsVersionPublicKeyArrayOutput() GetCryptoKeyVersionsVersionPublicKeyArrayOutput
	ToGetCryptoKeyVersionsVersionPublicKeyArrayOutputWithContext(context.Context) GetCryptoKeyVersionsVersionPublicKeyArrayOutput
}

GetCryptoKeyVersionsVersionPublicKeyArrayInput is an input type that accepts GetCryptoKeyVersionsVersionPublicKeyArray and GetCryptoKeyVersionsVersionPublicKeyArrayOutput values. You can construct a concrete instance of `GetCryptoKeyVersionsVersionPublicKeyArrayInput` via: 

GetCryptoKeyVersionsVersionPublicKeyArray{ GetCryptoKeyVersionsVersionPublicKeyArgs{...} }

type GetCryptoKeyVersionsVersionPublicKeyArrayOutput added in v8.1.0 

type GetCryptoKeyVersionsVersionPublicKeyArrayOutput struct{ *pulumi.OutputState }

func (GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ElementType() reflect.Type

func (GetCryptoKeyVersionsVersionPublicKeyArrayOutput) Index added in v8.1.0 

func (o GetCryptoKeyVersionsVersionPublicKeyArrayOutput) Index(i pulumi.IntInput) GetCryptoKeyVersionsVersionPublicKeyOutput

func (GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutput added in v8.1.0 

func (o GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutput() GetCryptoKeyVersionsVersionPublicKeyArrayOutput

func (GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutputWithContext added in v8.1.0 

func (o GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionPublicKeyArrayOutput

type GetCryptoKeyVersionsVersionPublicKeyInput added in v8.1.0 

type GetCryptoKeyVersionsVersionPublicKeyInput interface {
	pulumi.Input

	ToGetCryptoKeyVersionsVersionPublicKeyOutput() GetCryptoKeyVersionsVersionPublicKeyOutput
	ToGetCryptoKeyVersionsVersionPublicKeyOutputWithContext(context.Context) GetCryptoKeyVersionsVersionPublicKeyOutput
}

GetCryptoKeyVersionsVersionPublicKeyInput is an input type that accepts GetCryptoKeyVersionsVersionPublicKeyArgs and GetCryptoKeyVersionsVersionPublicKeyOutput values. You can construct a concrete instance of `GetCryptoKeyVersionsVersionPublicKeyInput` via: 

GetCryptoKeyVersionsVersionPublicKeyArgs{...}

type GetCryptoKeyVersionsVersionPublicKeyOutput added in v8.1.0 

type GetCryptoKeyVersionsVersionPublicKeyOutput struct{ *pulumi.OutputState }

func (GetCryptoKeyVersionsVersionPublicKeyOutput) Algorithm added in v8.1.0 

func (o GetCryptoKeyVersionsVersionPublicKeyOutput) Algorithm() pulumi.StringOutput

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

func (GetCryptoKeyVersionsVersionPublicKeyOutput) ElementType added in v8.1.0 

func (GetCryptoKeyVersionsVersionPublicKeyOutput) ElementType() reflect.Type

func (GetCryptoKeyVersionsVersionPublicKeyOutput) Pem added in v8.1.0 

func (o GetCryptoKeyVersionsVersionPublicKeyOutput) Pem() pulumi.StringOutput

The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.

func (GetCryptoKeyVersionsVersionPublicKeyOutput) ToGetCryptoKeyVersionsVersionPublicKeyOutput added in v8.1.0 

func (o GetCryptoKeyVersionsVersionPublicKeyOutput) ToGetCryptoKeyVersionsVersionPublicKeyOutput() GetCryptoKeyVersionsVersionPublicKeyOutput

func (GetCryptoKeyVersionsVersionPublicKeyOutput) ToGetCryptoKeyVersionsVersionPublicKeyOutputWithContext added in v8.1.0 

func (o GetCryptoKeyVersionsVersionPublicKeyOutput) ToGetCryptoKeyVersionsVersionPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionPublicKeyOutput

type GetCryptoKeysArgs 

type GetCryptoKeysArgs struct {
	// The filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering.
	//
	// Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}.
	//
	// * `"name:my-key-"` will retrieve keys that contain "my-key-" anywhere in their name.
	// * `"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1"` will only retrieve a key with that exact name.
	//
	// [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)
	Filter *string `pulumi:"filter"`
	// The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
	KeyRing string `pulumi:"keyRing"`
}

A collection of arguments for invoking getCryptoKeys.

type GetCryptoKeysKey 

type GetCryptoKeysKey struct {
	// The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.
	// The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
	CryptoKeyBackend string `pulumi:"cryptoKeyBackend"`
	// The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
	// If not specified at creation time, the default duration is 30 days.
	DestroyScheduledDuration string            `pulumi:"destroyScheduledDuration"`
	EffectiveLabels          map[string]string `pulumi:"effectiveLabels"`
	Id                       string            `pulumi:"id"`
	// Whether this key may contain imported versions only.
	ImportOnly bool `pulumi:"importOnly"`
	// The policy used for Key Access Justifications Policy Enforcement. If this
	// field is present and this key is enrolled in Key Access Justifications
	// Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
	// sign operations, and the operation will fail if rejected by the policy. The
	// policy is defined by specifying zero or more allowed justification codes.
	// https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
	// By default, this field is absent, and all justification codes are allowed.
	// This field is currently in beta and is subject to change.
	KeyAccessJustificationsPolicies []GetCryptoKeysKeyKeyAccessJustificationsPolicy `pulumi:"keyAccessJustificationsPolicies"`
	// The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
	KeyRing *string `pulumi:"keyRing"`
	// Labels with user-defined metadata to apply to this resource.
	//
	// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
	// Please refer to the field 'effective_labels' for all of the labels present on the resource.
	Labels map[string]string `pulumi:"labels"`
	// The resource name for the CryptoKey.
	Name *string `pulumi:"name"`
	// A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.
	// Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
	Primaries []GetCryptoKeysKeyPrimary `pulumi:"primaries"`
	// The combination of labels configured directly on the resource
	//  and default labels configured on the provider.
	PulumiLabels map[string]string `pulumi:"pulumiLabels"`
	// The immutable purpose of this CryptoKey. See the
	// [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)
	// for possible inputs.
	// Default value is "ENCRYPT_DECRYPT".
	Purpose string `pulumi:"purpose"`
	// Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.
	// The first rotation will take place after the specified period. The rotation period has
	// the format of a decimal number with up to 9 fractional digits, followed by the
	// letter 's' (seconds). It must be greater than a day (ie, 86400).
	RotationPeriod string `pulumi:"rotationPeriod"`
	// If set to true, the request will create a CryptoKey without any CryptoKeyVersions.
	// You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion
	// or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
	SkipInitialVersionCreation bool `pulumi:"skipInitialVersionCreation"`
	// A template describing settings for new crypto key versions.
	VersionTemplates []GetCryptoKeysKeyVersionTemplate `pulumi:"versionTemplates"`
}

type GetCryptoKeysKeyArgs 

type GetCryptoKeysKeyArgs struct {
	// The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.
	// The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
	CryptoKeyBackend pulumi.StringInput `pulumi:"cryptoKeyBackend"`
	// The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
	// If not specified at creation time, the default duration is 30 days.
	DestroyScheduledDuration pulumi.StringInput    `pulumi:"destroyScheduledDuration"`
	EffectiveLabels          pulumi.StringMapInput `pulumi:"effectiveLabels"`
	Id                       pulumi.StringInput    `pulumi:"id"`
	// Whether this key may contain imported versions only.
	ImportOnly pulumi.BoolInput `pulumi:"importOnly"`
	// The policy used for Key Access Justifications Policy Enforcement. If this
	// field is present and this key is enrolled in Key Access Justifications
	// Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
	// sign operations, and the operation will fail if rejected by the policy. The
	// policy is defined by specifying zero or more allowed justification codes.
	// https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
	// By default, this field is absent, and all justification codes are allowed.
	// This field is currently in beta and is subject to change.
	KeyAccessJustificationsPolicies GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayInput `pulumi:"keyAccessJustificationsPolicies"`
	// The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
	KeyRing pulumi.StringPtrInput `pulumi:"keyRing"`
	// Labels with user-defined metadata to apply to this resource.
	//
	// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
	// Please refer to the field 'effective_labels' for all of the labels present on the resource.
	Labels pulumi.StringMapInput `pulumi:"labels"`
	// The resource name for the CryptoKey.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.
	// Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
	Primaries GetCryptoKeysKeyPrimaryArrayInput `pulumi:"primaries"`
	// The combination of labels configured directly on the resource
	//  and default labels configured on the provider.
	PulumiLabels pulumi.StringMapInput `pulumi:"pulumiLabels"`
	// The immutable purpose of this CryptoKey. See the
	// [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)
	// for possible inputs.
	// Default value is "ENCRYPT_DECRYPT".
	Purpose pulumi.StringInput `pulumi:"purpose"`
	// Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.
	// The first rotation will take place after the specified period. The rotation period has
	// the format of a decimal number with up to 9 fractional digits, followed by the
	// letter 's' (seconds). It must be greater than a day (ie, 86400).
	RotationPeriod pulumi.StringInput `pulumi:"rotationPeriod"`
	// If set to true, the request will create a CryptoKey without any CryptoKeyVersions.
	// You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion
	// or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
	SkipInitialVersionCreation pulumi.BoolInput `pulumi:"skipInitialVersionCreation"`
	// A template describing settings for new crypto key versions.
	VersionTemplates GetCryptoKeysKeyVersionTemplateArrayInput `pulumi:"versionTemplates"`
}

func (GetCryptoKeysKeyArgs) ElementType 

func (GetCryptoKeysKeyArgs) ElementType() reflect.Type

func (GetCryptoKeysKeyArgs) ToGetCryptoKeysKeyOutput 

func (i GetCryptoKeysKeyArgs) ToGetCryptoKeysKeyOutput() GetCryptoKeysKeyOutput

func (GetCryptoKeysKeyArgs) ToGetCryptoKeysKeyOutputWithContext 

func (i GetCryptoKeysKeyArgs) ToGetCryptoKeysKeyOutputWithContext(ctx context.Context) GetCryptoKeysKeyOutput

type GetCryptoKeysKeyArray 

type GetCryptoKeysKeyArray []GetCryptoKeysKeyInput

func (GetCryptoKeysKeyArray) ElementType 

func (GetCryptoKeysKeyArray) ElementType() reflect.Type

func (GetCryptoKeysKeyArray) ToGetCryptoKeysKeyArrayOutput 

func (i GetCryptoKeysKeyArray) ToGetCryptoKeysKeyArrayOutput() GetCryptoKeysKeyArrayOutput

func (GetCryptoKeysKeyArray) ToGetCryptoKeysKeyArrayOutputWithContext 

func (i GetCryptoKeysKeyArray) ToGetCryptoKeysKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyArrayOutput

type GetCryptoKeysKeyArrayInput 

type GetCryptoKeysKeyArrayInput interface {
	pulumi.Input

	ToGetCryptoKeysKeyArrayOutput() GetCryptoKeysKeyArrayOutput
	ToGetCryptoKeysKeyArrayOutputWithContext(context.Context) GetCryptoKeysKeyArrayOutput
}

GetCryptoKeysKeyArrayInput is an input type that accepts GetCryptoKeysKeyArray and GetCryptoKeysKeyArrayOutput values. You can construct a concrete instance of `GetCryptoKeysKeyArrayInput` via: 

GetCryptoKeysKeyArray{ GetCryptoKeysKeyArgs{...} }

type GetCryptoKeysKeyArrayOutput 

type GetCryptoKeysKeyArrayOutput struct{ *pulumi.OutputState }

func (GetCryptoKeysKeyArrayOutput) ElementType 

func (GetCryptoKeysKeyArrayOutput) ElementType() reflect.Type

func (GetCryptoKeysKeyArrayOutput) Index 

func (o GetCryptoKeysKeyArrayOutput) Index(i pulumi.IntInput) GetCryptoKeysKeyOutput

func (GetCryptoKeysKeyArrayOutput) ToGetCryptoKeysKeyArrayOutput 

func (o GetCryptoKeysKeyArrayOutput) ToGetCryptoKeysKeyArrayOutput() GetCryptoKeysKeyArrayOutput

func (GetCryptoKeysKeyArrayOutput) ToGetCryptoKeysKeyArrayOutputWithContext 

func (o GetCryptoKeysKeyArrayOutput) ToGetCryptoKeysKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyArrayOutput

type GetCryptoKeysKeyInput 

type GetCryptoKeysKeyInput interface {
	pulumi.Input

	ToGetCryptoKeysKeyOutput() GetCryptoKeysKeyOutput
	ToGetCryptoKeysKeyOutputWithContext(context.Context) GetCryptoKeysKeyOutput
}

GetCryptoKeysKeyInput is an input type that accepts GetCryptoKeysKeyArgs and GetCryptoKeysKeyOutput values. You can construct a concrete instance of `GetCryptoKeysKeyInput` via: 

GetCryptoKeysKeyArgs{...}

type GetCryptoKeysKeyKeyAccessJustificationsPolicy 

type GetCryptoKeysKeyKeyAccessJustificationsPolicy struct {
	// The list of allowed reasons for access to this CryptoKey. Zero allowed
	// access reasons means all encrypt, decrypt, and sign operations for
	// this CryptoKey will fail.
	AllowedAccessReasons []string `pulumi:"allowedAccessReasons"`
}

type GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs 

type GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs struct {
	// The list of allowed reasons for access to this CryptoKey. Zero allowed
	// access reasons means all encrypt, decrypt, and sign operations for
	// this CryptoKey will fail.
	AllowedAccessReasons pulumi.StringArrayInput `pulumi:"allowedAccessReasons"`
}

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ElementType 

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ElementType() reflect.Type

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutput 

func (i GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutputWithContext 

func (i GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput

type GetCryptoKeysKeyKeyAccessJustificationsPolicyArray 

type GetCryptoKeysKeyKeyAccessJustificationsPolicyArray []GetCryptoKeysKeyKeyAccessJustificationsPolicyInput

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ElementType 

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ElementType() reflect.Type

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput 

func (i GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutputWithContext 

func (i GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput

type GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayInput 

type GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayInput interface {
	pulumi.Input

	ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
	ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutputWithContext(context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
}

GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayInput is an input type that accepts GetCryptoKeysKeyKeyAccessJustificationsPolicyArray and GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput values. You can construct a concrete instance of `GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayInput` via: 

GetCryptoKeysKeyKeyAccessJustificationsPolicyArray{ GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs{...} }

type GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput 

type GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput struct{ *pulumi.OutputState }

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ElementType 

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ElementType() reflect.Type

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) Index 

func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) Index(i pulumi.IntInput) GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput 

func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutputWithContext 

func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput

type GetCryptoKeysKeyKeyAccessJustificationsPolicyInput 

type GetCryptoKeysKeyKeyAccessJustificationsPolicyInput interface {
	pulumi.Input

	ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput
	ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutputWithContext(context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput
}

GetCryptoKeysKeyKeyAccessJustificationsPolicyInput is an input type that accepts GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs and GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput values. You can construct a concrete instance of `GetCryptoKeysKeyKeyAccessJustificationsPolicyInput` via: 

GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs{...}

type GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput 

type GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput struct{ *pulumi.OutputState }

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons 

func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons() pulumi.StringArrayOutput

The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ElementType 

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ElementType() reflect.Type

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutput 

func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput

func (GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutputWithContext 

func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput

type GetCryptoKeysKeyOutput 

type GetCryptoKeysKeyOutput struct{ *pulumi.OutputState }

func (GetCryptoKeysKeyOutput) CryptoKeyBackend 

func (o GetCryptoKeysKeyOutput) CryptoKeyBackend() pulumi.StringOutput

The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.

func (GetCryptoKeysKeyOutput) DestroyScheduledDuration 

func (o GetCryptoKeysKeyOutput) DestroyScheduledDuration() pulumi.StringOutput

The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.

func (GetCryptoKeysKeyOutput) EffectiveLabels 

func (o GetCryptoKeysKeyOutput) EffectiveLabels() pulumi.StringMapOutput

func (GetCryptoKeysKeyOutput) ElementType 

func (GetCryptoKeysKeyOutput) ElementType() reflect.Type

func (GetCryptoKeysKeyOutput) Id 

func (o GetCryptoKeysKeyOutput) Id() pulumi.StringOutput

func (GetCryptoKeysKeyOutput) ImportOnly 

func (o GetCryptoKeysKeyOutput) ImportOnly() pulumi.BoolOutput

Whether this key may contain imported versions only.

func (GetCryptoKeysKeyOutput) KeyAccessJustificationsPolicies 

func (o GetCryptoKeysKeyOutput) KeyAccessJustificationsPolicies() GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput

The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. This field is currently in beta and is subject to change.

func (GetCryptoKeysKeyOutput) KeyRing 

func (o GetCryptoKeysKeyOutput) KeyRing() pulumi.StringPtrOutput

The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,

func (GetCryptoKeysKeyOutput) Labels 

func (o GetCryptoKeysKeyOutput) Labels() pulumi.StringMapOutput

Labels with user-defined metadata to apply to this resource.

**Note**: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

func (GetCryptoKeysKeyOutput) Name 

func (o GetCryptoKeysKeyOutput) Name() pulumi.StringPtrOutput

The resource name for the CryptoKey.

func (GetCryptoKeysKeyOutput) Primaries 

func (o GetCryptoKeysKeyOutput) Primaries() GetCryptoKeysKeyPrimaryArrayOutput

A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.

func (GetCryptoKeysKeyOutput) PulumiLabels 

func (o GetCryptoKeysKeyOutput) PulumiLabels() pulumi.StringMapOutput

The combination of labels configured directly on the resource 

and default labels configured on the provider.

func (GetCryptoKeysKeyOutput) Purpose 

func (o GetCryptoKeysKeyOutput) Purpose() pulumi.StringOutput

The immutable purpose of this CryptoKey. See the [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) for possible inputs. Default value is "ENCRYPT_DECRYPT".

func (GetCryptoKeysKeyOutput) RotationPeriod 

func (o GetCryptoKeysKeyOutput) RotationPeriod() pulumi.StringOutput

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter 's' (seconds). It must be greater than a day (ie, 86400).

func (GetCryptoKeysKeyOutput) SkipInitialVersionCreation 

func (o GetCryptoKeysKeyOutput) SkipInitialVersionCreation() pulumi.BoolOutput

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.

func (GetCryptoKeysKeyOutput) ToGetCryptoKeysKeyOutput 

func (o GetCryptoKeysKeyOutput) ToGetCryptoKeysKeyOutput() GetCryptoKeysKeyOutput

func (GetCryptoKeysKeyOutput) ToGetCryptoKeysKeyOutputWithContext 

func (o GetCryptoKeysKeyOutput) ToGetCryptoKeysKeyOutputWithContext(ctx context.Context) GetCryptoKeysKeyOutput

func (GetCryptoKeysKeyOutput) VersionTemplates 

func (o GetCryptoKeysKeyOutput) VersionTemplates() GetCryptoKeysKeyVersionTemplateArrayOutput

A template describing settings for new crypto key versions.

type GetCryptoKeysKeyPrimary 

type GetCryptoKeysKeyPrimary struct {
	// The resource name for this CryptoKeyVersion.
	Name string `pulumi:"name"`
	// The current state of the CryptoKeyVersion.
	State string `pulumi:"state"`
}

type GetCryptoKeysKeyPrimaryArgs 

type GetCryptoKeysKeyPrimaryArgs struct {
	// The resource name for this CryptoKeyVersion.
	Name pulumi.StringInput `pulumi:"name"`
	// The current state of the CryptoKeyVersion.
	State pulumi.StringInput `pulumi:"state"`
}

func (GetCryptoKeysKeyPrimaryArgs) ElementType 

func (GetCryptoKeysKeyPrimaryArgs) ElementType() reflect.Type

func (GetCryptoKeysKeyPrimaryArgs) ToGetCryptoKeysKeyPrimaryOutput 

func (i GetCryptoKeysKeyPrimaryArgs) ToGetCryptoKeysKeyPrimaryOutput() GetCryptoKeysKeyPrimaryOutput

func (GetCryptoKeysKeyPrimaryArgs) ToGetCryptoKeysKeyPrimaryOutputWithContext 

func (i GetCryptoKeysKeyPrimaryArgs) ToGetCryptoKeysKeyPrimaryOutputWithContext(ctx context.Context) GetCryptoKeysKeyPrimaryOutput

type GetCryptoKeysKeyPrimaryArray 

type GetCryptoKeysKeyPrimaryArray []GetCryptoKeysKeyPrimaryInput

func (GetCryptoKeysKeyPrimaryArray) ElementType 

func (GetCryptoKeysKeyPrimaryArray) ElementType() reflect.Type

func (GetCryptoKeysKeyPrimaryArray) ToGetCryptoKeysKeyPrimaryArrayOutput 

func (i GetCryptoKeysKeyPrimaryArray) ToGetCryptoKeysKeyPrimaryArrayOutput() GetCryptoKeysKeyPrimaryArrayOutput

func (GetCryptoKeysKeyPrimaryArray) ToGetCryptoKeysKeyPrimaryArrayOutputWithContext 

func (i GetCryptoKeysKeyPrimaryArray) ToGetCryptoKeysKeyPrimaryArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyPrimaryArrayOutput

type GetCryptoKeysKeyPrimaryArrayInput 

type GetCryptoKeysKeyPrimaryArrayInput interface {
	pulumi.Input

	ToGetCryptoKeysKeyPrimaryArrayOutput() GetCryptoKeysKeyPrimaryArrayOutput
	ToGetCryptoKeysKeyPrimaryArrayOutputWithContext(context.Context) GetCryptoKeysKeyPrimaryArrayOutput
}

GetCryptoKeysKeyPrimaryArrayInput is an input type that accepts GetCryptoKeysKeyPrimaryArray and GetCryptoKeysKeyPrimaryArrayOutput values. You can construct a concrete instance of `GetCryptoKeysKeyPrimaryArrayInput` via: 

GetCryptoKeysKeyPrimaryArray{ GetCryptoKeysKeyPrimaryArgs{...} }

type GetCryptoKeysKeyPrimaryArrayOutput 

type GetCryptoKeysKeyPrimaryArrayOutput struct{ *pulumi.OutputState }

func (GetCryptoKeysKeyPrimaryArrayOutput) ElementType 

func (GetCryptoKeysKeyPrimaryArrayOutput) ElementType() reflect.Type

func (GetCryptoKeysKeyPrimaryArrayOutput) Index 

func (o GetCryptoKeysKeyPrimaryArrayOutput) Index(i pulumi.IntInput) GetCryptoKeysKeyPrimaryOutput

func (GetCryptoKeysKeyPrimaryArrayOutput) ToGetCryptoKeysKeyPrimaryArrayOutput 

func (o GetCryptoKeysKeyPrimaryArrayOutput) ToGetCryptoKeysKeyPrimaryArrayOutput() GetCryptoKeysKeyPrimaryArrayOutput

func (GetCryptoKeysKeyPrimaryArrayOutput) ToGetCryptoKeysKeyPrimaryArrayOutputWithContext 

func (o GetCryptoKeysKeyPrimaryArrayOutput) ToGetCryptoKeysKeyPrimaryArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyPrimaryArrayOutput

type GetCryptoKeysKeyPrimaryInput 

type GetCryptoKeysKeyPrimaryInput interface {
	pulumi.Input

	ToGetCryptoKeysKeyPrimaryOutput() GetCryptoKeysKeyPrimaryOutput
	ToGetCryptoKeysKeyPrimaryOutputWithContext(context.Context) GetCryptoKeysKeyPrimaryOutput
}

GetCryptoKeysKeyPrimaryInput is an input type that accepts GetCryptoKeysKeyPrimaryArgs and GetCryptoKeysKeyPrimaryOutput values. You can construct a concrete instance of `GetCryptoKeysKeyPrimaryInput` via: 

GetCryptoKeysKeyPrimaryArgs{...}

type GetCryptoKeysKeyPrimaryOutput 

type GetCryptoKeysKeyPrimaryOutput struct{ *pulumi.OutputState }

func (GetCryptoKeysKeyPrimaryOutput) ElementType 

func (GetCryptoKeysKeyPrimaryOutput) ElementType() reflect.Type

func (GetCryptoKeysKeyPrimaryOutput) Name 

func (o GetCryptoKeysKeyPrimaryOutput) Name() pulumi.StringOutput

The resource name for this CryptoKeyVersion.

func (GetCryptoKeysKeyPrimaryOutput) State 

func (o GetCryptoKeysKeyPrimaryOutput) State() pulumi.StringOutput

The current state of the CryptoKeyVersion.

func (GetCryptoKeysKeyPrimaryOutput) ToGetCryptoKeysKeyPrimaryOutput 

func (o GetCryptoKeysKeyPrimaryOutput) ToGetCryptoKeysKeyPrimaryOutput() GetCryptoKeysKeyPrimaryOutput

func (GetCryptoKeysKeyPrimaryOutput) ToGetCryptoKeysKeyPrimaryOutputWithContext 

func (o GetCryptoKeysKeyPrimaryOutput) ToGetCryptoKeysKeyPrimaryOutputWithContext(ctx context.Context) GetCryptoKeysKeyPrimaryOutput

type GetCryptoKeysKeyVersionTemplate 

type GetCryptoKeysKeyVersionTemplate struct {
	// The algorithm to use when creating a version based on this template.
	// See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
	Algorithm string `pulumi:"algorithm"`
	// The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
	ProtectionLevel string `pulumi:"protectionLevel"`
}

type GetCryptoKeysKeyVersionTemplateArgs 

type GetCryptoKeysKeyVersionTemplateArgs struct {
	// The algorithm to use when creating a version based on this template.
	// See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
	Algorithm pulumi.StringInput `pulumi:"algorithm"`
	// The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
	ProtectionLevel pulumi.StringInput `pulumi:"protectionLevel"`
}

func (GetCryptoKeysKeyVersionTemplateArgs) ElementType 

func (GetCryptoKeysKeyVersionTemplateArgs) ElementType() reflect.Type

func (GetCryptoKeysKeyVersionTemplateArgs) ToGetCryptoKeysKeyVersionTemplateOutput 

func (i GetCryptoKeysKeyVersionTemplateArgs) ToGetCryptoKeysKeyVersionTemplateOutput() GetCryptoKeysKeyVersionTemplateOutput

func (GetCryptoKeysKeyVersionTemplateArgs) ToGetCryptoKeysKeyVersionTemplateOutputWithContext 

func (i GetCryptoKeysKeyVersionTemplateArgs) ToGetCryptoKeysKeyVersionTemplateOutputWithContext(ctx context.Context) GetCryptoKeysKeyVersionTemplateOutput

type GetCryptoKeysKeyVersionTemplateArray 

type GetCryptoKeysKeyVersionTemplateArray []GetCryptoKeysKeyVersionTemplateInput

func (GetCryptoKeysKeyVersionTemplateArray) ElementType 

func (GetCryptoKeysKeyVersionTemplateArray) ElementType() reflect.Type

func (GetCryptoKeysKeyVersionTemplateArray) ToGetCryptoKeysKeyVersionTemplateArrayOutput 

func (i GetCryptoKeysKeyVersionTemplateArray) ToGetCryptoKeysKeyVersionTemplateArrayOutput() GetCryptoKeysKeyVersionTemplateArrayOutput

func (GetCryptoKeysKeyVersionTemplateArray) ToGetCryptoKeysKeyVersionTemplateArrayOutputWithContext 

func (i GetCryptoKeysKeyVersionTemplateArray) ToGetCryptoKeysKeyVersionTemplateArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyVersionTemplateArrayOutput

type GetCryptoKeysKeyVersionTemplateArrayInput 

type GetCryptoKeysKeyVersionTemplateArrayInput interface {
	pulumi.Input

	ToGetCryptoKeysKeyVersionTemplateArrayOutput() GetCryptoKeysKeyVersionTemplateArrayOutput
	ToGetCryptoKeysKeyVersionTemplateArrayOutputWithContext(context.Context) GetCryptoKeysKeyVersionTemplateArrayOutput
}

GetCryptoKeysKeyVersionTemplateArrayInput is an input type that accepts GetCryptoKeysKeyVersionTemplateArray and GetCryptoKeysKeyVersionTemplateArrayOutput values. You can construct a concrete instance of `GetCryptoKeysKeyVersionTemplateArrayInput` via: 

GetCryptoKeysKeyVersionTemplateArray{ GetCryptoKeysKeyVersionTemplateArgs{...} }

type GetCryptoKeysKeyVersionTemplateArrayOutput 

type GetCryptoKeysKeyVersionTemplateArrayOutput struct{ *pulumi.OutputState }

func (GetCryptoKeysKeyVersionTemplateArrayOutput) ElementType 

func (GetCryptoKeysKeyVersionTemplateArrayOutput) ElementType() reflect.Type

func (GetCryptoKeysKeyVersionTemplateArrayOutput) Index 

func (o GetCryptoKeysKeyVersionTemplateArrayOutput) Index(i pulumi.IntInput) GetCryptoKeysKeyVersionTemplateOutput

func (GetCryptoKeysKeyVersionTemplateArrayOutput) ToGetCryptoKeysKeyVersionTemplateArrayOutput 

func (o GetCryptoKeysKeyVersionTemplateArrayOutput) ToGetCryptoKeysKeyVersionTemplateArrayOutput() GetCryptoKeysKeyVersionTemplateArrayOutput

func (GetCryptoKeysKeyVersionTemplateArrayOutput) ToGetCryptoKeysKeyVersionTemplateArrayOutputWithContext 

func (o GetCryptoKeysKeyVersionTemplateArrayOutput) ToGetCryptoKeysKeyVersionTemplateArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyVersionTemplateArrayOutput

type GetCryptoKeysKeyVersionTemplateInput 

type GetCryptoKeysKeyVersionTemplateInput interface {
	pulumi.Input

	ToGetCryptoKeysKeyVersionTemplateOutput() GetCryptoKeysKeyVersionTemplateOutput
	ToGetCryptoKeysKeyVersionTemplateOutputWithContext(context.Context) GetCryptoKeysKeyVersionTemplateOutput
}

GetCryptoKeysKeyVersionTemplateInput is an input type that accepts GetCryptoKeysKeyVersionTemplateArgs and GetCryptoKeysKeyVersionTemplateOutput values. You can construct a concrete instance of `GetCryptoKeysKeyVersionTemplateInput` via: 

GetCryptoKeysKeyVersionTemplateArgs{...}

type GetCryptoKeysKeyVersionTemplateOutput 

type GetCryptoKeysKeyVersionTemplateOutput struct{ *pulumi.OutputState }

func (GetCryptoKeysKeyVersionTemplateOutput) Algorithm 

func (o GetCryptoKeysKeyVersionTemplateOutput) Algorithm() pulumi.StringOutput

The algorithm to use when creating a version based on this template. See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.

func (GetCryptoKeysKeyVersionTemplateOutput) ElementType 

func (GetCryptoKeysKeyVersionTemplateOutput) ElementType() reflect.Type

func (GetCryptoKeysKeyVersionTemplateOutput) ProtectionLevel 

func (o GetCryptoKeysKeyVersionTemplateOutput) ProtectionLevel() pulumi.StringOutput

The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".

func (GetCryptoKeysKeyVersionTemplateOutput) ToGetCryptoKeysKeyVersionTemplateOutput 

func (o GetCryptoKeysKeyVersionTemplateOutput) ToGetCryptoKeysKeyVersionTemplateOutput() GetCryptoKeysKeyVersionTemplateOutput

func (GetCryptoKeysKeyVersionTemplateOutput) ToGetCryptoKeysKeyVersionTemplateOutputWithContext 

func (o GetCryptoKeysKeyVersionTemplateOutput) ToGetCryptoKeysKeyVersionTemplateOutputWithContext(ctx context.Context) GetCryptoKeysKeyVersionTemplateOutput

type GetCryptoKeysOutputArgs 

type GetCryptoKeysOutputArgs struct {
	// The filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering.
	//
	// Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}.
	//
	// * `"name:my-key-"` will retrieve keys that contain "my-key-" anywhere in their name.
	// * `"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1"` will only retrieve a key with that exact name.
	//
	// [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)
	Filter pulumi.StringPtrInput `pulumi:"filter"`
	// The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
	KeyRing pulumi.StringInput `pulumi:"keyRing"`
}

A collection of arguments for invoking getCryptoKeys.

func (GetCryptoKeysOutputArgs) ElementType 

func (GetCryptoKeysOutputArgs) ElementType() reflect.Type

type GetCryptoKeysResult 

type GetCryptoKeysResult struct {
	Filter *string `pulumi:"filter"`
	// The provider-assigned unique ID for this managed resource.
	Id      string `pulumi:"id"`
	KeyRing string `pulumi:"keyRing"`
	// A list of all the retrieved keys from the provided key ring. This list is influenced by the provided filter argument.
	Keys []GetCryptoKeysKey `pulumi:"keys"`
}

A collection of values returned by getCryptoKeys.

func GetCryptoKeys 

func GetCryptoKeys(ctx *pulumi.Context, args *GetCryptoKeysArgs, opts ...pulumi.InvokeOption) (*GetCryptoKeysResult, error)

Provides access to all Google Cloud Platform KMS CryptoKeys in a given KeyRing. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).

A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.

type GetCryptoKeysResultOutput 

type GetCryptoKeysResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getCryptoKeys.

func GetCryptoKeysOutput 

func GetCryptoKeysOutput(ctx *pulumi.Context, args GetCryptoKeysOutputArgs, opts ...pulumi.InvokeOption) GetCryptoKeysResultOutput

func (GetCryptoKeysResultOutput) ElementType 

func (GetCryptoKeysResultOutput) ElementType() reflect.Type

func (GetCryptoKeysResultOutput) Filter 

func (o GetCryptoKeysResultOutput) Filter() pulumi.StringPtrOutput

func (GetCryptoKeysResultOutput) Id 

func (o GetCryptoKeysResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetCryptoKeysResultOutput) KeyRing 

func (o GetCryptoKeysResultOutput) KeyRing() pulumi.StringOutput

func (GetCryptoKeysResultOutput) Keys 

func (o GetCryptoKeysResultOutput) Keys() GetCryptoKeysKeyArrayOutput

A list of all the retrieved keys from the provided key ring. This list is influenced by the provided filter argument.

func (GetCryptoKeysResultOutput) ToGetCryptoKeysResultOutput 

func (o GetCryptoKeysResultOutput) ToGetCryptoKeysResultOutput() GetCryptoKeysResultOutput

func (GetCryptoKeysResultOutput) ToGetCryptoKeysResultOutputWithContext 

func (o GetCryptoKeysResultOutput) ToGetCryptoKeysResultOutputWithContext(ctx context.Context) GetCryptoKeysResultOutput

type GetKMSCryptoKeyArgs 

type GetKMSCryptoKeyArgs struct {
	// The `id` of the Google Cloud Platform KeyRing to which the key belongs.
	KeyRing string `pulumi:"keyRing"`
	// The CryptoKey's name.
	// A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	Name string `pulumi:"name"`
}

A collection of arguments for invoking getKMSCryptoKey.

type GetKMSCryptoKeyKeyAccessJustificationsPolicy 

type GetKMSCryptoKeyKeyAccessJustificationsPolicy struct {
	// The list of allowed reasons for access to this CryptoKey. Zero allowed
	// access reasons means all encrypt, decrypt, and sign operations for
	// this CryptoKey will fail.
	AllowedAccessReasons []string `pulumi:"allowedAccessReasons"`
}

type GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs 

type GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs struct {
	// The list of allowed reasons for access to this CryptoKey. Zero allowed
	// access reasons means all encrypt, decrypt, and sign operations for
	// this CryptoKey will fail.
	AllowedAccessReasons pulumi.StringArrayInput `pulumi:"allowedAccessReasons"`
}

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ElementType 

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ElementType() reflect.Type

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutput 

func (i GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutputWithContext 

func (i GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput

type GetKMSCryptoKeyKeyAccessJustificationsPolicyArray 

type GetKMSCryptoKeyKeyAccessJustificationsPolicyArray []GetKMSCryptoKeyKeyAccessJustificationsPolicyInput

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ElementType 

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ElementType() reflect.Type

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput 

func (i GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutputWithContext 

func (i GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput

type GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayInput 

type GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayInput interface {
	pulumi.Input

	ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
	ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutputWithContext(context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
}

GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayInput is an input type that accepts GetKMSCryptoKeyKeyAccessJustificationsPolicyArray and GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput values. You can construct a concrete instance of `GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayInput` via: 

GetKMSCryptoKeyKeyAccessJustificationsPolicyArray{ GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs{...} }

type GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput 

type GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput struct{ *pulumi.OutputState }

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ElementType 

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ElementType() reflect.Type

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) Index 

func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) Index(i pulumi.IntInput) GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput 

func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutputWithContext 

func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput

type GetKMSCryptoKeyKeyAccessJustificationsPolicyInput 

type GetKMSCryptoKeyKeyAccessJustificationsPolicyInput interface {
	pulumi.Input

	ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput
	ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput
}

GetKMSCryptoKeyKeyAccessJustificationsPolicyInput is an input type that accepts GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs and GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput values. You can construct a concrete instance of `GetKMSCryptoKeyKeyAccessJustificationsPolicyInput` via: 

GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs{...}

type GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput 

type GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput struct{ *pulumi.OutputState }

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons 

func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons() pulumi.StringArrayOutput

The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ElementType 

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ElementType() reflect.Type

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutput 

func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput

func (GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutputWithContext 

func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput

type GetKMSCryptoKeyOutputArgs 

type GetKMSCryptoKeyOutputArgs struct {
	// The `id` of the Google Cloud Platform KeyRing to which the key belongs.
	KeyRing pulumi.StringInput `pulumi:"keyRing"`
	// The CryptoKey's name.
	// A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	Name pulumi.StringInput `pulumi:"name"`
}

A collection of arguments for invoking getKMSCryptoKey.

func (GetKMSCryptoKeyOutputArgs) ElementType 

func (GetKMSCryptoKeyOutputArgs) ElementType() reflect.Type

type GetKMSCryptoKeyPrimary 

type GetKMSCryptoKeyPrimary struct {
	// The CryptoKey's name.
	// A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	Name string `pulumi:"name"`
	// The current state of the CryptoKeyVersion.
	State string `pulumi:"state"`
}

type GetKMSCryptoKeyPrimaryArgs 

type GetKMSCryptoKeyPrimaryArgs struct {
	// The CryptoKey's name.
	// A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	Name pulumi.StringInput `pulumi:"name"`
	// The current state of the CryptoKeyVersion.
	State pulumi.StringInput `pulumi:"state"`
}

func (GetKMSCryptoKeyPrimaryArgs) ElementType 

func (GetKMSCryptoKeyPrimaryArgs) ElementType() reflect.Type

func (GetKMSCryptoKeyPrimaryArgs) ToGetKMSCryptoKeyPrimaryOutput 

func (i GetKMSCryptoKeyPrimaryArgs) ToGetKMSCryptoKeyPrimaryOutput() GetKMSCryptoKeyPrimaryOutput

func (GetKMSCryptoKeyPrimaryArgs) ToGetKMSCryptoKeyPrimaryOutputWithContext 

func (i GetKMSCryptoKeyPrimaryArgs) ToGetKMSCryptoKeyPrimaryOutputWithContext(ctx context.Context) GetKMSCryptoKeyPrimaryOutput

type GetKMSCryptoKeyPrimaryArray 

type GetKMSCryptoKeyPrimaryArray []GetKMSCryptoKeyPrimaryInput

func (GetKMSCryptoKeyPrimaryArray) ElementType 

func (GetKMSCryptoKeyPrimaryArray) ElementType() reflect.Type

func (GetKMSCryptoKeyPrimaryArray) ToGetKMSCryptoKeyPrimaryArrayOutput 

func (i GetKMSCryptoKeyPrimaryArray) ToGetKMSCryptoKeyPrimaryArrayOutput() GetKMSCryptoKeyPrimaryArrayOutput

func (GetKMSCryptoKeyPrimaryArray) ToGetKMSCryptoKeyPrimaryArrayOutputWithContext 

func (i GetKMSCryptoKeyPrimaryArray) ToGetKMSCryptoKeyPrimaryArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyPrimaryArrayOutput

type GetKMSCryptoKeyPrimaryArrayInput 

type GetKMSCryptoKeyPrimaryArrayInput interface {
	pulumi.Input

	ToGetKMSCryptoKeyPrimaryArrayOutput() GetKMSCryptoKeyPrimaryArrayOutput
	ToGetKMSCryptoKeyPrimaryArrayOutputWithContext(context.Context) GetKMSCryptoKeyPrimaryArrayOutput
}

GetKMSCryptoKeyPrimaryArrayInput is an input type that accepts GetKMSCryptoKeyPrimaryArray and GetKMSCryptoKeyPrimaryArrayOutput values. You can construct a concrete instance of `GetKMSCryptoKeyPrimaryArrayInput` via: 

GetKMSCryptoKeyPrimaryArray{ GetKMSCryptoKeyPrimaryArgs{...} }

type GetKMSCryptoKeyPrimaryArrayOutput 

type GetKMSCryptoKeyPrimaryArrayOutput struct{ *pulumi.OutputState }

func (GetKMSCryptoKeyPrimaryArrayOutput) ElementType 

func (GetKMSCryptoKeyPrimaryArrayOutput) ElementType() reflect.Type

func (GetKMSCryptoKeyPrimaryArrayOutput) Index 

func (o GetKMSCryptoKeyPrimaryArrayOutput) Index(i pulumi.IntInput) GetKMSCryptoKeyPrimaryOutput

func (GetKMSCryptoKeyPrimaryArrayOutput) ToGetKMSCryptoKeyPrimaryArrayOutput 

func (o GetKMSCryptoKeyPrimaryArrayOutput) ToGetKMSCryptoKeyPrimaryArrayOutput() GetKMSCryptoKeyPrimaryArrayOutput

func (GetKMSCryptoKeyPrimaryArrayOutput) ToGetKMSCryptoKeyPrimaryArrayOutputWithContext 

func (o GetKMSCryptoKeyPrimaryArrayOutput) ToGetKMSCryptoKeyPrimaryArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyPrimaryArrayOutput

type GetKMSCryptoKeyPrimaryInput 

type GetKMSCryptoKeyPrimaryInput interface {
	pulumi.Input

	ToGetKMSCryptoKeyPrimaryOutput() GetKMSCryptoKeyPrimaryOutput
	ToGetKMSCryptoKeyPrimaryOutputWithContext(context.Context) GetKMSCryptoKeyPrimaryOutput
}

GetKMSCryptoKeyPrimaryInput is an input type that accepts GetKMSCryptoKeyPrimaryArgs and GetKMSCryptoKeyPrimaryOutput values. You can construct a concrete instance of `GetKMSCryptoKeyPrimaryInput` via: 

GetKMSCryptoKeyPrimaryArgs{...}

type GetKMSCryptoKeyPrimaryOutput 

type GetKMSCryptoKeyPrimaryOutput struct{ *pulumi.OutputState }

func (GetKMSCryptoKeyPrimaryOutput) ElementType 

func (GetKMSCryptoKeyPrimaryOutput) ElementType() reflect.Type

func (GetKMSCryptoKeyPrimaryOutput) Name 

func (o GetKMSCryptoKeyPrimaryOutput) Name() pulumi.StringOutput

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`

func (GetKMSCryptoKeyPrimaryOutput) State 

func (o GetKMSCryptoKeyPrimaryOutput) State() pulumi.StringOutput

The current state of the CryptoKeyVersion.

func (GetKMSCryptoKeyPrimaryOutput) ToGetKMSCryptoKeyPrimaryOutput 

func (o GetKMSCryptoKeyPrimaryOutput) ToGetKMSCryptoKeyPrimaryOutput() GetKMSCryptoKeyPrimaryOutput

func (GetKMSCryptoKeyPrimaryOutput) ToGetKMSCryptoKeyPrimaryOutputWithContext 

func (o GetKMSCryptoKeyPrimaryOutput) ToGetKMSCryptoKeyPrimaryOutputWithContext(ctx context.Context) GetKMSCryptoKeyPrimaryOutput

type GetKMSCryptoKeyResult 

type GetKMSCryptoKeyResult struct {
	CryptoKeyBackend         string            `pulumi:"cryptoKeyBackend"`
	DestroyScheduledDuration string            `pulumi:"destroyScheduledDuration"`
	EffectiveLabels          map[string]string `pulumi:"effectiveLabels"`
	// The provider-assigned unique ID for this managed resource.
	Id                              string                                         `pulumi:"id"`
	ImportOnly                      bool                                           `pulumi:"importOnly"`
	KeyAccessJustificationsPolicies []GetKMSCryptoKeyKeyAccessJustificationsPolicy `pulumi:"keyAccessJustificationsPolicies"`
	KeyRing                         string                                         `pulumi:"keyRing"`
	Labels                          map[string]string                              `pulumi:"labels"`
	Name                            string                                         `pulumi:"name"`
	Primaries                       []GetKMSCryptoKeyPrimary                       `pulumi:"primaries"`
	PulumiLabels                    map[string]string                              `pulumi:"pulumiLabels"`
	// Defines the cryptographic capabilities of the key.
	Purpose string `pulumi:"purpose"`
	// Every time this period passes, generate a new CryptoKeyVersion and set it as
	// the primary. The first rotation will take place after the specified period. The rotation period has the format
	// of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
	RotationPeriod             string                           `pulumi:"rotationPeriod"`
	SkipInitialVersionCreation bool                             `pulumi:"skipInitialVersionCreation"`
	VersionTemplates           []GetKMSCryptoKeyVersionTemplate `pulumi:"versionTemplates"`
}

A collection of values returned by getKMSCryptoKey.

func GetKMSCryptoKey 

func GetKMSCryptoKey(ctx *pulumi.Context, args *GetKMSCryptoKeyArgs, opts ...pulumi.InvokeOption) (*GetKMSCryptoKeyResult, error)

Provides access to a Google Cloud Platform KMS CryptoKey. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).

A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{
			Name:     "my-key-ring",
			Location: "us-central1",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{
			Name:    "my-crypto-key",
			KeyRing: myKeyRing.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetKMSCryptoKeyResultOutput 

type GetKMSCryptoKeyResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getKMSCryptoKey.

func GetKMSCryptoKeyOutput 

func GetKMSCryptoKeyOutput(ctx *pulumi.Context, args GetKMSCryptoKeyOutputArgs, opts ...pulumi.InvokeOption) GetKMSCryptoKeyResultOutput

func (GetKMSCryptoKeyResultOutput) CryptoKeyBackend 

func (o GetKMSCryptoKeyResultOutput) CryptoKeyBackend() pulumi.StringOutput

func (GetKMSCryptoKeyResultOutput) DestroyScheduledDuration 

func (o GetKMSCryptoKeyResultOutput) DestroyScheduledDuration() pulumi.StringOutput

func (GetKMSCryptoKeyResultOutput) EffectiveLabels 

func (o GetKMSCryptoKeyResultOutput) EffectiveLabels() pulumi.StringMapOutput

func (GetKMSCryptoKeyResultOutput) ElementType 

func (GetKMSCryptoKeyResultOutput) ElementType() reflect.Type

func (GetKMSCryptoKeyResultOutput) Id 

func (o GetKMSCryptoKeyResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetKMSCryptoKeyResultOutput) ImportOnly 

func (o GetKMSCryptoKeyResultOutput) ImportOnly() pulumi.BoolOutput

func (GetKMSCryptoKeyResultOutput) KeyAccessJustificationsPolicies 

func (o GetKMSCryptoKeyResultOutput) KeyAccessJustificationsPolicies() GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput

func (GetKMSCryptoKeyResultOutput) KeyRing 

func (o GetKMSCryptoKeyResultOutput) KeyRing() pulumi.StringOutput

func (GetKMSCryptoKeyResultOutput) Labels 

func (o GetKMSCryptoKeyResultOutput) Labels() pulumi.StringMapOutput

func (GetKMSCryptoKeyResultOutput) Name 

func (o GetKMSCryptoKeyResultOutput) Name() pulumi.StringOutput

func (GetKMSCryptoKeyResultOutput) Primaries 

func (o GetKMSCryptoKeyResultOutput) Primaries() GetKMSCryptoKeyPrimaryArrayOutput

func (GetKMSCryptoKeyResultOutput) PulumiLabels 

func (o GetKMSCryptoKeyResultOutput) PulumiLabels() pulumi.StringMapOutput

func (GetKMSCryptoKeyResultOutput) Purpose 

func (o GetKMSCryptoKeyResultOutput) Purpose() pulumi.StringOutput

Defines the cryptographic capabilities of the key.

func (GetKMSCryptoKeyResultOutput) RotationPeriod 

func (o GetKMSCryptoKeyResultOutput) RotationPeriod() pulumi.StringOutput

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

func (GetKMSCryptoKeyResultOutput) SkipInitialVersionCreation 

func (o GetKMSCryptoKeyResultOutput) SkipInitialVersionCreation() pulumi.BoolOutput

func (GetKMSCryptoKeyResultOutput) ToGetKMSCryptoKeyResultOutput 

func (o GetKMSCryptoKeyResultOutput) ToGetKMSCryptoKeyResultOutput() GetKMSCryptoKeyResultOutput

func (GetKMSCryptoKeyResultOutput) ToGetKMSCryptoKeyResultOutputWithContext 

func (o GetKMSCryptoKeyResultOutput) ToGetKMSCryptoKeyResultOutputWithContext(ctx context.Context) GetKMSCryptoKeyResultOutput

func (GetKMSCryptoKeyResultOutput) VersionTemplates 

func (o GetKMSCryptoKeyResultOutput) VersionTemplates() GetKMSCryptoKeyVersionTemplateArrayOutput

type GetKMSCryptoKeyVersionArgs 

type GetKMSCryptoKeyVersionArgs struct {
	// The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the
	// `kms.CryptoKey` resource/datasource.
	CryptoKey string `pulumi:"cryptoKey"`
	// The version number for this CryptoKeyVersion. Defaults to `1`.
	Version *int `pulumi:"version"`
}

A collection of arguments for invoking getKMSCryptoKeyVersion.

type GetKMSCryptoKeyVersionOutputArgs 

type GetKMSCryptoKeyVersionOutputArgs struct {
	// The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the
	// `kms.CryptoKey` resource/datasource.
	CryptoKey pulumi.StringInput `pulumi:"cryptoKey"`
	// The version number for this CryptoKeyVersion. Defaults to `1`.
	Version pulumi.IntPtrInput `pulumi:"version"`
}

A collection of arguments for invoking getKMSCryptoKeyVersion.

func (GetKMSCryptoKeyVersionOutputArgs) ElementType 

func (GetKMSCryptoKeyVersionOutputArgs) ElementType() reflect.Type

type GetKMSCryptoKeyVersionPublicKey 

type GetKMSCryptoKeyVersionPublicKey struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm string `pulumi:"algorithm"`
	// The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
	Pem string `pulumi:"pem"`
}

type GetKMSCryptoKeyVersionPublicKeyArgs 

type GetKMSCryptoKeyVersionPublicKeyArgs struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm pulumi.StringInput `pulumi:"algorithm"`
	// The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
	Pem pulumi.StringInput `pulumi:"pem"`
}

func (GetKMSCryptoKeyVersionPublicKeyArgs) ElementType 

func (GetKMSCryptoKeyVersionPublicKeyArgs) ElementType() reflect.Type

func (GetKMSCryptoKeyVersionPublicKeyArgs) ToGetKMSCryptoKeyVersionPublicKeyOutput 

func (i GetKMSCryptoKeyVersionPublicKeyArgs) ToGetKMSCryptoKeyVersionPublicKeyOutput() GetKMSCryptoKeyVersionPublicKeyOutput

func (GetKMSCryptoKeyVersionPublicKeyArgs) ToGetKMSCryptoKeyVersionPublicKeyOutputWithContext 

func (i GetKMSCryptoKeyVersionPublicKeyArgs) ToGetKMSCryptoKeyVersionPublicKeyOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionPublicKeyOutput

type GetKMSCryptoKeyVersionPublicKeyArray 

type GetKMSCryptoKeyVersionPublicKeyArray []GetKMSCryptoKeyVersionPublicKeyInput

func (GetKMSCryptoKeyVersionPublicKeyArray) ElementType 

func (GetKMSCryptoKeyVersionPublicKeyArray) ElementType() reflect.Type

func (GetKMSCryptoKeyVersionPublicKeyArray) ToGetKMSCryptoKeyVersionPublicKeyArrayOutput 

func (i GetKMSCryptoKeyVersionPublicKeyArray) ToGetKMSCryptoKeyVersionPublicKeyArrayOutput() GetKMSCryptoKeyVersionPublicKeyArrayOutput

func (GetKMSCryptoKeyVersionPublicKeyArray) ToGetKMSCryptoKeyVersionPublicKeyArrayOutputWithContext 

func (i GetKMSCryptoKeyVersionPublicKeyArray) ToGetKMSCryptoKeyVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionPublicKeyArrayOutput

type GetKMSCryptoKeyVersionPublicKeyArrayInput 

type GetKMSCryptoKeyVersionPublicKeyArrayInput interface {
	pulumi.Input

	ToGetKMSCryptoKeyVersionPublicKeyArrayOutput() GetKMSCryptoKeyVersionPublicKeyArrayOutput
	ToGetKMSCryptoKeyVersionPublicKeyArrayOutputWithContext(context.Context) GetKMSCryptoKeyVersionPublicKeyArrayOutput
}

GetKMSCryptoKeyVersionPublicKeyArrayInput is an input type that accepts GetKMSCryptoKeyVersionPublicKeyArray and GetKMSCryptoKeyVersionPublicKeyArrayOutput values. You can construct a concrete instance of `GetKMSCryptoKeyVersionPublicKeyArrayInput` via: 

GetKMSCryptoKeyVersionPublicKeyArray{ GetKMSCryptoKeyVersionPublicKeyArgs{...} }

type GetKMSCryptoKeyVersionPublicKeyArrayOutput 

type GetKMSCryptoKeyVersionPublicKeyArrayOutput struct{ *pulumi.OutputState }

func (GetKMSCryptoKeyVersionPublicKeyArrayOutput) ElementType 

func (GetKMSCryptoKeyVersionPublicKeyArrayOutput) ElementType() reflect.Type

func (GetKMSCryptoKeyVersionPublicKeyArrayOutput) Index 

func (o GetKMSCryptoKeyVersionPublicKeyArrayOutput) Index(i pulumi.IntInput) GetKMSCryptoKeyVersionPublicKeyOutput

func (GetKMSCryptoKeyVersionPublicKeyArrayOutput) ToGetKMSCryptoKeyVersionPublicKeyArrayOutput 

func (o GetKMSCryptoKeyVersionPublicKeyArrayOutput) ToGetKMSCryptoKeyVersionPublicKeyArrayOutput() GetKMSCryptoKeyVersionPublicKeyArrayOutput

func (GetKMSCryptoKeyVersionPublicKeyArrayOutput) ToGetKMSCryptoKeyVersionPublicKeyArrayOutputWithContext 

func (o GetKMSCryptoKeyVersionPublicKeyArrayOutput) ToGetKMSCryptoKeyVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionPublicKeyArrayOutput

type GetKMSCryptoKeyVersionPublicKeyInput 

type GetKMSCryptoKeyVersionPublicKeyInput interface {
	pulumi.Input

	ToGetKMSCryptoKeyVersionPublicKeyOutput() GetKMSCryptoKeyVersionPublicKeyOutput
	ToGetKMSCryptoKeyVersionPublicKeyOutputWithContext(context.Context) GetKMSCryptoKeyVersionPublicKeyOutput
}

GetKMSCryptoKeyVersionPublicKeyInput is an input type that accepts GetKMSCryptoKeyVersionPublicKeyArgs and GetKMSCryptoKeyVersionPublicKeyOutput values. You can construct a concrete instance of `GetKMSCryptoKeyVersionPublicKeyInput` via: 

GetKMSCryptoKeyVersionPublicKeyArgs{...}

type GetKMSCryptoKeyVersionPublicKeyOutput 

type GetKMSCryptoKeyVersionPublicKeyOutput struct{ *pulumi.OutputState }

func (GetKMSCryptoKeyVersionPublicKeyOutput) Algorithm 

func (o GetKMSCryptoKeyVersionPublicKeyOutput) Algorithm() pulumi.StringOutput

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

func (GetKMSCryptoKeyVersionPublicKeyOutput) ElementType 

func (GetKMSCryptoKeyVersionPublicKeyOutput) ElementType() reflect.Type

func (GetKMSCryptoKeyVersionPublicKeyOutput) Pem 

func (o GetKMSCryptoKeyVersionPublicKeyOutput) Pem() pulumi.StringOutput

The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.

func (GetKMSCryptoKeyVersionPublicKeyOutput) ToGetKMSCryptoKeyVersionPublicKeyOutput 

func (o GetKMSCryptoKeyVersionPublicKeyOutput) ToGetKMSCryptoKeyVersionPublicKeyOutput() GetKMSCryptoKeyVersionPublicKeyOutput

func (GetKMSCryptoKeyVersionPublicKeyOutput) ToGetKMSCryptoKeyVersionPublicKeyOutputWithContext 

func (o GetKMSCryptoKeyVersionPublicKeyOutput) ToGetKMSCryptoKeyVersionPublicKeyOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionPublicKeyOutput

type GetKMSCryptoKeyVersionResult 

type GetKMSCryptoKeyVersionResult struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm string `pulumi:"algorithm"`
	CryptoKey string `pulumi:"cryptoKey"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`
	Name string `pulumi:"name"`
	// The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. See the [protectionLevel reference](https://cloud.google.com/kms/docs/reference/rest/v1/ProtectionLevel) for possible outputs.
	ProtectionLevel string `pulumi:"protectionLevel"`
	// If the enclosing CryptoKey has purpose `ASYMMETRIC_SIGN` or `ASYMMETRIC_DECRYPT`, this block contains details about the public key associated to this CryptoKeyVersion. Structure is documented below.
	PublicKeys []GetKMSCryptoKeyVersionPublicKey `pulumi:"publicKeys"`
	// The current state of the CryptoKeyVersion. See the [state reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions#CryptoKeyVersion.CryptoKeyVersionState) for possible outputs.
	State   string `pulumi:"state"`
	Version *int   `pulumi:"version"`
}

A collection of values returned by getKMSCryptoKeyVersion.

func GetKMSCryptoKeyVersion 

func GetKMSCryptoKeyVersion(ctx *pulumi.Context, args *GetKMSCryptoKeyVersionArgs, opts ...pulumi.InvokeOption) (*GetKMSCryptoKeyVersionResult, error)

Provides access to a Google Cloud Platform KMS CryptoKeyVersion. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).

A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{
			Name:     "my-key-ring",
			Location: "us-central1",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{
			Name:    "my-crypto-key",
			KeyRing: myKeyRing.Id,
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.GetKMSCryptoKeyVersion(ctx, &kms.GetKMSCryptoKeyVersionArgs{
			CryptoKey: myKey.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetKMSCryptoKeyVersionResultOutput 

type GetKMSCryptoKeyVersionResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getKMSCryptoKeyVersion.

func GetKMSCryptoKeyVersionOutput 

func GetKMSCryptoKeyVersionOutput(ctx *pulumi.Context, args GetKMSCryptoKeyVersionOutputArgs, opts ...pulumi.InvokeOption) GetKMSCryptoKeyVersionResultOutput

func (GetKMSCryptoKeyVersionResultOutput) Algorithm 

func (o GetKMSCryptoKeyVersionResultOutput) Algorithm() pulumi.StringOutput

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

func (GetKMSCryptoKeyVersionResultOutput) CryptoKey 

func (o GetKMSCryptoKeyVersionResultOutput) CryptoKey() pulumi.StringOutput

func (GetKMSCryptoKeyVersionResultOutput) ElementType 

func (GetKMSCryptoKeyVersionResultOutput) ElementType() reflect.Type

func (GetKMSCryptoKeyVersionResultOutput) Id 

func (o GetKMSCryptoKeyVersionResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetKMSCryptoKeyVersionResultOutput) Name 

func (o GetKMSCryptoKeyVersionResultOutput) Name() pulumi.StringOutput

The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`

func (GetKMSCryptoKeyVersionResultOutput) ProtectionLevel 

func (o GetKMSCryptoKeyVersionResultOutput) ProtectionLevel() pulumi.StringOutput

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. See the [protectionLevel reference](https://cloud.google.com/kms/docs/reference/rest/v1/ProtectionLevel) for possible outputs.

func (GetKMSCryptoKeyVersionResultOutput) PublicKeys 

func (o GetKMSCryptoKeyVersionResultOutput) PublicKeys() GetKMSCryptoKeyVersionPublicKeyArrayOutput

If the enclosing CryptoKey has purpose `ASYMMETRIC_SIGN` or `ASYMMETRIC_DECRYPT`, this block contains details about the public key associated to this CryptoKeyVersion. Structure is documented below.

func (GetKMSCryptoKeyVersionResultOutput) State 

func (o GetKMSCryptoKeyVersionResultOutput) State() pulumi.StringOutput

The current state of the CryptoKeyVersion. See the [state reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions#CryptoKeyVersion.CryptoKeyVersionState) for possible outputs.

func (GetKMSCryptoKeyVersionResultOutput) ToGetKMSCryptoKeyVersionResultOutput 

func (o GetKMSCryptoKeyVersionResultOutput) ToGetKMSCryptoKeyVersionResultOutput() GetKMSCryptoKeyVersionResultOutput

func (GetKMSCryptoKeyVersionResultOutput) ToGetKMSCryptoKeyVersionResultOutputWithContext 

func (o GetKMSCryptoKeyVersionResultOutput) ToGetKMSCryptoKeyVersionResultOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionResultOutput

func (GetKMSCryptoKeyVersionResultOutput) Version 

func (o GetKMSCryptoKeyVersionResultOutput) Version() pulumi.IntPtrOutput

type GetKMSCryptoKeyVersionTemplate 

type GetKMSCryptoKeyVersionTemplate struct {
	// The algorithm to use when creating a version based on this template.
	// See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
	Algorithm string `pulumi:"algorithm"`
	// The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
	ProtectionLevel string `pulumi:"protectionLevel"`
}

type GetKMSCryptoKeyVersionTemplateArgs 

type GetKMSCryptoKeyVersionTemplateArgs struct {
	// The algorithm to use when creating a version based on this template.
	// See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
	Algorithm pulumi.StringInput `pulumi:"algorithm"`
	// The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
	ProtectionLevel pulumi.StringInput `pulumi:"protectionLevel"`
}

func (GetKMSCryptoKeyVersionTemplateArgs) ElementType 

func (GetKMSCryptoKeyVersionTemplateArgs) ElementType() reflect.Type

func (GetKMSCryptoKeyVersionTemplateArgs) ToGetKMSCryptoKeyVersionTemplateOutput 

func (i GetKMSCryptoKeyVersionTemplateArgs) ToGetKMSCryptoKeyVersionTemplateOutput() GetKMSCryptoKeyVersionTemplateOutput

func (GetKMSCryptoKeyVersionTemplateArgs) ToGetKMSCryptoKeyVersionTemplateOutputWithContext 

func (i GetKMSCryptoKeyVersionTemplateArgs) ToGetKMSCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionTemplateOutput

type GetKMSCryptoKeyVersionTemplateArray 

type GetKMSCryptoKeyVersionTemplateArray []GetKMSCryptoKeyVersionTemplateInput

func (GetKMSCryptoKeyVersionTemplateArray) ElementType 

func (GetKMSCryptoKeyVersionTemplateArray) ElementType() reflect.Type

func (GetKMSCryptoKeyVersionTemplateArray) ToGetKMSCryptoKeyVersionTemplateArrayOutput 

func (i GetKMSCryptoKeyVersionTemplateArray) ToGetKMSCryptoKeyVersionTemplateArrayOutput() GetKMSCryptoKeyVersionTemplateArrayOutput

func (GetKMSCryptoKeyVersionTemplateArray) ToGetKMSCryptoKeyVersionTemplateArrayOutputWithContext 

func (i GetKMSCryptoKeyVersionTemplateArray) ToGetKMSCryptoKeyVersionTemplateArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionTemplateArrayOutput

type GetKMSCryptoKeyVersionTemplateArrayInput 

type GetKMSCryptoKeyVersionTemplateArrayInput interface {
	pulumi.Input

	ToGetKMSCryptoKeyVersionTemplateArrayOutput() GetKMSCryptoKeyVersionTemplateArrayOutput
	ToGetKMSCryptoKeyVersionTemplateArrayOutputWithContext(context.Context) GetKMSCryptoKeyVersionTemplateArrayOutput
}

GetKMSCryptoKeyVersionTemplateArrayInput is an input type that accepts GetKMSCryptoKeyVersionTemplateArray and GetKMSCryptoKeyVersionTemplateArrayOutput values. You can construct a concrete instance of `GetKMSCryptoKeyVersionTemplateArrayInput` via: 

GetKMSCryptoKeyVersionTemplateArray{ GetKMSCryptoKeyVersionTemplateArgs{...} }

type GetKMSCryptoKeyVersionTemplateArrayOutput 

type GetKMSCryptoKeyVersionTemplateArrayOutput struct{ *pulumi.OutputState }

func (GetKMSCryptoKeyVersionTemplateArrayOutput) ElementType 

func (GetKMSCryptoKeyVersionTemplateArrayOutput) ElementType() reflect.Type

func (GetKMSCryptoKeyVersionTemplateArrayOutput) Index 

func (o GetKMSCryptoKeyVersionTemplateArrayOutput) Index(i pulumi.IntInput) GetKMSCryptoKeyVersionTemplateOutput

func (GetKMSCryptoKeyVersionTemplateArrayOutput) ToGetKMSCryptoKeyVersionTemplateArrayOutput 

func (o GetKMSCryptoKeyVersionTemplateArrayOutput) ToGetKMSCryptoKeyVersionTemplateArrayOutput() GetKMSCryptoKeyVersionTemplateArrayOutput

func (GetKMSCryptoKeyVersionTemplateArrayOutput) ToGetKMSCryptoKeyVersionTemplateArrayOutputWithContext 

func (o GetKMSCryptoKeyVersionTemplateArrayOutput) ToGetKMSCryptoKeyVersionTemplateArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionTemplateArrayOutput

type GetKMSCryptoKeyVersionTemplateInput 

type GetKMSCryptoKeyVersionTemplateInput interface {
	pulumi.Input

	ToGetKMSCryptoKeyVersionTemplateOutput() GetKMSCryptoKeyVersionTemplateOutput
	ToGetKMSCryptoKeyVersionTemplateOutputWithContext(context.Context) GetKMSCryptoKeyVersionTemplateOutput
}

GetKMSCryptoKeyVersionTemplateInput is an input type that accepts GetKMSCryptoKeyVersionTemplateArgs and GetKMSCryptoKeyVersionTemplateOutput values. You can construct a concrete instance of `GetKMSCryptoKeyVersionTemplateInput` via: 

GetKMSCryptoKeyVersionTemplateArgs{...}

type GetKMSCryptoKeyVersionTemplateOutput 

type GetKMSCryptoKeyVersionTemplateOutput struct{ *pulumi.OutputState }

func (GetKMSCryptoKeyVersionTemplateOutput) Algorithm 

func (o GetKMSCryptoKeyVersionTemplateOutput) Algorithm() pulumi.StringOutput

The algorithm to use when creating a version based on this template. See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.

func (GetKMSCryptoKeyVersionTemplateOutput) ElementType 

func (GetKMSCryptoKeyVersionTemplateOutput) ElementType() reflect.Type

func (GetKMSCryptoKeyVersionTemplateOutput) ProtectionLevel 

func (o GetKMSCryptoKeyVersionTemplateOutput) ProtectionLevel() pulumi.StringOutput

The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".

func (GetKMSCryptoKeyVersionTemplateOutput) ToGetKMSCryptoKeyVersionTemplateOutput 

func (o GetKMSCryptoKeyVersionTemplateOutput) ToGetKMSCryptoKeyVersionTemplateOutput() GetKMSCryptoKeyVersionTemplateOutput

func (GetKMSCryptoKeyVersionTemplateOutput) ToGetKMSCryptoKeyVersionTemplateOutputWithContext 

func (o GetKMSCryptoKeyVersionTemplateOutput) ToGetKMSCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionTemplateOutput

type GetKMSKeyRingArgs 

type GetKMSKeyRingArgs struct {
	// The Google Cloud Platform location for the KeyRing.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	//
	// ***
	Location string `pulumi:"location"`
	// The KeyRing's name.
	// A KeyRing name must exist within the provided location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	Name string `pulumi:"name"`
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project *string `pulumi:"project"`
}

A collection of arguments for invoking getKMSKeyRing.

type GetKMSKeyRingOutputArgs 

type GetKMSKeyRingOutputArgs struct {
	// The Google Cloud Platform location for the KeyRing.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	//
	// ***
	Location pulumi.StringInput `pulumi:"location"`
	// The KeyRing's name.
	// A KeyRing name must exist within the provided location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	Name pulumi.StringInput `pulumi:"name"`
	// The project in which the resource belongs. If it
	// is not provided, the provider project is used.
	Project pulumi.StringPtrInput `pulumi:"project"`
}

A collection of arguments for invoking getKMSKeyRing.

func (GetKMSKeyRingOutputArgs) ElementType 

func (GetKMSKeyRingOutputArgs) ElementType() reflect.Type

type GetKMSKeyRingResult 

type GetKMSKeyRingResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id       string  `pulumi:"id"`
	Location string  `pulumi:"location"`
	Name     string  `pulumi:"name"`
	Project  *string `pulumi:"project"`
}

A collection of values returned by getKMSKeyRing.

func GetKMSKeyRing 

func GetKMSKeyRing(ctx *pulumi.Context, args *GetKMSKeyRingArgs, opts ...pulumi.InvokeOption) (*GetKMSKeyRingResult, error)

Provides access to Google Cloud Platform KMS KeyRing. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).

A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project and resides in a specific location.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{
			Name:     "my-key-ring",
			Location: "us-central1",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetKMSKeyRingResultOutput 

type GetKMSKeyRingResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getKMSKeyRing.

func GetKMSKeyRingOutput 

func GetKMSKeyRingOutput(ctx *pulumi.Context, args GetKMSKeyRingOutputArgs, opts ...pulumi.InvokeOption) GetKMSKeyRingResultOutput

func (GetKMSKeyRingResultOutput) ElementType 

func (GetKMSKeyRingResultOutput) ElementType() reflect.Type

func (GetKMSKeyRingResultOutput) Id 

func (o GetKMSKeyRingResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetKMSKeyRingResultOutput) Location 

func (o GetKMSKeyRingResultOutput) Location() pulumi.StringOutput

func (GetKMSKeyRingResultOutput) Name 

func (o GetKMSKeyRingResultOutput) Name() pulumi.StringOutput

func (GetKMSKeyRingResultOutput) Project 

func (o GetKMSKeyRingResultOutput) Project() pulumi.StringPtrOutput

func (GetKMSKeyRingResultOutput) ToGetKMSKeyRingResultOutput 

func (o GetKMSKeyRingResultOutput) ToGetKMSKeyRingResultOutput() GetKMSKeyRingResultOutput

func (GetKMSKeyRingResultOutput) ToGetKMSKeyRingResultOutputWithContext 

func (o GetKMSKeyRingResultOutput) ToGetKMSKeyRingResultOutputWithContext(ctx context.Context) GetKMSKeyRingResultOutput

type GetKMSSecretArgs 

type GetKMSSecretArgs struct {
	// The [additional authenticated data](https://cloud.google.com/kms/docs/additional-authenticated-data) used for integrity checks during encryption and decryption.
	AdditionalAuthenticatedData *string `pulumi:"additionalAuthenticatedData"`
	// The ciphertext to be decrypted, encoded in base64
	Ciphertext string `pulumi:"ciphertext"`
	// The id of the CryptoKey that will be used to
	// decrypt the provided ciphertext. This is represented by the format
	// `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`.
	CryptoKey string `pulumi:"cryptoKey"`
}

A collection of arguments for invoking getKMSSecret.

type GetKMSSecretAsymmetricArgs 

type GetKMSSecretAsymmetricArgs struct {
	// The ciphertext to be decrypted, encoded in base64
	Ciphertext string `pulumi:"ciphertext"`
	// The crc32 checksum of the `ciphertext` in hexadecimal notation. If not specified, it will be computed.
	Crc32 *string `pulumi:"crc32"`
	// The id of the CryptoKey version that will be used to
	// decrypt the provided ciphertext. This is represented by the format
	// `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}`.
	CryptoKeyVersion string `pulumi:"cryptoKeyVersion"`
}

A collection of arguments for invoking getKMSSecretAsymmetric.

type GetKMSSecretAsymmetricOutputArgs 

type GetKMSSecretAsymmetricOutputArgs struct {
	// The ciphertext to be decrypted, encoded in base64
	Ciphertext pulumi.StringInput `pulumi:"ciphertext"`
	// The crc32 checksum of the `ciphertext` in hexadecimal notation. If not specified, it will be computed.
	Crc32 pulumi.StringPtrInput `pulumi:"crc32"`
	// The id of the CryptoKey version that will be used to
	// decrypt the provided ciphertext. This is represented by the format
	// `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}`.
	CryptoKeyVersion pulumi.StringInput `pulumi:"cryptoKeyVersion"`
}

A collection of arguments for invoking getKMSSecretAsymmetric.

func (GetKMSSecretAsymmetricOutputArgs) ElementType 

func (GetKMSSecretAsymmetricOutputArgs) ElementType() reflect.Type

type GetKMSSecretAsymmetricResult 

type GetKMSSecretAsymmetricResult struct {
	Ciphertext string `pulumi:"ciphertext"`
	// Contains the crc32 checksum of the provided ciphertext.
	Crc32            *string `pulumi:"crc32"`
	CryptoKeyVersion string  `pulumi:"cryptoKeyVersion"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// Contains the result of decrypting the provided ciphertext.
	Plaintext string `pulumi:"plaintext"`
}

A collection of values returned by getKMSSecretAsymmetric.

func GetKMSSecretAsymmetric 

func GetKMSSecretAsymmetric(ctx *pulumi.Context, args *GetKMSSecretAsymmetricArgs, opts ...pulumi.InvokeOption) (*GetKMSSecretAsymmetricResult, error)

## Example Usage

First, create a KMS KeyRing and CryptoKey using the resource definitions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myKeyRing, err := kms.NewKeyRing(ctx, "my_key_ring", &kms.KeyRingArgs{
			Project:  pulumi.String("my-project"),
			Name:     pulumi.String("my-key-ring"),
			Location: pulumi.String("us-central1"),
		})
		if err != nil {
			return err
		}
		myCryptoKeyCryptoKey, err := kms.NewCryptoKey(ctx, "my_crypto_key", &kms.CryptoKeyArgs{
			Name:    pulumi.String("my-crypto-key"),
			KeyRing: myKeyRing.ID(),
			Purpose: pulumi.String("ASYMMETRIC_DECRYPT"),
			VersionTemplate: &kms.CryptoKeyVersionTemplateArgs{
				Algorithm: pulumi.String("RSA_DECRYPT_OAEP_4096_SHA256"),
			},
		})
		if err != nil {
			return err
		}
		_ = kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{
			CryptoKey: myCryptoKeyCryptoKey.ID(),
		}, nil)
		return nil
	})
}

```

Next, use the [Cloud SDK](https://cloud.google.com/kms/docs/encrypt-decrypt-rsa#kms-encrypt-asymmetric-cli) to encrypt some sensitive information:

Finally, reference the encrypted ciphertext in your resource definitions:

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql"
"github.com/pulumi/pulumi-random/sdk/v4/go/random"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.GetKMSSecretAsymmetric(ctx, &kms.GetKMSSecretAsymmetricArgs{
			CryptoKeyVersion: myCryptoKey.Id,
			Crc32:            pulumi.StringRef("12c59e54"),
			Ciphertext: `    M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
    ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
    4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
    eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
    wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
    LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
    yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
    J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
    IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
    mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
    A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=

`, 

		}, nil)
		if err != nil {
			return err
		}
		dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{
			ByteLength: pulumi.Int(4),
		})
		if err != nil {
			return err
		}
		main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{
			Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {
				return fmt.Sprintf("main-instance-%v", hex), nil
			}).(pulumi.StringOutput),
			DatabaseVersion: pulumi.String("MYSQL_5_7"),
			Settings: &sql.DatabaseInstanceSettingsArgs{
				Tier: pulumi.String("db-f1-micro"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sql.NewUser(ctx, "users", &sql.UserArgs{
			Name:     pulumi.String("me"),
			Instance: main.Name,
			Host:     pulumi.String("me.com"),
			Password: pulumi.Any(sqlUserPasswordGoogleKmsSecret.Plaintext),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

This will result in a Cloud SQL user being created with password `my-secret-password`.

type GetKMSSecretAsymmetricResultOutput 

type GetKMSSecretAsymmetricResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getKMSSecretAsymmetric.

func GetKMSSecretAsymmetricOutput 

func GetKMSSecretAsymmetricOutput(ctx *pulumi.Context, args GetKMSSecretAsymmetricOutputArgs, opts ...pulumi.InvokeOption) GetKMSSecretAsymmetricResultOutput

func (GetKMSSecretAsymmetricResultOutput) Ciphertext 

func (o GetKMSSecretAsymmetricResultOutput) Ciphertext() pulumi.StringOutput

func (GetKMSSecretAsymmetricResultOutput) Crc32 

func (o GetKMSSecretAsymmetricResultOutput) Crc32() pulumi.StringPtrOutput

Contains the crc32 checksum of the provided ciphertext.

func (GetKMSSecretAsymmetricResultOutput) CryptoKeyVersion 

func (o GetKMSSecretAsymmetricResultOutput) CryptoKeyVersion() pulumi.StringOutput

func (GetKMSSecretAsymmetricResultOutput) ElementType 

func (GetKMSSecretAsymmetricResultOutput) ElementType() reflect.Type

func (GetKMSSecretAsymmetricResultOutput) Id 

func (o GetKMSSecretAsymmetricResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetKMSSecretAsymmetricResultOutput) Plaintext 

func (o GetKMSSecretAsymmetricResultOutput) Plaintext() pulumi.StringOutput

Contains the result of decrypting the provided ciphertext.

func (GetKMSSecretAsymmetricResultOutput) ToGetKMSSecretAsymmetricResultOutput 

func (o GetKMSSecretAsymmetricResultOutput) ToGetKMSSecretAsymmetricResultOutput() GetKMSSecretAsymmetricResultOutput

func (GetKMSSecretAsymmetricResultOutput) ToGetKMSSecretAsymmetricResultOutputWithContext 

func (o GetKMSSecretAsymmetricResultOutput) ToGetKMSSecretAsymmetricResultOutputWithContext(ctx context.Context) GetKMSSecretAsymmetricResultOutput

type GetKMSSecretCiphertextArgs 

type GetKMSSecretCiphertextArgs struct {
	// The id of the CryptoKey that will be used to
	// encrypt the provided plaintext. This is represented by the format
	// `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`.
	CryptoKey string `pulumi:"cryptoKey"`
	// The plaintext to be encrypted
	Plaintext string `pulumi:"plaintext"`
}

A collection of arguments for invoking getKMSSecretCiphertext.

type GetKMSSecretCiphertextOutputArgs 

type GetKMSSecretCiphertextOutputArgs struct {
	// The id of the CryptoKey that will be used to
	// encrypt the provided plaintext. This is represented by the format
	// `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`.
	CryptoKey pulumi.StringInput `pulumi:"cryptoKey"`
	// The plaintext to be encrypted
	Plaintext pulumi.StringInput `pulumi:"plaintext"`
}

A collection of arguments for invoking getKMSSecretCiphertext.

func (GetKMSSecretCiphertextOutputArgs) ElementType 

func (GetKMSSecretCiphertextOutputArgs) ElementType() reflect.Type

type GetKMSSecretCiphertextResult 

type GetKMSSecretCiphertextResult struct {
	// Contains the result of encrypting the provided plaintext, encoded in base64.
	Ciphertext string `pulumi:"ciphertext"`
	CryptoKey  string `pulumi:"cryptoKey"`
	// The provider-assigned unique ID for this managed resource.
	Id        string `pulumi:"id"`
	Plaintext string `pulumi:"plaintext"`
}

A collection of values returned by getKMSSecretCiphertext.

func GetKMSSecretCiphertext 

func GetKMSSecretCiphertext(ctx *pulumi.Context, args *GetKMSSecretCiphertextArgs, opts ...pulumi.InvokeOption) (*GetKMSSecretCiphertextResult, error)

!> **Warning:** This data source is deprecated. Use the `kms.SecretCiphertext` **resource** instead.

This data source allows you to encrypt data with Google Cloud KMS and use the ciphertext within your resource definitions.

For more information see [the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).

> **NOTE:** Using this data source will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.

## Example Usage

First, create a KMS KeyRing and CryptoKey using the resource definitions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myKeyRing, err := kms.NewKeyRing(ctx, "my_key_ring", &kms.KeyRingArgs{
			Project:  pulumi.String("my-project"),
			Name:     pulumi.String("my-key-ring"),
			Location: pulumi.String("us-central1"),
		})
		if err != nil {
			return err
		}
		_, err = kms.NewCryptoKey(ctx, "my_crypto_key", &kms.CryptoKeyArgs{
			Name:    pulumi.String("my-crypto-key"),
			KeyRing: myKeyRing.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

Next, encrypt some sensitive information and use the encrypted data in your resource definitions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myPassword, err := kms.GetKMSSecretCiphertext(ctx, &kms.GetKMSSecretCiphertextArgs{
			CryptoKey: myCryptoKey.Id,
			Plaintext: "my-secret-password",
		}, nil)
		if err != nil {
			return err
		}
		_, err = compute.NewInstance(ctx, "instance", &compute.InstanceArgs{
			NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
				&compute.InstanceNetworkInterfaceArgs{
					AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{
						&compute.InstanceNetworkInterfaceAccessConfigArgs{},
					},
					Network: pulumi.String("default"),
				},
			},
			Name:        pulumi.String("test"),
			MachineType: pulumi.String("e2-medium"),
			Zone:        pulumi.String("us-central1-a"),
			BootDisk: &compute.InstanceBootDiskArgs{
				InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
					Image: pulumi.String("debian-cloud/debian-11"),
				},
			},
			Metadata: pulumi.StringMap{
				"password": pulumi.String(myPassword.Ciphertext),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

The resulting instance can then access the encrypted password from its metadata and decrypt it, e.g. using the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/decrypt)):

type GetKMSSecretCiphertextResultOutput 

type GetKMSSecretCiphertextResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getKMSSecretCiphertext.

func GetKMSSecretCiphertextOutput 

func GetKMSSecretCiphertextOutput(ctx *pulumi.Context, args GetKMSSecretCiphertextOutputArgs, opts ...pulumi.InvokeOption) GetKMSSecretCiphertextResultOutput

func (GetKMSSecretCiphertextResultOutput) Ciphertext 

func (o GetKMSSecretCiphertextResultOutput) Ciphertext() pulumi.StringOutput

Contains the result of encrypting the provided plaintext, encoded in base64.

func (GetKMSSecretCiphertextResultOutput) CryptoKey 

func (o GetKMSSecretCiphertextResultOutput) CryptoKey() pulumi.StringOutput

func (GetKMSSecretCiphertextResultOutput) ElementType 

func (GetKMSSecretCiphertextResultOutput) ElementType() reflect.Type

func (GetKMSSecretCiphertextResultOutput) Id 

func (o GetKMSSecretCiphertextResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetKMSSecretCiphertextResultOutput) Plaintext 

func (o GetKMSSecretCiphertextResultOutput) Plaintext() pulumi.StringOutput

func (GetKMSSecretCiphertextResultOutput) ToGetKMSSecretCiphertextResultOutput 

func (o GetKMSSecretCiphertextResultOutput) ToGetKMSSecretCiphertextResultOutput() GetKMSSecretCiphertextResultOutput

func (GetKMSSecretCiphertextResultOutput) ToGetKMSSecretCiphertextResultOutputWithContext 

func (o GetKMSSecretCiphertextResultOutput) ToGetKMSSecretCiphertextResultOutputWithContext(ctx context.Context) GetKMSSecretCiphertextResultOutput

type GetKMSSecretOutputArgs 

type GetKMSSecretOutputArgs struct {
	// The [additional authenticated data](https://cloud.google.com/kms/docs/additional-authenticated-data) used for integrity checks during encryption and decryption.
	AdditionalAuthenticatedData pulumi.StringPtrInput `pulumi:"additionalAuthenticatedData"`
	// The ciphertext to be decrypted, encoded in base64
	Ciphertext pulumi.StringInput `pulumi:"ciphertext"`
	// The id of the CryptoKey that will be used to
	// decrypt the provided ciphertext. This is represented by the format
	// `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`.
	CryptoKey pulumi.StringInput `pulumi:"cryptoKey"`
}

A collection of arguments for invoking getKMSSecret.

func (GetKMSSecretOutputArgs) ElementType 

func (GetKMSSecretOutputArgs) ElementType() reflect.Type

type GetKMSSecretResult 

type GetKMSSecretResult struct {
	AdditionalAuthenticatedData *string `pulumi:"additionalAuthenticatedData"`
	Ciphertext                  string  `pulumi:"ciphertext"`
	CryptoKey                   string  `pulumi:"cryptoKey"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// Contains the result of decrypting the provided ciphertext.
	Plaintext string `pulumi:"plaintext"`
}

A collection of values returned by getKMSSecret.

func GetKMSSecret 

func GetKMSSecret(ctx *pulumi.Context, args *GetKMSSecretArgs, opts ...pulumi.InvokeOption) (*GetKMSSecretResult, error)

This data source allows you to use data encrypted with Google Cloud KMS within your resource definitions.

For more information see [the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).

> **NOTE:** Using this data provider will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.

## Example Usage

First, create a KMS KeyRing and CryptoKey using the resource definitions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myKeyRing, err := kms.NewKeyRing(ctx, "my_key_ring", &kms.KeyRingArgs{
			Project:  pulumi.String("my-project"),
			Name:     pulumi.String("my-key-ring"),
			Location: pulumi.String("us-central1"),
		})
		if err != nil {
			return err
		}
		_, err = kms.NewCryptoKey(ctx, "my_crypto_key", &kms.CryptoKeyArgs{
			Name:    pulumi.String("my-crypto-key"),
			KeyRing: myKeyRing.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

Next, use the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/encrypt) to encrypt some sensitive information:

Finally, reference the encrypted ciphertext in your resource definitions:

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql"
"github.com/pulumi/pulumi-random/sdk/v4/go/random"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		sqlUserPassword, err := kms.GetKMSSecret(ctx, &kms.GetKMSSecretArgs{
			CryptoKey:  myCryptoKey.Id,
			Ciphertext: "CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=",
		}, nil)
		if err != nil {
			return err
		}
		dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{
			ByteLength: pulumi.Int(4),
		})
		if err != nil {
			return err
		}
		main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{
			Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {
				return fmt.Sprintf("main-instance-%v", hex), nil
			}).(pulumi.StringOutput),
			DatabaseVersion: pulumi.String("MYSQL_5_7"),
			Settings: &sql.DatabaseInstanceSettingsArgs{
				Tier: pulumi.String("db-f1-micro"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sql.NewUser(ctx, "users", &sql.UserArgs{
			Name:     pulumi.String("me"),
			Instance: main.Name,
			Host:     pulumi.String("me.com"),
			Password: pulumi.String(sqlUserPassword.Plaintext),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

This will result in a Cloud SQL user being created with password `my-secret-password`.

type GetKMSSecretResultOutput 

type GetKMSSecretResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getKMSSecret.

func GetKMSSecretOutput 

func GetKMSSecretOutput(ctx *pulumi.Context, args GetKMSSecretOutputArgs, opts ...pulumi.InvokeOption) GetKMSSecretResultOutput

func (GetKMSSecretResultOutput) AdditionalAuthenticatedData 

func (o GetKMSSecretResultOutput) AdditionalAuthenticatedData() pulumi.StringPtrOutput

func (GetKMSSecretResultOutput) Ciphertext 

func (o GetKMSSecretResultOutput) Ciphertext() pulumi.StringOutput

func (GetKMSSecretResultOutput) CryptoKey 

func (o GetKMSSecretResultOutput) CryptoKey() pulumi.StringOutput

func (GetKMSSecretResultOutput) ElementType 

func (GetKMSSecretResultOutput) ElementType() reflect.Type

func (GetKMSSecretResultOutput) Id 

func (o GetKMSSecretResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetKMSSecretResultOutput) Plaintext 

func (o GetKMSSecretResultOutput) Plaintext() pulumi.StringOutput

Contains the result of decrypting the provided ciphertext.

func (GetKMSSecretResultOutput) ToGetKMSSecretResultOutput 

func (o GetKMSSecretResultOutput) ToGetKMSSecretResultOutput() GetKMSSecretResultOutput

func (GetKMSSecretResultOutput) ToGetKMSSecretResultOutputWithContext 

func (o GetKMSSecretResultOutput) ToGetKMSSecretResultOutputWithContext(ctx context.Context) GetKMSSecretResultOutput

type GetKeyRingIamPolicyArgs 

type GetKeyRingIamPolicyArgs struct {
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId string `pulumi:"keyRingId"`
}

A collection of arguments for invoking getKeyRingIamPolicy.

type GetKeyRingIamPolicyOutputArgs 

type GetKeyRingIamPolicyOutputArgs struct {
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId pulumi.StringInput `pulumi:"keyRingId"`
}

A collection of arguments for invoking getKeyRingIamPolicy.

func (GetKeyRingIamPolicyOutputArgs) ElementType 

func (GetKeyRingIamPolicyOutputArgs) ElementType() reflect.Type

type GetKeyRingIamPolicyResult 

type GetKeyRingIamPolicyResult struct {
	// (Computed) The etag of the IAM policy.
	Etag string `pulumi:"etag"`
	// The provider-assigned unique ID for this managed resource.
	Id        string `pulumi:"id"`
	KeyRingId string `pulumi:"keyRingId"`
	// (Computed) The policy data
	PolicyData string `pulumi:"policyData"`
}

A collection of values returned by getKeyRingIamPolicy.

func GetKeyRingIamPolicy 

func GetKeyRingIamPolicy(ctx *pulumi.Context, args *GetKeyRingIamPolicyArgs, opts ...pulumi.InvokeOption) (*GetKeyRingIamPolicyResult, error)

Retrieves the current IAM policy data for a Google Cloud KMS key ring.

## example

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.GetKeyRingIamPolicy(ctx, &kms.GetKeyRingIamPolicyArgs{
			KeyRingId: "{project_id}/{location_name}/{key_ring_name}",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetKeyRingIamPolicyResultOutput 

type GetKeyRingIamPolicyResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getKeyRingIamPolicy.

func GetKeyRingIamPolicyOutput 

func GetKeyRingIamPolicyOutput(ctx *pulumi.Context, args GetKeyRingIamPolicyOutputArgs, opts ...pulumi.InvokeOption) GetKeyRingIamPolicyResultOutput

func (GetKeyRingIamPolicyResultOutput) ElementType 

func (GetKeyRingIamPolicyResultOutput) ElementType() reflect.Type

func (GetKeyRingIamPolicyResultOutput) Etag 

func (o GetKeyRingIamPolicyResultOutput) Etag() pulumi.StringOutput

(Computed) The etag of the IAM policy.

func (GetKeyRingIamPolicyResultOutput) Id 

func (o GetKeyRingIamPolicyResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetKeyRingIamPolicyResultOutput) KeyRingId 

func (o GetKeyRingIamPolicyResultOutput) KeyRingId() pulumi.StringOutput

func (GetKeyRingIamPolicyResultOutput) PolicyData 

func (o GetKeyRingIamPolicyResultOutput) PolicyData() pulumi.StringOutput

(Computed) The policy data

func (GetKeyRingIamPolicyResultOutput) ToGetKeyRingIamPolicyResultOutput 

func (o GetKeyRingIamPolicyResultOutput) ToGetKeyRingIamPolicyResultOutput() GetKeyRingIamPolicyResultOutput

func (GetKeyRingIamPolicyResultOutput) ToGetKeyRingIamPolicyResultOutputWithContext 

func (o GetKeyRingIamPolicyResultOutput) ToGetKeyRingIamPolicyResultOutputWithContext(ctx context.Context) GetKeyRingIamPolicyResultOutput

type GetKeyRingsArgs 

type GetKeyRingsArgs struct {
	Filter   *string `pulumi:"filter"`
	Location string  `pulumi:"location"`
	Project  *string `pulumi:"project"`
}

A collection of arguments for invoking getKeyRings.

type GetKeyRingsKeyRing 

type GetKeyRingsKeyRing struct {
	Id   string `pulumi:"id"`
	Name string `pulumi:"name"`
}

type GetKeyRingsKeyRingArgs 

type GetKeyRingsKeyRingArgs struct {
	Id   pulumi.StringInput `pulumi:"id"`
	Name pulumi.StringInput `pulumi:"name"`
}

func (GetKeyRingsKeyRingArgs) ElementType 

func (GetKeyRingsKeyRingArgs) ElementType() reflect.Type

func (GetKeyRingsKeyRingArgs) ToGetKeyRingsKeyRingOutput 

func (i GetKeyRingsKeyRingArgs) ToGetKeyRingsKeyRingOutput() GetKeyRingsKeyRingOutput

func (GetKeyRingsKeyRingArgs) ToGetKeyRingsKeyRingOutputWithContext 

func (i GetKeyRingsKeyRingArgs) ToGetKeyRingsKeyRingOutputWithContext(ctx context.Context) GetKeyRingsKeyRingOutput

type GetKeyRingsKeyRingArray 

type GetKeyRingsKeyRingArray []GetKeyRingsKeyRingInput

func (GetKeyRingsKeyRingArray) ElementType 

func (GetKeyRingsKeyRingArray) ElementType() reflect.Type

func (GetKeyRingsKeyRingArray) ToGetKeyRingsKeyRingArrayOutput 

func (i GetKeyRingsKeyRingArray) ToGetKeyRingsKeyRingArrayOutput() GetKeyRingsKeyRingArrayOutput

func (GetKeyRingsKeyRingArray) ToGetKeyRingsKeyRingArrayOutputWithContext 

func (i GetKeyRingsKeyRingArray) ToGetKeyRingsKeyRingArrayOutputWithContext(ctx context.Context) GetKeyRingsKeyRingArrayOutput

type GetKeyRingsKeyRingArrayInput 

type GetKeyRingsKeyRingArrayInput interface {
	pulumi.Input

	ToGetKeyRingsKeyRingArrayOutput() GetKeyRingsKeyRingArrayOutput
	ToGetKeyRingsKeyRingArrayOutputWithContext(context.Context) GetKeyRingsKeyRingArrayOutput
}

GetKeyRingsKeyRingArrayInput is an input type that accepts GetKeyRingsKeyRingArray and GetKeyRingsKeyRingArrayOutput values. You can construct a concrete instance of `GetKeyRingsKeyRingArrayInput` via: 

GetKeyRingsKeyRingArray{ GetKeyRingsKeyRingArgs{...} }

type GetKeyRingsKeyRingArrayOutput 

type GetKeyRingsKeyRingArrayOutput struct{ *pulumi.OutputState }

func (GetKeyRingsKeyRingArrayOutput) ElementType 

func (GetKeyRingsKeyRingArrayOutput) ElementType() reflect.Type

func (GetKeyRingsKeyRingArrayOutput) Index 

func (o GetKeyRingsKeyRingArrayOutput) Index(i pulumi.IntInput) GetKeyRingsKeyRingOutput

func (GetKeyRingsKeyRingArrayOutput) ToGetKeyRingsKeyRingArrayOutput 

func (o GetKeyRingsKeyRingArrayOutput) ToGetKeyRingsKeyRingArrayOutput() GetKeyRingsKeyRingArrayOutput

func (GetKeyRingsKeyRingArrayOutput) ToGetKeyRingsKeyRingArrayOutputWithContext 

func (o GetKeyRingsKeyRingArrayOutput) ToGetKeyRingsKeyRingArrayOutputWithContext(ctx context.Context) GetKeyRingsKeyRingArrayOutput

type GetKeyRingsKeyRingInput 

type GetKeyRingsKeyRingInput interface {
	pulumi.Input

	ToGetKeyRingsKeyRingOutput() GetKeyRingsKeyRingOutput
	ToGetKeyRingsKeyRingOutputWithContext(context.Context) GetKeyRingsKeyRingOutput
}

GetKeyRingsKeyRingInput is an input type that accepts GetKeyRingsKeyRingArgs and GetKeyRingsKeyRingOutput values. You can construct a concrete instance of `GetKeyRingsKeyRingInput` via: 

GetKeyRingsKeyRingArgs{...}

type GetKeyRingsKeyRingOutput 

type GetKeyRingsKeyRingOutput struct{ *pulumi.OutputState }

func (GetKeyRingsKeyRingOutput) ElementType 

func (GetKeyRingsKeyRingOutput) ElementType() reflect.Type

func (GetKeyRingsKeyRingOutput) Id 

func (o GetKeyRingsKeyRingOutput) Id() pulumi.StringOutput

func (GetKeyRingsKeyRingOutput) Name 

func (o GetKeyRingsKeyRingOutput) Name() pulumi.StringOutput

func (GetKeyRingsKeyRingOutput) ToGetKeyRingsKeyRingOutput 

func (o GetKeyRingsKeyRingOutput) ToGetKeyRingsKeyRingOutput() GetKeyRingsKeyRingOutput

func (GetKeyRingsKeyRingOutput) ToGetKeyRingsKeyRingOutputWithContext 

func (o GetKeyRingsKeyRingOutput) ToGetKeyRingsKeyRingOutputWithContext(ctx context.Context) GetKeyRingsKeyRingOutput

type GetKeyRingsOutputArgs 

type GetKeyRingsOutputArgs struct {
	Filter   pulumi.StringPtrInput `pulumi:"filter"`
	Location pulumi.StringInput    `pulumi:"location"`
	Project  pulumi.StringPtrInput `pulumi:"project"`
}

A collection of arguments for invoking getKeyRings.

func (GetKeyRingsOutputArgs) ElementType 

func (GetKeyRingsOutputArgs) ElementType() reflect.Type

type GetKeyRingsResult 

type GetKeyRingsResult struct {
	Filter *string `pulumi:"filter"`
	// The provider-assigned unique ID for this managed resource.
	Id       string               `pulumi:"id"`
	KeyRings []GetKeyRingsKeyRing `pulumi:"keyRings"`
	Location string               `pulumi:"location"`
	Project  *string              `pulumi:"project"`
}

A collection of values returned by getKeyRings.

func GetKeyRings 

func GetKeyRings(ctx *pulumi.Context, args *GetKeyRingsArgs, opts ...pulumi.InvokeOption) (*GetKeyRingsResult, error)

type GetKeyRingsResultOutput 

type GetKeyRingsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getKeyRings.

func GetKeyRingsOutput 

func GetKeyRingsOutput(ctx *pulumi.Context, args GetKeyRingsOutputArgs, opts ...pulumi.InvokeOption) GetKeyRingsResultOutput

func (GetKeyRingsResultOutput) ElementType 

func (GetKeyRingsResultOutput) ElementType() reflect.Type

func (GetKeyRingsResultOutput) Filter 

func (o GetKeyRingsResultOutput) Filter() pulumi.StringPtrOutput

func (GetKeyRingsResultOutput) Id 

func (o GetKeyRingsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetKeyRingsResultOutput) KeyRings 

func (o GetKeyRingsResultOutput) KeyRings() GetKeyRingsKeyRingArrayOutput

func (GetKeyRingsResultOutput) Location 

func (o GetKeyRingsResultOutput) Location() pulumi.StringOutput

func (GetKeyRingsResultOutput) Project 

func (o GetKeyRingsResultOutput) Project() pulumi.StringPtrOutput

func (GetKeyRingsResultOutput) ToGetKeyRingsResultOutput 

func (o GetKeyRingsResultOutput) ToGetKeyRingsResultOutput() GetKeyRingsResultOutput

func (GetKeyRingsResultOutput) ToGetKeyRingsResultOutputWithContext 

func (o GetKeyRingsResultOutput) ToGetKeyRingsResultOutputWithContext(ctx context.Context) GetKeyRingsResultOutput

type KeyHandle 

type KeyHandle struct {
	pulumi.CustomResourceState

	// A reference to a Cloud KMS CryptoKey that can be used for CMEK in the requested
	// product/project/location, for example
	// `projects/1/locations/us-east1/keyRings/foo/cryptoKeys/bar-ffffff`
	KmsKey pulumi.StringOutput `pulumi:"kmsKey"`
	// The location for the KeyHandle.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	//
	// ***
	Location pulumi.StringOutput `pulumi:"location"`
	// The resource name for the KeyHandle.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// Selector of the resource type where we want to protect resources.
	// For example, `storage.googleapis.com/Bucket`.
	ResourceTypeSelector pulumi.StringOutput `pulumi:"resourceTypeSelector"`
}

## Example Usage

### Kms Key Handle Basic

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects"
"github.com/pulumi/pulumi-time/sdk/go/time"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// Create Folder in GCP Organization
		autokmsFolder, err := organizations.NewFolder(ctx, "autokms_folder", &organizations.FolderArgs{
			DisplayName:        pulumi.String("my-folder"),
			Parent:             pulumi.String("organizations/123456789"),
			DeletionProtection: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		// Create the key project
		keyProject, err := organizations.NewProject(ctx, "key_project", &organizations.ProjectArgs{
			ProjectId:      pulumi.String("key-proj"),
			Name:           pulumi.String("key-proj"),
			FolderId:       autokmsFolder.FolderId,
			BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
			DeletionPolicy: pulumi.String("DELETE"),
		}, pulumi.DependsOn([]pulumi.Resource{
			autokmsFolder,
		}))
		if err != nil {
			return err
		}
		// Create the resource project
		resourceProject, err := organizations.NewProject(ctx, "resource_project", &organizations.ProjectArgs{
			ProjectId:      pulumi.String("res-proj"),
			Name:           pulumi.String("res-proj"),
			FolderId:       autokmsFolder.FolderId,
			BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
			DeletionPolicy: pulumi.String("DELETE"),
		}, pulumi.DependsOn([]pulumi.Resource{
			autokmsFolder,
		}))
		if err != nil {
			return err
		}
		// Enable the Cloud KMS API
		kmsApiService, err := projects.NewService(ctx, "kms_api_service", &projects.ServiceArgs{
			Service:                  pulumi.String("cloudkms.googleapis.com"),
			Project:                  keyProject.ProjectId,
			DisableOnDestroy:         pulumi.Bool(false),
			DisableDependentServices: pulumi.Bool(true),
		}, pulumi.DependsOn([]pulumi.Resource{
			keyProject,
		}))
		if err != nil {
			return err
		}
		// Wait delay after enabling APIs
		waitEnableServiceApi, err := time.NewSleep(ctx, "wait_enable_service_api", &time.SleepArgs{
			CreateDuration: "30s",
		}, pulumi.DependsOn([]pulumi.Resource{
			kmsApiService,
		}))
		if err != nil {
			return err
		}
		// Create KMS Service Agent
		kmsServiceAgent, err := projects.NewServiceIdentity(ctx, "kms_service_agent", &projects.ServiceIdentityArgs{
			Service: pulumi.String("cloudkms.googleapis.com"),
			Project: keyProject.Number,
		}, pulumi.DependsOn([]pulumi.Resource{
			waitEnableServiceApi,
		}))
		if err != nil {
			return err
		}
		// Wait delay after creating service agent.
		waitServiceAgent, err := time.NewSleep(ctx, "wait_service_agent", &time.SleepArgs{
			CreateDuration: "10s",
		}, pulumi.DependsOn([]pulumi.Resource{
			kmsServiceAgent,
		}))
		if err != nil {
			return err
		}
		// Grant the KMS Service Agent the Cloud KMS Admin role
		autokeyProjectAdmin, err := projects.NewIAMMember(ctx, "autokey_project_admin", &projects.IAMMemberArgs{
			Project: keyProject.ProjectId,
			Role:    pulumi.String("roles/cloudkms.admin"),
			Member: keyProject.Number.ApplyT(func(number string) (string, error) {
				return fmt.Sprintf("serviceAccount:service-%v@gcp-sa-cloudkms.iam.gserviceaccount.com", number), nil
			}).(pulumi.StringOutput),
		}, pulumi.DependsOn([]pulumi.Resource{
			waitServiceAgent,
		}))
		if err != nil {
			return err
		}
		// Wait delay after granting IAM permissions
		waitSrvAccPermissions, err := time.NewSleep(ctx, "wait_srv_acc_permissions", &time.SleepArgs{
			CreateDuration: "10s",
		}, pulumi.DependsOn([]pulumi.Resource{
			autokeyProjectAdmin,
		}))
		if err != nil {
			return err
		}
		autokeyConfig, err := kms.NewAutokeyConfig(ctx, "autokey_config", &kms.AutokeyConfigArgs{
			Folder: autokmsFolder.FolderId,
			KeyProject: keyProject.ProjectId.ApplyT(func(projectId string) (string, error) {
				return fmt.Sprintf("projects/%v", projectId), nil
			}).(pulumi.StringOutput),
		}, pulumi.DependsOn([]pulumi.Resource{
			waitSrvAccPermissions,
		}))
		if err != nil {
			return err
		}
		// Wait delay for autokey config to take effect
		waitAutokeyConfig, err := time.NewSleep(ctx, "wait_autokey_config", &time.SleepArgs{
			CreateDuration: "10s",
		}, pulumi.DependsOn([]pulumi.Resource{
			autokeyConfig,
		}))
		if err != nil {
			return err
		}
		_, err = kms.NewKeyHandle(ctx, "example-keyhandle", &kms.KeyHandleArgs{
			Project:              resourceProject.ProjectId,
			Name:                 pulumi.String("tf-test-key-handle"),
			Location:             pulumi.String("global"),
			ResourceTypeSelector: pulumi.String("storage.googleapis.com/Bucket"),
		}, pulumi.DependsOn([]pulumi.Resource{
			waitAutokeyConfig,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

KeyHandle can be imported using any of these accepted formats:

* `projects/{{project}}/locations/{{location}}/keyHandles/{{name}}`

* `{{project}}/{{location}}/{{name}}`

* `{{location}}/{{name}}`

When using the `pulumi import` command, KeyHandle can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:kms/keyHandle:KeyHandle default projects/{{project}}/locations/{{location}}/keyHandles/{{name}} ```

```sh $ pulumi import gcp:kms/keyHandle:KeyHandle default {{project}}/{{location}}/{{name}} ```

```sh $ pulumi import gcp:kms/keyHandle:KeyHandle default {{location}}/{{name}} ```

func GetKeyHandle 

func GetKeyHandle(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyHandleState, opts ...pulumi.ResourceOption) (*KeyHandle, error)

GetKeyHandle gets an existing KeyHandle resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyHandle 

func NewKeyHandle(ctx *pulumi.Context,
	name string, args *KeyHandleArgs, opts ...pulumi.ResourceOption) (*KeyHandle, error)

NewKeyHandle registers a new resource with the given unique name, arguments, and options.

func (*KeyHandle) ElementType 

func (*KeyHandle) ElementType() reflect.Type

func (*KeyHandle) ToKeyHandleOutput 

func (i *KeyHandle) ToKeyHandleOutput() KeyHandleOutput

func (*KeyHandle) ToKeyHandleOutputWithContext 

func (i *KeyHandle) ToKeyHandleOutputWithContext(ctx context.Context) KeyHandleOutput

type KeyHandleArgs 

type KeyHandleArgs struct {
	// The location for the KeyHandle.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	//
	// ***
	Location pulumi.StringInput
	// The resource name for the KeyHandle.
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// Selector of the resource type where we want to protect resources.
	// For example, `storage.googleapis.com/Bucket`.
	ResourceTypeSelector pulumi.StringInput
}

The set of arguments for constructing a KeyHandle resource.

func (KeyHandleArgs) ElementType 

func (KeyHandleArgs) ElementType() reflect.Type

type KeyHandleArray 

type KeyHandleArray []KeyHandleInput

func (KeyHandleArray) ElementType 

func (KeyHandleArray) ElementType() reflect.Type

func (KeyHandleArray) ToKeyHandleArrayOutput 

func (i KeyHandleArray) ToKeyHandleArrayOutput() KeyHandleArrayOutput

func (KeyHandleArray) ToKeyHandleArrayOutputWithContext 

func (i KeyHandleArray) ToKeyHandleArrayOutputWithContext(ctx context.Context) KeyHandleArrayOutput

type KeyHandleArrayInput 

type KeyHandleArrayInput interface {
	pulumi.Input

	ToKeyHandleArrayOutput() KeyHandleArrayOutput
	ToKeyHandleArrayOutputWithContext(context.Context) KeyHandleArrayOutput
}

KeyHandleArrayInput is an input type that accepts KeyHandleArray and KeyHandleArrayOutput values. You can construct a concrete instance of `KeyHandleArrayInput` via: 

KeyHandleArray{ KeyHandleArgs{...} }

type KeyHandleArrayOutput 

type KeyHandleArrayOutput struct{ *pulumi.OutputState }

func (KeyHandleArrayOutput) ElementType 

func (KeyHandleArrayOutput) ElementType() reflect.Type

func (KeyHandleArrayOutput) Index 

func (o KeyHandleArrayOutput) Index(i pulumi.IntInput) KeyHandleOutput

func (KeyHandleArrayOutput) ToKeyHandleArrayOutput 

func (o KeyHandleArrayOutput) ToKeyHandleArrayOutput() KeyHandleArrayOutput

func (KeyHandleArrayOutput) ToKeyHandleArrayOutputWithContext 

func (o KeyHandleArrayOutput) ToKeyHandleArrayOutputWithContext(ctx context.Context) KeyHandleArrayOutput

type KeyHandleInput 

type KeyHandleInput interface {
	pulumi.Input

	ToKeyHandleOutput() KeyHandleOutput
	ToKeyHandleOutputWithContext(ctx context.Context) KeyHandleOutput
}

type KeyHandleMap 

type KeyHandleMap map[string]KeyHandleInput

func (KeyHandleMap) ElementType 

func (KeyHandleMap) ElementType() reflect.Type

func (KeyHandleMap) ToKeyHandleMapOutput 

func (i KeyHandleMap) ToKeyHandleMapOutput() KeyHandleMapOutput

func (KeyHandleMap) ToKeyHandleMapOutputWithContext 

func (i KeyHandleMap) ToKeyHandleMapOutputWithContext(ctx context.Context) KeyHandleMapOutput

type KeyHandleMapInput 

type KeyHandleMapInput interface {
	pulumi.Input

	ToKeyHandleMapOutput() KeyHandleMapOutput
	ToKeyHandleMapOutputWithContext(context.Context) KeyHandleMapOutput
}

KeyHandleMapInput is an input type that accepts KeyHandleMap and KeyHandleMapOutput values. You can construct a concrete instance of `KeyHandleMapInput` via: 

KeyHandleMap{ "key": KeyHandleArgs{...} }

type KeyHandleMapOutput 

type KeyHandleMapOutput struct{ *pulumi.OutputState }

func (KeyHandleMapOutput) ElementType 

func (KeyHandleMapOutput) ElementType() reflect.Type

func (KeyHandleMapOutput) MapIndex 

func (o KeyHandleMapOutput) MapIndex(k pulumi.StringInput) KeyHandleOutput

func (KeyHandleMapOutput) ToKeyHandleMapOutput 

func (o KeyHandleMapOutput) ToKeyHandleMapOutput() KeyHandleMapOutput

func (KeyHandleMapOutput) ToKeyHandleMapOutputWithContext 

func (o KeyHandleMapOutput) ToKeyHandleMapOutputWithContext(ctx context.Context) KeyHandleMapOutput

type KeyHandleOutput 

type KeyHandleOutput struct{ *pulumi.OutputState }

func (KeyHandleOutput) ElementType 

func (KeyHandleOutput) ElementType() reflect.Type

func (KeyHandleOutput) KmsKey 

func (o KeyHandleOutput) KmsKey() pulumi.StringOutput

A reference to a Cloud KMS CryptoKey that can be used for CMEK in the requested product/project/location, for example `projects/1/locations/us-east1/keyRings/foo/cryptoKeys/bar-ffffff`

func (KeyHandleOutput) Location 

func (o KeyHandleOutput) Location() pulumi.StringOutput

The location for the KeyHandle. A full list of valid locations can be found by running `gcloud kms locations list`.

***

func (KeyHandleOutput) Name 

func (o KeyHandleOutput) Name() pulumi.StringOutput

The resource name for the KeyHandle.

func (KeyHandleOutput) Project 

func (o KeyHandleOutput) Project() pulumi.StringOutput

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

func (KeyHandleOutput) ResourceTypeSelector 

func (o KeyHandleOutput) ResourceTypeSelector() pulumi.StringOutput

Selector of the resource type where we want to protect resources. For example, `storage.googleapis.com/Bucket`.

func (KeyHandleOutput) ToKeyHandleOutput 

func (o KeyHandleOutput) ToKeyHandleOutput() KeyHandleOutput

func (KeyHandleOutput) ToKeyHandleOutputWithContext 

func (o KeyHandleOutput) ToKeyHandleOutputWithContext(ctx context.Context) KeyHandleOutput

type KeyHandleState 

type KeyHandleState struct {
	// A reference to a Cloud KMS CryptoKey that can be used for CMEK in the requested
	// product/project/location, for example
	// `projects/1/locations/us-east1/keyRings/foo/cryptoKeys/bar-ffffff`
	KmsKey pulumi.StringPtrInput
	// The location for the KeyHandle.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	//
	// ***
	Location pulumi.StringPtrInput
	// The resource name for the KeyHandle.
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// Selector of the resource type where we want to protect resources.
	// For example, `storage.googleapis.com/Bucket`.
	ResourceTypeSelector pulumi.StringPtrInput
}

func (KeyHandleState) ElementType 

func (KeyHandleState) ElementType() reflect.Type

type KeyRing 

type KeyRing struct {
	pulumi.CustomResourceState

	// The location for the KeyRing.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	//
	// ***
	Location pulumi.StringOutput `pulumi:"location"`
	// The resource name for the KeyRing.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
}

A `KeyRing` is a toplevel logical grouping of `CryptoKeys`.

> **Note:** KeyRings cannot be deleted from Google Cloud Platform. Destroying a provider-managed KeyRing will remove it from state but *will not delete the resource from the project.*

To get more information about KeyRing, see:

* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings) * How-to Guides

## Example Usage

### Kms Key Ring Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRing(ctx, "example-keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

KeyRing can be imported using any of these accepted formats:

* `projects/{{project}}/locations/{{location}}/keyRings/{{name}}`

* `{{project}}/{{location}}/{{name}}`

* `{{location}}/{{name}}`

When using the `pulumi import` command, KeyRing can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:kms/keyRing:KeyRing default projects/{{project}}/locations/{{location}}/keyRings/{{name}} ```

```sh $ pulumi import gcp:kms/keyRing:KeyRing default {{project}}/{{location}}/{{name}} ```

```sh $ pulumi import gcp:kms/keyRing:KeyRing default {{location}}/{{name}} ```

func GetKeyRing 

func GetKeyRing(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingState, opts ...pulumi.ResourceOption) (*KeyRing, error)

GetKeyRing gets an existing KeyRing resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRing 

func NewKeyRing(ctx *pulumi.Context,
	name string, args *KeyRingArgs, opts ...pulumi.ResourceOption) (*KeyRing, error)

NewKeyRing registers a new resource with the given unique name, arguments, and options.

func (*KeyRing) ElementType 

func (*KeyRing) ElementType() reflect.Type

func (*KeyRing) ToKeyRingOutput 

func (i *KeyRing) ToKeyRingOutput() KeyRingOutput

func (*KeyRing) ToKeyRingOutputWithContext 

func (i *KeyRing) ToKeyRingOutputWithContext(ctx context.Context) KeyRingOutput

type KeyRingArgs 

type KeyRingArgs struct {
	// The location for the KeyRing.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	//
	// ***
	Location pulumi.StringInput
	// The resource name for the KeyRing.
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a KeyRing resource.

func (KeyRingArgs) ElementType 

func (KeyRingArgs) ElementType() reflect.Type

type KeyRingArray 

type KeyRingArray []KeyRingInput

func (KeyRingArray) ElementType 

func (KeyRingArray) ElementType() reflect.Type

func (KeyRingArray) ToKeyRingArrayOutput 

func (i KeyRingArray) ToKeyRingArrayOutput() KeyRingArrayOutput

func (KeyRingArray) ToKeyRingArrayOutputWithContext 

func (i KeyRingArray) ToKeyRingArrayOutputWithContext(ctx context.Context) KeyRingArrayOutput

type KeyRingArrayInput 

type KeyRingArrayInput interface {
	pulumi.Input

	ToKeyRingArrayOutput() KeyRingArrayOutput
	ToKeyRingArrayOutputWithContext(context.Context) KeyRingArrayOutput
}

KeyRingArrayInput is an input type that accepts KeyRingArray and KeyRingArrayOutput values. You can construct a concrete instance of `KeyRingArrayInput` via: 

KeyRingArray{ KeyRingArgs{...} }

type KeyRingArrayOutput 

type KeyRingArrayOutput struct{ *pulumi.OutputState }

func (KeyRingArrayOutput) ElementType 

func (KeyRingArrayOutput) ElementType() reflect.Type

func (KeyRingArrayOutput) Index 

func (o KeyRingArrayOutput) Index(i pulumi.IntInput) KeyRingOutput

func (KeyRingArrayOutput) ToKeyRingArrayOutput 

func (o KeyRingArrayOutput) ToKeyRingArrayOutput() KeyRingArrayOutput

func (KeyRingArrayOutput) ToKeyRingArrayOutputWithContext 

func (o KeyRingArrayOutput) ToKeyRingArrayOutputWithContext(ctx context.Context) KeyRingArrayOutput

type KeyRingIAMBinding 

type KeyRingIAMBinding struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition KeyRingIAMBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the key ring's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId pulumi.StringOutput `pulumi:"keyRingId"`
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The role that should be applied. Only one
	// `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:

* `kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached. * `kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved. * `kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.

> **Note:** `kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `kms.KeyRingIAMBinding` and `kms.KeyRingIAMMember` or they will fight over what your policy should be.

> **Note:** `kms.KeyRingIAMBinding` resources **can be** used in conjunction with `kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.

## kms.KeyRingIAMPolicy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{
			KeyRingId:  keyring.ID(),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{
			KeyRingId:  keyring.ID(),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## kms.KeyRingIAMBinding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.KeyRingIAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## kms.KeyRingIAMMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Member:    pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Member:    pulumi.String("user:jane@example.com"),
			Condition: &kms.KeyRingIAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## kms.KeyRingIAMBinding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.KeyRingIAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## kms.KeyRingIAMMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Member:    pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Member:    pulumi.String("user:jane@example.com"),
			Condition: &kms.KeyRingIAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

### Importing IAM policies

IAM policy imports use the identifier of the Cloud KMS key ring only. For example:

* `{{project_id}}/{{location}}/{{key_ring_name}}`

An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:

tf

import { 

id = "{{project_id}}/{{location}}/{{key_ring_name}}"

to = google_kms_key_ring_iam_policy.default

}

The `pulumi import` command can also be used:

```sh $ pulumi import gcp:kms/keyRingIAMBinding:KeyRingIAMBinding default {{project_id}}/{{location}}/{{key_ring_name}} ```

func GetKeyRingIAMBinding 

func GetKeyRingIAMBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingIAMBindingState, opts ...pulumi.ResourceOption) (*KeyRingIAMBinding, error)

GetKeyRingIAMBinding gets an existing KeyRingIAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingIAMBinding 

func NewKeyRingIAMBinding(ctx *pulumi.Context,
	name string, args *KeyRingIAMBindingArgs, opts ...pulumi.ResourceOption) (*KeyRingIAMBinding, error)

NewKeyRingIAMBinding registers a new resource with the given unique name, arguments, and options.

func (*KeyRingIAMBinding) ElementType 

func (*KeyRingIAMBinding) ElementType() reflect.Type

func (*KeyRingIAMBinding) ToKeyRingIAMBindingOutput 

func (i *KeyRingIAMBinding) ToKeyRingIAMBindingOutput() KeyRingIAMBindingOutput

func (*KeyRingIAMBinding) ToKeyRingIAMBindingOutputWithContext 

func (i *KeyRingIAMBinding) ToKeyRingIAMBindingOutputWithContext(ctx context.Context) KeyRingIAMBindingOutput

type KeyRingIAMBindingArgs 

type KeyRingIAMBindingArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition KeyRingIAMBindingConditionPtrInput
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId pulumi.StringInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The role that should be applied. Only one
	// `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a KeyRingIAMBinding resource.

func (KeyRingIAMBindingArgs) ElementType 

func (KeyRingIAMBindingArgs) ElementType() reflect.Type

type KeyRingIAMBindingArray 

type KeyRingIAMBindingArray []KeyRingIAMBindingInput

func (KeyRingIAMBindingArray) ElementType 

func (KeyRingIAMBindingArray) ElementType() reflect.Type

func (KeyRingIAMBindingArray) ToKeyRingIAMBindingArrayOutput 

func (i KeyRingIAMBindingArray) ToKeyRingIAMBindingArrayOutput() KeyRingIAMBindingArrayOutput

func (KeyRingIAMBindingArray) ToKeyRingIAMBindingArrayOutputWithContext 

func (i KeyRingIAMBindingArray) ToKeyRingIAMBindingArrayOutputWithContext(ctx context.Context) KeyRingIAMBindingArrayOutput

type KeyRingIAMBindingArrayInput 

type KeyRingIAMBindingArrayInput interface {
	pulumi.Input

	ToKeyRingIAMBindingArrayOutput() KeyRingIAMBindingArrayOutput
	ToKeyRingIAMBindingArrayOutputWithContext(context.Context) KeyRingIAMBindingArrayOutput
}

KeyRingIAMBindingArrayInput is an input type that accepts KeyRingIAMBindingArray and KeyRingIAMBindingArrayOutput values. You can construct a concrete instance of `KeyRingIAMBindingArrayInput` via: 

KeyRingIAMBindingArray{ KeyRingIAMBindingArgs{...} }

type KeyRingIAMBindingArrayOutput 

type KeyRingIAMBindingArrayOutput struct{ *pulumi.OutputState }

func (KeyRingIAMBindingArrayOutput) ElementType 

func (KeyRingIAMBindingArrayOutput) ElementType() reflect.Type

func (KeyRingIAMBindingArrayOutput) Index 

func (o KeyRingIAMBindingArrayOutput) Index(i pulumi.IntInput) KeyRingIAMBindingOutput

func (KeyRingIAMBindingArrayOutput) ToKeyRingIAMBindingArrayOutput 

func (o KeyRingIAMBindingArrayOutput) ToKeyRingIAMBindingArrayOutput() KeyRingIAMBindingArrayOutput

func (KeyRingIAMBindingArrayOutput) ToKeyRingIAMBindingArrayOutputWithContext 

func (o KeyRingIAMBindingArrayOutput) ToKeyRingIAMBindingArrayOutputWithContext(ctx context.Context) KeyRingIAMBindingArrayOutput

type KeyRingIAMBindingCondition 

type KeyRingIAMBindingCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	//
	// > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the
	// identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will
	// consider it to be an entirely different resource and will treat it as such.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type KeyRingIAMBindingConditionArgs 

type KeyRingIAMBindingConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	//
	// > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the
	// identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will
	// consider it to be an entirely different resource and will treat it as such.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (KeyRingIAMBindingConditionArgs) ElementType 

func (KeyRingIAMBindingConditionArgs) ElementType() reflect.Type

func (KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionOutput 

func (i KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionOutput() KeyRingIAMBindingConditionOutput

func (KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionOutputWithContext 

func (i KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionOutput

func (KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionPtrOutput 

func (i KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionPtrOutput() KeyRingIAMBindingConditionPtrOutput

func (KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionPtrOutputWithContext 

func (i KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionPtrOutput

type KeyRingIAMBindingConditionInput 

type KeyRingIAMBindingConditionInput interface {
	pulumi.Input

	ToKeyRingIAMBindingConditionOutput() KeyRingIAMBindingConditionOutput
	ToKeyRingIAMBindingConditionOutputWithContext(context.Context) KeyRingIAMBindingConditionOutput
}

KeyRingIAMBindingConditionInput is an input type that accepts KeyRingIAMBindingConditionArgs and KeyRingIAMBindingConditionOutput values. You can construct a concrete instance of `KeyRingIAMBindingConditionInput` via: 

KeyRingIAMBindingConditionArgs{...}

type KeyRingIAMBindingConditionOutput 

type KeyRingIAMBindingConditionOutput struct{ *pulumi.OutputState }

func (KeyRingIAMBindingConditionOutput) Description 

func (o KeyRingIAMBindingConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.

func (KeyRingIAMBindingConditionOutput) ElementType 

func (KeyRingIAMBindingConditionOutput) ElementType() reflect.Type

func (KeyRingIAMBindingConditionOutput) Expression 

func (o KeyRingIAMBindingConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (KeyRingIAMBindingConditionOutput) Title 

func (o KeyRingIAMBindingConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionOutput 

func (o KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionOutput() KeyRingIAMBindingConditionOutput

func (KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionOutputWithContext 

func (o KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionOutput

func (KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionPtrOutput 

func (o KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionPtrOutput() KeyRingIAMBindingConditionPtrOutput

func (KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionPtrOutputWithContext 

func (o KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionPtrOutput

type KeyRingIAMBindingConditionPtrInput 

type KeyRingIAMBindingConditionPtrInput interface {
	pulumi.Input

	ToKeyRingIAMBindingConditionPtrOutput() KeyRingIAMBindingConditionPtrOutput
	ToKeyRingIAMBindingConditionPtrOutputWithContext(context.Context) KeyRingIAMBindingConditionPtrOutput
}

KeyRingIAMBindingConditionPtrInput is an input type that accepts KeyRingIAMBindingConditionArgs, KeyRingIAMBindingConditionPtr and KeyRingIAMBindingConditionPtrOutput values. You can construct a concrete instance of `KeyRingIAMBindingConditionPtrInput` via: 

        KeyRingIAMBindingConditionArgs{...}

or:

        nil

func KeyRingIAMBindingConditionPtr 

func KeyRingIAMBindingConditionPtr(v *KeyRingIAMBindingConditionArgs) KeyRingIAMBindingConditionPtrInput

type KeyRingIAMBindingConditionPtrOutput 

type KeyRingIAMBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (KeyRingIAMBindingConditionPtrOutput) Description 

func (o KeyRingIAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.

func (KeyRingIAMBindingConditionPtrOutput) Elem 

func (o KeyRingIAMBindingConditionPtrOutput) Elem() KeyRingIAMBindingConditionOutput

func (KeyRingIAMBindingConditionPtrOutput) ElementType 

func (KeyRingIAMBindingConditionPtrOutput) ElementType() reflect.Type

func (KeyRingIAMBindingConditionPtrOutput) Expression 

func (o KeyRingIAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (KeyRingIAMBindingConditionPtrOutput) Title 

func (o KeyRingIAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (KeyRingIAMBindingConditionPtrOutput) ToKeyRingIAMBindingConditionPtrOutput 

func (o KeyRingIAMBindingConditionPtrOutput) ToKeyRingIAMBindingConditionPtrOutput() KeyRingIAMBindingConditionPtrOutput

func (KeyRingIAMBindingConditionPtrOutput) ToKeyRingIAMBindingConditionPtrOutputWithContext 

func (o KeyRingIAMBindingConditionPtrOutput) ToKeyRingIAMBindingConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionPtrOutput

type KeyRingIAMBindingInput 

type KeyRingIAMBindingInput interface {
	pulumi.Input

	ToKeyRingIAMBindingOutput() KeyRingIAMBindingOutput
	ToKeyRingIAMBindingOutputWithContext(ctx context.Context) KeyRingIAMBindingOutput
}

type KeyRingIAMBindingMap 

type KeyRingIAMBindingMap map[string]KeyRingIAMBindingInput

func (KeyRingIAMBindingMap) ElementType 

func (KeyRingIAMBindingMap) ElementType() reflect.Type

func (KeyRingIAMBindingMap) ToKeyRingIAMBindingMapOutput 

func (i KeyRingIAMBindingMap) ToKeyRingIAMBindingMapOutput() KeyRingIAMBindingMapOutput

func (KeyRingIAMBindingMap) ToKeyRingIAMBindingMapOutputWithContext 

func (i KeyRingIAMBindingMap) ToKeyRingIAMBindingMapOutputWithContext(ctx context.Context) KeyRingIAMBindingMapOutput

type KeyRingIAMBindingMapInput 

type KeyRingIAMBindingMapInput interface {
	pulumi.Input

	ToKeyRingIAMBindingMapOutput() KeyRingIAMBindingMapOutput
	ToKeyRingIAMBindingMapOutputWithContext(context.Context) KeyRingIAMBindingMapOutput
}

KeyRingIAMBindingMapInput is an input type that accepts KeyRingIAMBindingMap and KeyRingIAMBindingMapOutput values. You can construct a concrete instance of `KeyRingIAMBindingMapInput` via: 

KeyRingIAMBindingMap{ "key": KeyRingIAMBindingArgs{...} }

type KeyRingIAMBindingMapOutput 

type KeyRingIAMBindingMapOutput struct{ *pulumi.OutputState }

func (KeyRingIAMBindingMapOutput) ElementType 

func (KeyRingIAMBindingMapOutput) ElementType() reflect.Type

func (KeyRingIAMBindingMapOutput) MapIndex 

func (o KeyRingIAMBindingMapOutput) MapIndex(k pulumi.StringInput) KeyRingIAMBindingOutput

func (KeyRingIAMBindingMapOutput) ToKeyRingIAMBindingMapOutput 

func (o KeyRingIAMBindingMapOutput) ToKeyRingIAMBindingMapOutput() KeyRingIAMBindingMapOutput

func (KeyRingIAMBindingMapOutput) ToKeyRingIAMBindingMapOutputWithContext 

func (o KeyRingIAMBindingMapOutput) ToKeyRingIAMBindingMapOutputWithContext(ctx context.Context) KeyRingIAMBindingMapOutput

type KeyRingIAMBindingOutput 

type KeyRingIAMBindingOutput struct{ *pulumi.OutputState }

func (KeyRingIAMBindingOutput) Condition 

func (o KeyRingIAMBindingOutput) Condition() KeyRingIAMBindingConditionPtrOutput

An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.

func (KeyRingIAMBindingOutput) ElementType 

func (KeyRingIAMBindingOutput) ElementType() reflect.Type

func (KeyRingIAMBindingOutput) Etag 

func (o KeyRingIAMBindingOutput) Etag() pulumi.StringOutput

(Computed) The etag of the key ring's IAM policy.

func (KeyRingIAMBindingOutput) KeyRingId 

func (o KeyRingIAMBindingOutput) KeyRingId() pulumi.StringOutput

The key ring ID, in the form `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback.

func (KeyRingIAMBindingOutput) Members 

func (o KeyRingIAMBindingOutput) Members() pulumi.StringArrayOutput

Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (KeyRingIAMBindingOutput) Role 

func (o KeyRingIAMBindingOutput) Role() pulumi.StringOutput

The role that should be applied. Only one `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (KeyRingIAMBindingOutput) ToKeyRingIAMBindingOutput 

func (o KeyRingIAMBindingOutput) ToKeyRingIAMBindingOutput() KeyRingIAMBindingOutput

func (KeyRingIAMBindingOutput) ToKeyRingIAMBindingOutputWithContext 

func (o KeyRingIAMBindingOutput) ToKeyRingIAMBindingOutputWithContext(ctx context.Context) KeyRingIAMBindingOutput

type KeyRingIAMBindingState 

type KeyRingIAMBindingState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition KeyRingIAMBindingConditionPtrInput
	// (Computed) The etag of the key ring's IAM policy.
	Etag pulumi.StringPtrInput
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId pulumi.StringPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The role that should be applied. Only one
	// `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (KeyRingIAMBindingState) ElementType 

func (KeyRingIAMBindingState) ElementType() reflect.Type

type KeyRingIAMMember 

type KeyRingIAMMember struct {
	pulumi.CustomResourceState

	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition KeyRingIAMMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the key ring's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId pulumi.StringOutput `pulumi:"keyRingId"`
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringOutput `pulumi:"member"`
	// The role that should be applied. Only one
	// `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:

* `kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached. * `kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved. * `kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.

> **Note:** `kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `kms.KeyRingIAMBinding` and `kms.KeyRingIAMMember` or they will fight over what your policy should be.

> **Note:** `kms.KeyRingIAMBinding` resources **can be** used in conjunction with `kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.

## kms.KeyRingIAMPolicy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{
			KeyRingId:  keyring.ID(),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{
			KeyRingId:  keyring.ID(),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## kms.KeyRingIAMBinding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.KeyRingIAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## kms.KeyRingIAMMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Member:    pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Member:    pulumi.String("user:jane@example.com"),
			Condition: &kms.KeyRingIAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## kms.KeyRingIAMBinding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.KeyRingIAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## kms.KeyRingIAMMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Member:    pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Member:    pulumi.String("user:jane@example.com"),
			Condition: &kms.KeyRingIAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

### Importing IAM policies

IAM policy imports use the identifier of the Cloud KMS key ring only. For example:

* `{{project_id}}/{{location}}/{{key_ring_name}}`

An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:

tf

import { 

id = "{{project_id}}/{{location}}/{{key_ring_name}}"

to = google_kms_key_ring_iam_policy.default

}

The `pulumi import` command can also be used:

```sh $ pulumi import gcp:kms/keyRingIAMMember:KeyRingIAMMember default {{project_id}}/{{location}}/{{key_ring_name}} ```

func GetKeyRingIAMMember 

func GetKeyRingIAMMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingIAMMemberState, opts ...pulumi.ResourceOption) (*KeyRingIAMMember, error)

GetKeyRingIAMMember gets an existing KeyRingIAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingIAMMember 

func NewKeyRingIAMMember(ctx *pulumi.Context,
	name string, args *KeyRingIAMMemberArgs, opts ...pulumi.ResourceOption) (*KeyRingIAMMember, error)

NewKeyRingIAMMember registers a new resource with the given unique name, arguments, and options.

func (*KeyRingIAMMember) ElementType 

func (*KeyRingIAMMember) ElementType() reflect.Type

func (*KeyRingIAMMember) ToKeyRingIAMMemberOutput 

func (i *KeyRingIAMMember) ToKeyRingIAMMemberOutput() KeyRingIAMMemberOutput

func (*KeyRingIAMMember) ToKeyRingIAMMemberOutputWithContext 

func (i *KeyRingIAMMember) ToKeyRingIAMMemberOutputWithContext(ctx context.Context) KeyRingIAMMemberOutput

type KeyRingIAMMemberArgs 

type KeyRingIAMMemberArgs struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition KeyRingIAMMemberConditionPtrInput
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId pulumi.StringInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The role that should be applied. Only one
	// `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a KeyRingIAMMember resource.

func (KeyRingIAMMemberArgs) ElementType 

func (KeyRingIAMMemberArgs) ElementType() reflect.Type

type KeyRingIAMMemberArray 

type KeyRingIAMMemberArray []KeyRingIAMMemberInput

func (KeyRingIAMMemberArray) ElementType 

func (KeyRingIAMMemberArray) ElementType() reflect.Type

func (KeyRingIAMMemberArray) ToKeyRingIAMMemberArrayOutput 

func (i KeyRingIAMMemberArray) ToKeyRingIAMMemberArrayOutput() KeyRingIAMMemberArrayOutput

func (KeyRingIAMMemberArray) ToKeyRingIAMMemberArrayOutputWithContext 

func (i KeyRingIAMMemberArray) ToKeyRingIAMMemberArrayOutputWithContext(ctx context.Context) KeyRingIAMMemberArrayOutput

type KeyRingIAMMemberArrayInput 

type KeyRingIAMMemberArrayInput interface {
	pulumi.Input

	ToKeyRingIAMMemberArrayOutput() KeyRingIAMMemberArrayOutput
	ToKeyRingIAMMemberArrayOutputWithContext(context.Context) KeyRingIAMMemberArrayOutput
}

KeyRingIAMMemberArrayInput is an input type that accepts KeyRingIAMMemberArray and KeyRingIAMMemberArrayOutput values. You can construct a concrete instance of `KeyRingIAMMemberArrayInput` via: 

KeyRingIAMMemberArray{ KeyRingIAMMemberArgs{...} }

type KeyRingIAMMemberArrayOutput 

type KeyRingIAMMemberArrayOutput struct{ *pulumi.OutputState }

func (KeyRingIAMMemberArrayOutput) ElementType 

func (KeyRingIAMMemberArrayOutput) ElementType() reflect.Type

func (KeyRingIAMMemberArrayOutput) Index 

func (o KeyRingIAMMemberArrayOutput) Index(i pulumi.IntInput) KeyRingIAMMemberOutput

func (KeyRingIAMMemberArrayOutput) ToKeyRingIAMMemberArrayOutput 

func (o KeyRingIAMMemberArrayOutput) ToKeyRingIAMMemberArrayOutput() KeyRingIAMMemberArrayOutput

func (KeyRingIAMMemberArrayOutput) ToKeyRingIAMMemberArrayOutputWithContext 

func (o KeyRingIAMMemberArrayOutput) ToKeyRingIAMMemberArrayOutputWithContext(ctx context.Context) KeyRingIAMMemberArrayOutput

type KeyRingIAMMemberCondition 

type KeyRingIAMMemberCondition struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	//
	// > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the
	// identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will
	// consider it to be an entirely different resource and will treat it as such.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title string `pulumi:"title"`
}

type KeyRingIAMMemberConditionArgs 

type KeyRingIAMMemberConditionArgs struct {
	// An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	//
	// > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the
	// identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will
	// consider it to be an entirely different resource and will treat it as such.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringInput `pulumi:"expression"`
	// A title for the expression, i.e. a short string describing its purpose.
	Title pulumi.StringInput `pulumi:"title"`
}

func (KeyRingIAMMemberConditionArgs) ElementType 

func (KeyRingIAMMemberConditionArgs) ElementType() reflect.Type

func (KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionOutput 

func (i KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionOutput() KeyRingIAMMemberConditionOutput

func (KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionOutputWithContext 

func (i KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionOutput

func (KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionPtrOutput 

func (i KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionPtrOutput() KeyRingIAMMemberConditionPtrOutput

func (KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionPtrOutputWithContext 

func (i KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionPtrOutput

type KeyRingIAMMemberConditionInput 

type KeyRingIAMMemberConditionInput interface {
	pulumi.Input

	ToKeyRingIAMMemberConditionOutput() KeyRingIAMMemberConditionOutput
	ToKeyRingIAMMemberConditionOutputWithContext(context.Context) KeyRingIAMMemberConditionOutput
}

KeyRingIAMMemberConditionInput is an input type that accepts KeyRingIAMMemberConditionArgs and KeyRingIAMMemberConditionOutput values. You can construct a concrete instance of `KeyRingIAMMemberConditionInput` via: 

KeyRingIAMMemberConditionArgs{...}

type KeyRingIAMMemberConditionOutput 

type KeyRingIAMMemberConditionOutput struct{ *pulumi.OutputState }

func (KeyRingIAMMemberConditionOutput) Description 

func (o KeyRingIAMMemberConditionOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.

func (KeyRingIAMMemberConditionOutput) ElementType 

func (KeyRingIAMMemberConditionOutput) ElementType() reflect.Type

func (KeyRingIAMMemberConditionOutput) Expression 

func (o KeyRingIAMMemberConditionOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (KeyRingIAMMemberConditionOutput) Title 

func (o KeyRingIAMMemberConditionOutput) Title() pulumi.StringOutput

A title for the expression, i.e. a short string describing its purpose.

func (KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionOutput 

func (o KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionOutput() KeyRingIAMMemberConditionOutput

func (KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionOutputWithContext 

func (o KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionOutput

func (KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionPtrOutput 

func (o KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionPtrOutput() KeyRingIAMMemberConditionPtrOutput

func (KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionPtrOutputWithContext 

func (o KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionPtrOutput

type KeyRingIAMMemberConditionPtrInput 

type KeyRingIAMMemberConditionPtrInput interface {
	pulumi.Input

	ToKeyRingIAMMemberConditionPtrOutput() KeyRingIAMMemberConditionPtrOutput
	ToKeyRingIAMMemberConditionPtrOutputWithContext(context.Context) KeyRingIAMMemberConditionPtrOutput
}

KeyRingIAMMemberConditionPtrInput is an input type that accepts KeyRingIAMMemberConditionArgs, KeyRingIAMMemberConditionPtr and KeyRingIAMMemberConditionPtrOutput values. You can construct a concrete instance of `KeyRingIAMMemberConditionPtrInput` via: 

        KeyRingIAMMemberConditionArgs{...}

or:

        nil

func KeyRingIAMMemberConditionPtr 

func KeyRingIAMMemberConditionPtr(v *KeyRingIAMMemberConditionArgs) KeyRingIAMMemberConditionPtrInput

type KeyRingIAMMemberConditionPtrOutput 

type KeyRingIAMMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (KeyRingIAMMemberConditionPtrOutput) Description 

func (o KeyRingIAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.

func (KeyRingIAMMemberConditionPtrOutput) Elem 

func (o KeyRingIAMMemberConditionPtrOutput) Elem() KeyRingIAMMemberConditionOutput

func (KeyRingIAMMemberConditionPtrOutput) ElementType 

func (KeyRingIAMMemberConditionPtrOutput) ElementType() reflect.Type

func (KeyRingIAMMemberConditionPtrOutput) Expression 

func (o KeyRingIAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (KeyRingIAMMemberConditionPtrOutput) Title 

func (o KeyRingIAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

A title for the expression, i.e. a short string describing its purpose.

func (KeyRingIAMMemberConditionPtrOutput) ToKeyRingIAMMemberConditionPtrOutput 

func (o KeyRingIAMMemberConditionPtrOutput) ToKeyRingIAMMemberConditionPtrOutput() KeyRingIAMMemberConditionPtrOutput

func (KeyRingIAMMemberConditionPtrOutput) ToKeyRingIAMMemberConditionPtrOutputWithContext 

func (o KeyRingIAMMemberConditionPtrOutput) ToKeyRingIAMMemberConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionPtrOutput

type KeyRingIAMMemberInput 

type KeyRingIAMMemberInput interface {
	pulumi.Input

	ToKeyRingIAMMemberOutput() KeyRingIAMMemberOutput
	ToKeyRingIAMMemberOutputWithContext(ctx context.Context) KeyRingIAMMemberOutput
}

type KeyRingIAMMemberMap 

type KeyRingIAMMemberMap map[string]KeyRingIAMMemberInput

func (KeyRingIAMMemberMap) ElementType 

func (KeyRingIAMMemberMap) ElementType() reflect.Type

func (KeyRingIAMMemberMap) ToKeyRingIAMMemberMapOutput 

func (i KeyRingIAMMemberMap) ToKeyRingIAMMemberMapOutput() KeyRingIAMMemberMapOutput

func (KeyRingIAMMemberMap) ToKeyRingIAMMemberMapOutputWithContext 

func (i KeyRingIAMMemberMap) ToKeyRingIAMMemberMapOutputWithContext(ctx context.Context) KeyRingIAMMemberMapOutput

type KeyRingIAMMemberMapInput 

type KeyRingIAMMemberMapInput interface {
	pulumi.Input

	ToKeyRingIAMMemberMapOutput() KeyRingIAMMemberMapOutput
	ToKeyRingIAMMemberMapOutputWithContext(context.Context) KeyRingIAMMemberMapOutput
}

KeyRingIAMMemberMapInput is an input type that accepts KeyRingIAMMemberMap and KeyRingIAMMemberMapOutput values. You can construct a concrete instance of `KeyRingIAMMemberMapInput` via: 

KeyRingIAMMemberMap{ "key": KeyRingIAMMemberArgs{...} }

type KeyRingIAMMemberMapOutput 

type KeyRingIAMMemberMapOutput struct{ *pulumi.OutputState }

func (KeyRingIAMMemberMapOutput) ElementType 

func (KeyRingIAMMemberMapOutput) ElementType() reflect.Type

func (KeyRingIAMMemberMapOutput) MapIndex 

func (o KeyRingIAMMemberMapOutput) MapIndex(k pulumi.StringInput) KeyRingIAMMemberOutput

func (KeyRingIAMMemberMapOutput) ToKeyRingIAMMemberMapOutput 

func (o KeyRingIAMMemberMapOutput) ToKeyRingIAMMemberMapOutput() KeyRingIAMMemberMapOutput

func (KeyRingIAMMemberMapOutput) ToKeyRingIAMMemberMapOutputWithContext 

func (o KeyRingIAMMemberMapOutput) ToKeyRingIAMMemberMapOutputWithContext(ctx context.Context) KeyRingIAMMemberMapOutput

type KeyRingIAMMemberOutput 

type KeyRingIAMMemberOutput struct{ *pulumi.OutputState }

func (KeyRingIAMMemberOutput) Condition 

func (o KeyRingIAMMemberOutput) Condition() KeyRingIAMMemberConditionPtrOutput

An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.

func (KeyRingIAMMemberOutput) ElementType 

func (KeyRingIAMMemberOutput) ElementType() reflect.Type

func (KeyRingIAMMemberOutput) Etag 

func (o KeyRingIAMMemberOutput) Etag() pulumi.StringOutput

(Computed) The etag of the key ring's IAM policy.

func (KeyRingIAMMemberOutput) KeyRingId 

func (o KeyRingIAMMemberOutput) KeyRingId() pulumi.StringOutput

The key ring ID, in the form `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback.

func (KeyRingIAMMemberOutput) Member 

func (o KeyRingIAMMemberOutput) Member() pulumi.StringOutput

Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (KeyRingIAMMemberOutput) Role 

func (o KeyRingIAMMemberOutput) Role() pulumi.StringOutput

The role that should be applied. Only one `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (KeyRingIAMMemberOutput) ToKeyRingIAMMemberOutput 

func (o KeyRingIAMMemberOutput) ToKeyRingIAMMemberOutput() KeyRingIAMMemberOutput

func (KeyRingIAMMemberOutput) ToKeyRingIAMMemberOutputWithContext 

func (o KeyRingIAMMemberOutput) ToKeyRingIAMMemberOutputWithContext(ctx context.Context) KeyRingIAMMemberOutput

type KeyRingIAMMemberState 

type KeyRingIAMMemberState struct {
	// An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
	// Structure is documented below.
	Condition KeyRingIAMMemberConditionPtrInput
	// (Computed) The etag of the key ring's IAM policy.
	Etag pulumi.StringPtrInput
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId pulumi.StringPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (KeyRingIAMMemberState) ElementType 

func (KeyRingIAMMemberState) ElementType() reflect.Type

type KeyRingIAMPolicy 

type KeyRingIAMPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the key ring's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId pulumi.StringOutput `pulumi:"keyRingId"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
}

Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:

* `kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached. * `kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved. * `kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.

> **Note:** `kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `kms.KeyRingIAMBinding` and `kms.KeyRingIAMMember` or they will fight over what your policy should be.

> **Note:** `kms.KeyRingIAMBinding` resources **can be** used in conjunction with `kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.

## kms.KeyRingIAMPolicy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{
			KeyRingId:  keyring.ID(),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/editor",
					Members: []string{
						"user:jane@example.com",
					},
					Condition: {
						Title:       "expires_after_2019_12_31",
						Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
						Expression:  "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{
			KeyRingId:  keyring.ID(),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## kms.KeyRingIAMBinding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.KeyRingIAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## kms.KeyRingIAMMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Member:    pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Member:    pulumi.String("user:jane@example.com"),
			Condition: &kms.KeyRingIAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## kms.KeyRingIAMBinding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
			Condition: &kms.KeyRingIAMBindingConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## kms.KeyRingIAMMember

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Member:    pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

With IAM Conditions:

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{
			KeyRingId: pulumi.String("your-key-ring-id"),
			Role:      pulumi.String("roles/cloudkms.admin"),
			Member:    pulumi.String("user:jane@example.com"),
			Condition: &kms.KeyRingIAMMemberConditionArgs{
				Title:       pulumi.String("expires_after_2019_12_31"),
				Description: pulumi.String("Expiring at midnight of 2019-12-31"),
				Expression:  pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

### Importing IAM policies

IAM policy imports use the identifier of the Cloud KMS key ring only. For example:

* `{{project_id}}/{{location}}/{{key_ring_name}}`

An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:

tf

import { 

id = "{{project_id}}/{{location}}/{{key_ring_name}}"

to = google_kms_key_ring_iam_policy.default

}

The `pulumi import` command can also be used:

```sh $ pulumi import gcp:kms/keyRingIAMPolicy:KeyRingIAMPolicy default {{project_id}}/{{location}}/{{key_ring_name}} ```

func GetKeyRingIAMPolicy 

func GetKeyRingIAMPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingIAMPolicyState, opts ...pulumi.ResourceOption) (*KeyRingIAMPolicy, error)

GetKeyRingIAMPolicy gets an existing KeyRingIAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingIAMPolicy 

func NewKeyRingIAMPolicy(ctx *pulumi.Context,
	name string, args *KeyRingIAMPolicyArgs, opts ...pulumi.ResourceOption) (*KeyRingIAMPolicy, error)

NewKeyRingIAMPolicy registers a new resource with the given unique name, arguments, and options.

func (*KeyRingIAMPolicy) ElementType 

func (*KeyRingIAMPolicy) ElementType() reflect.Type

func (*KeyRingIAMPolicy) ToKeyRingIAMPolicyOutput 

func (i *KeyRingIAMPolicy) ToKeyRingIAMPolicyOutput() KeyRingIAMPolicyOutput

func (*KeyRingIAMPolicy) ToKeyRingIAMPolicyOutputWithContext 

func (i *KeyRingIAMPolicy) ToKeyRingIAMPolicyOutputWithContext(ctx context.Context) KeyRingIAMPolicyOutput

type KeyRingIAMPolicyArgs 

type KeyRingIAMPolicyArgs struct {
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId pulumi.StringInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
}

The set of arguments for constructing a KeyRingIAMPolicy resource.

func (KeyRingIAMPolicyArgs) ElementType 

func (KeyRingIAMPolicyArgs) ElementType() reflect.Type

type KeyRingIAMPolicyArray 

type KeyRingIAMPolicyArray []KeyRingIAMPolicyInput

func (KeyRingIAMPolicyArray) ElementType 

func (KeyRingIAMPolicyArray) ElementType() reflect.Type

func (KeyRingIAMPolicyArray) ToKeyRingIAMPolicyArrayOutput 

func (i KeyRingIAMPolicyArray) ToKeyRingIAMPolicyArrayOutput() KeyRingIAMPolicyArrayOutput

func (KeyRingIAMPolicyArray) ToKeyRingIAMPolicyArrayOutputWithContext 

func (i KeyRingIAMPolicyArray) ToKeyRingIAMPolicyArrayOutputWithContext(ctx context.Context) KeyRingIAMPolicyArrayOutput

type KeyRingIAMPolicyArrayInput 

type KeyRingIAMPolicyArrayInput interface {
	pulumi.Input

	ToKeyRingIAMPolicyArrayOutput() KeyRingIAMPolicyArrayOutput
	ToKeyRingIAMPolicyArrayOutputWithContext(context.Context) KeyRingIAMPolicyArrayOutput
}

KeyRingIAMPolicyArrayInput is an input type that accepts KeyRingIAMPolicyArray and KeyRingIAMPolicyArrayOutput values. You can construct a concrete instance of `KeyRingIAMPolicyArrayInput` via: 

KeyRingIAMPolicyArray{ KeyRingIAMPolicyArgs{...} }

type KeyRingIAMPolicyArrayOutput 

type KeyRingIAMPolicyArrayOutput struct{ *pulumi.OutputState }

func (KeyRingIAMPolicyArrayOutput) ElementType 

func (KeyRingIAMPolicyArrayOutput) ElementType() reflect.Type

func (KeyRingIAMPolicyArrayOutput) Index 

func (o KeyRingIAMPolicyArrayOutput) Index(i pulumi.IntInput) KeyRingIAMPolicyOutput

func (KeyRingIAMPolicyArrayOutput) ToKeyRingIAMPolicyArrayOutput 

func (o KeyRingIAMPolicyArrayOutput) ToKeyRingIAMPolicyArrayOutput() KeyRingIAMPolicyArrayOutput

func (KeyRingIAMPolicyArrayOutput) ToKeyRingIAMPolicyArrayOutputWithContext 

func (o KeyRingIAMPolicyArrayOutput) ToKeyRingIAMPolicyArrayOutputWithContext(ctx context.Context) KeyRingIAMPolicyArrayOutput

type KeyRingIAMPolicyInput 

type KeyRingIAMPolicyInput interface {
	pulumi.Input

	ToKeyRingIAMPolicyOutput() KeyRingIAMPolicyOutput
	ToKeyRingIAMPolicyOutputWithContext(ctx context.Context) KeyRingIAMPolicyOutput
}

type KeyRingIAMPolicyMap 

type KeyRingIAMPolicyMap map[string]KeyRingIAMPolicyInput

func (KeyRingIAMPolicyMap) ElementType 

func (KeyRingIAMPolicyMap) ElementType() reflect.Type

func (KeyRingIAMPolicyMap) ToKeyRingIAMPolicyMapOutput 

func (i KeyRingIAMPolicyMap) ToKeyRingIAMPolicyMapOutput() KeyRingIAMPolicyMapOutput

func (KeyRingIAMPolicyMap) ToKeyRingIAMPolicyMapOutputWithContext 

func (i KeyRingIAMPolicyMap) ToKeyRingIAMPolicyMapOutputWithContext(ctx context.Context) KeyRingIAMPolicyMapOutput

type KeyRingIAMPolicyMapInput 

type KeyRingIAMPolicyMapInput interface {
	pulumi.Input

	ToKeyRingIAMPolicyMapOutput() KeyRingIAMPolicyMapOutput
	ToKeyRingIAMPolicyMapOutputWithContext(context.Context) KeyRingIAMPolicyMapOutput
}

KeyRingIAMPolicyMapInput is an input type that accepts KeyRingIAMPolicyMap and KeyRingIAMPolicyMapOutput values. You can construct a concrete instance of `KeyRingIAMPolicyMapInput` via: 

KeyRingIAMPolicyMap{ "key": KeyRingIAMPolicyArgs{...} }

type KeyRingIAMPolicyMapOutput 

type KeyRingIAMPolicyMapOutput struct{ *pulumi.OutputState }

func (KeyRingIAMPolicyMapOutput) ElementType 

func (KeyRingIAMPolicyMapOutput) ElementType() reflect.Type

func (KeyRingIAMPolicyMapOutput) MapIndex 

func (o KeyRingIAMPolicyMapOutput) MapIndex(k pulumi.StringInput) KeyRingIAMPolicyOutput

func (KeyRingIAMPolicyMapOutput) ToKeyRingIAMPolicyMapOutput 

func (o KeyRingIAMPolicyMapOutput) ToKeyRingIAMPolicyMapOutput() KeyRingIAMPolicyMapOutput

func (KeyRingIAMPolicyMapOutput) ToKeyRingIAMPolicyMapOutputWithContext 

func (o KeyRingIAMPolicyMapOutput) ToKeyRingIAMPolicyMapOutputWithContext(ctx context.Context) KeyRingIAMPolicyMapOutput

type KeyRingIAMPolicyOutput 

type KeyRingIAMPolicyOutput struct{ *pulumi.OutputState }

func (KeyRingIAMPolicyOutput) ElementType 

func (KeyRingIAMPolicyOutput) ElementType() reflect.Type

func (KeyRingIAMPolicyOutput) Etag 

func (o KeyRingIAMPolicyOutput) Etag() pulumi.StringOutput

(Computed) The etag of the key ring's IAM policy.

func (KeyRingIAMPolicyOutput) KeyRingId 

func (o KeyRingIAMPolicyOutput) KeyRingId() pulumi.StringOutput

The key ring ID, in the form `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback.

func (KeyRingIAMPolicyOutput) PolicyData 

func (o KeyRingIAMPolicyOutput) PolicyData() pulumi.StringOutput

The policy data generated by a `organizations.getIAMPolicy` data source.

func (KeyRingIAMPolicyOutput) ToKeyRingIAMPolicyOutput 

func (o KeyRingIAMPolicyOutput) ToKeyRingIAMPolicyOutput() KeyRingIAMPolicyOutput

func (KeyRingIAMPolicyOutput) ToKeyRingIAMPolicyOutputWithContext 

func (o KeyRingIAMPolicyOutput) ToKeyRingIAMPolicyOutputWithContext(ctx context.Context) KeyRingIAMPolicyOutput

type KeyRingIAMPolicyState 

type KeyRingIAMPolicyState struct {
	// (Computed) The etag of the key ring's IAM policy.
	Etag pulumi.StringPtrInput
	// The key ring ID, in the form
	// `{project_id}/{location_name}/{key_ring_name}` or
	// `{location_name}/{key_ring_name}`. In the second form, the provider's
	// project setting will be used as a fallback.
	KeyRingId pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
}

func (KeyRingIAMPolicyState) ElementType 

func (KeyRingIAMPolicyState) ElementType() reflect.Type

type KeyRingImportJob 

type KeyRingImportJob struct {
	pulumi.CustomResourceState

	// Statement that was generated and signed by the key creator (for example, an HSM) at key creation time.
	// Use this statement to verify attributes of the key as stored on the HSM, independently of Google.
	// Only present if the chosen ImportMethod is one with a protection level of HSM.
	// Structure is documented below.
	Attestations KeyRingImportJobAttestationArrayOutput `pulumi:"attestations"`
	// The time at which this resource is scheduled for expiration and can no longer be used.
	// This is in RFC3339 text format.
	ExpireTime pulumi.StringOutput `pulumi:"expireTime"`
	// It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
	//
	// ***
	ImportJobId pulumi.StringOutput `pulumi:"importJobId"`
	// The wrapping method to be used for incoming key material.
	// Possible values are: `RSA_OAEP_3072_SHA1_AES_256`, `RSA_OAEP_4096_SHA1_AES_256`.
	ImportMethod pulumi.StringOutput `pulumi:"importMethod"`
	// The KeyRing that this import job belongs to.
	// Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
	KeyRing pulumi.StringOutput `pulumi:"keyRing"`
	// The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.
	Name pulumi.StringOutput `pulumi:"name"`
	// The protection level of the ImportJob. This must match the protectionLevel of the
	// versionTemplate on the CryptoKey you attempt to import into.
	// Possible values are: `SOFTWARE`, `HSM`, `EXTERNAL`.
	ProtectionLevel pulumi.StringOutput `pulumi:"protectionLevel"`
	// The public key with which to wrap key material prior to import. Only returned if state is `ACTIVE`.
	// Structure is documented below.
	PublicKeys KeyRingImportJobPublicKeyArrayOutput `pulumi:"publicKeys"`
	// The current state of the ImportJob, indicating if it can be used.
	State pulumi.StringOutput `pulumi:"state"`
}

A `KeyRingImportJob` can be used to create `CryptoKeys` and `CryptoKeyVersions` using pre-existing key material, generated outside of Cloud KMS. A `KeyRingImportJob` expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the `KeyRingImportJob`'s public key.

> **Note:** KeyRingImportJobs cannot be deleted from Google Cloud Platform. Destroying a provider-managed KeyRingImportJob will remove it from state but *will not delete the resource from the project.*

To get more information about KeyRingImportJob, see:

* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.importJobs) * How-to Guides

## Example Usage

## Import

KeyRingImportJob can be imported using any of these accepted formats:

* `{{name}}`

When using the `pulumi import` command, KeyRingImportJob can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:kms/keyRingImportJob:KeyRingImportJob default {{name}} ```

func GetKeyRingImportJob 

func GetKeyRingImportJob(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingImportJobState, opts ...pulumi.ResourceOption) (*KeyRingImportJob, error)

GetKeyRingImportJob gets an existing KeyRingImportJob resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingImportJob 

func NewKeyRingImportJob(ctx *pulumi.Context,
	name string, args *KeyRingImportJobArgs, opts ...pulumi.ResourceOption) (*KeyRingImportJob, error)

NewKeyRingImportJob registers a new resource with the given unique name, arguments, and options.

func (*KeyRingImportJob) ElementType 

func (*KeyRingImportJob) ElementType() reflect.Type

func (*KeyRingImportJob) ToKeyRingImportJobOutput 

func (i *KeyRingImportJob) ToKeyRingImportJobOutput() KeyRingImportJobOutput

func (*KeyRingImportJob) ToKeyRingImportJobOutputWithContext 

func (i *KeyRingImportJob) ToKeyRingImportJobOutputWithContext(ctx context.Context) KeyRingImportJobOutput

type KeyRingImportJobArgs 

type KeyRingImportJobArgs struct {
	// It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
	//
	// ***
	ImportJobId pulumi.StringInput
	// The wrapping method to be used for incoming key material.
	// Possible values are: `RSA_OAEP_3072_SHA1_AES_256`, `RSA_OAEP_4096_SHA1_AES_256`.
	ImportMethod pulumi.StringInput
	// The KeyRing that this import job belongs to.
	// Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
	KeyRing pulumi.StringInput
	// The protection level of the ImportJob. This must match the protectionLevel of the
	// versionTemplate on the CryptoKey you attempt to import into.
	// Possible values are: `SOFTWARE`, `HSM`, `EXTERNAL`.
	ProtectionLevel pulumi.StringInput
}

The set of arguments for constructing a KeyRingImportJob resource.

func (KeyRingImportJobArgs) ElementType 

func (KeyRingImportJobArgs) ElementType() reflect.Type

type KeyRingImportJobArray 

type KeyRingImportJobArray []KeyRingImportJobInput

func (KeyRingImportJobArray) ElementType 

func (KeyRingImportJobArray) ElementType() reflect.Type

func (KeyRingImportJobArray) ToKeyRingImportJobArrayOutput 

func (i KeyRingImportJobArray) ToKeyRingImportJobArrayOutput() KeyRingImportJobArrayOutput

func (KeyRingImportJobArray) ToKeyRingImportJobArrayOutputWithContext 

func (i KeyRingImportJobArray) ToKeyRingImportJobArrayOutputWithContext(ctx context.Context) KeyRingImportJobArrayOutput

type KeyRingImportJobArrayInput 

type KeyRingImportJobArrayInput interface {
	pulumi.Input

	ToKeyRingImportJobArrayOutput() KeyRingImportJobArrayOutput
	ToKeyRingImportJobArrayOutputWithContext(context.Context) KeyRingImportJobArrayOutput
}

KeyRingImportJobArrayInput is an input type that accepts KeyRingImportJobArray and KeyRingImportJobArrayOutput values. You can construct a concrete instance of `KeyRingImportJobArrayInput` via: 

KeyRingImportJobArray{ KeyRingImportJobArgs{...} }

type KeyRingImportJobArrayOutput 

type KeyRingImportJobArrayOutput struct{ *pulumi.OutputState }

func (KeyRingImportJobArrayOutput) ElementType 

func (KeyRingImportJobArrayOutput) ElementType() reflect.Type

func (KeyRingImportJobArrayOutput) Index 

func (o KeyRingImportJobArrayOutput) Index(i pulumi.IntInput) KeyRingImportJobOutput

func (KeyRingImportJobArrayOutput) ToKeyRingImportJobArrayOutput 

func (o KeyRingImportJobArrayOutput) ToKeyRingImportJobArrayOutput() KeyRingImportJobArrayOutput

func (KeyRingImportJobArrayOutput) ToKeyRingImportJobArrayOutputWithContext 

func (o KeyRingImportJobArrayOutput) ToKeyRingImportJobArrayOutputWithContext(ctx context.Context) KeyRingImportJobArrayOutput

type KeyRingImportJobAttestation 

type KeyRingImportJobAttestation struct {
	// (Output)
	// The attestation data provided by the HSM when the key operation was performed.
	// A base64-encoded string.
	Content *string `pulumi:"content"`
	// (Output)
	// The format of the attestation data.
	Format *string `pulumi:"format"`
}

type KeyRingImportJobAttestationArgs 

type KeyRingImportJobAttestationArgs struct {
	// (Output)
	// The attestation data provided by the HSM when the key operation was performed.
	// A base64-encoded string.
	Content pulumi.StringPtrInput `pulumi:"content"`
	// (Output)
	// The format of the attestation data.
	Format pulumi.StringPtrInput `pulumi:"format"`
}

func (KeyRingImportJobAttestationArgs) ElementType 

func (KeyRingImportJobAttestationArgs) ElementType() reflect.Type

func (KeyRingImportJobAttestationArgs) ToKeyRingImportJobAttestationOutput 

func (i KeyRingImportJobAttestationArgs) ToKeyRingImportJobAttestationOutput() KeyRingImportJobAttestationOutput

func (KeyRingImportJobAttestationArgs) ToKeyRingImportJobAttestationOutputWithContext 

func (i KeyRingImportJobAttestationArgs) ToKeyRingImportJobAttestationOutputWithContext(ctx context.Context) KeyRingImportJobAttestationOutput

type KeyRingImportJobAttestationArray 

type KeyRingImportJobAttestationArray []KeyRingImportJobAttestationInput

func (KeyRingImportJobAttestationArray) ElementType 

func (KeyRingImportJobAttestationArray) ElementType() reflect.Type

func (KeyRingImportJobAttestationArray) ToKeyRingImportJobAttestationArrayOutput 

func (i KeyRingImportJobAttestationArray) ToKeyRingImportJobAttestationArrayOutput() KeyRingImportJobAttestationArrayOutput

func (KeyRingImportJobAttestationArray) ToKeyRingImportJobAttestationArrayOutputWithContext 

func (i KeyRingImportJobAttestationArray) ToKeyRingImportJobAttestationArrayOutputWithContext(ctx context.Context) KeyRingImportJobAttestationArrayOutput

type KeyRingImportJobAttestationArrayInput 

type KeyRingImportJobAttestationArrayInput interface {
	pulumi.Input

	ToKeyRingImportJobAttestationArrayOutput() KeyRingImportJobAttestationArrayOutput
	ToKeyRingImportJobAttestationArrayOutputWithContext(context.Context) KeyRingImportJobAttestationArrayOutput
}

KeyRingImportJobAttestationArrayInput is an input type that accepts KeyRingImportJobAttestationArray and KeyRingImportJobAttestationArrayOutput values. You can construct a concrete instance of `KeyRingImportJobAttestationArrayInput` via: 

KeyRingImportJobAttestationArray{ KeyRingImportJobAttestationArgs{...} }

type KeyRingImportJobAttestationArrayOutput 

type KeyRingImportJobAttestationArrayOutput struct{ *pulumi.OutputState }

func (KeyRingImportJobAttestationArrayOutput) ElementType 

func (KeyRingImportJobAttestationArrayOutput) ElementType() reflect.Type

func (KeyRingImportJobAttestationArrayOutput) Index 

func (o KeyRingImportJobAttestationArrayOutput) Index(i pulumi.IntInput) KeyRingImportJobAttestationOutput

func (KeyRingImportJobAttestationArrayOutput) ToKeyRingImportJobAttestationArrayOutput 

func (o KeyRingImportJobAttestationArrayOutput) ToKeyRingImportJobAttestationArrayOutput() KeyRingImportJobAttestationArrayOutput

func (KeyRingImportJobAttestationArrayOutput) ToKeyRingImportJobAttestationArrayOutputWithContext 

func (o KeyRingImportJobAttestationArrayOutput) ToKeyRingImportJobAttestationArrayOutputWithContext(ctx context.Context) KeyRingImportJobAttestationArrayOutput

type KeyRingImportJobAttestationInput 

type KeyRingImportJobAttestationInput interface {
	pulumi.Input

	ToKeyRingImportJobAttestationOutput() KeyRingImportJobAttestationOutput
	ToKeyRingImportJobAttestationOutputWithContext(context.Context) KeyRingImportJobAttestationOutput
}

KeyRingImportJobAttestationInput is an input type that accepts KeyRingImportJobAttestationArgs and KeyRingImportJobAttestationOutput values. You can construct a concrete instance of `KeyRingImportJobAttestationInput` via: 

KeyRingImportJobAttestationArgs{...}

type KeyRingImportJobAttestationOutput 

type KeyRingImportJobAttestationOutput struct{ *pulumi.OutputState }

func (KeyRingImportJobAttestationOutput) Content 

func (o KeyRingImportJobAttestationOutput) Content() pulumi.StringPtrOutput

(Output) The attestation data provided by the HSM when the key operation was performed. A base64-encoded string.

func (KeyRingImportJobAttestationOutput) ElementType 

func (KeyRingImportJobAttestationOutput) ElementType() reflect.Type

func (KeyRingImportJobAttestationOutput) Format 

func (o KeyRingImportJobAttestationOutput) Format() pulumi.StringPtrOutput

(Output) The format of the attestation data.

func (KeyRingImportJobAttestationOutput) ToKeyRingImportJobAttestationOutput 

func (o KeyRingImportJobAttestationOutput) ToKeyRingImportJobAttestationOutput() KeyRingImportJobAttestationOutput

func (KeyRingImportJobAttestationOutput) ToKeyRingImportJobAttestationOutputWithContext 

func (o KeyRingImportJobAttestationOutput) ToKeyRingImportJobAttestationOutputWithContext(ctx context.Context) KeyRingImportJobAttestationOutput

type KeyRingImportJobInput 

type KeyRingImportJobInput interface {
	pulumi.Input

	ToKeyRingImportJobOutput() KeyRingImportJobOutput
	ToKeyRingImportJobOutputWithContext(ctx context.Context) KeyRingImportJobOutput
}

type KeyRingImportJobMap 

type KeyRingImportJobMap map[string]KeyRingImportJobInput

func (KeyRingImportJobMap) ElementType 

func (KeyRingImportJobMap) ElementType() reflect.Type

func (KeyRingImportJobMap) ToKeyRingImportJobMapOutput 

func (i KeyRingImportJobMap) ToKeyRingImportJobMapOutput() KeyRingImportJobMapOutput

func (KeyRingImportJobMap) ToKeyRingImportJobMapOutputWithContext 

func (i KeyRingImportJobMap) ToKeyRingImportJobMapOutputWithContext(ctx context.Context) KeyRingImportJobMapOutput

type KeyRingImportJobMapInput 

type KeyRingImportJobMapInput interface {
	pulumi.Input

	ToKeyRingImportJobMapOutput() KeyRingImportJobMapOutput
	ToKeyRingImportJobMapOutputWithContext(context.Context) KeyRingImportJobMapOutput
}

KeyRingImportJobMapInput is an input type that accepts KeyRingImportJobMap and KeyRingImportJobMapOutput values. You can construct a concrete instance of `KeyRingImportJobMapInput` via: 

KeyRingImportJobMap{ "key": KeyRingImportJobArgs{...} }

type KeyRingImportJobMapOutput 

type KeyRingImportJobMapOutput struct{ *pulumi.OutputState }

func (KeyRingImportJobMapOutput) ElementType 

func (KeyRingImportJobMapOutput) ElementType() reflect.Type

func (KeyRingImportJobMapOutput) MapIndex 

func (o KeyRingImportJobMapOutput) MapIndex(k pulumi.StringInput) KeyRingImportJobOutput

func (KeyRingImportJobMapOutput) ToKeyRingImportJobMapOutput 

func (o KeyRingImportJobMapOutput) ToKeyRingImportJobMapOutput() KeyRingImportJobMapOutput

func (KeyRingImportJobMapOutput) ToKeyRingImportJobMapOutputWithContext 

func (o KeyRingImportJobMapOutput) ToKeyRingImportJobMapOutputWithContext(ctx context.Context) KeyRingImportJobMapOutput

type KeyRingImportJobOutput 

type KeyRingImportJobOutput struct{ *pulumi.OutputState }

func (KeyRingImportJobOutput) Attestations 

func (o KeyRingImportJobOutput) Attestations() KeyRingImportJobAttestationArrayOutput

Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM. Structure is documented below.

func (KeyRingImportJobOutput) ElementType 

func (KeyRingImportJobOutput) ElementType() reflect.Type

func (KeyRingImportJobOutput) ExpireTime 

func (o KeyRingImportJobOutput) ExpireTime() pulumi.StringOutput

The time at which this resource is scheduled for expiration and can no longer be used. This is in RFC3339 text format.

func (KeyRingImportJobOutput) ImportJobId 

func (o KeyRingImportJobOutput) ImportJobId() pulumi.StringOutput

It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

***

func (KeyRingImportJobOutput) ImportMethod 

func (o KeyRingImportJobOutput) ImportMethod() pulumi.StringOutput

The wrapping method to be used for incoming key material. Possible values are: `RSA_OAEP_3072_SHA1_AES_256`, `RSA_OAEP_4096_SHA1_AES_256`.

func (KeyRingImportJobOutput) KeyRing 

func (o KeyRingImportJobOutput) KeyRing() pulumi.StringOutput

The KeyRing that this import job belongs to. Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.

func (KeyRingImportJobOutput) Name 

func (o KeyRingImportJobOutput) Name() pulumi.StringOutput

The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.

func (KeyRingImportJobOutput) ProtectionLevel 

func (o KeyRingImportJobOutput) ProtectionLevel() pulumi.StringOutput

The protection level of the ImportJob. This must match the protectionLevel of the versionTemplate on the CryptoKey you attempt to import into. Possible values are: `SOFTWARE`, `HSM`, `EXTERNAL`.

func (KeyRingImportJobOutput) PublicKeys 

func (o KeyRingImportJobOutput) PublicKeys() KeyRingImportJobPublicKeyArrayOutput

The public key with which to wrap key material prior to import. Only returned if state is `ACTIVE`. Structure is documented below.

func (KeyRingImportJobOutput) State 

func (o KeyRingImportJobOutput) State() pulumi.StringOutput

The current state of the ImportJob, indicating if it can be used.

func (KeyRingImportJobOutput) ToKeyRingImportJobOutput 

func (o KeyRingImportJobOutput) ToKeyRingImportJobOutput() KeyRingImportJobOutput

func (KeyRingImportJobOutput) ToKeyRingImportJobOutputWithContext 

func (o KeyRingImportJobOutput) ToKeyRingImportJobOutputWithContext(ctx context.Context) KeyRingImportJobOutput

type KeyRingImportJobPublicKey 

type KeyRingImportJobPublicKey struct {
	// (Output)
	// The public key, encoded in PEM format. For more information, see the RFC 7468 sections
	// for General Considerations and Textual Encoding of Subject Public Key Info.
	Pem *string `pulumi:"pem"`
}

type KeyRingImportJobPublicKeyArgs 

type KeyRingImportJobPublicKeyArgs struct {
	// (Output)
	// The public key, encoded in PEM format. For more information, see the RFC 7468 sections
	// for General Considerations and Textual Encoding of Subject Public Key Info.
	Pem pulumi.StringPtrInput `pulumi:"pem"`
}

func (KeyRingImportJobPublicKeyArgs) ElementType 

func (KeyRingImportJobPublicKeyArgs) ElementType() reflect.Type

func (KeyRingImportJobPublicKeyArgs) ToKeyRingImportJobPublicKeyOutput 

func (i KeyRingImportJobPublicKeyArgs) ToKeyRingImportJobPublicKeyOutput() KeyRingImportJobPublicKeyOutput

func (KeyRingImportJobPublicKeyArgs) ToKeyRingImportJobPublicKeyOutputWithContext 

func (i KeyRingImportJobPublicKeyArgs) ToKeyRingImportJobPublicKeyOutputWithContext(ctx context.Context) KeyRingImportJobPublicKeyOutput

type KeyRingImportJobPublicKeyArray 

type KeyRingImportJobPublicKeyArray []KeyRingImportJobPublicKeyInput

func (KeyRingImportJobPublicKeyArray) ElementType 

func (KeyRingImportJobPublicKeyArray) ElementType() reflect.Type

func (KeyRingImportJobPublicKeyArray) ToKeyRingImportJobPublicKeyArrayOutput 

func (i KeyRingImportJobPublicKeyArray) ToKeyRingImportJobPublicKeyArrayOutput() KeyRingImportJobPublicKeyArrayOutput

func (KeyRingImportJobPublicKeyArray) ToKeyRingImportJobPublicKeyArrayOutputWithContext 

func (i KeyRingImportJobPublicKeyArray) ToKeyRingImportJobPublicKeyArrayOutputWithContext(ctx context.Context) KeyRingImportJobPublicKeyArrayOutput

type KeyRingImportJobPublicKeyArrayInput 

type KeyRingImportJobPublicKeyArrayInput interface {
	pulumi.Input

	ToKeyRingImportJobPublicKeyArrayOutput() KeyRingImportJobPublicKeyArrayOutput
	ToKeyRingImportJobPublicKeyArrayOutputWithContext(context.Context) KeyRingImportJobPublicKeyArrayOutput
}

KeyRingImportJobPublicKeyArrayInput is an input type that accepts KeyRingImportJobPublicKeyArray and KeyRingImportJobPublicKeyArrayOutput values. You can construct a concrete instance of `KeyRingImportJobPublicKeyArrayInput` via: 

KeyRingImportJobPublicKeyArray{ KeyRingImportJobPublicKeyArgs{...} }

type KeyRingImportJobPublicKeyArrayOutput 

type KeyRingImportJobPublicKeyArrayOutput struct{ *pulumi.OutputState }

func (KeyRingImportJobPublicKeyArrayOutput) ElementType 

func (KeyRingImportJobPublicKeyArrayOutput) ElementType() reflect.Type

func (KeyRingImportJobPublicKeyArrayOutput) Index 

func (o KeyRingImportJobPublicKeyArrayOutput) Index(i pulumi.IntInput) KeyRingImportJobPublicKeyOutput

func (KeyRingImportJobPublicKeyArrayOutput) ToKeyRingImportJobPublicKeyArrayOutput 

func (o KeyRingImportJobPublicKeyArrayOutput) ToKeyRingImportJobPublicKeyArrayOutput() KeyRingImportJobPublicKeyArrayOutput

func (KeyRingImportJobPublicKeyArrayOutput) ToKeyRingImportJobPublicKeyArrayOutputWithContext 

func (o KeyRingImportJobPublicKeyArrayOutput) ToKeyRingImportJobPublicKeyArrayOutputWithContext(ctx context.Context) KeyRingImportJobPublicKeyArrayOutput

type KeyRingImportJobPublicKeyInput 

type KeyRingImportJobPublicKeyInput interface {
	pulumi.Input

	ToKeyRingImportJobPublicKeyOutput() KeyRingImportJobPublicKeyOutput
	ToKeyRingImportJobPublicKeyOutputWithContext(context.Context) KeyRingImportJobPublicKeyOutput
}

KeyRingImportJobPublicKeyInput is an input type that accepts KeyRingImportJobPublicKeyArgs and KeyRingImportJobPublicKeyOutput values. You can construct a concrete instance of `KeyRingImportJobPublicKeyInput` via: 

KeyRingImportJobPublicKeyArgs{...}

type KeyRingImportJobPublicKeyOutput 

type KeyRingImportJobPublicKeyOutput struct{ *pulumi.OutputState }

func (KeyRingImportJobPublicKeyOutput) ElementType 

func (KeyRingImportJobPublicKeyOutput) ElementType() reflect.Type

func (KeyRingImportJobPublicKeyOutput) Pem 

func (o KeyRingImportJobPublicKeyOutput) Pem() pulumi.StringPtrOutput

(Output) The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.

func (KeyRingImportJobPublicKeyOutput) ToKeyRingImportJobPublicKeyOutput 

func (o KeyRingImportJobPublicKeyOutput) ToKeyRingImportJobPublicKeyOutput() KeyRingImportJobPublicKeyOutput

func (KeyRingImportJobPublicKeyOutput) ToKeyRingImportJobPublicKeyOutputWithContext 

func (o KeyRingImportJobPublicKeyOutput) ToKeyRingImportJobPublicKeyOutputWithContext(ctx context.Context) KeyRingImportJobPublicKeyOutput

type KeyRingImportJobState 

type KeyRingImportJobState struct {
	// Statement that was generated and signed by the key creator (for example, an HSM) at key creation time.
	// Use this statement to verify attributes of the key as stored on the HSM, independently of Google.
	// Only present if the chosen ImportMethod is one with a protection level of HSM.
	// Structure is documented below.
	Attestations KeyRingImportJobAttestationArrayInput
	// The time at which this resource is scheduled for expiration and can no longer be used.
	// This is in RFC3339 text format.
	ExpireTime pulumi.StringPtrInput
	// It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
	//
	// ***
	ImportJobId pulumi.StringPtrInput
	// The wrapping method to be used for incoming key material.
	// Possible values are: `RSA_OAEP_3072_SHA1_AES_256`, `RSA_OAEP_4096_SHA1_AES_256`.
	ImportMethod pulumi.StringPtrInput
	// The KeyRing that this import job belongs to.
	// Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
	KeyRing pulumi.StringPtrInput
	// The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.
	Name pulumi.StringPtrInput
	// The protection level of the ImportJob. This must match the protectionLevel of the
	// versionTemplate on the CryptoKey you attempt to import into.
	// Possible values are: `SOFTWARE`, `HSM`, `EXTERNAL`.
	ProtectionLevel pulumi.StringPtrInput
	// The public key with which to wrap key material prior to import. Only returned if state is `ACTIVE`.
	// Structure is documented below.
	PublicKeys KeyRingImportJobPublicKeyArrayInput
	// The current state of the ImportJob, indicating if it can be used.
	State pulumi.StringPtrInput
}

func (KeyRingImportJobState) ElementType 

func (KeyRingImportJobState) ElementType() reflect.Type

type KeyRingInput 

type KeyRingInput interface {
	pulumi.Input

	ToKeyRingOutput() KeyRingOutput
	ToKeyRingOutputWithContext(ctx context.Context) KeyRingOutput
}

type KeyRingMap 

type KeyRingMap map[string]KeyRingInput

func (KeyRingMap) ElementType 

func (KeyRingMap) ElementType() reflect.Type

func (KeyRingMap) ToKeyRingMapOutput 

func (i KeyRingMap) ToKeyRingMapOutput() KeyRingMapOutput

func (KeyRingMap) ToKeyRingMapOutputWithContext 

func (i KeyRingMap) ToKeyRingMapOutputWithContext(ctx context.Context) KeyRingMapOutput

type KeyRingMapInput 

type KeyRingMapInput interface {
	pulumi.Input

	ToKeyRingMapOutput() KeyRingMapOutput
	ToKeyRingMapOutputWithContext(context.Context) KeyRingMapOutput
}

KeyRingMapInput is an input type that accepts KeyRingMap and KeyRingMapOutput values. You can construct a concrete instance of `KeyRingMapInput` via: 

KeyRingMap{ "key": KeyRingArgs{...} }

type KeyRingMapOutput 

type KeyRingMapOutput struct{ *pulumi.OutputState }

func (KeyRingMapOutput) ElementType 

func (KeyRingMapOutput) ElementType() reflect.Type

func (KeyRingMapOutput) MapIndex 

func (o KeyRingMapOutput) MapIndex(k pulumi.StringInput) KeyRingOutput

func (KeyRingMapOutput) ToKeyRingMapOutput 

func (o KeyRingMapOutput) ToKeyRingMapOutput() KeyRingMapOutput

func (KeyRingMapOutput) ToKeyRingMapOutputWithContext 

func (o KeyRingMapOutput) ToKeyRingMapOutputWithContext(ctx context.Context) KeyRingMapOutput

type KeyRingOutput 

type KeyRingOutput struct{ *pulumi.OutputState }

func (KeyRingOutput) ElementType 

func (KeyRingOutput) ElementType() reflect.Type

func (KeyRingOutput) Location 

func (o KeyRingOutput) Location() pulumi.StringOutput

The location for the KeyRing. A full list of valid locations can be found by running `gcloud kms locations list`.

***

func (KeyRingOutput) Name 

func (o KeyRingOutput) Name() pulumi.StringOutput

The resource name for the KeyRing.

func (KeyRingOutput) Project 

func (o KeyRingOutput) Project() pulumi.StringOutput

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

func (KeyRingOutput) ToKeyRingOutput 

func (o KeyRingOutput) ToKeyRingOutput() KeyRingOutput

func (KeyRingOutput) ToKeyRingOutputWithContext 

func (o KeyRingOutput) ToKeyRingOutputWithContext(ctx context.Context) KeyRingOutput

type KeyRingState 

type KeyRingState struct {
	// The location for the KeyRing.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	//
	// ***
	Location pulumi.StringPtrInput
	// The resource name for the KeyRing.
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
}

func (KeyRingState) ElementType 

func (KeyRingState) ElementType() reflect.Type

type LookupEkmConnectionIamPolicyArgs 

type LookupEkmConnectionIamPolicyArgs struct {
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	// Used to find the parent resource to bind the IAM policy to. If not specified,
	// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
	// location is specified, it is taken from the provider configuration.
	Location *string `pulumi:"location"`
	// Used to find the parent resource to bind the IAM policy to
	Name string `pulumi:"name"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project *string `pulumi:"project"`
}

A collection of arguments for invoking getEkmConnectionIamPolicy.

type LookupEkmConnectionIamPolicyOutputArgs 

type LookupEkmConnectionIamPolicyOutputArgs struct {
	// The location for the EkmConnection.
	// A full list of valid locations can be found by running `gcloud kms locations list`.
	// Used to find the parent resource to bind the IAM policy to. If not specified,
	// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
	// location is specified, it is taken from the provider configuration.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Used to find the parent resource to bind the IAM policy to
	Name pulumi.StringInput `pulumi:"name"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput `pulumi:"project"`
}

A collection of arguments for invoking getEkmConnectionIamPolicy.

func (LookupEkmConnectionIamPolicyOutputArgs) ElementType 

func (LookupEkmConnectionIamPolicyOutputArgs) ElementType() reflect.Type

type LookupEkmConnectionIamPolicyResult 

type LookupEkmConnectionIamPolicyResult struct {
	// (Computed) The etag of the IAM policy.
	Etag string `pulumi:"etag"`
	// The provider-assigned unique ID for this managed resource.
	Id       string `pulumi:"id"`
	Location string `pulumi:"location"`
	Name     string `pulumi:"name"`
	// (Required only by `kms.EkmConnectionIamPolicy`) The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData string `pulumi:"policyData"`
	Project    string `pulumi:"project"`
}

A collection of values returned by getEkmConnectionIamPolicy.

func LookupEkmConnectionIamPolicy 

func LookupEkmConnectionIamPolicy(ctx *pulumi.Context, args *LookupEkmConnectionIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupEkmConnectionIamPolicyResult, error)

Retrieves the current IAM policy data for ekmconnection

## example

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.LookupEkmConnectionIamPolicy(ctx, &kms.LookupEkmConnectionIamPolicyArgs{
			Project:  pulumi.StringRef(example_ekmconnection.Project),
			Location: pulumi.StringRef(example_ekmconnection.Location),
			Name:     example_ekmconnection.Name,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupEkmConnectionIamPolicyResultOutput 

type LookupEkmConnectionIamPolicyResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getEkmConnectionIamPolicy.

func LookupEkmConnectionIamPolicyOutput 

func LookupEkmConnectionIamPolicyOutput(ctx *pulumi.Context, args LookupEkmConnectionIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupEkmConnectionIamPolicyResultOutput

func (LookupEkmConnectionIamPolicyResultOutput) ElementType 

func (LookupEkmConnectionIamPolicyResultOutput) ElementType() reflect.Type

func (LookupEkmConnectionIamPolicyResultOutput) Etag 

func (o LookupEkmConnectionIamPolicyResultOutput) Etag() pulumi.StringOutput

(Computed) The etag of the IAM policy.

func (LookupEkmConnectionIamPolicyResultOutput) Id 

func (o LookupEkmConnectionIamPolicyResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupEkmConnectionIamPolicyResultOutput) Location 

func (o LookupEkmConnectionIamPolicyResultOutput) Location() pulumi.StringOutput

func (LookupEkmConnectionIamPolicyResultOutput) Name 

func (o LookupEkmConnectionIamPolicyResultOutput) Name() pulumi.StringOutput

func (LookupEkmConnectionIamPolicyResultOutput) PolicyData 

func (o LookupEkmConnectionIamPolicyResultOutput) PolicyData() pulumi.StringOutput

(Required only by `kms.EkmConnectionIamPolicy`) The policy data generated by a `organizations.getIAMPolicy` data source.

func (LookupEkmConnectionIamPolicyResultOutput) Project 

func (o LookupEkmConnectionIamPolicyResultOutput) Project() pulumi.StringOutput

func (LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutput 

func (o LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutput() LookupEkmConnectionIamPolicyResultOutput

func (LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutputWithContext 

func (o LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutputWithContext(ctx context.Context) LookupEkmConnectionIamPolicyResultOutput

type SecretCiphertext 

type SecretCiphertext struct {
	pulumi.CustomResourceState

	// The additional authenticated data used for integrity checks during encryption and decryption.
	// **Note**: This property is sensitive and will not be displayed in the plan.
	AdditionalAuthenticatedData pulumi.StringPtrOutput `pulumi:"additionalAuthenticatedData"`
	// Contains the result of encrypting the provided plaintext, encoded in base64.
	Ciphertext pulumi.StringOutput `pulumi:"ciphertext"`
	// The full name of the CryptoKey that will be used to encrypt the provided plaintext.
	// Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'`
	//
	// ***
	CryptoKey pulumi.StringOutput `pulumi:"cryptoKey"`
	// The plaintext to be encrypted.
	// **Note**: This property is sensitive and will not be displayed in the plan.
	Plaintext pulumi.StringOutput `pulumi:"plaintext"`
}

Encrypts secret data with Google Cloud KMS and provides access to the ciphertext.

> **NOTE:** Using this resource will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.

To get more information about SecretCiphertext, see:

* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys/encrypt) * How-to Guides

## Example Usage

### Kms Secret Ciphertext Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("keyring-example"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		cryptokey, err := kms.NewCryptoKey(ctx, "cryptokey", &kms.CryptoKeyArgs{
			Name:           pulumi.String("crypto-key-example"),
			KeyRing:        keyring.ID(),
			RotationPeriod: pulumi.String("7776000s"),
		})
		if err != nil {
			return err
		}
		myPassword, err := kms.NewSecretCiphertext(ctx, "my_password", &kms.SecretCiphertextArgs{
			CryptoKey: cryptokey.ID(),
			Plaintext: pulumi.String("my-secret-password"),
		})
		if err != nil {
			return err
		}
		_, err = compute.NewInstance(ctx, "instance", &compute.InstanceArgs{
			NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
				&compute.InstanceNetworkInterfaceArgs{
					AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{
						&compute.InstanceNetworkInterfaceAccessConfigArgs{},
					},
					Network: pulumi.String("default"),
				},
			},
			Name:        pulumi.String("my-instance"),
			MachineType: pulumi.String("e2-medium"),
			Zone:        pulumi.String("us-central1-a"),
			BootDisk: &compute.InstanceBootDiskArgs{
				InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
					Image: pulumi.String("debian-cloud/debian-11"),
				},
			},
			Metadata: pulumi.StringMap{
				"password": myPassword.Ciphertext,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

This resource does not support import.

func GetSecretCiphertext 

func GetSecretCiphertext(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretCiphertextState, opts ...pulumi.ResourceOption) (*SecretCiphertext, error)

GetSecretCiphertext gets an existing SecretCiphertext resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretCiphertext 

func NewSecretCiphertext(ctx *pulumi.Context,
	name string, args *SecretCiphertextArgs, opts ...pulumi.ResourceOption) (*SecretCiphertext, error)

NewSecretCiphertext registers a new resource with the given unique name, arguments, and options.

func (*SecretCiphertext) ElementType 

func (*SecretCiphertext) ElementType() reflect.Type

func (*SecretCiphertext) ToSecretCiphertextOutput 

func (i *SecretCiphertext) ToSecretCiphertextOutput() SecretCiphertextOutput

func (*SecretCiphertext) ToSecretCiphertextOutputWithContext 

func (i *SecretCiphertext) ToSecretCiphertextOutputWithContext(ctx context.Context) SecretCiphertextOutput

type SecretCiphertextArgs 

type SecretCiphertextArgs struct {
	// The additional authenticated data used for integrity checks during encryption and decryption.
	// **Note**: This property is sensitive and will not be displayed in the plan.
	AdditionalAuthenticatedData pulumi.StringPtrInput
	// The full name of the CryptoKey that will be used to encrypt the provided plaintext.
	// Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'`
	//
	// ***
	CryptoKey pulumi.StringInput
	// The plaintext to be encrypted.
	// **Note**: This property is sensitive and will not be displayed in the plan.
	Plaintext pulumi.StringInput
}

The set of arguments for constructing a SecretCiphertext resource.

func (SecretCiphertextArgs) ElementType 

func (SecretCiphertextArgs) ElementType() reflect.Type

type SecretCiphertextArray 

type SecretCiphertextArray []SecretCiphertextInput

func (SecretCiphertextArray) ElementType 

func (SecretCiphertextArray) ElementType() reflect.Type

func (SecretCiphertextArray) ToSecretCiphertextArrayOutput 

func (i SecretCiphertextArray) ToSecretCiphertextArrayOutput() SecretCiphertextArrayOutput

func (SecretCiphertextArray) ToSecretCiphertextArrayOutputWithContext 

func (i SecretCiphertextArray) ToSecretCiphertextArrayOutputWithContext(ctx context.Context) SecretCiphertextArrayOutput

type SecretCiphertextArrayInput 

type SecretCiphertextArrayInput interface {
	pulumi.Input

	ToSecretCiphertextArrayOutput() SecretCiphertextArrayOutput
	ToSecretCiphertextArrayOutputWithContext(context.Context) SecretCiphertextArrayOutput
}

SecretCiphertextArrayInput is an input type that accepts SecretCiphertextArray and SecretCiphertextArrayOutput values. You can construct a concrete instance of `SecretCiphertextArrayInput` via: 

SecretCiphertextArray{ SecretCiphertextArgs{...} }

type SecretCiphertextArrayOutput 

type SecretCiphertextArrayOutput struct{ *pulumi.OutputState }

func (SecretCiphertextArrayOutput) ElementType 

func (SecretCiphertextArrayOutput) ElementType() reflect.Type

func (SecretCiphertextArrayOutput) Index 

func (o SecretCiphertextArrayOutput) Index(i pulumi.IntInput) SecretCiphertextOutput

func (SecretCiphertextArrayOutput) ToSecretCiphertextArrayOutput 

func (o SecretCiphertextArrayOutput) ToSecretCiphertextArrayOutput() SecretCiphertextArrayOutput

func (SecretCiphertextArrayOutput) ToSecretCiphertextArrayOutputWithContext 

func (o SecretCiphertextArrayOutput) ToSecretCiphertextArrayOutputWithContext(ctx context.Context) SecretCiphertextArrayOutput

type SecretCiphertextInput 

type SecretCiphertextInput interface {
	pulumi.Input

	ToSecretCiphertextOutput() SecretCiphertextOutput
	ToSecretCiphertextOutputWithContext(ctx context.Context) SecretCiphertextOutput
}

type SecretCiphertextMap 

type SecretCiphertextMap map[string]SecretCiphertextInput

func (SecretCiphertextMap) ElementType 

func (SecretCiphertextMap) ElementType() reflect.Type

func (SecretCiphertextMap) ToSecretCiphertextMapOutput 

func (i SecretCiphertextMap) ToSecretCiphertextMapOutput() SecretCiphertextMapOutput

func (SecretCiphertextMap) ToSecretCiphertextMapOutputWithContext 

func (i SecretCiphertextMap) ToSecretCiphertextMapOutputWithContext(ctx context.Context) SecretCiphertextMapOutput

type SecretCiphertextMapInput 

type SecretCiphertextMapInput interface {
	pulumi.Input

	ToSecretCiphertextMapOutput() SecretCiphertextMapOutput
	ToSecretCiphertextMapOutputWithContext(context.Context) SecretCiphertextMapOutput
}

SecretCiphertextMapInput is an input type that accepts SecretCiphertextMap and SecretCiphertextMapOutput values. You can construct a concrete instance of `SecretCiphertextMapInput` via: 

SecretCiphertextMap{ "key": SecretCiphertextArgs{...} }

type SecretCiphertextMapOutput 

type SecretCiphertextMapOutput struct{ *pulumi.OutputState }

func (SecretCiphertextMapOutput) ElementType 

func (SecretCiphertextMapOutput) ElementType() reflect.Type

func (SecretCiphertextMapOutput) MapIndex 

func (o SecretCiphertextMapOutput) MapIndex(k pulumi.StringInput) SecretCiphertextOutput

func (SecretCiphertextMapOutput) ToSecretCiphertextMapOutput 

func (o SecretCiphertextMapOutput) ToSecretCiphertextMapOutput() SecretCiphertextMapOutput

func (SecretCiphertextMapOutput) ToSecretCiphertextMapOutputWithContext 

func (o SecretCiphertextMapOutput) ToSecretCiphertextMapOutputWithContext(ctx context.Context) SecretCiphertextMapOutput

type SecretCiphertextOutput 

type SecretCiphertextOutput struct{ *pulumi.OutputState }

func (SecretCiphertextOutput) AdditionalAuthenticatedData 

func (o SecretCiphertextOutput) AdditionalAuthenticatedData() pulumi.StringPtrOutput

The additional authenticated data used for integrity checks during encryption and decryption. **Note**: This property is sensitive and will not be displayed in the plan.

func (SecretCiphertextOutput) Ciphertext 

func (o SecretCiphertextOutput) Ciphertext() pulumi.StringOutput

Contains the result of encrypting the provided plaintext, encoded in base64.

func (SecretCiphertextOutput) CryptoKey 

func (o SecretCiphertextOutput) CryptoKey() pulumi.StringOutput

The full name of the CryptoKey that will be used to encrypt the provided plaintext. Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'`

***

func (SecretCiphertextOutput) ElementType 

func (SecretCiphertextOutput) ElementType() reflect.Type

func (SecretCiphertextOutput) Plaintext 

func (o SecretCiphertextOutput) Plaintext() pulumi.StringOutput

The plaintext to be encrypted. **Note**: This property is sensitive and will not be displayed in the plan.

func (SecretCiphertextOutput) ToSecretCiphertextOutput 

func (o SecretCiphertextOutput) ToSecretCiphertextOutput() SecretCiphertextOutput

func (SecretCiphertextOutput) ToSecretCiphertextOutputWithContext 

func (o SecretCiphertextOutput) ToSecretCiphertextOutputWithContext(ctx context.Context) SecretCiphertextOutput

type SecretCiphertextState 

type SecretCiphertextState struct {
	// The additional authenticated data used for integrity checks during encryption and decryption.
	// **Note**: This property is sensitive and will not be displayed in the plan.
	AdditionalAuthenticatedData pulumi.StringPtrInput
	// Contains the result of encrypting the provided plaintext, encoded in base64.
	Ciphertext pulumi.StringPtrInput
	// The full name of the CryptoKey that will be used to encrypt the provided plaintext.
	// Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'`
	//
	// ***
	CryptoKey pulumi.StringPtrInput
	// The plaintext to be encrypted.
	// **Note**: This property is sensitive and will not be displayed in the plan.
	Plaintext pulumi.StringPtrInput
}

func (SecretCiphertextState) ElementType 

func (SecretCiphertextState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.