Documentation ¶
Index ¶
- type AutokeyConfig
- type AutokeyConfigArgs
- type AutokeyConfigArray
- type AutokeyConfigArrayInput
- type AutokeyConfigArrayOutput
- func (AutokeyConfigArrayOutput) ElementType() reflect.Type
- func (o AutokeyConfigArrayOutput) Index(i pulumi.IntInput) AutokeyConfigOutput
- func (o AutokeyConfigArrayOutput) ToAutokeyConfigArrayOutput() AutokeyConfigArrayOutput
- func (o AutokeyConfigArrayOutput) ToAutokeyConfigArrayOutputWithContext(ctx context.Context) AutokeyConfigArrayOutput
- type AutokeyConfigInput
- type AutokeyConfigMap
- type AutokeyConfigMapInput
- type AutokeyConfigMapOutput
- func (AutokeyConfigMapOutput) ElementType() reflect.Type
- func (o AutokeyConfigMapOutput) MapIndex(k pulumi.StringInput) AutokeyConfigOutput
- func (o AutokeyConfigMapOutput) ToAutokeyConfigMapOutput() AutokeyConfigMapOutput
- func (o AutokeyConfigMapOutput) ToAutokeyConfigMapOutputWithContext(ctx context.Context) AutokeyConfigMapOutput
- type AutokeyConfigOutput
- func (AutokeyConfigOutput) ElementType() reflect.Type
- func (o AutokeyConfigOutput) Folder() pulumi.StringOutput
- func (o AutokeyConfigOutput) KeyProject() pulumi.StringPtrOutput
- func (o AutokeyConfigOutput) ToAutokeyConfigOutput() AutokeyConfigOutput
- func (o AutokeyConfigOutput) ToAutokeyConfigOutputWithContext(ctx context.Context) AutokeyConfigOutput
- type AutokeyConfigState
- type CryptoKey
- type CryptoKeyArgs
- type CryptoKeyArray
- type CryptoKeyArrayInput
- type CryptoKeyArrayOutput
- func (CryptoKeyArrayOutput) ElementType() reflect.Type
- func (o CryptoKeyArrayOutput) Index(i pulumi.IntInput) CryptoKeyOutput
- func (o CryptoKeyArrayOutput) ToCryptoKeyArrayOutput() CryptoKeyArrayOutput
- func (o CryptoKeyArrayOutput) ToCryptoKeyArrayOutputWithContext(ctx context.Context) CryptoKeyArrayOutput
- type CryptoKeyIAMBinding
- type CryptoKeyIAMBindingArgs
- type CryptoKeyIAMBindingArray
- type CryptoKeyIAMBindingArrayInput
- type CryptoKeyIAMBindingArrayOutput
- func (CryptoKeyIAMBindingArrayOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMBindingArrayOutput) Index(i pulumi.IntInput) CryptoKeyIAMBindingOutput
- func (o CryptoKeyIAMBindingArrayOutput) ToCryptoKeyIAMBindingArrayOutput() CryptoKeyIAMBindingArrayOutput
- func (o CryptoKeyIAMBindingArrayOutput) ToCryptoKeyIAMBindingArrayOutputWithContext(ctx context.Context) CryptoKeyIAMBindingArrayOutput
- type CryptoKeyIAMBindingCondition
- type CryptoKeyIAMBindingConditionArgs
- func (CryptoKeyIAMBindingConditionArgs) ElementType() reflect.Type
- func (i CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionOutput() CryptoKeyIAMBindingConditionOutput
- func (i CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionOutput
- func (i CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionPtrOutput() CryptoKeyIAMBindingConditionPtrOutput
- func (i CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionPtrOutput
- type CryptoKeyIAMBindingConditionInput
- type CryptoKeyIAMBindingConditionOutput
- func (o CryptoKeyIAMBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (CryptoKeyIAMBindingConditionOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMBindingConditionOutput) Expression() pulumi.StringOutput
- func (o CryptoKeyIAMBindingConditionOutput) Title() pulumi.StringOutput
- func (o CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionOutput() CryptoKeyIAMBindingConditionOutput
- func (o CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionOutput
- func (o CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionPtrOutput() CryptoKeyIAMBindingConditionPtrOutput
- func (o CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionPtrOutput
- type CryptoKeyIAMBindingConditionPtrInput
- type CryptoKeyIAMBindingConditionPtrOutput
- func (o CryptoKeyIAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o CryptoKeyIAMBindingConditionPtrOutput) Elem() CryptoKeyIAMBindingConditionOutput
- func (CryptoKeyIAMBindingConditionPtrOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o CryptoKeyIAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o CryptoKeyIAMBindingConditionPtrOutput) ToCryptoKeyIAMBindingConditionPtrOutput() CryptoKeyIAMBindingConditionPtrOutput
- func (o CryptoKeyIAMBindingConditionPtrOutput) ToCryptoKeyIAMBindingConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionPtrOutput
- type CryptoKeyIAMBindingInput
- type CryptoKeyIAMBindingMap
- type CryptoKeyIAMBindingMapInput
- type CryptoKeyIAMBindingMapOutput
- func (CryptoKeyIAMBindingMapOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMBindingMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyIAMBindingOutput
- func (o CryptoKeyIAMBindingMapOutput) ToCryptoKeyIAMBindingMapOutput() CryptoKeyIAMBindingMapOutput
- func (o CryptoKeyIAMBindingMapOutput) ToCryptoKeyIAMBindingMapOutputWithContext(ctx context.Context) CryptoKeyIAMBindingMapOutput
- type CryptoKeyIAMBindingOutput
- func (o CryptoKeyIAMBindingOutput) Condition() CryptoKeyIAMBindingConditionPtrOutput
- func (o CryptoKeyIAMBindingOutput) CryptoKeyId() pulumi.StringOutput
- func (CryptoKeyIAMBindingOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMBindingOutput) Etag() pulumi.StringOutput
- func (o CryptoKeyIAMBindingOutput) Members() pulumi.StringArrayOutput
- func (o CryptoKeyIAMBindingOutput) Role() pulumi.StringOutput
- func (o CryptoKeyIAMBindingOutput) ToCryptoKeyIAMBindingOutput() CryptoKeyIAMBindingOutput
- func (o CryptoKeyIAMBindingOutput) ToCryptoKeyIAMBindingOutputWithContext(ctx context.Context) CryptoKeyIAMBindingOutput
- type CryptoKeyIAMBindingState
- type CryptoKeyIAMMember
- type CryptoKeyIAMMemberArgs
- type CryptoKeyIAMMemberArray
- type CryptoKeyIAMMemberArrayInput
- type CryptoKeyIAMMemberArrayOutput
- func (CryptoKeyIAMMemberArrayOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMMemberArrayOutput) Index(i pulumi.IntInput) CryptoKeyIAMMemberOutput
- func (o CryptoKeyIAMMemberArrayOutput) ToCryptoKeyIAMMemberArrayOutput() CryptoKeyIAMMemberArrayOutput
- func (o CryptoKeyIAMMemberArrayOutput) ToCryptoKeyIAMMemberArrayOutputWithContext(ctx context.Context) CryptoKeyIAMMemberArrayOutput
- type CryptoKeyIAMMemberCondition
- type CryptoKeyIAMMemberConditionArgs
- func (CryptoKeyIAMMemberConditionArgs) ElementType() reflect.Type
- func (i CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionOutput() CryptoKeyIAMMemberConditionOutput
- func (i CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionOutput
- func (i CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionPtrOutput() CryptoKeyIAMMemberConditionPtrOutput
- func (i CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionPtrOutput
- type CryptoKeyIAMMemberConditionInput
- type CryptoKeyIAMMemberConditionOutput
- func (o CryptoKeyIAMMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (CryptoKeyIAMMemberConditionOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMMemberConditionOutput) Expression() pulumi.StringOutput
- func (o CryptoKeyIAMMemberConditionOutput) Title() pulumi.StringOutput
- func (o CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionOutput() CryptoKeyIAMMemberConditionOutput
- func (o CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionOutput
- func (o CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionPtrOutput() CryptoKeyIAMMemberConditionPtrOutput
- func (o CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionPtrOutput
- type CryptoKeyIAMMemberConditionPtrInput
- type CryptoKeyIAMMemberConditionPtrOutput
- func (o CryptoKeyIAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o CryptoKeyIAMMemberConditionPtrOutput) Elem() CryptoKeyIAMMemberConditionOutput
- func (CryptoKeyIAMMemberConditionPtrOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o CryptoKeyIAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o CryptoKeyIAMMemberConditionPtrOutput) ToCryptoKeyIAMMemberConditionPtrOutput() CryptoKeyIAMMemberConditionPtrOutput
- func (o CryptoKeyIAMMemberConditionPtrOutput) ToCryptoKeyIAMMemberConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionPtrOutput
- type CryptoKeyIAMMemberInput
- type CryptoKeyIAMMemberMap
- type CryptoKeyIAMMemberMapInput
- type CryptoKeyIAMMemberMapOutput
- func (CryptoKeyIAMMemberMapOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMMemberMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyIAMMemberOutput
- func (o CryptoKeyIAMMemberMapOutput) ToCryptoKeyIAMMemberMapOutput() CryptoKeyIAMMemberMapOutput
- func (o CryptoKeyIAMMemberMapOutput) ToCryptoKeyIAMMemberMapOutputWithContext(ctx context.Context) CryptoKeyIAMMemberMapOutput
- type CryptoKeyIAMMemberOutput
- func (o CryptoKeyIAMMemberOutput) Condition() CryptoKeyIAMMemberConditionPtrOutput
- func (o CryptoKeyIAMMemberOutput) CryptoKeyId() pulumi.StringOutput
- func (CryptoKeyIAMMemberOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMMemberOutput) Etag() pulumi.StringOutput
- func (o CryptoKeyIAMMemberOutput) Member() pulumi.StringOutput
- func (o CryptoKeyIAMMemberOutput) Role() pulumi.StringOutput
- func (o CryptoKeyIAMMemberOutput) ToCryptoKeyIAMMemberOutput() CryptoKeyIAMMemberOutput
- func (o CryptoKeyIAMMemberOutput) ToCryptoKeyIAMMemberOutputWithContext(ctx context.Context) CryptoKeyIAMMemberOutput
- type CryptoKeyIAMMemberState
- type CryptoKeyIAMPolicy
- type CryptoKeyIAMPolicyArgs
- type CryptoKeyIAMPolicyArray
- type CryptoKeyIAMPolicyArrayInput
- type CryptoKeyIAMPolicyArrayOutput
- func (CryptoKeyIAMPolicyArrayOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMPolicyArrayOutput) Index(i pulumi.IntInput) CryptoKeyIAMPolicyOutput
- func (o CryptoKeyIAMPolicyArrayOutput) ToCryptoKeyIAMPolicyArrayOutput() CryptoKeyIAMPolicyArrayOutput
- func (o CryptoKeyIAMPolicyArrayOutput) ToCryptoKeyIAMPolicyArrayOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyArrayOutput
- type CryptoKeyIAMPolicyInput
- type CryptoKeyIAMPolicyMap
- type CryptoKeyIAMPolicyMapInput
- type CryptoKeyIAMPolicyMapOutput
- func (CryptoKeyIAMPolicyMapOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMPolicyMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyIAMPolicyOutput
- func (o CryptoKeyIAMPolicyMapOutput) ToCryptoKeyIAMPolicyMapOutput() CryptoKeyIAMPolicyMapOutput
- func (o CryptoKeyIAMPolicyMapOutput) ToCryptoKeyIAMPolicyMapOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyMapOutput
- type CryptoKeyIAMPolicyOutput
- func (o CryptoKeyIAMPolicyOutput) CryptoKeyId() pulumi.StringOutput
- func (CryptoKeyIAMPolicyOutput) ElementType() reflect.Type
- func (o CryptoKeyIAMPolicyOutput) Etag() pulumi.StringOutput
- func (o CryptoKeyIAMPolicyOutput) PolicyData() pulumi.StringOutput
- func (o CryptoKeyIAMPolicyOutput) ToCryptoKeyIAMPolicyOutput() CryptoKeyIAMPolicyOutput
- func (o CryptoKeyIAMPolicyOutput) ToCryptoKeyIAMPolicyOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyOutput
- type CryptoKeyIAMPolicyState
- type CryptoKeyInput
- type CryptoKeyKeyAccessJustificationsPolicy
- type CryptoKeyKeyAccessJustificationsPolicyArgs
- func (CryptoKeyKeyAccessJustificationsPolicyArgs) ElementType() reflect.Type
- func (i CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyOutput() CryptoKeyKeyAccessJustificationsPolicyOutput
- func (i CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyOutput
- func (i CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput() CryptoKeyKeyAccessJustificationsPolicyPtrOutput
- func (i CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyPtrOutput
- type CryptoKeyKeyAccessJustificationsPolicyInput
- type CryptoKeyKeyAccessJustificationsPolicyOutput
- func (o CryptoKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons() pulumi.StringArrayOutput
- func (CryptoKeyKeyAccessJustificationsPolicyOutput) ElementType() reflect.Type
- func (o CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyOutput() CryptoKeyKeyAccessJustificationsPolicyOutput
- func (o CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyOutput
- func (o CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput() CryptoKeyKeyAccessJustificationsPolicyPtrOutput
- func (o CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyPtrOutput
- type CryptoKeyKeyAccessJustificationsPolicyPtrInput
- type CryptoKeyKeyAccessJustificationsPolicyPtrOutput
- func (o CryptoKeyKeyAccessJustificationsPolicyPtrOutput) AllowedAccessReasons() pulumi.StringArrayOutput
- func (o CryptoKeyKeyAccessJustificationsPolicyPtrOutput) Elem() CryptoKeyKeyAccessJustificationsPolicyOutput
- func (CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ElementType() reflect.Type
- func (o CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput() CryptoKeyKeyAccessJustificationsPolicyPtrOutput
- func (o CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyPtrOutput
- type CryptoKeyMap
- type CryptoKeyMapInput
- type CryptoKeyMapOutput
- type CryptoKeyOutput
- func (o CryptoKeyOutput) CryptoKeyBackend() pulumi.StringOutput
- func (o CryptoKeyOutput) DestroyScheduledDuration() pulumi.StringOutput
- func (o CryptoKeyOutput) EffectiveLabels() pulumi.StringMapOutput
- func (CryptoKeyOutput) ElementType() reflect.Type
- func (o CryptoKeyOutput) ImportOnly() pulumi.BoolOutput
- func (o CryptoKeyOutput) KeyAccessJustificationsPolicy() CryptoKeyKeyAccessJustificationsPolicyOutput
- func (o CryptoKeyOutput) KeyRing() pulumi.StringOutput
- func (o CryptoKeyOutput) Labels() pulumi.StringMapOutput
- func (o CryptoKeyOutput) Name() pulumi.StringOutput
- func (o CryptoKeyOutput) Primaries() CryptoKeyPrimaryArrayOutput
- func (o CryptoKeyOutput) PulumiLabels() pulumi.StringMapOutput
- func (o CryptoKeyOutput) Purpose() pulumi.StringPtrOutput
- func (o CryptoKeyOutput) RotationPeriod() pulumi.StringPtrOutput
- func (o CryptoKeyOutput) SkipInitialVersionCreation() pulumi.BoolPtrOutput
- func (o CryptoKeyOutput) ToCryptoKeyOutput() CryptoKeyOutput
- func (o CryptoKeyOutput) ToCryptoKeyOutputWithContext(ctx context.Context) CryptoKeyOutput
- func (o CryptoKeyOutput) VersionTemplate() CryptoKeyVersionTemplateOutput
- type CryptoKeyPrimary
- type CryptoKeyPrimaryArgs
- type CryptoKeyPrimaryArray
- type CryptoKeyPrimaryArrayInput
- type CryptoKeyPrimaryArrayOutput
- func (CryptoKeyPrimaryArrayOutput) ElementType() reflect.Type
- func (o CryptoKeyPrimaryArrayOutput) Index(i pulumi.IntInput) CryptoKeyPrimaryOutput
- func (o CryptoKeyPrimaryArrayOutput) ToCryptoKeyPrimaryArrayOutput() CryptoKeyPrimaryArrayOutput
- func (o CryptoKeyPrimaryArrayOutput) ToCryptoKeyPrimaryArrayOutputWithContext(ctx context.Context) CryptoKeyPrimaryArrayOutput
- type CryptoKeyPrimaryInput
- type CryptoKeyPrimaryOutput
- func (CryptoKeyPrimaryOutput) ElementType() reflect.Type
- func (o CryptoKeyPrimaryOutput) Name() pulumi.StringPtrOutput
- func (o CryptoKeyPrimaryOutput) State() pulumi.StringPtrOutput
- func (o CryptoKeyPrimaryOutput) ToCryptoKeyPrimaryOutput() CryptoKeyPrimaryOutput
- func (o CryptoKeyPrimaryOutput) ToCryptoKeyPrimaryOutputWithContext(ctx context.Context) CryptoKeyPrimaryOutput
- type CryptoKeyState
- type CryptoKeyVersion
- type CryptoKeyVersionArgs
- type CryptoKeyVersionArray
- type CryptoKeyVersionArrayInput
- type CryptoKeyVersionArrayOutput
- func (CryptoKeyVersionArrayOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionArrayOutput) Index(i pulumi.IntInput) CryptoKeyVersionOutput
- func (o CryptoKeyVersionArrayOutput) ToCryptoKeyVersionArrayOutput() CryptoKeyVersionArrayOutput
- func (o CryptoKeyVersionArrayOutput) ToCryptoKeyVersionArrayOutputWithContext(ctx context.Context) CryptoKeyVersionArrayOutput
- type CryptoKeyVersionAttestation
- type CryptoKeyVersionAttestationArgs
- func (CryptoKeyVersionAttestationArgs) ElementType() reflect.Type
- func (i CryptoKeyVersionAttestationArgs) ToCryptoKeyVersionAttestationOutput() CryptoKeyVersionAttestationOutput
- func (i CryptoKeyVersionAttestationArgs) ToCryptoKeyVersionAttestationOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationOutput
- type CryptoKeyVersionAttestationArray
- func (CryptoKeyVersionAttestationArray) ElementType() reflect.Type
- func (i CryptoKeyVersionAttestationArray) ToCryptoKeyVersionAttestationArrayOutput() CryptoKeyVersionAttestationArrayOutput
- func (i CryptoKeyVersionAttestationArray) ToCryptoKeyVersionAttestationArrayOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationArrayOutput
- type CryptoKeyVersionAttestationArrayInput
- type CryptoKeyVersionAttestationArrayOutput
- func (CryptoKeyVersionAttestationArrayOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionAttestationArrayOutput) Index(i pulumi.IntInput) CryptoKeyVersionAttestationOutput
- func (o CryptoKeyVersionAttestationArrayOutput) ToCryptoKeyVersionAttestationArrayOutput() CryptoKeyVersionAttestationArrayOutput
- func (o CryptoKeyVersionAttestationArrayOutput) ToCryptoKeyVersionAttestationArrayOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationArrayOutput
- type CryptoKeyVersionAttestationCertChains
- type CryptoKeyVersionAttestationCertChainsArgs
- func (CryptoKeyVersionAttestationCertChainsArgs) ElementType() reflect.Type
- func (i CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsOutput() CryptoKeyVersionAttestationCertChainsOutput
- func (i CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsOutput
- func (i CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsPtrOutput() CryptoKeyVersionAttestationCertChainsPtrOutput
- func (i CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsPtrOutput
- type CryptoKeyVersionAttestationCertChainsInput
- type CryptoKeyVersionAttestationCertChainsOutput
- func (o CryptoKeyVersionAttestationCertChainsOutput) CaviumCerts() pulumi.StringArrayOutput
- func (CryptoKeyVersionAttestationCertChainsOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionAttestationCertChainsOutput) GoogleCardCerts() pulumi.StringArrayOutput
- func (o CryptoKeyVersionAttestationCertChainsOutput) GooglePartitionCerts() pulumi.StringArrayOutput
- func (o CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsOutput() CryptoKeyVersionAttestationCertChainsOutput
- func (o CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsOutput
- func (o CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutput() CryptoKeyVersionAttestationCertChainsPtrOutput
- func (o CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsPtrOutput
- type CryptoKeyVersionAttestationCertChainsPtrInput
- type CryptoKeyVersionAttestationCertChainsPtrOutput
- func (o CryptoKeyVersionAttestationCertChainsPtrOutput) CaviumCerts() pulumi.StringArrayOutput
- func (o CryptoKeyVersionAttestationCertChainsPtrOutput) Elem() CryptoKeyVersionAttestationCertChainsOutput
- func (CryptoKeyVersionAttestationCertChainsPtrOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionAttestationCertChainsPtrOutput) GoogleCardCerts() pulumi.StringArrayOutput
- func (o CryptoKeyVersionAttestationCertChainsPtrOutput) GooglePartitionCerts() pulumi.StringArrayOutput
- func (o CryptoKeyVersionAttestationCertChainsPtrOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutput() CryptoKeyVersionAttestationCertChainsPtrOutput
- func (o CryptoKeyVersionAttestationCertChainsPtrOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsPtrOutput
- type CryptoKeyVersionAttestationExternalProtectionLevelOptions
- type CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs
- func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ElementType() reflect.Type
- func (i CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput
- func (i CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput
- func (i CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
- func (i CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
- type CryptoKeyVersionAttestationExternalProtectionLevelOptionsInput
- type CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput
- func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput
- func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ExternalKeyUri() pulumi.StringPtrOutput
- func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput
- func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput
- func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
- func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
- type CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput
- type CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
- func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput
- func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) Elem() CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput
- func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ExternalKeyUri() pulumi.StringPtrOutput
- func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
- func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
- type CryptoKeyVersionAttestationInput
- type CryptoKeyVersionAttestationOutput
- func (o CryptoKeyVersionAttestationOutput) CertChains() CryptoKeyVersionAttestationCertChainsPtrOutput
- func (o CryptoKeyVersionAttestationOutput) Content() pulumi.StringPtrOutput
- func (CryptoKeyVersionAttestationOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionAttestationOutput) ExternalProtectionLevelOptions() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputdeprecated
- func (o CryptoKeyVersionAttestationOutput) Format() pulumi.StringPtrOutput
- func (o CryptoKeyVersionAttestationOutput) ToCryptoKeyVersionAttestationOutput() CryptoKeyVersionAttestationOutput
- func (o CryptoKeyVersionAttestationOutput) ToCryptoKeyVersionAttestationOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationOutput
- type CryptoKeyVersionExternalProtectionLevelOptions
- type CryptoKeyVersionExternalProtectionLevelOptionsArgs
- func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ElementType() reflect.Type
- func (i CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsOutput() CryptoKeyVersionExternalProtectionLevelOptionsOutput
- func (i CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsOutput
- func (i CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
- func (i CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
- type CryptoKeyVersionExternalProtectionLevelOptionsInput
- type CryptoKeyVersionExternalProtectionLevelOptionsOutput
- func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput
- func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ExternalKeyUri() pulumi.StringPtrOutput
- func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsOutput() CryptoKeyVersionExternalProtectionLevelOptionsOutput
- func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsOutput
- func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
- func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
- type CryptoKeyVersionExternalProtectionLevelOptionsPtrInput
- type CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
- func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput
- func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) Elem() CryptoKeyVersionExternalProtectionLevelOptionsOutput
- func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ExternalKeyUri() pulumi.StringPtrOutput
- func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
- func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
- type CryptoKeyVersionInput
- type CryptoKeyVersionMap
- type CryptoKeyVersionMapInput
- type CryptoKeyVersionMapOutput
- func (CryptoKeyVersionMapOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyVersionOutput
- func (o CryptoKeyVersionMapOutput) ToCryptoKeyVersionMapOutput() CryptoKeyVersionMapOutput
- func (o CryptoKeyVersionMapOutput) ToCryptoKeyVersionMapOutputWithContext(ctx context.Context) CryptoKeyVersionMapOutput
- type CryptoKeyVersionOutput
- func (o CryptoKeyVersionOutput) Algorithm() pulumi.StringOutput
- func (o CryptoKeyVersionOutput) Attestations() CryptoKeyVersionAttestationArrayOutput
- func (o CryptoKeyVersionOutput) CryptoKey() pulumi.StringOutput
- func (CryptoKeyVersionOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionOutput) ExternalProtectionLevelOptions() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
- func (o CryptoKeyVersionOutput) GenerateTime() pulumi.StringOutput
- func (o CryptoKeyVersionOutput) Name() pulumi.StringOutput
- func (o CryptoKeyVersionOutput) ProtectionLevel() pulumi.StringOutput
- func (o CryptoKeyVersionOutput) State() pulumi.StringOutput
- func (o CryptoKeyVersionOutput) ToCryptoKeyVersionOutput() CryptoKeyVersionOutput
- func (o CryptoKeyVersionOutput) ToCryptoKeyVersionOutputWithContext(ctx context.Context) CryptoKeyVersionOutput
- type CryptoKeyVersionState
- type CryptoKeyVersionTemplate
- type CryptoKeyVersionTemplateArgs
- func (CryptoKeyVersionTemplateArgs) ElementType() reflect.Type
- func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutput() CryptoKeyVersionTemplateOutput
- func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateOutput
- func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput
- func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplatePtrOutput
- type CryptoKeyVersionTemplateInput
- type CryptoKeyVersionTemplateOutput
- func (o CryptoKeyVersionTemplateOutput) Algorithm() pulumi.StringOutput
- func (CryptoKeyVersionTemplateOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionTemplateOutput) ProtectionLevel() pulumi.StringPtrOutput
- func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutput() CryptoKeyVersionTemplateOutput
- func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateOutput
- func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput
- func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplatePtrOutput
- type CryptoKeyVersionTemplatePtrInput
- type CryptoKeyVersionTemplatePtrOutput
- func (o CryptoKeyVersionTemplatePtrOutput) Algorithm() pulumi.StringPtrOutput
- func (o CryptoKeyVersionTemplatePtrOutput) Elem() CryptoKeyVersionTemplateOutput
- func (CryptoKeyVersionTemplatePtrOutput) ElementType() reflect.Type
- func (o CryptoKeyVersionTemplatePtrOutput) ProtectionLevel() pulumi.StringPtrOutput
- func (o CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput
- func (o CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplatePtrOutput
- type EkmConnection
- type EkmConnectionArgs
- type EkmConnectionArray
- type EkmConnectionArrayInput
- type EkmConnectionArrayOutput
- func (EkmConnectionArrayOutput) ElementType() reflect.Type
- func (o EkmConnectionArrayOutput) Index(i pulumi.IntInput) EkmConnectionOutput
- func (o EkmConnectionArrayOutput) ToEkmConnectionArrayOutput() EkmConnectionArrayOutput
- func (o EkmConnectionArrayOutput) ToEkmConnectionArrayOutputWithContext(ctx context.Context) EkmConnectionArrayOutput
- type EkmConnectionIamBinding
- type EkmConnectionIamBindingArgs
- type EkmConnectionIamBindingArray
- func (EkmConnectionIamBindingArray) ElementType() reflect.Type
- func (i EkmConnectionIamBindingArray) ToEkmConnectionIamBindingArrayOutput() EkmConnectionIamBindingArrayOutput
- func (i EkmConnectionIamBindingArray) ToEkmConnectionIamBindingArrayOutputWithContext(ctx context.Context) EkmConnectionIamBindingArrayOutput
- type EkmConnectionIamBindingArrayInput
- type EkmConnectionIamBindingArrayOutput
- func (EkmConnectionIamBindingArrayOutput) ElementType() reflect.Type
- func (o EkmConnectionIamBindingArrayOutput) Index(i pulumi.IntInput) EkmConnectionIamBindingOutput
- func (o EkmConnectionIamBindingArrayOutput) ToEkmConnectionIamBindingArrayOutput() EkmConnectionIamBindingArrayOutput
- func (o EkmConnectionIamBindingArrayOutput) ToEkmConnectionIamBindingArrayOutputWithContext(ctx context.Context) EkmConnectionIamBindingArrayOutput
- type EkmConnectionIamBindingCondition
- type EkmConnectionIamBindingConditionArgs
- func (EkmConnectionIamBindingConditionArgs) ElementType() reflect.Type
- func (i EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionOutput() EkmConnectionIamBindingConditionOutput
- func (i EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionOutput
- func (i EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionPtrOutput() EkmConnectionIamBindingConditionPtrOutput
- func (i EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionPtrOutput
- type EkmConnectionIamBindingConditionInput
- type EkmConnectionIamBindingConditionOutput
- func (o EkmConnectionIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (EkmConnectionIamBindingConditionOutput) ElementType() reflect.Type
- func (o EkmConnectionIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o EkmConnectionIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionOutput() EkmConnectionIamBindingConditionOutput
- func (o EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionOutput
- func (o EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionPtrOutput() EkmConnectionIamBindingConditionPtrOutput
- func (o EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionPtrOutput
- type EkmConnectionIamBindingConditionPtrInput
- type EkmConnectionIamBindingConditionPtrOutput
- func (o EkmConnectionIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o EkmConnectionIamBindingConditionPtrOutput) Elem() EkmConnectionIamBindingConditionOutput
- func (EkmConnectionIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o EkmConnectionIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o EkmConnectionIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o EkmConnectionIamBindingConditionPtrOutput) ToEkmConnectionIamBindingConditionPtrOutput() EkmConnectionIamBindingConditionPtrOutput
- func (o EkmConnectionIamBindingConditionPtrOutput) ToEkmConnectionIamBindingConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionPtrOutput
- type EkmConnectionIamBindingInput
- type EkmConnectionIamBindingMap
- func (EkmConnectionIamBindingMap) ElementType() reflect.Type
- func (i EkmConnectionIamBindingMap) ToEkmConnectionIamBindingMapOutput() EkmConnectionIamBindingMapOutput
- func (i EkmConnectionIamBindingMap) ToEkmConnectionIamBindingMapOutputWithContext(ctx context.Context) EkmConnectionIamBindingMapOutput
- type EkmConnectionIamBindingMapInput
- type EkmConnectionIamBindingMapOutput
- func (EkmConnectionIamBindingMapOutput) ElementType() reflect.Type
- func (o EkmConnectionIamBindingMapOutput) MapIndex(k pulumi.StringInput) EkmConnectionIamBindingOutput
- func (o EkmConnectionIamBindingMapOutput) ToEkmConnectionIamBindingMapOutput() EkmConnectionIamBindingMapOutput
- func (o EkmConnectionIamBindingMapOutput) ToEkmConnectionIamBindingMapOutputWithContext(ctx context.Context) EkmConnectionIamBindingMapOutput
- type EkmConnectionIamBindingOutput
- func (o EkmConnectionIamBindingOutput) Condition() EkmConnectionIamBindingConditionPtrOutput
- func (EkmConnectionIamBindingOutput) ElementType() reflect.Type
- func (o EkmConnectionIamBindingOutput) Etag() pulumi.StringOutput
- func (o EkmConnectionIamBindingOutput) Location() pulumi.StringOutput
- func (o EkmConnectionIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o EkmConnectionIamBindingOutput) Name() pulumi.StringOutput
- func (o EkmConnectionIamBindingOutput) Project() pulumi.StringOutput
- func (o EkmConnectionIamBindingOutput) Role() pulumi.StringOutput
- func (o EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutput() EkmConnectionIamBindingOutput
- func (o EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutputWithContext(ctx context.Context) EkmConnectionIamBindingOutput
- type EkmConnectionIamBindingState
- type EkmConnectionIamMember
- type EkmConnectionIamMemberArgs
- type EkmConnectionIamMemberArray
- func (EkmConnectionIamMemberArray) ElementType() reflect.Type
- func (i EkmConnectionIamMemberArray) ToEkmConnectionIamMemberArrayOutput() EkmConnectionIamMemberArrayOutput
- func (i EkmConnectionIamMemberArray) ToEkmConnectionIamMemberArrayOutputWithContext(ctx context.Context) EkmConnectionIamMemberArrayOutput
- type EkmConnectionIamMemberArrayInput
- type EkmConnectionIamMemberArrayOutput
- func (EkmConnectionIamMemberArrayOutput) ElementType() reflect.Type
- func (o EkmConnectionIamMemberArrayOutput) Index(i pulumi.IntInput) EkmConnectionIamMemberOutput
- func (o EkmConnectionIamMemberArrayOutput) ToEkmConnectionIamMemberArrayOutput() EkmConnectionIamMemberArrayOutput
- func (o EkmConnectionIamMemberArrayOutput) ToEkmConnectionIamMemberArrayOutputWithContext(ctx context.Context) EkmConnectionIamMemberArrayOutput
- type EkmConnectionIamMemberCondition
- type EkmConnectionIamMemberConditionArgs
- func (EkmConnectionIamMemberConditionArgs) ElementType() reflect.Type
- func (i EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionOutput() EkmConnectionIamMemberConditionOutput
- func (i EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionOutput
- func (i EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionPtrOutput() EkmConnectionIamMemberConditionPtrOutput
- func (i EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionPtrOutput
- type EkmConnectionIamMemberConditionInput
- type EkmConnectionIamMemberConditionOutput
- func (o EkmConnectionIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (EkmConnectionIamMemberConditionOutput) ElementType() reflect.Type
- func (o EkmConnectionIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o EkmConnectionIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionOutput() EkmConnectionIamMemberConditionOutput
- func (o EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionOutput
- func (o EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionPtrOutput() EkmConnectionIamMemberConditionPtrOutput
- func (o EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionPtrOutput
- type EkmConnectionIamMemberConditionPtrInput
- type EkmConnectionIamMemberConditionPtrOutput
- func (o EkmConnectionIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o EkmConnectionIamMemberConditionPtrOutput) Elem() EkmConnectionIamMemberConditionOutput
- func (EkmConnectionIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o EkmConnectionIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o EkmConnectionIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o EkmConnectionIamMemberConditionPtrOutput) ToEkmConnectionIamMemberConditionPtrOutput() EkmConnectionIamMemberConditionPtrOutput
- func (o EkmConnectionIamMemberConditionPtrOutput) ToEkmConnectionIamMemberConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionPtrOutput
- type EkmConnectionIamMemberInput
- type EkmConnectionIamMemberMap
- type EkmConnectionIamMemberMapInput
- type EkmConnectionIamMemberMapOutput
- func (EkmConnectionIamMemberMapOutput) ElementType() reflect.Type
- func (o EkmConnectionIamMemberMapOutput) MapIndex(k pulumi.StringInput) EkmConnectionIamMemberOutput
- func (o EkmConnectionIamMemberMapOutput) ToEkmConnectionIamMemberMapOutput() EkmConnectionIamMemberMapOutput
- func (o EkmConnectionIamMemberMapOutput) ToEkmConnectionIamMemberMapOutputWithContext(ctx context.Context) EkmConnectionIamMemberMapOutput
- type EkmConnectionIamMemberOutput
- func (o EkmConnectionIamMemberOutput) Condition() EkmConnectionIamMemberConditionPtrOutput
- func (EkmConnectionIamMemberOutput) ElementType() reflect.Type
- func (o EkmConnectionIamMemberOutput) Etag() pulumi.StringOutput
- func (o EkmConnectionIamMemberOutput) Location() pulumi.StringOutput
- func (o EkmConnectionIamMemberOutput) Member() pulumi.StringOutput
- func (o EkmConnectionIamMemberOutput) Name() pulumi.StringOutput
- func (o EkmConnectionIamMemberOutput) Project() pulumi.StringOutput
- func (o EkmConnectionIamMemberOutput) Role() pulumi.StringOutput
- func (o EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutput() EkmConnectionIamMemberOutput
- func (o EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutputWithContext(ctx context.Context) EkmConnectionIamMemberOutput
- type EkmConnectionIamMemberState
- type EkmConnectionIamPolicy
- type EkmConnectionIamPolicyArgs
- type EkmConnectionIamPolicyArray
- func (EkmConnectionIamPolicyArray) ElementType() reflect.Type
- func (i EkmConnectionIamPolicyArray) ToEkmConnectionIamPolicyArrayOutput() EkmConnectionIamPolicyArrayOutput
- func (i EkmConnectionIamPolicyArray) ToEkmConnectionIamPolicyArrayOutputWithContext(ctx context.Context) EkmConnectionIamPolicyArrayOutput
- type EkmConnectionIamPolicyArrayInput
- type EkmConnectionIamPolicyArrayOutput
- func (EkmConnectionIamPolicyArrayOutput) ElementType() reflect.Type
- func (o EkmConnectionIamPolicyArrayOutput) Index(i pulumi.IntInput) EkmConnectionIamPolicyOutput
- func (o EkmConnectionIamPolicyArrayOutput) ToEkmConnectionIamPolicyArrayOutput() EkmConnectionIamPolicyArrayOutput
- func (o EkmConnectionIamPolicyArrayOutput) ToEkmConnectionIamPolicyArrayOutputWithContext(ctx context.Context) EkmConnectionIamPolicyArrayOutput
- type EkmConnectionIamPolicyInput
- type EkmConnectionIamPolicyMap
- type EkmConnectionIamPolicyMapInput
- type EkmConnectionIamPolicyMapOutput
- func (EkmConnectionIamPolicyMapOutput) ElementType() reflect.Type
- func (o EkmConnectionIamPolicyMapOutput) MapIndex(k pulumi.StringInput) EkmConnectionIamPolicyOutput
- func (o EkmConnectionIamPolicyMapOutput) ToEkmConnectionIamPolicyMapOutput() EkmConnectionIamPolicyMapOutput
- func (o EkmConnectionIamPolicyMapOutput) ToEkmConnectionIamPolicyMapOutputWithContext(ctx context.Context) EkmConnectionIamPolicyMapOutput
- type EkmConnectionIamPolicyOutput
- func (EkmConnectionIamPolicyOutput) ElementType() reflect.Type
- func (o EkmConnectionIamPolicyOutput) Etag() pulumi.StringOutput
- func (o EkmConnectionIamPolicyOutput) Location() pulumi.StringOutput
- func (o EkmConnectionIamPolicyOutput) Name() pulumi.StringOutput
- func (o EkmConnectionIamPolicyOutput) PolicyData() pulumi.StringOutput
- func (o EkmConnectionIamPolicyOutput) Project() pulumi.StringOutput
- func (o EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutput() EkmConnectionIamPolicyOutput
- func (o EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutputWithContext(ctx context.Context) EkmConnectionIamPolicyOutput
- type EkmConnectionIamPolicyState
- type EkmConnectionInput
- type EkmConnectionMap
- type EkmConnectionMapInput
- type EkmConnectionMapOutput
- func (EkmConnectionMapOutput) ElementType() reflect.Type
- func (o EkmConnectionMapOutput) MapIndex(k pulumi.StringInput) EkmConnectionOutput
- func (o EkmConnectionMapOutput) ToEkmConnectionMapOutput() EkmConnectionMapOutput
- func (o EkmConnectionMapOutput) ToEkmConnectionMapOutputWithContext(ctx context.Context) EkmConnectionMapOutput
- type EkmConnectionOutput
- func (o EkmConnectionOutput) CreateTime() pulumi.StringOutput
- func (o EkmConnectionOutput) CryptoSpacePath() pulumi.StringOutput
- func (EkmConnectionOutput) ElementType() reflect.Type
- func (o EkmConnectionOutput) Etag() pulumi.StringOutput
- func (o EkmConnectionOutput) KeyManagementMode() pulumi.StringPtrOutput
- func (o EkmConnectionOutput) Location() pulumi.StringOutput
- func (o EkmConnectionOutput) Name() pulumi.StringOutput
- func (o EkmConnectionOutput) Project() pulumi.StringOutput
- func (o EkmConnectionOutput) ServiceResolvers() EkmConnectionServiceResolverArrayOutput
- func (o EkmConnectionOutput) ToEkmConnectionOutput() EkmConnectionOutput
- func (o EkmConnectionOutput) ToEkmConnectionOutputWithContext(ctx context.Context) EkmConnectionOutput
- type EkmConnectionServiceResolver
- type EkmConnectionServiceResolverArgs
- func (EkmConnectionServiceResolverArgs) ElementType() reflect.Type
- func (i EkmConnectionServiceResolverArgs) ToEkmConnectionServiceResolverOutput() EkmConnectionServiceResolverOutput
- func (i EkmConnectionServiceResolverArgs) ToEkmConnectionServiceResolverOutputWithContext(ctx context.Context) EkmConnectionServiceResolverOutput
- type EkmConnectionServiceResolverArray
- func (EkmConnectionServiceResolverArray) ElementType() reflect.Type
- func (i EkmConnectionServiceResolverArray) ToEkmConnectionServiceResolverArrayOutput() EkmConnectionServiceResolverArrayOutput
- func (i EkmConnectionServiceResolverArray) ToEkmConnectionServiceResolverArrayOutputWithContext(ctx context.Context) EkmConnectionServiceResolverArrayOutput
- type EkmConnectionServiceResolverArrayInput
- type EkmConnectionServiceResolverArrayOutput
- func (EkmConnectionServiceResolverArrayOutput) ElementType() reflect.Type
- func (o EkmConnectionServiceResolverArrayOutput) Index(i pulumi.IntInput) EkmConnectionServiceResolverOutput
- func (o EkmConnectionServiceResolverArrayOutput) ToEkmConnectionServiceResolverArrayOutput() EkmConnectionServiceResolverArrayOutput
- func (o EkmConnectionServiceResolverArrayOutput) ToEkmConnectionServiceResolverArrayOutputWithContext(ctx context.Context) EkmConnectionServiceResolverArrayOutput
- type EkmConnectionServiceResolverInput
- type EkmConnectionServiceResolverOutput
- func (EkmConnectionServiceResolverOutput) ElementType() reflect.Type
- func (o EkmConnectionServiceResolverOutput) EndpointFilter() pulumi.StringPtrOutput
- func (o EkmConnectionServiceResolverOutput) Hostname() pulumi.StringOutput
- func (o EkmConnectionServiceResolverOutput) ServerCertificates() EkmConnectionServiceResolverServerCertificateArrayOutput
- func (o EkmConnectionServiceResolverOutput) ServiceDirectoryService() pulumi.StringOutput
- func (o EkmConnectionServiceResolverOutput) ToEkmConnectionServiceResolverOutput() EkmConnectionServiceResolverOutput
- func (o EkmConnectionServiceResolverOutput) ToEkmConnectionServiceResolverOutputWithContext(ctx context.Context) EkmConnectionServiceResolverOutput
- type EkmConnectionServiceResolverServerCertificate
- type EkmConnectionServiceResolverServerCertificateArgs
- func (EkmConnectionServiceResolverServerCertificateArgs) ElementType() reflect.Type
- func (i EkmConnectionServiceResolverServerCertificateArgs) ToEkmConnectionServiceResolverServerCertificateOutput() EkmConnectionServiceResolverServerCertificateOutput
- func (i EkmConnectionServiceResolverServerCertificateArgs) ToEkmConnectionServiceResolverServerCertificateOutputWithContext(ctx context.Context) EkmConnectionServiceResolverServerCertificateOutput
- type EkmConnectionServiceResolverServerCertificateArray
- func (EkmConnectionServiceResolverServerCertificateArray) ElementType() reflect.Type
- func (i EkmConnectionServiceResolverServerCertificateArray) ToEkmConnectionServiceResolverServerCertificateArrayOutput() EkmConnectionServiceResolverServerCertificateArrayOutput
- func (i EkmConnectionServiceResolverServerCertificateArray) ToEkmConnectionServiceResolverServerCertificateArrayOutputWithContext(ctx context.Context) EkmConnectionServiceResolverServerCertificateArrayOutput
- type EkmConnectionServiceResolverServerCertificateArrayInput
- type EkmConnectionServiceResolverServerCertificateArrayOutput
- func (EkmConnectionServiceResolverServerCertificateArrayOutput) ElementType() reflect.Type
- func (o EkmConnectionServiceResolverServerCertificateArrayOutput) Index(i pulumi.IntInput) EkmConnectionServiceResolverServerCertificateOutput
- func (o EkmConnectionServiceResolverServerCertificateArrayOutput) ToEkmConnectionServiceResolverServerCertificateArrayOutput() EkmConnectionServiceResolverServerCertificateArrayOutput
- func (o EkmConnectionServiceResolverServerCertificateArrayOutput) ToEkmConnectionServiceResolverServerCertificateArrayOutputWithContext(ctx context.Context) EkmConnectionServiceResolverServerCertificateArrayOutput
- type EkmConnectionServiceResolverServerCertificateInput
- type EkmConnectionServiceResolverServerCertificateOutput
- func (EkmConnectionServiceResolverServerCertificateOutput) ElementType() reflect.Type
- func (o EkmConnectionServiceResolverServerCertificateOutput) Issuer() pulumi.StringPtrOutput
- func (o EkmConnectionServiceResolverServerCertificateOutput) NotAfterTime() pulumi.StringPtrOutput
- func (o EkmConnectionServiceResolverServerCertificateOutput) NotBeforeTime() pulumi.StringPtrOutput
- func (o EkmConnectionServiceResolverServerCertificateOutput) Parsed() pulumi.BoolPtrOutput
- func (o EkmConnectionServiceResolverServerCertificateOutput) RawDer() pulumi.StringOutput
- func (o EkmConnectionServiceResolverServerCertificateOutput) SerialNumber() pulumi.StringPtrOutput
- func (o EkmConnectionServiceResolverServerCertificateOutput) Sha256Fingerprint() pulumi.StringPtrOutput
- func (o EkmConnectionServiceResolverServerCertificateOutput) Subject() pulumi.StringPtrOutput
- func (o EkmConnectionServiceResolverServerCertificateOutput) SubjectAlternativeDnsNames() pulumi.StringArrayOutput
- func (o EkmConnectionServiceResolverServerCertificateOutput) ToEkmConnectionServiceResolverServerCertificateOutput() EkmConnectionServiceResolverServerCertificateOutput
- func (o EkmConnectionServiceResolverServerCertificateOutput) ToEkmConnectionServiceResolverServerCertificateOutputWithContext(ctx context.Context) EkmConnectionServiceResolverServerCertificateOutput
- type EkmConnectionState
- type GetCryptoKeyIamPolicyArgs
- type GetCryptoKeyIamPolicyOutputArgs
- type GetCryptoKeyIamPolicyResult
- type GetCryptoKeyIamPolicyResultOutput
- func (o GetCryptoKeyIamPolicyResultOutput) CryptoKeyId() pulumi.StringOutput
- func (GetCryptoKeyIamPolicyResultOutput) ElementType() reflect.Type
- func (o GetCryptoKeyIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o GetCryptoKeyIamPolicyResultOutput) Id() pulumi.StringOutput
- func (o GetCryptoKeyIamPolicyResultOutput) PolicyData() pulumi.StringOutput
- func (o GetCryptoKeyIamPolicyResultOutput) ToGetCryptoKeyIamPolicyResultOutput() GetCryptoKeyIamPolicyResultOutput
- func (o GetCryptoKeyIamPolicyResultOutput) ToGetCryptoKeyIamPolicyResultOutputWithContext(ctx context.Context) GetCryptoKeyIamPolicyResultOutput
- type GetCryptoKeyLatestVersionArgs
- type GetCryptoKeyLatestVersionOutputArgs
- type GetCryptoKeyLatestVersionPublicKey
- type GetCryptoKeyLatestVersionPublicKeyArgs
- func (GetCryptoKeyLatestVersionPublicKeyArgs) ElementType() reflect.Type
- func (i GetCryptoKeyLatestVersionPublicKeyArgs) ToGetCryptoKeyLatestVersionPublicKeyOutput() GetCryptoKeyLatestVersionPublicKeyOutput
- func (i GetCryptoKeyLatestVersionPublicKeyArgs) ToGetCryptoKeyLatestVersionPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionPublicKeyOutput
- type GetCryptoKeyLatestVersionPublicKeyArray
- func (GetCryptoKeyLatestVersionPublicKeyArray) ElementType() reflect.Type
- func (i GetCryptoKeyLatestVersionPublicKeyArray) ToGetCryptoKeyLatestVersionPublicKeyArrayOutput() GetCryptoKeyLatestVersionPublicKeyArrayOutput
- func (i GetCryptoKeyLatestVersionPublicKeyArray) ToGetCryptoKeyLatestVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionPublicKeyArrayOutput
- type GetCryptoKeyLatestVersionPublicKeyArrayInput
- type GetCryptoKeyLatestVersionPublicKeyArrayOutput
- func (GetCryptoKeyLatestVersionPublicKeyArrayOutput) ElementType() reflect.Type
- func (o GetCryptoKeyLatestVersionPublicKeyArrayOutput) Index(i pulumi.IntInput) GetCryptoKeyLatestVersionPublicKeyOutput
- func (o GetCryptoKeyLatestVersionPublicKeyArrayOutput) ToGetCryptoKeyLatestVersionPublicKeyArrayOutput() GetCryptoKeyLatestVersionPublicKeyArrayOutput
- func (o GetCryptoKeyLatestVersionPublicKeyArrayOutput) ToGetCryptoKeyLatestVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionPublicKeyArrayOutput
- type GetCryptoKeyLatestVersionPublicKeyInput
- type GetCryptoKeyLatestVersionPublicKeyOutput
- func (o GetCryptoKeyLatestVersionPublicKeyOutput) Algorithm() pulumi.StringOutput
- func (GetCryptoKeyLatestVersionPublicKeyOutput) ElementType() reflect.Type
- func (o GetCryptoKeyLatestVersionPublicKeyOutput) Pem() pulumi.StringOutput
- func (o GetCryptoKeyLatestVersionPublicKeyOutput) ToGetCryptoKeyLatestVersionPublicKeyOutput() GetCryptoKeyLatestVersionPublicKeyOutput
- func (o GetCryptoKeyLatestVersionPublicKeyOutput) ToGetCryptoKeyLatestVersionPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionPublicKeyOutput
- type GetCryptoKeyLatestVersionResult
- type GetCryptoKeyLatestVersionResultOutput
- func (o GetCryptoKeyLatestVersionResultOutput) Algorithm() pulumi.StringOutput
- func (o GetCryptoKeyLatestVersionResultOutput) CryptoKey() pulumi.StringOutput
- func (GetCryptoKeyLatestVersionResultOutput) ElementType() reflect.Type
- func (o GetCryptoKeyLatestVersionResultOutput) Filter() pulumi.StringPtrOutput
- func (o GetCryptoKeyLatestVersionResultOutput) Id() pulumi.StringOutput
- func (o GetCryptoKeyLatestVersionResultOutput) Name() pulumi.StringOutput
- func (o GetCryptoKeyLatestVersionResultOutput) ProtectionLevel() pulumi.StringOutput
- func (o GetCryptoKeyLatestVersionResultOutput) PublicKeys() GetCryptoKeyLatestVersionPublicKeyArrayOutput
- func (o GetCryptoKeyLatestVersionResultOutput) State() pulumi.StringOutput
- func (o GetCryptoKeyLatestVersionResultOutput) ToGetCryptoKeyLatestVersionResultOutput() GetCryptoKeyLatestVersionResultOutput
- func (o GetCryptoKeyLatestVersionResultOutput) ToGetCryptoKeyLatestVersionResultOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionResultOutput
- func (o GetCryptoKeyLatestVersionResultOutput) Version() pulumi.IntOutput
- type GetCryptoKeyVersionsArgs
- type GetCryptoKeyVersionsOutputArgs
- type GetCryptoKeyVersionsPublicKey
- type GetCryptoKeyVersionsPublicKeyArgs
- func (GetCryptoKeyVersionsPublicKeyArgs) ElementType() reflect.Type
- func (i GetCryptoKeyVersionsPublicKeyArgs) ToGetCryptoKeyVersionsPublicKeyOutput() GetCryptoKeyVersionsPublicKeyOutput
- func (i GetCryptoKeyVersionsPublicKeyArgs) ToGetCryptoKeyVersionsPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyVersionsPublicKeyOutput
- type GetCryptoKeyVersionsPublicKeyArray
- func (GetCryptoKeyVersionsPublicKeyArray) ElementType() reflect.Type
- func (i GetCryptoKeyVersionsPublicKeyArray) ToGetCryptoKeyVersionsPublicKeyArrayOutput() GetCryptoKeyVersionsPublicKeyArrayOutput
- func (i GetCryptoKeyVersionsPublicKeyArray) ToGetCryptoKeyVersionsPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsPublicKeyArrayOutput
- type GetCryptoKeyVersionsPublicKeyArrayInput
- type GetCryptoKeyVersionsPublicKeyArrayOutput
- func (GetCryptoKeyVersionsPublicKeyArrayOutput) ElementType() reflect.Type
- func (o GetCryptoKeyVersionsPublicKeyArrayOutput) Index(i pulumi.IntInput) GetCryptoKeyVersionsPublicKeyOutput
- func (o GetCryptoKeyVersionsPublicKeyArrayOutput) ToGetCryptoKeyVersionsPublicKeyArrayOutput() GetCryptoKeyVersionsPublicKeyArrayOutput
- func (o GetCryptoKeyVersionsPublicKeyArrayOutput) ToGetCryptoKeyVersionsPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsPublicKeyArrayOutput
- type GetCryptoKeyVersionsPublicKeyInput
- type GetCryptoKeyVersionsPublicKeyOutput
- func (o GetCryptoKeyVersionsPublicKeyOutput) Algorithm() pulumi.StringOutput
- func (GetCryptoKeyVersionsPublicKeyOutput) ElementType() reflect.Type
- func (o GetCryptoKeyVersionsPublicKeyOutput) Pem() pulumi.StringOutput
- func (o GetCryptoKeyVersionsPublicKeyOutput) ToGetCryptoKeyVersionsPublicKeyOutput() GetCryptoKeyVersionsPublicKeyOutput
- func (o GetCryptoKeyVersionsPublicKeyOutput) ToGetCryptoKeyVersionsPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyVersionsPublicKeyOutput
- type GetCryptoKeyVersionsResult
- type GetCryptoKeyVersionsResultOutput
- func (o GetCryptoKeyVersionsResultOutput) CryptoKey() pulumi.StringOutput
- func (GetCryptoKeyVersionsResultOutput) ElementType() reflect.Type
- func (o GetCryptoKeyVersionsResultOutput) Filter() pulumi.StringPtrOutput
- func (o GetCryptoKeyVersionsResultOutput) Id() pulumi.StringOutput
- func (o GetCryptoKeyVersionsResultOutput) PublicKeys() GetCryptoKeyVersionsPublicKeyArrayOutput
- func (o GetCryptoKeyVersionsResultOutput) ToGetCryptoKeyVersionsResultOutput() GetCryptoKeyVersionsResultOutput
- func (o GetCryptoKeyVersionsResultOutput) ToGetCryptoKeyVersionsResultOutputWithContext(ctx context.Context) GetCryptoKeyVersionsResultOutput
- func (o GetCryptoKeyVersionsResultOutput) Versions() GetCryptoKeyVersionsVersionArrayOutput
- type GetCryptoKeyVersionsVersion
- type GetCryptoKeyVersionsVersionArgs
- func (GetCryptoKeyVersionsVersionArgs) ElementType() reflect.Type
- func (i GetCryptoKeyVersionsVersionArgs) ToGetCryptoKeyVersionsVersionOutput() GetCryptoKeyVersionsVersionOutput
- func (i GetCryptoKeyVersionsVersionArgs) ToGetCryptoKeyVersionsVersionOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionOutput
- type GetCryptoKeyVersionsVersionArray
- func (GetCryptoKeyVersionsVersionArray) ElementType() reflect.Type
- func (i GetCryptoKeyVersionsVersionArray) ToGetCryptoKeyVersionsVersionArrayOutput() GetCryptoKeyVersionsVersionArrayOutput
- func (i GetCryptoKeyVersionsVersionArray) ToGetCryptoKeyVersionsVersionArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionArrayOutput
- type GetCryptoKeyVersionsVersionArrayInput
- type GetCryptoKeyVersionsVersionArrayOutput
- func (GetCryptoKeyVersionsVersionArrayOutput) ElementType() reflect.Type
- func (o GetCryptoKeyVersionsVersionArrayOutput) Index(i pulumi.IntInput) GetCryptoKeyVersionsVersionOutput
- func (o GetCryptoKeyVersionsVersionArrayOutput) ToGetCryptoKeyVersionsVersionArrayOutput() GetCryptoKeyVersionsVersionArrayOutput
- func (o GetCryptoKeyVersionsVersionArrayOutput) ToGetCryptoKeyVersionsVersionArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionArrayOutput
- type GetCryptoKeyVersionsVersionInput
- type GetCryptoKeyVersionsVersionOutput
- func (o GetCryptoKeyVersionsVersionOutput) Algorithm() pulumi.StringOutput
- func (o GetCryptoKeyVersionsVersionOutput) CryptoKey() pulumi.StringOutput
- func (GetCryptoKeyVersionsVersionOutput) ElementType() reflect.Type
- func (o GetCryptoKeyVersionsVersionOutput) Id() pulumi.StringOutput
- func (o GetCryptoKeyVersionsVersionOutput) Name() pulumi.StringOutput
- func (o GetCryptoKeyVersionsVersionOutput) ProtectionLevel() pulumi.StringOutput
- func (o GetCryptoKeyVersionsVersionOutput) PublicKeys() GetCryptoKeyVersionsVersionPublicKeyArrayOutput
- func (o GetCryptoKeyVersionsVersionOutput) State() pulumi.StringOutput
- func (o GetCryptoKeyVersionsVersionOutput) ToGetCryptoKeyVersionsVersionOutput() GetCryptoKeyVersionsVersionOutput
- func (o GetCryptoKeyVersionsVersionOutput) ToGetCryptoKeyVersionsVersionOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionOutput
- func (o GetCryptoKeyVersionsVersionOutput) Version() pulumi.IntOutput
- type GetCryptoKeyVersionsVersionPublicKey
- type GetCryptoKeyVersionsVersionPublicKeyArgs
- func (GetCryptoKeyVersionsVersionPublicKeyArgs) ElementType() reflect.Type
- func (i GetCryptoKeyVersionsVersionPublicKeyArgs) ToGetCryptoKeyVersionsVersionPublicKeyOutput() GetCryptoKeyVersionsVersionPublicKeyOutput
- func (i GetCryptoKeyVersionsVersionPublicKeyArgs) ToGetCryptoKeyVersionsVersionPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionPublicKeyOutput
- type GetCryptoKeyVersionsVersionPublicKeyArray
- func (GetCryptoKeyVersionsVersionPublicKeyArray) ElementType() reflect.Type
- func (i GetCryptoKeyVersionsVersionPublicKeyArray) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutput() GetCryptoKeyVersionsVersionPublicKeyArrayOutput
- func (i GetCryptoKeyVersionsVersionPublicKeyArray) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionPublicKeyArrayOutput
- type GetCryptoKeyVersionsVersionPublicKeyArrayInput
- type GetCryptoKeyVersionsVersionPublicKeyArrayOutput
- func (GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ElementType() reflect.Type
- func (o GetCryptoKeyVersionsVersionPublicKeyArrayOutput) Index(i pulumi.IntInput) GetCryptoKeyVersionsVersionPublicKeyOutput
- func (o GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutput() GetCryptoKeyVersionsVersionPublicKeyArrayOutput
- func (o GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionPublicKeyArrayOutput
- type GetCryptoKeyVersionsVersionPublicKeyInput
- type GetCryptoKeyVersionsVersionPublicKeyOutput
- func (o GetCryptoKeyVersionsVersionPublicKeyOutput) Algorithm() pulumi.StringOutput
- func (GetCryptoKeyVersionsVersionPublicKeyOutput) ElementType() reflect.Type
- func (o GetCryptoKeyVersionsVersionPublicKeyOutput) Pem() pulumi.StringOutput
- func (o GetCryptoKeyVersionsVersionPublicKeyOutput) ToGetCryptoKeyVersionsVersionPublicKeyOutput() GetCryptoKeyVersionsVersionPublicKeyOutput
- func (o GetCryptoKeyVersionsVersionPublicKeyOutput) ToGetCryptoKeyVersionsVersionPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionPublicKeyOutput
- type GetCryptoKeysArgs
- type GetCryptoKeysKey
- type GetCryptoKeysKeyArgs
- type GetCryptoKeysKeyArray
- type GetCryptoKeysKeyArrayInput
- type GetCryptoKeysKeyArrayOutput
- func (GetCryptoKeysKeyArrayOutput) ElementType() reflect.Type
- func (o GetCryptoKeysKeyArrayOutput) Index(i pulumi.IntInput) GetCryptoKeysKeyOutput
- func (o GetCryptoKeysKeyArrayOutput) ToGetCryptoKeysKeyArrayOutput() GetCryptoKeysKeyArrayOutput
- func (o GetCryptoKeysKeyArrayOutput) ToGetCryptoKeysKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyArrayOutput
- type GetCryptoKeysKeyInput
- type GetCryptoKeysKeyKeyAccessJustificationsPolicy
- type GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs
- func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ElementType() reflect.Type
- func (i GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput
- func (i GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput
- type GetCryptoKeysKeyKeyAccessJustificationsPolicyArray
- func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ElementType() reflect.Type
- func (i GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
- func (i GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
- type GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayInput
- type GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
- func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ElementType() reflect.Type
- func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) Index(i pulumi.IntInput) GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput
- func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
- func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
- type GetCryptoKeysKeyKeyAccessJustificationsPolicyInput
- type GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput
- func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons() pulumi.StringArrayOutput
- func (GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ElementType() reflect.Type
- func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput
- func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput
- type GetCryptoKeysKeyOutput
- func (o GetCryptoKeysKeyOutput) CryptoKeyBackend() pulumi.StringOutput
- func (o GetCryptoKeysKeyOutput) DestroyScheduledDuration() pulumi.StringOutput
- func (o GetCryptoKeysKeyOutput) EffectiveLabels() pulumi.StringMapOutput
- func (GetCryptoKeysKeyOutput) ElementType() reflect.Type
- func (o GetCryptoKeysKeyOutput) Id() pulumi.StringOutput
- func (o GetCryptoKeysKeyOutput) ImportOnly() pulumi.BoolOutput
- func (o GetCryptoKeysKeyOutput) KeyAccessJustificationsPolicies() GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
- func (o GetCryptoKeysKeyOutput) KeyRing() pulumi.StringPtrOutput
- func (o GetCryptoKeysKeyOutput) Labels() pulumi.StringMapOutput
- func (o GetCryptoKeysKeyOutput) Name() pulumi.StringPtrOutput
- func (o GetCryptoKeysKeyOutput) Primaries() GetCryptoKeysKeyPrimaryArrayOutput
- func (o GetCryptoKeysKeyOutput) PulumiLabels() pulumi.StringMapOutput
- func (o GetCryptoKeysKeyOutput) Purpose() pulumi.StringOutput
- func (o GetCryptoKeysKeyOutput) RotationPeriod() pulumi.StringOutput
- func (o GetCryptoKeysKeyOutput) SkipInitialVersionCreation() pulumi.BoolOutput
- func (o GetCryptoKeysKeyOutput) ToGetCryptoKeysKeyOutput() GetCryptoKeysKeyOutput
- func (o GetCryptoKeysKeyOutput) ToGetCryptoKeysKeyOutputWithContext(ctx context.Context) GetCryptoKeysKeyOutput
- func (o GetCryptoKeysKeyOutput) VersionTemplates() GetCryptoKeysKeyVersionTemplateArrayOutput
- type GetCryptoKeysKeyPrimary
- type GetCryptoKeysKeyPrimaryArgs
- type GetCryptoKeysKeyPrimaryArray
- func (GetCryptoKeysKeyPrimaryArray) ElementType() reflect.Type
- func (i GetCryptoKeysKeyPrimaryArray) ToGetCryptoKeysKeyPrimaryArrayOutput() GetCryptoKeysKeyPrimaryArrayOutput
- func (i GetCryptoKeysKeyPrimaryArray) ToGetCryptoKeysKeyPrimaryArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyPrimaryArrayOutput
- type GetCryptoKeysKeyPrimaryArrayInput
- type GetCryptoKeysKeyPrimaryArrayOutput
- func (GetCryptoKeysKeyPrimaryArrayOutput) ElementType() reflect.Type
- func (o GetCryptoKeysKeyPrimaryArrayOutput) Index(i pulumi.IntInput) GetCryptoKeysKeyPrimaryOutput
- func (o GetCryptoKeysKeyPrimaryArrayOutput) ToGetCryptoKeysKeyPrimaryArrayOutput() GetCryptoKeysKeyPrimaryArrayOutput
- func (o GetCryptoKeysKeyPrimaryArrayOutput) ToGetCryptoKeysKeyPrimaryArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyPrimaryArrayOutput
- type GetCryptoKeysKeyPrimaryInput
- type GetCryptoKeysKeyPrimaryOutput
- func (GetCryptoKeysKeyPrimaryOutput) ElementType() reflect.Type
- func (o GetCryptoKeysKeyPrimaryOutput) Name() pulumi.StringOutput
- func (o GetCryptoKeysKeyPrimaryOutput) State() pulumi.StringOutput
- func (o GetCryptoKeysKeyPrimaryOutput) ToGetCryptoKeysKeyPrimaryOutput() GetCryptoKeysKeyPrimaryOutput
- func (o GetCryptoKeysKeyPrimaryOutput) ToGetCryptoKeysKeyPrimaryOutputWithContext(ctx context.Context) GetCryptoKeysKeyPrimaryOutput
- type GetCryptoKeysKeyVersionTemplate
- type GetCryptoKeysKeyVersionTemplateArgs
- func (GetCryptoKeysKeyVersionTemplateArgs) ElementType() reflect.Type
- func (i GetCryptoKeysKeyVersionTemplateArgs) ToGetCryptoKeysKeyVersionTemplateOutput() GetCryptoKeysKeyVersionTemplateOutput
- func (i GetCryptoKeysKeyVersionTemplateArgs) ToGetCryptoKeysKeyVersionTemplateOutputWithContext(ctx context.Context) GetCryptoKeysKeyVersionTemplateOutput
- type GetCryptoKeysKeyVersionTemplateArray
- func (GetCryptoKeysKeyVersionTemplateArray) ElementType() reflect.Type
- func (i GetCryptoKeysKeyVersionTemplateArray) ToGetCryptoKeysKeyVersionTemplateArrayOutput() GetCryptoKeysKeyVersionTemplateArrayOutput
- func (i GetCryptoKeysKeyVersionTemplateArray) ToGetCryptoKeysKeyVersionTemplateArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyVersionTemplateArrayOutput
- type GetCryptoKeysKeyVersionTemplateArrayInput
- type GetCryptoKeysKeyVersionTemplateArrayOutput
- func (GetCryptoKeysKeyVersionTemplateArrayOutput) ElementType() reflect.Type
- func (o GetCryptoKeysKeyVersionTemplateArrayOutput) Index(i pulumi.IntInput) GetCryptoKeysKeyVersionTemplateOutput
- func (o GetCryptoKeysKeyVersionTemplateArrayOutput) ToGetCryptoKeysKeyVersionTemplateArrayOutput() GetCryptoKeysKeyVersionTemplateArrayOutput
- func (o GetCryptoKeysKeyVersionTemplateArrayOutput) ToGetCryptoKeysKeyVersionTemplateArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyVersionTemplateArrayOutput
- type GetCryptoKeysKeyVersionTemplateInput
- type GetCryptoKeysKeyVersionTemplateOutput
- func (o GetCryptoKeysKeyVersionTemplateOutput) Algorithm() pulumi.StringOutput
- func (GetCryptoKeysKeyVersionTemplateOutput) ElementType() reflect.Type
- func (o GetCryptoKeysKeyVersionTemplateOutput) ProtectionLevel() pulumi.StringOutput
- func (o GetCryptoKeysKeyVersionTemplateOutput) ToGetCryptoKeysKeyVersionTemplateOutput() GetCryptoKeysKeyVersionTemplateOutput
- func (o GetCryptoKeysKeyVersionTemplateOutput) ToGetCryptoKeysKeyVersionTemplateOutputWithContext(ctx context.Context) GetCryptoKeysKeyVersionTemplateOutput
- type GetCryptoKeysOutputArgs
- type GetCryptoKeysResult
- type GetCryptoKeysResultOutput
- func (GetCryptoKeysResultOutput) ElementType() reflect.Type
- func (o GetCryptoKeysResultOutput) Filter() pulumi.StringPtrOutput
- func (o GetCryptoKeysResultOutput) Id() pulumi.StringOutput
- func (o GetCryptoKeysResultOutput) KeyRing() pulumi.StringOutput
- func (o GetCryptoKeysResultOutput) Keys() GetCryptoKeysKeyArrayOutput
- func (o GetCryptoKeysResultOutput) ToGetCryptoKeysResultOutput() GetCryptoKeysResultOutput
- func (o GetCryptoKeysResultOutput) ToGetCryptoKeysResultOutputWithContext(ctx context.Context) GetCryptoKeysResultOutput
- type GetKMSCryptoKeyArgs
- type GetKMSCryptoKeyKeyAccessJustificationsPolicy
- type GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs
- func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ElementType() reflect.Type
- func (i GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput
- func (i GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput
- type GetKMSCryptoKeyKeyAccessJustificationsPolicyArray
- func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ElementType() reflect.Type
- func (i GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
- func (i GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
- type GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayInput
- type GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
- func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ElementType() reflect.Type
- func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) Index(i pulumi.IntInput) GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput
- func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
- func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
- type GetKMSCryptoKeyKeyAccessJustificationsPolicyInput
- type GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput
- func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons() pulumi.StringArrayOutput
- func (GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ElementType() reflect.Type
- func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput
- func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput
- type GetKMSCryptoKeyOutputArgs
- type GetKMSCryptoKeyPrimary
- type GetKMSCryptoKeyPrimaryArgs
- type GetKMSCryptoKeyPrimaryArray
- func (GetKMSCryptoKeyPrimaryArray) ElementType() reflect.Type
- func (i GetKMSCryptoKeyPrimaryArray) ToGetKMSCryptoKeyPrimaryArrayOutput() GetKMSCryptoKeyPrimaryArrayOutput
- func (i GetKMSCryptoKeyPrimaryArray) ToGetKMSCryptoKeyPrimaryArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyPrimaryArrayOutput
- type GetKMSCryptoKeyPrimaryArrayInput
- type GetKMSCryptoKeyPrimaryArrayOutput
- func (GetKMSCryptoKeyPrimaryArrayOutput) ElementType() reflect.Type
- func (o GetKMSCryptoKeyPrimaryArrayOutput) Index(i pulumi.IntInput) GetKMSCryptoKeyPrimaryOutput
- func (o GetKMSCryptoKeyPrimaryArrayOutput) ToGetKMSCryptoKeyPrimaryArrayOutput() GetKMSCryptoKeyPrimaryArrayOutput
- func (o GetKMSCryptoKeyPrimaryArrayOutput) ToGetKMSCryptoKeyPrimaryArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyPrimaryArrayOutput
- type GetKMSCryptoKeyPrimaryInput
- type GetKMSCryptoKeyPrimaryOutput
- func (GetKMSCryptoKeyPrimaryOutput) ElementType() reflect.Type
- func (o GetKMSCryptoKeyPrimaryOutput) Name() pulumi.StringOutput
- func (o GetKMSCryptoKeyPrimaryOutput) State() pulumi.StringOutput
- func (o GetKMSCryptoKeyPrimaryOutput) ToGetKMSCryptoKeyPrimaryOutput() GetKMSCryptoKeyPrimaryOutput
- func (o GetKMSCryptoKeyPrimaryOutput) ToGetKMSCryptoKeyPrimaryOutputWithContext(ctx context.Context) GetKMSCryptoKeyPrimaryOutput
- type GetKMSCryptoKeyResult
- type GetKMSCryptoKeyResultOutput
- func (o GetKMSCryptoKeyResultOutput) CryptoKeyBackend() pulumi.StringOutput
- func (o GetKMSCryptoKeyResultOutput) DestroyScheduledDuration() pulumi.StringOutput
- func (o GetKMSCryptoKeyResultOutput) EffectiveLabels() pulumi.StringMapOutput
- func (GetKMSCryptoKeyResultOutput) ElementType() reflect.Type
- func (o GetKMSCryptoKeyResultOutput) Id() pulumi.StringOutput
- func (o GetKMSCryptoKeyResultOutput) ImportOnly() pulumi.BoolOutput
- func (o GetKMSCryptoKeyResultOutput) KeyAccessJustificationsPolicies() GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
- func (o GetKMSCryptoKeyResultOutput) KeyRing() pulumi.StringOutput
- func (o GetKMSCryptoKeyResultOutput) Labels() pulumi.StringMapOutput
- func (o GetKMSCryptoKeyResultOutput) Name() pulumi.StringOutput
- func (o GetKMSCryptoKeyResultOutput) Primaries() GetKMSCryptoKeyPrimaryArrayOutput
- func (o GetKMSCryptoKeyResultOutput) PulumiLabels() pulumi.StringMapOutput
- func (o GetKMSCryptoKeyResultOutput) Purpose() pulumi.StringOutput
- func (o GetKMSCryptoKeyResultOutput) RotationPeriod() pulumi.StringOutput
- func (o GetKMSCryptoKeyResultOutput) SkipInitialVersionCreation() pulumi.BoolOutput
- func (o GetKMSCryptoKeyResultOutput) ToGetKMSCryptoKeyResultOutput() GetKMSCryptoKeyResultOutput
- func (o GetKMSCryptoKeyResultOutput) ToGetKMSCryptoKeyResultOutputWithContext(ctx context.Context) GetKMSCryptoKeyResultOutput
- func (o GetKMSCryptoKeyResultOutput) VersionTemplates() GetKMSCryptoKeyVersionTemplateArrayOutput
- type GetKMSCryptoKeyVersionArgs
- type GetKMSCryptoKeyVersionOutputArgs
- type GetKMSCryptoKeyVersionPublicKey
- type GetKMSCryptoKeyVersionPublicKeyArgs
- func (GetKMSCryptoKeyVersionPublicKeyArgs) ElementType() reflect.Type
- func (i GetKMSCryptoKeyVersionPublicKeyArgs) ToGetKMSCryptoKeyVersionPublicKeyOutput() GetKMSCryptoKeyVersionPublicKeyOutput
- func (i GetKMSCryptoKeyVersionPublicKeyArgs) ToGetKMSCryptoKeyVersionPublicKeyOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionPublicKeyOutput
- type GetKMSCryptoKeyVersionPublicKeyArray
- func (GetKMSCryptoKeyVersionPublicKeyArray) ElementType() reflect.Type
- func (i GetKMSCryptoKeyVersionPublicKeyArray) ToGetKMSCryptoKeyVersionPublicKeyArrayOutput() GetKMSCryptoKeyVersionPublicKeyArrayOutput
- func (i GetKMSCryptoKeyVersionPublicKeyArray) ToGetKMSCryptoKeyVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionPublicKeyArrayOutput
- type GetKMSCryptoKeyVersionPublicKeyArrayInput
- type GetKMSCryptoKeyVersionPublicKeyArrayOutput
- func (GetKMSCryptoKeyVersionPublicKeyArrayOutput) ElementType() reflect.Type
- func (o GetKMSCryptoKeyVersionPublicKeyArrayOutput) Index(i pulumi.IntInput) GetKMSCryptoKeyVersionPublicKeyOutput
- func (o GetKMSCryptoKeyVersionPublicKeyArrayOutput) ToGetKMSCryptoKeyVersionPublicKeyArrayOutput() GetKMSCryptoKeyVersionPublicKeyArrayOutput
- func (o GetKMSCryptoKeyVersionPublicKeyArrayOutput) ToGetKMSCryptoKeyVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionPublicKeyArrayOutput
- type GetKMSCryptoKeyVersionPublicKeyInput
- type GetKMSCryptoKeyVersionPublicKeyOutput
- func (o GetKMSCryptoKeyVersionPublicKeyOutput) Algorithm() pulumi.StringOutput
- func (GetKMSCryptoKeyVersionPublicKeyOutput) ElementType() reflect.Type
- func (o GetKMSCryptoKeyVersionPublicKeyOutput) Pem() pulumi.StringOutput
- func (o GetKMSCryptoKeyVersionPublicKeyOutput) ToGetKMSCryptoKeyVersionPublicKeyOutput() GetKMSCryptoKeyVersionPublicKeyOutput
- func (o GetKMSCryptoKeyVersionPublicKeyOutput) ToGetKMSCryptoKeyVersionPublicKeyOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionPublicKeyOutput
- type GetKMSCryptoKeyVersionResult
- type GetKMSCryptoKeyVersionResultOutput
- func (o GetKMSCryptoKeyVersionResultOutput) Algorithm() pulumi.StringOutput
- func (o GetKMSCryptoKeyVersionResultOutput) CryptoKey() pulumi.StringOutput
- func (GetKMSCryptoKeyVersionResultOutput) ElementType() reflect.Type
- func (o GetKMSCryptoKeyVersionResultOutput) Id() pulumi.StringOutput
- func (o GetKMSCryptoKeyVersionResultOutput) Name() pulumi.StringOutput
- func (o GetKMSCryptoKeyVersionResultOutput) ProtectionLevel() pulumi.StringOutput
- func (o GetKMSCryptoKeyVersionResultOutput) PublicKeys() GetKMSCryptoKeyVersionPublicKeyArrayOutput
- func (o GetKMSCryptoKeyVersionResultOutput) State() pulumi.StringOutput
- func (o GetKMSCryptoKeyVersionResultOutput) ToGetKMSCryptoKeyVersionResultOutput() GetKMSCryptoKeyVersionResultOutput
- func (o GetKMSCryptoKeyVersionResultOutput) ToGetKMSCryptoKeyVersionResultOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionResultOutput
- func (o GetKMSCryptoKeyVersionResultOutput) Version() pulumi.IntPtrOutput
- type GetKMSCryptoKeyVersionTemplate
- type GetKMSCryptoKeyVersionTemplateArgs
- func (GetKMSCryptoKeyVersionTemplateArgs) ElementType() reflect.Type
- func (i GetKMSCryptoKeyVersionTemplateArgs) ToGetKMSCryptoKeyVersionTemplateOutput() GetKMSCryptoKeyVersionTemplateOutput
- func (i GetKMSCryptoKeyVersionTemplateArgs) ToGetKMSCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionTemplateOutput
- type GetKMSCryptoKeyVersionTemplateArray
- func (GetKMSCryptoKeyVersionTemplateArray) ElementType() reflect.Type
- func (i GetKMSCryptoKeyVersionTemplateArray) ToGetKMSCryptoKeyVersionTemplateArrayOutput() GetKMSCryptoKeyVersionTemplateArrayOutput
- func (i GetKMSCryptoKeyVersionTemplateArray) ToGetKMSCryptoKeyVersionTemplateArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionTemplateArrayOutput
- type GetKMSCryptoKeyVersionTemplateArrayInput
- type GetKMSCryptoKeyVersionTemplateArrayOutput
- func (GetKMSCryptoKeyVersionTemplateArrayOutput) ElementType() reflect.Type
- func (o GetKMSCryptoKeyVersionTemplateArrayOutput) Index(i pulumi.IntInput) GetKMSCryptoKeyVersionTemplateOutput
- func (o GetKMSCryptoKeyVersionTemplateArrayOutput) ToGetKMSCryptoKeyVersionTemplateArrayOutput() GetKMSCryptoKeyVersionTemplateArrayOutput
- func (o GetKMSCryptoKeyVersionTemplateArrayOutput) ToGetKMSCryptoKeyVersionTemplateArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionTemplateArrayOutput
- type GetKMSCryptoKeyVersionTemplateInput
- type GetKMSCryptoKeyVersionTemplateOutput
- func (o GetKMSCryptoKeyVersionTemplateOutput) Algorithm() pulumi.StringOutput
- func (GetKMSCryptoKeyVersionTemplateOutput) ElementType() reflect.Type
- func (o GetKMSCryptoKeyVersionTemplateOutput) ProtectionLevel() pulumi.StringOutput
- func (o GetKMSCryptoKeyVersionTemplateOutput) ToGetKMSCryptoKeyVersionTemplateOutput() GetKMSCryptoKeyVersionTemplateOutput
- func (o GetKMSCryptoKeyVersionTemplateOutput) ToGetKMSCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionTemplateOutput
- type GetKMSKeyRingArgs
- type GetKMSKeyRingOutputArgs
- type GetKMSKeyRingResult
- type GetKMSKeyRingResultOutput
- func (GetKMSKeyRingResultOutput) ElementType() reflect.Type
- func (o GetKMSKeyRingResultOutput) Id() pulumi.StringOutput
- func (o GetKMSKeyRingResultOutput) Location() pulumi.StringOutput
- func (o GetKMSKeyRingResultOutput) Name() pulumi.StringOutput
- func (o GetKMSKeyRingResultOutput) Project() pulumi.StringPtrOutput
- func (o GetKMSKeyRingResultOutput) ToGetKMSKeyRingResultOutput() GetKMSKeyRingResultOutput
- func (o GetKMSKeyRingResultOutput) ToGetKMSKeyRingResultOutputWithContext(ctx context.Context) GetKMSKeyRingResultOutput
- type GetKMSSecretArgs
- type GetKMSSecretAsymmetricArgs
- type GetKMSSecretAsymmetricOutputArgs
- type GetKMSSecretAsymmetricResult
- type GetKMSSecretAsymmetricResultOutput
- func (o GetKMSSecretAsymmetricResultOutput) Ciphertext() pulumi.StringOutput
- func (o GetKMSSecretAsymmetricResultOutput) Crc32() pulumi.StringPtrOutput
- func (o GetKMSSecretAsymmetricResultOutput) CryptoKeyVersion() pulumi.StringOutput
- func (GetKMSSecretAsymmetricResultOutput) ElementType() reflect.Type
- func (o GetKMSSecretAsymmetricResultOutput) Id() pulumi.StringOutput
- func (o GetKMSSecretAsymmetricResultOutput) Plaintext() pulumi.StringOutput
- func (o GetKMSSecretAsymmetricResultOutput) ToGetKMSSecretAsymmetricResultOutput() GetKMSSecretAsymmetricResultOutput
- func (o GetKMSSecretAsymmetricResultOutput) ToGetKMSSecretAsymmetricResultOutputWithContext(ctx context.Context) GetKMSSecretAsymmetricResultOutput
- type GetKMSSecretCiphertextArgs
- type GetKMSSecretCiphertextOutputArgs
- type GetKMSSecretCiphertextResult
- type GetKMSSecretCiphertextResultOutput
- func (o GetKMSSecretCiphertextResultOutput) Ciphertext() pulumi.StringOutput
- func (o GetKMSSecretCiphertextResultOutput) CryptoKey() pulumi.StringOutput
- func (GetKMSSecretCiphertextResultOutput) ElementType() reflect.Type
- func (o GetKMSSecretCiphertextResultOutput) Id() pulumi.StringOutput
- func (o GetKMSSecretCiphertextResultOutput) Plaintext() pulumi.StringOutput
- func (o GetKMSSecretCiphertextResultOutput) ToGetKMSSecretCiphertextResultOutput() GetKMSSecretCiphertextResultOutput
- func (o GetKMSSecretCiphertextResultOutput) ToGetKMSSecretCiphertextResultOutputWithContext(ctx context.Context) GetKMSSecretCiphertextResultOutput
- type GetKMSSecretOutputArgs
- type GetKMSSecretResult
- type GetKMSSecretResultOutput
- func (o GetKMSSecretResultOutput) AdditionalAuthenticatedData() pulumi.StringPtrOutput
- func (o GetKMSSecretResultOutput) Ciphertext() pulumi.StringOutput
- func (o GetKMSSecretResultOutput) CryptoKey() pulumi.StringOutput
- func (GetKMSSecretResultOutput) ElementType() reflect.Type
- func (o GetKMSSecretResultOutput) Id() pulumi.StringOutput
- func (o GetKMSSecretResultOutput) Plaintext() pulumi.StringOutput
- func (o GetKMSSecretResultOutput) ToGetKMSSecretResultOutput() GetKMSSecretResultOutput
- func (o GetKMSSecretResultOutput) ToGetKMSSecretResultOutputWithContext(ctx context.Context) GetKMSSecretResultOutput
- type GetKeyRingIamPolicyArgs
- type GetKeyRingIamPolicyOutputArgs
- type GetKeyRingIamPolicyResult
- type GetKeyRingIamPolicyResultOutput
- func (GetKeyRingIamPolicyResultOutput) ElementType() reflect.Type
- func (o GetKeyRingIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o GetKeyRingIamPolicyResultOutput) Id() pulumi.StringOutput
- func (o GetKeyRingIamPolicyResultOutput) KeyRingId() pulumi.StringOutput
- func (o GetKeyRingIamPolicyResultOutput) PolicyData() pulumi.StringOutput
- func (o GetKeyRingIamPolicyResultOutput) ToGetKeyRingIamPolicyResultOutput() GetKeyRingIamPolicyResultOutput
- func (o GetKeyRingIamPolicyResultOutput) ToGetKeyRingIamPolicyResultOutputWithContext(ctx context.Context) GetKeyRingIamPolicyResultOutput
- type GetKeyRingsArgs
- type GetKeyRingsKeyRing
- type GetKeyRingsKeyRingArgs
- type GetKeyRingsKeyRingArray
- type GetKeyRingsKeyRingArrayInput
- type GetKeyRingsKeyRingArrayOutput
- func (GetKeyRingsKeyRingArrayOutput) ElementType() reflect.Type
- func (o GetKeyRingsKeyRingArrayOutput) Index(i pulumi.IntInput) GetKeyRingsKeyRingOutput
- func (o GetKeyRingsKeyRingArrayOutput) ToGetKeyRingsKeyRingArrayOutput() GetKeyRingsKeyRingArrayOutput
- func (o GetKeyRingsKeyRingArrayOutput) ToGetKeyRingsKeyRingArrayOutputWithContext(ctx context.Context) GetKeyRingsKeyRingArrayOutput
- type GetKeyRingsKeyRingInput
- type GetKeyRingsKeyRingOutput
- func (GetKeyRingsKeyRingOutput) ElementType() reflect.Type
- func (o GetKeyRingsKeyRingOutput) Id() pulumi.StringOutput
- func (o GetKeyRingsKeyRingOutput) Name() pulumi.StringOutput
- func (o GetKeyRingsKeyRingOutput) ToGetKeyRingsKeyRingOutput() GetKeyRingsKeyRingOutput
- func (o GetKeyRingsKeyRingOutput) ToGetKeyRingsKeyRingOutputWithContext(ctx context.Context) GetKeyRingsKeyRingOutput
- type GetKeyRingsOutputArgs
- type GetKeyRingsResult
- type GetKeyRingsResultOutput
- func (GetKeyRingsResultOutput) ElementType() reflect.Type
- func (o GetKeyRingsResultOutput) Filter() pulumi.StringPtrOutput
- func (o GetKeyRingsResultOutput) Id() pulumi.StringOutput
- func (o GetKeyRingsResultOutput) KeyRings() GetKeyRingsKeyRingArrayOutput
- func (o GetKeyRingsResultOutput) Location() pulumi.StringOutput
- func (o GetKeyRingsResultOutput) Project() pulumi.StringPtrOutput
- func (o GetKeyRingsResultOutput) ToGetKeyRingsResultOutput() GetKeyRingsResultOutput
- func (o GetKeyRingsResultOutput) ToGetKeyRingsResultOutputWithContext(ctx context.Context) GetKeyRingsResultOutput
- type KeyHandle
- type KeyHandleArgs
- type KeyHandleArray
- type KeyHandleArrayInput
- type KeyHandleArrayOutput
- func (KeyHandleArrayOutput) ElementType() reflect.Type
- func (o KeyHandleArrayOutput) Index(i pulumi.IntInput) KeyHandleOutput
- func (o KeyHandleArrayOutput) ToKeyHandleArrayOutput() KeyHandleArrayOutput
- func (o KeyHandleArrayOutput) ToKeyHandleArrayOutputWithContext(ctx context.Context) KeyHandleArrayOutput
- type KeyHandleInput
- type KeyHandleMap
- type KeyHandleMapInput
- type KeyHandleMapOutput
- type KeyHandleOutput
- func (KeyHandleOutput) ElementType() reflect.Type
- func (o KeyHandleOutput) KmsKey() pulumi.StringOutput
- func (o KeyHandleOutput) Location() pulumi.StringOutput
- func (o KeyHandleOutput) Name() pulumi.StringOutput
- func (o KeyHandleOutput) Project() pulumi.StringOutput
- func (o KeyHandleOutput) ResourceTypeSelector() pulumi.StringOutput
- func (o KeyHandleOutput) ToKeyHandleOutput() KeyHandleOutput
- func (o KeyHandleOutput) ToKeyHandleOutputWithContext(ctx context.Context) KeyHandleOutput
- type KeyHandleState
- type KeyRing
- type KeyRingArgs
- type KeyRingArray
- type KeyRingArrayInput
- type KeyRingArrayOutput
- type KeyRingIAMBinding
- type KeyRingIAMBindingArgs
- type KeyRingIAMBindingArray
- type KeyRingIAMBindingArrayInput
- type KeyRingIAMBindingArrayOutput
- func (KeyRingIAMBindingArrayOutput) ElementType() reflect.Type
- func (o KeyRingIAMBindingArrayOutput) Index(i pulumi.IntInput) KeyRingIAMBindingOutput
- func (o KeyRingIAMBindingArrayOutput) ToKeyRingIAMBindingArrayOutput() KeyRingIAMBindingArrayOutput
- func (o KeyRingIAMBindingArrayOutput) ToKeyRingIAMBindingArrayOutputWithContext(ctx context.Context) KeyRingIAMBindingArrayOutput
- type KeyRingIAMBindingCondition
- type KeyRingIAMBindingConditionArgs
- func (KeyRingIAMBindingConditionArgs) ElementType() reflect.Type
- func (i KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionOutput() KeyRingIAMBindingConditionOutput
- func (i KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionOutput
- func (i KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionPtrOutput() KeyRingIAMBindingConditionPtrOutput
- func (i KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionPtrOutput
- type KeyRingIAMBindingConditionInput
- type KeyRingIAMBindingConditionOutput
- func (o KeyRingIAMBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (KeyRingIAMBindingConditionOutput) ElementType() reflect.Type
- func (o KeyRingIAMBindingConditionOutput) Expression() pulumi.StringOutput
- func (o KeyRingIAMBindingConditionOutput) Title() pulumi.StringOutput
- func (o KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionOutput() KeyRingIAMBindingConditionOutput
- func (o KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionOutput
- func (o KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionPtrOutput() KeyRingIAMBindingConditionPtrOutput
- func (o KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionPtrOutput
- type KeyRingIAMBindingConditionPtrInput
- type KeyRingIAMBindingConditionPtrOutput
- func (o KeyRingIAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o KeyRingIAMBindingConditionPtrOutput) Elem() KeyRingIAMBindingConditionOutput
- func (KeyRingIAMBindingConditionPtrOutput) ElementType() reflect.Type
- func (o KeyRingIAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o KeyRingIAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o KeyRingIAMBindingConditionPtrOutput) ToKeyRingIAMBindingConditionPtrOutput() KeyRingIAMBindingConditionPtrOutput
- func (o KeyRingIAMBindingConditionPtrOutput) ToKeyRingIAMBindingConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionPtrOutput
- type KeyRingIAMBindingInput
- type KeyRingIAMBindingMap
- type KeyRingIAMBindingMapInput
- type KeyRingIAMBindingMapOutput
- func (KeyRingIAMBindingMapOutput) ElementType() reflect.Type
- func (o KeyRingIAMBindingMapOutput) MapIndex(k pulumi.StringInput) KeyRingIAMBindingOutput
- func (o KeyRingIAMBindingMapOutput) ToKeyRingIAMBindingMapOutput() KeyRingIAMBindingMapOutput
- func (o KeyRingIAMBindingMapOutput) ToKeyRingIAMBindingMapOutputWithContext(ctx context.Context) KeyRingIAMBindingMapOutput
- type KeyRingIAMBindingOutput
- func (o KeyRingIAMBindingOutput) Condition() KeyRingIAMBindingConditionPtrOutput
- func (KeyRingIAMBindingOutput) ElementType() reflect.Type
- func (o KeyRingIAMBindingOutput) Etag() pulumi.StringOutput
- func (o KeyRingIAMBindingOutput) KeyRingId() pulumi.StringOutput
- func (o KeyRingIAMBindingOutput) Members() pulumi.StringArrayOutput
- func (o KeyRingIAMBindingOutput) Role() pulumi.StringOutput
- func (o KeyRingIAMBindingOutput) ToKeyRingIAMBindingOutput() KeyRingIAMBindingOutput
- func (o KeyRingIAMBindingOutput) ToKeyRingIAMBindingOutputWithContext(ctx context.Context) KeyRingIAMBindingOutput
- type KeyRingIAMBindingState
- type KeyRingIAMMember
- type KeyRingIAMMemberArgs
- type KeyRingIAMMemberArray
- type KeyRingIAMMemberArrayInput
- type KeyRingIAMMemberArrayOutput
- func (KeyRingIAMMemberArrayOutput) ElementType() reflect.Type
- func (o KeyRingIAMMemberArrayOutput) Index(i pulumi.IntInput) KeyRingIAMMemberOutput
- func (o KeyRingIAMMemberArrayOutput) ToKeyRingIAMMemberArrayOutput() KeyRingIAMMemberArrayOutput
- func (o KeyRingIAMMemberArrayOutput) ToKeyRingIAMMemberArrayOutputWithContext(ctx context.Context) KeyRingIAMMemberArrayOutput
- type KeyRingIAMMemberCondition
- type KeyRingIAMMemberConditionArgs
- func (KeyRingIAMMemberConditionArgs) ElementType() reflect.Type
- func (i KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionOutput() KeyRingIAMMemberConditionOutput
- func (i KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionOutput
- func (i KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionPtrOutput() KeyRingIAMMemberConditionPtrOutput
- func (i KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionPtrOutput
- type KeyRingIAMMemberConditionInput
- type KeyRingIAMMemberConditionOutput
- func (o KeyRingIAMMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (KeyRingIAMMemberConditionOutput) ElementType() reflect.Type
- func (o KeyRingIAMMemberConditionOutput) Expression() pulumi.StringOutput
- func (o KeyRingIAMMemberConditionOutput) Title() pulumi.StringOutput
- func (o KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionOutput() KeyRingIAMMemberConditionOutput
- func (o KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionOutput
- func (o KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionPtrOutput() KeyRingIAMMemberConditionPtrOutput
- func (o KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionPtrOutput
- type KeyRingIAMMemberConditionPtrInput
- type KeyRingIAMMemberConditionPtrOutput
- func (o KeyRingIAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o KeyRingIAMMemberConditionPtrOutput) Elem() KeyRingIAMMemberConditionOutput
- func (KeyRingIAMMemberConditionPtrOutput) ElementType() reflect.Type
- func (o KeyRingIAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o KeyRingIAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o KeyRingIAMMemberConditionPtrOutput) ToKeyRingIAMMemberConditionPtrOutput() KeyRingIAMMemberConditionPtrOutput
- func (o KeyRingIAMMemberConditionPtrOutput) ToKeyRingIAMMemberConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionPtrOutput
- type KeyRingIAMMemberInput
- type KeyRingIAMMemberMap
- type KeyRingIAMMemberMapInput
- type KeyRingIAMMemberMapOutput
- func (KeyRingIAMMemberMapOutput) ElementType() reflect.Type
- func (o KeyRingIAMMemberMapOutput) MapIndex(k pulumi.StringInput) KeyRingIAMMemberOutput
- func (o KeyRingIAMMemberMapOutput) ToKeyRingIAMMemberMapOutput() KeyRingIAMMemberMapOutput
- func (o KeyRingIAMMemberMapOutput) ToKeyRingIAMMemberMapOutputWithContext(ctx context.Context) KeyRingIAMMemberMapOutput
- type KeyRingIAMMemberOutput
- func (o KeyRingIAMMemberOutput) Condition() KeyRingIAMMemberConditionPtrOutput
- func (KeyRingIAMMemberOutput) ElementType() reflect.Type
- func (o KeyRingIAMMemberOutput) Etag() pulumi.StringOutput
- func (o KeyRingIAMMemberOutput) KeyRingId() pulumi.StringOutput
- func (o KeyRingIAMMemberOutput) Member() pulumi.StringOutput
- func (o KeyRingIAMMemberOutput) Role() pulumi.StringOutput
- func (o KeyRingIAMMemberOutput) ToKeyRingIAMMemberOutput() KeyRingIAMMemberOutput
- func (o KeyRingIAMMemberOutput) ToKeyRingIAMMemberOutputWithContext(ctx context.Context) KeyRingIAMMemberOutput
- type KeyRingIAMMemberState
- type KeyRingIAMPolicy
- type KeyRingIAMPolicyArgs
- type KeyRingIAMPolicyArray
- type KeyRingIAMPolicyArrayInput
- type KeyRingIAMPolicyArrayOutput
- func (KeyRingIAMPolicyArrayOutput) ElementType() reflect.Type
- func (o KeyRingIAMPolicyArrayOutput) Index(i pulumi.IntInput) KeyRingIAMPolicyOutput
- func (o KeyRingIAMPolicyArrayOutput) ToKeyRingIAMPolicyArrayOutput() KeyRingIAMPolicyArrayOutput
- func (o KeyRingIAMPolicyArrayOutput) ToKeyRingIAMPolicyArrayOutputWithContext(ctx context.Context) KeyRingIAMPolicyArrayOutput
- type KeyRingIAMPolicyInput
- type KeyRingIAMPolicyMap
- type KeyRingIAMPolicyMapInput
- type KeyRingIAMPolicyMapOutput
- func (KeyRingIAMPolicyMapOutput) ElementType() reflect.Type
- func (o KeyRingIAMPolicyMapOutput) MapIndex(k pulumi.StringInput) KeyRingIAMPolicyOutput
- func (o KeyRingIAMPolicyMapOutput) ToKeyRingIAMPolicyMapOutput() KeyRingIAMPolicyMapOutput
- func (o KeyRingIAMPolicyMapOutput) ToKeyRingIAMPolicyMapOutputWithContext(ctx context.Context) KeyRingIAMPolicyMapOutput
- type KeyRingIAMPolicyOutput
- func (KeyRingIAMPolicyOutput) ElementType() reflect.Type
- func (o KeyRingIAMPolicyOutput) Etag() pulumi.StringOutput
- func (o KeyRingIAMPolicyOutput) KeyRingId() pulumi.StringOutput
- func (o KeyRingIAMPolicyOutput) PolicyData() pulumi.StringOutput
- func (o KeyRingIAMPolicyOutput) ToKeyRingIAMPolicyOutput() KeyRingIAMPolicyOutput
- func (o KeyRingIAMPolicyOutput) ToKeyRingIAMPolicyOutputWithContext(ctx context.Context) KeyRingIAMPolicyOutput
- type KeyRingIAMPolicyState
- type KeyRingImportJob
- type KeyRingImportJobArgs
- type KeyRingImportJobArray
- type KeyRingImportJobArrayInput
- type KeyRingImportJobArrayOutput
- func (KeyRingImportJobArrayOutput) ElementType() reflect.Type
- func (o KeyRingImportJobArrayOutput) Index(i pulumi.IntInput) KeyRingImportJobOutput
- func (o KeyRingImportJobArrayOutput) ToKeyRingImportJobArrayOutput() KeyRingImportJobArrayOutput
- func (o KeyRingImportJobArrayOutput) ToKeyRingImportJobArrayOutputWithContext(ctx context.Context) KeyRingImportJobArrayOutput
- type KeyRingImportJobAttestation
- type KeyRingImportJobAttestationArgs
- func (KeyRingImportJobAttestationArgs) ElementType() reflect.Type
- func (i KeyRingImportJobAttestationArgs) ToKeyRingImportJobAttestationOutput() KeyRingImportJobAttestationOutput
- func (i KeyRingImportJobAttestationArgs) ToKeyRingImportJobAttestationOutputWithContext(ctx context.Context) KeyRingImportJobAttestationOutput
- type KeyRingImportJobAttestationArray
- func (KeyRingImportJobAttestationArray) ElementType() reflect.Type
- func (i KeyRingImportJobAttestationArray) ToKeyRingImportJobAttestationArrayOutput() KeyRingImportJobAttestationArrayOutput
- func (i KeyRingImportJobAttestationArray) ToKeyRingImportJobAttestationArrayOutputWithContext(ctx context.Context) KeyRingImportJobAttestationArrayOutput
- type KeyRingImportJobAttestationArrayInput
- type KeyRingImportJobAttestationArrayOutput
- func (KeyRingImportJobAttestationArrayOutput) ElementType() reflect.Type
- func (o KeyRingImportJobAttestationArrayOutput) Index(i pulumi.IntInput) KeyRingImportJobAttestationOutput
- func (o KeyRingImportJobAttestationArrayOutput) ToKeyRingImportJobAttestationArrayOutput() KeyRingImportJobAttestationArrayOutput
- func (o KeyRingImportJobAttestationArrayOutput) ToKeyRingImportJobAttestationArrayOutputWithContext(ctx context.Context) KeyRingImportJobAttestationArrayOutput
- type KeyRingImportJobAttestationInput
- type KeyRingImportJobAttestationOutput
- func (o KeyRingImportJobAttestationOutput) Content() pulumi.StringPtrOutput
- func (KeyRingImportJobAttestationOutput) ElementType() reflect.Type
- func (o KeyRingImportJobAttestationOutput) Format() pulumi.StringPtrOutput
- func (o KeyRingImportJobAttestationOutput) ToKeyRingImportJobAttestationOutput() KeyRingImportJobAttestationOutput
- func (o KeyRingImportJobAttestationOutput) ToKeyRingImportJobAttestationOutputWithContext(ctx context.Context) KeyRingImportJobAttestationOutput
- type KeyRingImportJobInput
- type KeyRingImportJobMap
- type KeyRingImportJobMapInput
- type KeyRingImportJobMapOutput
- func (KeyRingImportJobMapOutput) ElementType() reflect.Type
- func (o KeyRingImportJobMapOutput) MapIndex(k pulumi.StringInput) KeyRingImportJobOutput
- func (o KeyRingImportJobMapOutput) ToKeyRingImportJobMapOutput() KeyRingImportJobMapOutput
- func (o KeyRingImportJobMapOutput) ToKeyRingImportJobMapOutputWithContext(ctx context.Context) KeyRingImportJobMapOutput
- type KeyRingImportJobOutput
- func (o KeyRingImportJobOutput) Attestations() KeyRingImportJobAttestationArrayOutput
- func (KeyRingImportJobOutput) ElementType() reflect.Type
- func (o KeyRingImportJobOutput) ExpireTime() pulumi.StringOutput
- func (o KeyRingImportJobOutput) ImportJobId() pulumi.StringOutput
- func (o KeyRingImportJobOutput) ImportMethod() pulumi.StringOutput
- func (o KeyRingImportJobOutput) KeyRing() pulumi.StringOutput
- func (o KeyRingImportJobOutput) Name() pulumi.StringOutput
- func (o KeyRingImportJobOutput) ProtectionLevel() pulumi.StringOutput
- func (o KeyRingImportJobOutput) PublicKeys() KeyRingImportJobPublicKeyArrayOutput
- func (o KeyRingImportJobOutput) State() pulumi.StringOutput
- func (o KeyRingImportJobOutput) ToKeyRingImportJobOutput() KeyRingImportJobOutput
- func (o KeyRingImportJobOutput) ToKeyRingImportJobOutputWithContext(ctx context.Context) KeyRingImportJobOutput
- type KeyRingImportJobPublicKey
- type KeyRingImportJobPublicKeyArgs
- func (KeyRingImportJobPublicKeyArgs) ElementType() reflect.Type
- func (i KeyRingImportJobPublicKeyArgs) ToKeyRingImportJobPublicKeyOutput() KeyRingImportJobPublicKeyOutput
- func (i KeyRingImportJobPublicKeyArgs) ToKeyRingImportJobPublicKeyOutputWithContext(ctx context.Context) KeyRingImportJobPublicKeyOutput
- type KeyRingImportJobPublicKeyArray
- func (KeyRingImportJobPublicKeyArray) ElementType() reflect.Type
- func (i KeyRingImportJobPublicKeyArray) ToKeyRingImportJobPublicKeyArrayOutput() KeyRingImportJobPublicKeyArrayOutput
- func (i KeyRingImportJobPublicKeyArray) ToKeyRingImportJobPublicKeyArrayOutputWithContext(ctx context.Context) KeyRingImportJobPublicKeyArrayOutput
- type KeyRingImportJobPublicKeyArrayInput
- type KeyRingImportJobPublicKeyArrayOutput
- func (KeyRingImportJobPublicKeyArrayOutput) ElementType() reflect.Type
- func (o KeyRingImportJobPublicKeyArrayOutput) Index(i pulumi.IntInput) KeyRingImportJobPublicKeyOutput
- func (o KeyRingImportJobPublicKeyArrayOutput) ToKeyRingImportJobPublicKeyArrayOutput() KeyRingImportJobPublicKeyArrayOutput
- func (o KeyRingImportJobPublicKeyArrayOutput) ToKeyRingImportJobPublicKeyArrayOutputWithContext(ctx context.Context) KeyRingImportJobPublicKeyArrayOutput
- type KeyRingImportJobPublicKeyInput
- type KeyRingImportJobPublicKeyOutput
- func (KeyRingImportJobPublicKeyOutput) ElementType() reflect.Type
- func (o KeyRingImportJobPublicKeyOutput) Pem() pulumi.StringPtrOutput
- func (o KeyRingImportJobPublicKeyOutput) ToKeyRingImportJobPublicKeyOutput() KeyRingImportJobPublicKeyOutput
- func (o KeyRingImportJobPublicKeyOutput) ToKeyRingImportJobPublicKeyOutputWithContext(ctx context.Context) KeyRingImportJobPublicKeyOutput
- type KeyRingImportJobState
- type KeyRingInput
- type KeyRingMap
- type KeyRingMapInput
- type KeyRingMapOutput
- type KeyRingOutput
- func (KeyRingOutput) ElementType() reflect.Type
- func (o KeyRingOutput) Location() pulumi.StringOutput
- func (o KeyRingOutput) Name() pulumi.StringOutput
- func (o KeyRingOutput) Project() pulumi.StringOutput
- func (o KeyRingOutput) ToKeyRingOutput() KeyRingOutput
- func (o KeyRingOutput) ToKeyRingOutputWithContext(ctx context.Context) KeyRingOutput
- type KeyRingState
- type LookupEkmConnectionIamPolicyArgs
- type LookupEkmConnectionIamPolicyOutputArgs
- type LookupEkmConnectionIamPolicyResult
- type LookupEkmConnectionIamPolicyResultOutput
- func (LookupEkmConnectionIamPolicyResultOutput) ElementType() reflect.Type
- func (o LookupEkmConnectionIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o LookupEkmConnectionIamPolicyResultOutput) Id() pulumi.StringOutput
- func (o LookupEkmConnectionIamPolicyResultOutput) Location() pulumi.StringOutput
- func (o LookupEkmConnectionIamPolicyResultOutput) Name() pulumi.StringOutput
- func (o LookupEkmConnectionIamPolicyResultOutput) PolicyData() pulumi.StringOutput
- func (o LookupEkmConnectionIamPolicyResultOutput) Project() pulumi.StringOutput
- func (o LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutput() LookupEkmConnectionIamPolicyResultOutput
- func (o LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutputWithContext(ctx context.Context) LookupEkmConnectionIamPolicyResultOutput
- type SecretCiphertext
- type SecretCiphertextArgs
- type SecretCiphertextArray
- type SecretCiphertextArrayInput
- type SecretCiphertextArrayOutput
- func (SecretCiphertextArrayOutput) ElementType() reflect.Type
- func (o SecretCiphertextArrayOutput) Index(i pulumi.IntInput) SecretCiphertextOutput
- func (o SecretCiphertextArrayOutput) ToSecretCiphertextArrayOutput() SecretCiphertextArrayOutput
- func (o SecretCiphertextArrayOutput) ToSecretCiphertextArrayOutputWithContext(ctx context.Context) SecretCiphertextArrayOutput
- type SecretCiphertextInput
- type SecretCiphertextMap
- type SecretCiphertextMapInput
- type SecretCiphertextMapOutput
- func (SecretCiphertextMapOutput) ElementType() reflect.Type
- func (o SecretCiphertextMapOutput) MapIndex(k pulumi.StringInput) SecretCiphertextOutput
- func (o SecretCiphertextMapOutput) ToSecretCiphertextMapOutput() SecretCiphertextMapOutput
- func (o SecretCiphertextMapOutput) ToSecretCiphertextMapOutputWithContext(ctx context.Context) SecretCiphertextMapOutput
- type SecretCiphertextOutput
- func (o SecretCiphertextOutput) AdditionalAuthenticatedData() pulumi.StringPtrOutput
- func (o SecretCiphertextOutput) Ciphertext() pulumi.StringOutput
- func (o SecretCiphertextOutput) CryptoKey() pulumi.StringOutput
- func (SecretCiphertextOutput) ElementType() reflect.Type
- func (o SecretCiphertextOutput) Plaintext() pulumi.StringOutput
- func (o SecretCiphertextOutput) ToSecretCiphertextOutput() SecretCiphertextOutput
- func (o SecretCiphertextOutput) ToSecretCiphertextOutputWithContext(ctx context.Context) SecretCiphertextOutput
- type SecretCiphertextState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AutokeyConfig ¶
type AutokeyConfig struct { pulumi.CustomResourceState // The folder for which to retrieve config. // // *** Folder pulumi.StringOutput `pulumi:"folder"` // The target key project for a given folder where KMS Autokey will provision a // CryptoKey for any new KeyHandle the Developer creates. Should have the form // `projects/<project_id_or_number>`. KeyProject pulumi.StringPtrOutput `pulumi:"keyProject"` }
## Example Usage
### Kms Autokey Config All
```go package main
import (
"fmt" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects" "github.com/pulumi/pulumi-time/sdk/go/time" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { // Create Folder in GCP Organization autokmsFolder, err := organizations.NewFolder(ctx, "autokms_folder", &organizations.FolderArgs{ DisplayName: pulumi.String("my-folder"), Parent: pulumi.String("organizations/123456789"), DeletionProtection: pulumi.Bool(false), }) if err != nil { return err } // Create the key project keyProject, err := organizations.NewProject(ctx, "key_project", &organizations.ProjectArgs{ ProjectId: pulumi.String("key-proj"), Name: pulumi.String("key-proj"), FolderId: autokmsFolder.FolderId, BillingAccount: pulumi.String("000000-0000000-0000000-000000"), DeletionPolicy: pulumi.String("DELETE"), }, pulumi.DependsOn([]pulumi.Resource{ autokmsFolder, })) if err != nil { return err } // Enable the Cloud KMS API kmsApiService, err := projects.NewService(ctx, "kms_api_service", &projects.ServiceArgs{ Service: pulumi.String("cloudkms.googleapis.com"), Project: keyProject.ProjectId, DisableOnDestroy: pulumi.Bool(false), DisableDependentServices: pulumi.Bool(true), }, pulumi.DependsOn([]pulumi.Resource{ keyProject, })) if err != nil { return err } // Wait delay after enabling APIs waitEnableServiceApi, err := time.NewSleep(ctx, "wait_enable_service_api", &time.SleepArgs{ CreateDuration: "30s", }, pulumi.DependsOn([]pulumi.Resource{ kmsApiService, })) if err != nil { return err } // Create KMS Service Agent kmsServiceAgent, err := projects.NewServiceIdentity(ctx, "kms_service_agent", &projects.ServiceIdentityArgs{ Service: pulumi.String("cloudkms.googleapis.com"), Project: keyProject.Number, }, pulumi.DependsOn([]pulumi.Resource{ waitEnableServiceApi, })) if err != nil { return err } // Wait delay after creating service agent. waitServiceAgent, err := time.NewSleep(ctx, "wait_service_agent", &time.SleepArgs{ CreateDuration: "10s", }, pulumi.DependsOn([]pulumi.Resource{ kmsServiceAgent, })) if err != nil { return err } // Grant the KMS Service Agent the Cloud KMS Admin role autokeyProjectAdmin, err := projects.NewIAMMember(ctx, "autokey_project_admin", &projects.IAMMemberArgs{ Project: keyProject.ProjectId, Role: pulumi.String("roles/cloudkms.admin"), Member: keyProject.Number.ApplyT(func(number string) (string, error) { return fmt.Sprintf("serviceAccount:service-%v@gcp-sa-cloudkms.iam.gserviceaccount.com", number), nil }).(pulumi.StringOutput), }, pulumi.DependsOn([]pulumi.Resource{ waitServiceAgent, })) if err != nil { return err } // Wait delay after granting IAM permissions waitSrvAccPermissions, err := time.NewSleep(ctx, "wait_srv_acc_permissions", &time.SleepArgs{ CreateDuration: "10s", }, pulumi.DependsOn([]pulumi.Resource{ autokeyProjectAdmin, })) if err != nil { return err } _, err = kms.NewAutokeyConfig(ctx, "example-autokeyconfig", &kms.AutokeyConfigArgs{ Folder: autokmsFolder.ID(), KeyProject: keyProject.ProjectId.ApplyT(func(projectId string) (string, error) { return fmt.Sprintf("projects/%v", projectId), nil }).(pulumi.StringOutput), }, pulumi.DependsOn([]pulumi.Resource{ waitSrvAccPermissions, })) if err != nil { return err } // Wait delay after setting AutokeyConfig, to prevent diffs on reapply, // because setting the config takes a little to fully propagate. _, err = time.NewSleep(ctx, "wait_autokey_propagation", &time.SleepArgs{ CreateDuration: "30s", }, pulumi.DependsOn([]pulumi.Resource{ example_autokeyconfig, })) if err != nil { return err } return nil }) }
```
## Import
AutokeyConfig can be imported using any of these accepted formats:
* `folders/{{folder}}/autokeyConfig`
* `{{folder}}`
When using the `pulumi import` command, AutokeyConfig can be imported using one of the formats above. For example:
```sh $ pulumi import gcp:kms/autokeyConfig:AutokeyConfig default folders/{{folder}}/autokeyConfig ```
```sh $ pulumi import gcp:kms/autokeyConfig:AutokeyConfig default {{folder}} ```
func GetAutokeyConfig ¶
func GetAutokeyConfig(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AutokeyConfigState, opts ...pulumi.ResourceOption) (*AutokeyConfig, error)
GetAutokeyConfig gets an existing AutokeyConfig resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAutokeyConfig ¶
func NewAutokeyConfig(ctx *pulumi.Context, name string, args *AutokeyConfigArgs, opts ...pulumi.ResourceOption) (*AutokeyConfig, error)
NewAutokeyConfig registers a new resource with the given unique name, arguments, and options.
func (*AutokeyConfig) ElementType ¶
func (*AutokeyConfig) ElementType() reflect.Type
func (*AutokeyConfig) ToAutokeyConfigOutput ¶
func (i *AutokeyConfig) ToAutokeyConfigOutput() AutokeyConfigOutput
func (*AutokeyConfig) ToAutokeyConfigOutputWithContext ¶
func (i *AutokeyConfig) ToAutokeyConfigOutputWithContext(ctx context.Context) AutokeyConfigOutput
type AutokeyConfigArgs ¶
type AutokeyConfigArgs struct { // The folder for which to retrieve config. // // *** Folder pulumi.StringInput // The target key project for a given folder where KMS Autokey will provision a // CryptoKey for any new KeyHandle the Developer creates. Should have the form // `projects/<project_id_or_number>`. KeyProject pulumi.StringPtrInput }
The set of arguments for constructing a AutokeyConfig resource.
func (AutokeyConfigArgs) ElementType ¶
func (AutokeyConfigArgs) ElementType() reflect.Type
type AutokeyConfigArray ¶
type AutokeyConfigArray []AutokeyConfigInput
func (AutokeyConfigArray) ElementType ¶
func (AutokeyConfigArray) ElementType() reflect.Type
func (AutokeyConfigArray) ToAutokeyConfigArrayOutput ¶
func (i AutokeyConfigArray) ToAutokeyConfigArrayOutput() AutokeyConfigArrayOutput
func (AutokeyConfigArray) ToAutokeyConfigArrayOutputWithContext ¶
func (i AutokeyConfigArray) ToAutokeyConfigArrayOutputWithContext(ctx context.Context) AutokeyConfigArrayOutput
type AutokeyConfigArrayInput ¶
type AutokeyConfigArrayInput interface { pulumi.Input ToAutokeyConfigArrayOutput() AutokeyConfigArrayOutput ToAutokeyConfigArrayOutputWithContext(context.Context) AutokeyConfigArrayOutput }
AutokeyConfigArrayInput is an input type that accepts AutokeyConfigArray and AutokeyConfigArrayOutput values. You can construct a concrete instance of `AutokeyConfigArrayInput` via:
AutokeyConfigArray{ AutokeyConfigArgs{...} }
type AutokeyConfigArrayOutput ¶
type AutokeyConfigArrayOutput struct{ *pulumi.OutputState }
func (AutokeyConfigArrayOutput) ElementType ¶
func (AutokeyConfigArrayOutput) ElementType() reflect.Type
func (AutokeyConfigArrayOutput) Index ¶
func (o AutokeyConfigArrayOutput) Index(i pulumi.IntInput) AutokeyConfigOutput
func (AutokeyConfigArrayOutput) ToAutokeyConfigArrayOutput ¶
func (o AutokeyConfigArrayOutput) ToAutokeyConfigArrayOutput() AutokeyConfigArrayOutput
func (AutokeyConfigArrayOutput) ToAutokeyConfigArrayOutputWithContext ¶
func (o AutokeyConfigArrayOutput) ToAutokeyConfigArrayOutputWithContext(ctx context.Context) AutokeyConfigArrayOutput
type AutokeyConfigInput ¶
type AutokeyConfigInput interface { pulumi.Input ToAutokeyConfigOutput() AutokeyConfigOutput ToAutokeyConfigOutputWithContext(ctx context.Context) AutokeyConfigOutput }
type AutokeyConfigMap ¶
type AutokeyConfigMap map[string]AutokeyConfigInput
func (AutokeyConfigMap) ElementType ¶
func (AutokeyConfigMap) ElementType() reflect.Type
func (AutokeyConfigMap) ToAutokeyConfigMapOutput ¶
func (i AutokeyConfigMap) ToAutokeyConfigMapOutput() AutokeyConfigMapOutput
func (AutokeyConfigMap) ToAutokeyConfigMapOutputWithContext ¶
func (i AutokeyConfigMap) ToAutokeyConfigMapOutputWithContext(ctx context.Context) AutokeyConfigMapOutput
type AutokeyConfigMapInput ¶
type AutokeyConfigMapInput interface { pulumi.Input ToAutokeyConfigMapOutput() AutokeyConfigMapOutput ToAutokeyConfigMapOutputWithContext(context.Context) AutokeyConfigMapOutput }
AutokeyConfigMapInput is an input type that accepts AutokeyConfigMap and AutokeyConfigMapOutput values. You can construct a concrete instance of `AutokeyConfigMapInput` via:
AutokeyConfigMap{ "key": AutokeyConfigArgs{...} }
type AutokeyConfigMapOutput ¶
type AutokeyConfigMapOutput struct{ *pulumi.OutputState }
func (AutokeyConfigMapOutput) ElementType ¶
func (AutokeyConfigMapOutput) ElementType() reflect.Type
func (AutokeyConfigMapOutput) MapIndex ¶
func (o AutokeyConfigMapOutput) MapIndex(k pulumi.StringInput) AutokeyConfigOutput
func (AutokeyConfigMapOutput) ToAutokeyConfigMapOutput ¶
func (o AutokeyConfigMapOutput) ToAutokeyConfigMapOutput() AutokeyConfigMapOutput
func (AutokeyConfigMapOutput) ToAutokeyConfigMapOutputWithContext ¶
func (o AutokeyConfigMapOutput) ToAutokeyConfigMapOutputWithContext(ctx context.Context) AutokeyConfigMapOutput
type AutokeyConfigOutput ¶
type AutokeyConfigOutput struct{ *pulumi.OutputState }
func (AutokeyConfigOutput) ElementType ¶
func (AutokeyConfigOutput) ElementType() reflect.Type
func (AutokeyConfigOutput) Folder ¶
func (o AutokeyConfigOutput) Folder() pulumi.StringOutput
The folder for which to retrieve config.
***
func (AutokeyConfigOutput) KeyProject ¶
func (o AutokeyConfigOutput) KeyProject() pulumi.StringPtrOutput
The target key project for a given folder where KMS Autokey will provision a CryptoKey for any new KeyHandle the Developer creates. Should have the form `projects/<project_id_or_number>`.
func (AutokeyConfigOutput) ToAutokeyConfigOutput ¶
func (o AutokeyConfigOutput) ToAutokeyConfigOutput() AutokeyConfigOutput
func (AutokeyConfigOutput) ToAutokeyConfigOutputWithContext ¶
func (o AutokeyConfigOutput) ToAutokeyConfigOutputWithContext(ctx context.Context) AutokeyConfigOutput
type AutokeyConfigState ¶
type AutokeyConfigState struct { // The folder for which to retrieve config. // // *** Folder pulumi.StringPtrInput // The target key project for a given folder where KMS Autokey will provision a // CryptoKey for any new KeyHandle the Developer creates. Should have the form // `projects/<project_id_or_number>`. KeyProject pulumi.StringPtrInput }
func (AutokeyConfigState) ElementType ¶
func (AutokeyConfigState) ElementType() reflect.Type
type CryptoKey ¶
type CryptoKey struct { pulumi.CustomResourceState // The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. // The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys. CryptoKeyBackend pulumi.StringOutput `pulumi:"cryptoKeyBackend"` // The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. // If not specified at creation time, the default duration is 30 days. DestroyScheduledDuration pulumi.StringOutput `pulumi:"destroyScheduledDuration"` // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. EffectiveLabels pulumi.StringMapOutput `pulumi:"effectiveLabels"` // Whether this key may contain imported versions only. ImportOnly pulumi.BoolOutput `pulumi:"importOnly"` // The policy used for Key Access Justifications Policy Enforcement. If this // field is present and this key is enrolled in Key Access Justifications // Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and // sign operations, and the operation will fail if rejected by the policy. The // policy is defined by specifying zero or more allowed justification codes. // https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes // By default, this field is absent, and all justification codes are allowed. // This field is currently in beta and is subject to change. // Structure is documented below. KeyAccessJustificationsPolicy CryptoKeyKeyAccessJustificationsPolicyOutput `pulumi:"keyAccessJustificationsPolicy"` // The KeyRing that this key belongs to. // Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`. // // *** KeyRing pulumi.StringOutput `pulumi:"keyRing"` // Labels with user-defined metadata to apply to this resource. // // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. // Please refer to the field `effectiveLabels` for all of the labels present on the resource. Labels pulumi.StringMapOutput `pulumi:"labels"` // The resource name for the CryptoKey. Name pulumi.StringOutput `pulumi:"name"` // A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. // Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset. // Structure is documented below. Primaries CryptoKeyPrimaryArrayOutput `pulumi:"primaries"` // The combination of labels configured directly on the resource // and default labels configured on the provider. PulumiLabels pulumi.StringMapOutput `pulumi:"pulumiLabels"` // The immutable purpose of this CryptoKey. See the // [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) // for possible inputs. // Default value is "ENCRYPT_DECRYPT". Purpose pulumi.StringPtrOutput `pulumi:"purpose"` // Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. // The first rotation will take place after the specified period. The rotation period has // the format of a decimal number with up to 9 fractional digits, followed by the // letter `s` (seconds). It must be greater than a day (ie, 86400). RotationPeriod pulumi.StringPtrOutput `pulumi:"rotationPeriod"` // If set to true, the request will create a CryptoKey without any CryptoKeyVersions. // You must use the `kms.CryptoKeyVersion` resource to create a new CryptoKeyVersion // or `kms.KeyRingImportJob` resource to import the CryptoKeyVersion. SkipInitialVersionCreation pulumi.BoolPtrOutput `pulumi:"skipInitialVersionCreation"` // A template describing settings for new crypto key versions. // Structure is documented below. VersionTemplate CryptoKeyVersionTemplateOutput `pulumi:"versionTemplate"` }
A `CryptoKey` represents a logical key that can be used for cryptographic operations.
> **Note:** CryptoKeys cannot be deleted from Google Cloud Platform. Destroying a provider-managed CryptoKey will remove it from state and delete all CryptoKeyVersions, rendering the key unusable, but *will not delete the resource from the project.* When the provider destroys these keys, any data previously encrypted with these keys will be irrecoverable. For this reason, it is strongly recommended that you use Pulumi's [protect resource option](https://www.pulumi.com/docs/concepts/options/protect/).
To get more information about CryptoKey, see:
* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys) * How-to Guides
- [Creating a key](https://cloud.google.com/kms/docs/creating-keys#create_a_key)
## Example Usage
### Kms Crypto Key Basic
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } _, err = kms.NewCryptoKey(ctx, "example-key", &kms.CryptoKeyArgs{ Name: pulumi.String("crypto-key-example"), KeyRing: keyring.ID(), RotationPeriod: pulumi.String("7776000s"), }) if err != nil { return err } return nil }) }
``` ### Kms Crypto Key Asymmetric Sign
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } _, err = kms.NewCryptoKey(ctx, "example-asymmetric-sign-key", &kms.CryptoKeyArgs{ Name: pulumi.String("crypto-key-example"), KeyRing: keyring.ID(), Purpose: pulumi.String("ASYMMETRIC_SIGN"), VersionTemplate: &kms.CryptoKeyVersionTemplateArgs{ Algorithm: pulumi.String("EC_SIGN_P384_SHA384"), }, }) if err != nil { return err } return nil }) }
```
## Import
CryptoKey can be imported using any of these accepted formats:
* `{{key_ring}}/cryptoKeys/{{name}}`
* `{{key_ring}}/{{name}}`
When using the `pulumi import` command, CryptoKey can be imported using one of the formats above. For example:
```sh $ pulumi import gcp:kms/cryptoKey:CryptoKey default {{key_ring}}/cryptoKeys/{{name}} ```
```sh $ pulumi import gcp:kms/cryptoKey:CryptoKey default {{key_ring}}/{{name}} ```
func GetCryptoKey ¶
func GetCryptoKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *CryptoKeyState, opts ...pulumi.ResourceOption) (*CryptoKey, error)
GetCryptoKey gets an existing CryptoKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewCryptoKey ¶
func NewCryptoKey(ctx *pulumi.Context, name string, args *CryptoKeyArgs, opts ...pulumi.ResourceOption) (*CryptoKey, error)
NewCryptoKey registers a new resource with the given unique name, arguments, and options.
func (*CryptoKey) ElementType ¶
func (*CryptoKey) ToCryptoKeyOutput ¶
func (i *CryptoKey) ToCryptoKeyOutput() CryptoKeyOutput
func (*CryptoKey) ToCryptoKeyOutputWithContext ¶
func (i *CryptoKey) ToCryptoKeyOutputWithContext(ctx context.Context) CryptoKeyOutput
type CryptoKeyArgs ¶
type CryptoKeyArgs struct { // The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. // The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys. CryptoKeyBackend pulumi.StringPtrInput // The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. // If not specified at creation time, the default duration is 30 days. DestroyScheduledDuration pulumi.StringPtrInput // Whether this key may contain imported versions only. ImportOnly pulumi.BoolPtrInput // The policy used for Key Access Justifications Policy Enforcement. If this // field is present and this key is enrolled in Key Access Justifications // Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and // sign operations, and the operation will fail if rejected by the policy. The // policy is defined by specifying zero or more allowed justification codes. // https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes // By default, this field is absent, and all justification codes are allowed. // This field is currently in beta and is subject to change. // Structure is documented below. KeyAccessJustificationsPolicy CryptoKeyKeyAccessJustificationsPolicyPtrInput // The KeyRing that this key belongs to. // Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`. // // *** KeyRing pulumi.StringInput // Labels with user-defined metadata to apply to this resource. // // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. // Please refer to the field `effectiveLabels` for all of the labels present on the resource. Labels pulumi.StringMapInput // The resource name for the CryptoKey. Name pulumi.StringPtrInput // The immutable purpose of this CryptoKey. See the // [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) // for possible inputs. // Default value is "ENCRYPT_DECRYPT". Purpose pulumi.StringPtrInput // Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. // The first rotation will take place after the specified period. The rotation period has // the format of a decimal number with up to 9 fractional digits, followed by the // letter `s` (seconds). It must be greater than a day (ie, 86400). RotationPeriod pulumi.StringPtrInput // If set to true, the request will create a CryptoKey without any CryptoKeyVersions. // You must use the `kms.CryptoKeyVersion` resource to create a new CryptoKeyVersion // or `kms.KeyRingImportJob` resource to import the CryptoKeyVersion. SkipInitialVersionCreation pulumi.BoolPtrInput // A template describing settings for new crypto key versions. // Structure is documented below. VersionTemplate CryptoKeyVersionTemplatePtrInput }
The set of arguments for constructing a CryptoKey resource.
func (CryptoKeyArgs) ElementType ¶
func (CryptoKeyArgs) ElementType() reflect.Type
type CryptoKeyArray ¶
type CryptoKeyArray []CryptoKeyInput
func (CryptoKeyArray) ElementType ¶
func (CryptoKeyArray) ElementType() reflect.Type
func (CryptoKeyArray) ToCryptoKeyArrayOutput ¶
func (i CryptoKeyArray) ToCryptoKeyArrayOutput() CryptoKeyArrayOutput
func (CryptoKeyArray) ToCryptoKeyArrayOutputWithContext ¶
func (i CryptoKeyArray) ToCryptoKeyArrayOutputWithContext(ctx context.Context) CryptoKeyArrayOutput
type CryptoKeyArrayInput ¶
type CryptoKeyArrayInput interface { pulumi.Input ToCryptoKeyArrayOutput() CryptoKeyArrayOutput ToCryptoKeyArrayOutputWithContext(context.Context) CryptoKeyArrayOutput }
CryptoKeyArrayInput is an input type that accepts CryptoKeyArray and CryptoKeyArrayOutput values. You can construct a concrete instance of `CryptoKeyArrayInput` via:
CryptoKeyArray{ CryptoKeyArgs{...} }
type CryptoKeyArrayOutput ¶
type CryptoKeyArrayOutput struct{ *pulumi.OutputState }
func (CryptoKeyArrayOutput) ElementType ¶
func (CryptoKeyArrayOutput) ElementType() reflect.Type
func (CryptoKeyArrayOutput) Index ¶
func (o CryptoKeyArrayOutput) Index(i pulumi.IntInput) CryptoKeyOutput
func (CryptoKeyArrayOutput) ToCryptoKeyArrayOutput ¶
func (o CryptoKeyArrayOutput) ToCryptoKeyArrayOutput() CryptoKeyArrayOutput
func (CryptoKeyArrayOutput) ToCryptoKeyArrayOutputWithContext ¶
func (o CryptoKeyArrayOutput) ToCryptoKeyArrayOutputWithContext(ctx context.Context) CryptoKeyArrayOutput
type CryptoKeyIAMBinding ¶
type CryptoKeyIAMBinding struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition CryptoKeyIAMBindingConditionPtrOutput `pulumi:"condition"` // The crypto key ID, in the form // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"` // (Computed) The etag of the project's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:
* `kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached. * `kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved. * `kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.
> **Note:** `kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `kms.CryptoKeyIAMBinding` and `kms.CryptoKeyIAMMember` or they will fight over what your policy should be.
> **Note:** `kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } key, err := kms.NewCryptoKey(ctx, "key", &kms.CryptoKeyArgs{ Name: pulumi.String("crypto-key-example"), KeyRing: keyring.ID(), RotationPeriod: pulumi.String("7776000s"), }) if err != nil { return err } admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/cloudkms.cryptoKeyEncrypter", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewCryptoKeyIAMPolicy(ctx, "crypto_key", &kms.CryptoKeyIAMPolicyArgs{ CryptoKeyId: key.ID(), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/cloudkms.cryptoKeyEncrypter", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } return nil }) }
```
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{ CryptoKeyId: pulumi.Any(key.Id), Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{ CryptoKeyId: pulumi.Any(key.Id), Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.CryptoKeyIAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{ CryptoKeyId: pulumi.Any(key.Id), Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{ CryptoKeyId: pulumi.Any(key.Id), Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.CryptoKeyIAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
### Importing IAM policies
IAM policy imports use the identifier of the KMS crypto key only. For example:
* `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`
An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:
tf
import {
id = "{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}" to = google_kms_crypto_key_iam_policy.default
}
The `pulumi import` command can also be used:
```sh $ pulumi import gcp:kms/cryptoKeyIAMBinding:CryptoKeyIAMBinding default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}} ```
func GetCryptoKeyIAMBinding ¶
func GetCryptoKeyIAMBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *CryptoKeyIAMBindingState, opts ...pulumi.ResourceOption) (*CryptoKeyIAMBinding, error)
GetCryptoKeyIAMBinding gets an existing CryptoKeyIAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewCryptoKeyIAMBinding ¶
func NewCryptoKeyIAMBinding(ctx *pulumi.Context, name string, args *CryptoKeyIAMBindingArgs, opts ...pulumi.ResourceOption) (*CryptoKeyIAMBinding, error)
NewCryptoKeyIAMBinding registers a new resource with the given unique name, arguments, and options.
func (*CryptoKeyIAMBinding) ElementType ¶
func (*CryptoKeyIAMBinding) ElementType() reflect.Type
func (*CryptoKeyIAMBinding) ToCryptoKeyIAMBindingOutput ¶
func (i *CryptoKeyIAMBinding) ToCryptoKeyIAMBindingOutput() CryptoKeyIAMBindingOutput
func (*CryptoKeyIAMBinding) ToCryptoKeyIAMBindingOutputWithContext ¶
func (i *CryptoKeyIAMBinding) ToCryptoKeyIAMBindingOutputWithContext(ctx context.Context) CryptoKeyIAMBindingOutput
type CryptoKeyIAMBindingArgs ¶
type CryptoKeyIAMBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition CryptoKeyIAMBindingConditionPtrInput // The crypto key ID, in the form // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. CryptoKeyId pulumi.StringInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayInput // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a CryptoKeyIAMBinding resource.
func (CryptoKeyIAMBindingArgs) ElementType ¶
func (CryptoKeyIAMBindingArgs) ElementType() reflect.Type
type CryptoKeyIAMBindingArray ¶
type CryptoKeyIAMBindingArray []CryptoKeyIAMBindingInput
func (CryptoKeyIAMBindingArray) ElementType ¶
func (CryptoKeyIAMBindingArray) ElementType() reflect.Type
func (CryptoKeyIAMBindingArray) ToCryptoKeyIAMBindingArrayOutput ¶
func (i CryptoKeyIAMBindingArray) ToCryptoKeyIAMBindingArrayOutput() CryptoKeyIAMBindingArrayOutput
func (CryptoKeyIAMBindingArray) ToCryptoKeyIAMBindingArrayOutputWithContext ¶
func (i CryptoKeyIAMBindingArray) ToCryptoKeyIAMBindingArrayOutputWithContext(ctx context.Context) CryptoKeyIAMBindingArrayOutput
type CryptoKeyIAMBindingArrayInput ¶
type CryptoKeyIAMBindingArrayInput interface { pulumi.Input ToCryptoKeyIAMBindingArrayOutput() CryptoKeyIAMBindingArrayOutput ToCryptoKeyIAMBindingArrayOutputWithContext(context.Context) CryptoKeyIAMBindingArrayOutput }
CryptoKeyIAMBindingArrayInput is an input type that accepts CryptoKeyIAMBindingArray and CryptoKeyIAMBindingArrayOutput values. You can construct a concrete instance of `CryptoKeyIAMBindingArrayInput` via:
CryptoKeyIAMBindingArray{ CryptoKeyIAMBindingArgs{...} }
type CryptoKeyIAMBindingArrayOutput ¶
type CryptoKeyIAMBindingArrayOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMBindingArrayOutput) ElementType ¶
func (CryptoKeyIAMBindingArrayOutput) ElementType() reflect.Type
func (CryptoKeyIAMBindingArrayOutput) Index ¶
func (o CryptoKeyIAMBindingArrayOutput) Index(i pulumi.IntInput) CryptoKeyIAMBindingOutput
func (CryptoKeyIAMBindingArrayOutput) ToCryptoKeyIAMBindingArrayOutput ¶
func (o CryptoKeyIAMBindingArrayOutput) ToCryptoKeyIAMBindingArrayOutput() CryptoKeyIAMBindingArrayOutput
func (CryptoKeyIAMBindingArrayOutput) ToCryptoKeyIAMBindingArrayOutputWithContext ¶
func (o CryptoKeyIAMBindingArrayOutput) ToCryptoKeyIAMBindingArrayOutputWithContext(ctx context.Context) CryptoKeyIAMBindingArrayOutput
type CryptoKeyIAMBindingCondition ¶
type CryptoKeyIAMBindingCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type CryptoKeyIAMBindingConditionArgs ¶
type CryptoKeyIAMBindingConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (CryptoKeyIAMBindingConditionArgs) ElementType ¶
func (CryptoKeyIAMBindingConditionArgs) ElementType() reflect.Type
func (CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionOutput ¶
func (i CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionOutput() CryptoKeyIAMBindingConditionOutput
func (CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionOutputWithContext ¶
func (i CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionOutput
func (CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionPtrOutput ¶
func (i CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionPtrOutput() CryptoKeyIAMBindingConditionPtrOutput
func (CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionPtrOutputWithContext ¶
func (i CryptoKeyIAMBindingConditionArgs) ToCryptoKeyIAMBindingConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionPtrOutput
type CryptoKeyIAMBindingConditionInput ¶
type CryptoKeyIAMBindingConditionInput interface { pulumi.Input ToCryptoKeyIAMBindingConditionOutput() CryptoKeyIAMBindingConditionOutput ToCryptoKeyIAMBindingConditionOutputWithContext(context.Context) CryptoKeyIAMBindingConditionOutput }
CryptoKeyIAMBindingConditionInput is an input type that accepts CryptoKeyIAMBindingConditionArgs and CryptoKeyIAMBindingConditionOutput values. You can construct a concrete instance of `CryptoKeyIAMBindingConditionInput` via:
CryptoKeyIAMBindingConditionArgs{...}
type CryptoKeyIAMBindingConditionOutput ¶
type CryptoKeyIAMBindingConditionOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMBindingConditionOutput) Description ¶
func (o CryptoKeyIAMBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (CryptoKeyIAMBindingConditionOutput) ElementType ¶
func (CryptoKeyIAMBindingConditionOutput) ElementType() reflect.Type
func (CryptoKeyIAMBindingConditionOutput) Expression ¶
func (o CryptoKeyIAMBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (CryptoKeyIAMBindingConditionOutput) Title ¶
func (o CryptoKeyIAMBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionOutput ¶
func (o CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionOutput() CryptoKeyIAMBindingConditionOutput
func (CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionOutputWithContext ¶
func (o CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionOutput
func (CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionPtrOutput ¶
func (o CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionPtrOutput() CryptoKeyIAMBindingConditionPtrOutput
func (CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionPtrOutputWithContext ¶
func (o CryptoKeyIAMBindingConditionOutput) ToCryptoKeyIAMBindingConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionPtrOutput
type CryptoKeyIAMBindingConditionPtrInput ¶
type CryptoKeyIAMBindingConditionPtrInput interface { pulumi.Input ToCryptoKeyIAMBindingConditionPtrOutput() CryptoKeyIAMBindingConditionPtrOutput ToCryptoKeyIAMBindingConditionPtrOutputWithContext(context.Context) CryptoKeyIAMBindingConditionPtrOutput }
CryptoKeyIAMBindingConditionPtrInput is an input type that accepts CryptoKeyIAMBindingConditionArgs, CryptoKeyIAMBindingConditionPtr and CryptoKeyIAMBindingConditionPtrOutput values. You can construct a concrete instance of `CryptoKeyIAMBindingConditionPtrInput` via:
CryptoKeyIAMBindingConditionArgs{...} or: nil
func CryptoKeyIAMBindingConditionPtr ¶
func CryptoKeyIAMBindingConditionPtr(v *CryptoKeyIAMBindingConditionArgs) CryptoKeyIAMBindingConditionPtrInput
type CryptoKeyIAMBindingConditionPtrOutput ¶
type CryptoKeyIAMBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMBindingConditionPtrOutput) Description ¶
func (o CryptoKeyIAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (CryptoKeyIAMBindingConditionPtrOutput) ElementType ¶
func (CryptoKeyIAMBindingConditionPtrOutput) ElementType() reflect.Type
func (CryptoKeyIAMBindingConditionPtrOutput) Expression ¶
func (o CryptoKeyIAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (CryptoKeyIAMBindingConditionPtrOutput) Title ¶
func (o CryptoKeyIAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (CryptoKeyIAMBindingConditionPtrOutput) ToCryptoKeyIAMBindingConditionPtrOutput ¶
func (o CryptoKeyIAMBindingConditionPtrOutput) ToCryptoKeyIAMBindingConditionPtrOutput() CryptoKeyIAMBindingConditionPtrOutput
func (CryptoKeyIAMBindingConditionPtrOutput) ToCryptoKeyIAMBindingConditionPtrOutputWithContext ¶
func (o CryptoKeyIAMBindingConditionPtrOutput) ToCryptoKeyIAMBindingConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMBindingConditionPtrOutput
type CryptoKeyIAMBindingInput ¶
type CryptoKeyIAMBindingInput interface { pulumi.Input ToCryptoKeyIAMBindingOutput() CryptoKeyIAMBindingOutput ToCryptoKeyIAMBindingOutputWithContext(ctx context.Context) CryptoKeyIAMBindingOutput }
type CryptoKeyIAMBindingMap ¶
type CryptoKeyIAMBindingMap map[string]CryptoKeyIAMBindingInput
func (CryptoKeyIAMBindingMap) ElementType ¶
func (CryptoKeyIAMBindingMap) ElementType() reflect.Type
func (CryptoKeyIAMBindingMap) ToCryptoKeyIAMBindingMapOutput ¶
func (i CryptoKeyIAMBindingMap) ToCryptoKeyIAMBindingMapOutput() CryptoKeyIAMBindingMapOutput
func (CryptoKeyIAMBindingMap) ToCryptoKeyIAMBindingMapOutputWithContext ¶
func (i CryptoKeyIAMBindingMap) ToCryptoKeyIAMBindingMapOutputWithContext(ctx context.Context) CryptoKeyIAMBindingMapOutput
type CryptoKeyIAMBindingMapInput ¶
type CryptoKeyIAMBindingMapInput interface { pulumi.Input ToCryptoKeyIAMBindingMapOutput() CryptoKeyIAMBindingMapOutput ToCryptoKeyIAMBindingMapOutputWithContext(context.Context) CryptoKeyIAMBindingMapOutput }
CryptoKeyIAMBindingMapInput is an input type that accepts CryptoKeyIAMBindingMap and CryptoKeyIAMBindingMapOutput values. You can construct a concrete instance of `CryptoKeyIAMBindingMapInput` via:
CryptoKeyIAMBindingMap{ "key": CryptoKeyIAMBindingArgs{...} }
type CryptoKeyIAMBindingMapOutput ¶
type CryptoKeyIAMBindingMapOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMBindingMapOutput) ElementType ¶
func (CryptoKeyIAMBindingMapOutput) ElementType() reflect.Type
func (CryptoKeyIAMBindingMapOutput) MapIndex ¶
func (o CryptoKeyIAMBindingMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyIAMBindingOutput
func (CryptoKeyIAMBindingMapOutput) ToCryptoKeyIAMBindingMapOutput ¶
func (o CryptoKeyIAMBindingMapOutput) ToCryptoKeyIAMBindingMapOutput() CryptoKeyIAMBindingMapOutput
func (CryptoKeyIAMBindingMapOutput) ToCryptoKeyIAMBindingMapOutputWithContext ¶
func (o CryptoKeyIAMBindingMapOutput) ToCryptoKeyIAMBindingMapOutputWithContext(ctx context.Context) CryptoKeyIAMBindingMapOutput
type CryptoKeyIAMBindingOutput ¶
type CryptoKeyIAMBindingOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMBindingOutput) Condition ¶
func (o CryptoKeyIAMBindingOutput) Condition() CryptoKeyIAMBindingConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (CryptoKeyIAMBindingOutput) CryptoKeyId ¶
func (o CryptoKeyIAMBindingOutput) CryptoKeyId() pulumi.StringOutput
The crypto key ID, in the form `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback.
func (CryptoKeyIAMBindingOutput) ElementType ¶
func (CryptoKeyIAMBindingOutput) ElementType() reflect.Type
func (CryptoKeyIAMBindingOutput) Etag ¶
func (o CryptoKeyIAMBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the project's IAM policy.
func (CryptoKeyIAMBindingOutput) Members ¶
func (o CryptoKeyIAMBindingOutput) Members() pulumi.StringArrayOutput
Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
func (CryptoKeyIAMBindingOutput) Role ¶
func (o CryptoKeyIAMBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (CryptoKeyIAMBindingOutput) ToCryptoKeyIAMBindingOutput ¶
func (o CryptoKeyIAMBindingOutput) ToCryptoKeyIAMBindingOutput() CryptoKeyIAMBindingOutput
func (CryptoKeyIAMBindingOutput) ToCryptoKeyIAMBindingOutputWithContext ¶
func (o CryptoKeyIAMBindingOutput) ToCryptoKeyIAMBindingOutputWithContext(ctx context.Context) CryptoKeyIAMBindingOutput
type CryptoKeyIAMBindingState ¶
type CryptoKeyIAMBindingState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition CryptoKeyIAMBindingConditionPtrInput // The crypto key ID, in the form // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. CryptoKeyId pulumi.StringPtrInput // (Computed) The etag of the project's IAM policy. Etag pulumi.StringPtrInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayInput // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (CryptoKeyIAMBindingState) ElementType ¶
func (CryptoKeyIAMBindingState) ElementType() reflect.Type
type CryptoKeyIAMMember ¶
type CryptoKeyIAMMember struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition CryptoKeyIAMMemberConditionPtrOutput `pulumi:"condition"` // The crypto key ID, in the form // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"` // (Computed) The etag of the project's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:
* `kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached. * `kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved. * `kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.
> **Note:** `kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `kms.CryptoKeyIAMBinding` and `kms.CryptoKeyIAMMember` or they will fight over what your policy should be.
> **Note:** `kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } key, err := kms.NewCryptoKey(ctx, "key", &kms.CryptoKeyArgs{ Name: pulumi.String("crypto-key-example"), KeyRing: keyring.ID(), RotationPeriod: pulumi.String("7776000s"), }) if err != nil { return err } admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/cloudkms.cryptoKeyEncrypter", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewCryptoKeyIAMPolicy(ctx, "crypto_key", &kms.CryptoKeyIAMPolicyArgs{ CryptoKeyId: key.ID(), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/cloudkms.cryptoKeyEncrypter", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } return nil }) }
```
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{ CryptoKeyId: pulumi.Any(key.Id), Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{ CryptoKeyId: pulumi.Any(key.Id), Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.CryptoKeyIAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{ CryptoKeyId: pulumi.Any(key.Id), Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{ CryptoKeyId: pulumi.Any(key.Id), Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.CryptoKeyIAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
### Importing IAM policies
IAM policy imports use the identifier of the KMS crypto key only. For example:
* `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`
An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:
tf
import {
id = "{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}" to = google_kms_crypto_key_iam_policy.default
}
The `pulumi import` command can also be used:
```sh $ pulumi import gcp:kms/cryptoKeyIAMMember:CryptoKeyIAMMember default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}} ```
func GetCryptoKeyIAMMember ¶
func GetCryptoKeyIAMMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *CryptoKeyIAMMemberState, opts ...pulumi.ResourceOption) (*CryptoKeyIAMMember, error)
GetCryptoKeyIAMMember gets an existing CryptoKeyIAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewCryptoKeyIAMMember ¶
func NewCryptoKeyIAMMember(ctx *pulumi.Context, name string, args *CryptoKeyIAMMemberArgs, opts ...pulumi.ResourceOption) (*CryptoKeyIAMMember, error)
NewCryptoKeyIAMMember registers a new resource with the given unique name, arguments, and options.
func (*CryptoKeyIAMMember) ElementType ¶
func (*CryptoKeyIAMMember) ElementType() reflect.Type
func (*CryptoKeyIAMMember) ToCryptoKeyIAMMemberOutput ¶
func (i *CryptoKeyIAMMember) ToCryptoKeyIAMMemberOutput() CryptoKeyIAMMemberOutput
func (*CryptoKeyIAMMember) ToCryptoKeyIAMMemberOutputWithContext ¶
func (i *CryptoKeyIAMMember) ToCryptoKeyIAMMemberOutputWithContext(ctx context.Context) CryptoKeyIAMMemberOutput
type CryptoKeyIAMMemberArgs ¶
type CryptoKeyIAMMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition CryptoKeyIAMMemberConditionPtrInput // The crypto key ID, in the form // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. CryptoKeyId pulumi.StringInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringInput // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a CryptoKeyIAMMember resource.
func (CryptoKeyIAMMemberArgs) ElementType ¶
func (CryptoKeyIAMMemberArgs) ElementType() reflect.Type
type CryptoKeyIAMMemberArray ¶
type CryptoKeyIAMMemberArray []CryptoKeyIAMMemberInput
func (CryptoKeyIAMMemberArray) ElementType ¶
func (CryptoKeyIAMMemberArray) ElementType() reflect.Type
func (CryptoKeyIAMMemberArray) ToCryptoKeyIAMMemberArrayOutput ¶
func (i CryptoKeyIAMMemberArray) ToCryptoKeyIAMMemberArrayOutput() CryptoKeyIAMMemberArrayOutput
func (CryptoKeyIAMMemberArray) ToCryptoKeyIAMMemberArrayOutputWithContext ¶
func (i CryptoKeyIAMMemberArray) ToCryptoKeyIAMMemberArrayOutputWithContext(ctx context.Context) CryptoKeyIAMMemberArrayOutput
type CryptoKeyIAMMemberArrayInput ¶
type CryptoKeyIAMMemberArrayInput interface { pulumi.Input ToCryptoKeyIAMMemberArrayOutput() CryptoKeyIAMMemberArrayOutput ToCryptoKeyIAMMemberArrayOutputWithContext(context.Context) CryptoKeyIAMMemberArrayOutput }
CryptoKeyIAMMemberArrayInput is an input type that accepts CryptoKeyIAMMemberArray and CryptoKeyIAMMemberArrayOutput values. You can construct a concrete instance of `CryptoKeyIAMMemberArrayInput` via:
CryptoKeyIAMMemberArray{ CryptoKeyIAMMemberArgs{...} }
type CryptoKeyIAMMemberArrayOutput ¶
type CryptoKeyIAMMemberArrayOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMMemberArrayOutput) ElementType ¶
func (CryptoKeyIAMMemberArrayOutput) ElementType() reflect.Type
func (CryptoKeyIAMMemberArrayOutput) Index ¶
func (o CryptoKeyIAMMemberArrayOutput) Index(i pulumi.IntInput) CryptoKeyIAMMemberOutput
func (CryptoKeyIAMMemberArrayOutput) ToCryptoKeyIAMMemberArrayOutput ¶
func (o CryptoKeyIAMMemberArrayOutput) ToCryptoKeyIAMMemberArrayOutput() CryptoKeyIAMMemberArrayOutput
func (CryptoKeyIAMMemberArrayOutput) ToCryptoKeyIAMMemberArrayOutputWithContext ¶
func (o CryptoKeyIAMMemberArrayOutput) ToCryptoKeyIAMMemberArrayOutputWithContext(ctx context.Context) CryptoKeyIAMMemberArrayOutput
type CryptoKeyIAMMemberCondition ¶
type CryptoKeyIAMMemberCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type CryptoKeyIAMMemberConditionArgs ¶
type CryptoKeyIAMMemberConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (CryptoKeyIAMMemberConditionArgs) ElementType ¶
func (CryptoKeyIAMMemberConditionArgs) ElementType() reflect.Type
func (CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionOutput ¶
func (i CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionOutput() CryptoKeyIAMMemberConditionOutput
func (CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionOutputWithContext ¶
func (i CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionOutput
func (CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionPtrOutput ¶
func (i CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionPtrOutput() CryptoKeyIAMMemberConditionPtrOutput
func (CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionPtrOutputWithContext ¶
func (i CryptoKeyIAMMemberConditionArgs) ToCryptoKeyIAMMemberConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionPtrOutput
type CryptoKeyIAMMemberConditionInput ¶
type CryptoKeyIAMMemberConditionInput interface { pulumi.Input ToCryptoKeyIAMMemberConditionOutput() CryptoKeyIAMMemberConditionOutput ToCryptoKeyIAMMemberConditionOutputWithContext(context.Context) CryptoKeyIAMMemberConditionOutput }
CryptoKeyIAMMemberConditionInput is an input type that accepts CryptoKeyIAMMemberConditionArgs and CryptoKeyIAMMemberConditionOutput values. You can construct a concrete instance of `CryptoKeyIAMMemberConditionInput` via:
CryptoKeyIAMMemberConditionArgs{...}
type CryptoKeyIAMMemberConditionOutput ¶
type CryptoKeyIAMMemberConditionOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMMemberConditionOutput) Description ¶
func (o CryptoKeyIAMMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (CryptoKeyIAMMemberConditionOutput) ElementType ¶
func (CryptoKeyIAMMemberConditionOutput) ElementType() reflect.Type
func (CryptoKeyIAMMemberConditionOutput) Expression ¶
func (o CryptoKeyIAMMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (CryptoKeyIAMMemberConditionOutput) Title ¶
func (o CryptoKeyIAMMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionOutput ¶
func (o CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionOutput() CryptoKeyIAMMemberConditionOutput
func (CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionOutputWithContext ¶
func (o CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionOutput
func (CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionPtrOutput ¶
func (o CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionPtrOutput() CryptoKeyIAMMemberConditionPtrOutput
func (CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionPtrOutputWithContext ¶
func (o CryptoKeyIAMMemberConditionOutput) ToCryptoKeyIAMMemberConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionPtrOutput
type CryptoKeyIAMMemberConditionPtrInput ¶
type CryptoKeyIAMMemberConditionPtrInput interface { pulumi.Input ToCryptoKeyIAMMemberConditionPtrOutput() CryptoKeyIAMMemberConditionPtrOutput ToCryptoKeyIAMMemberConditionPtrOutputWithContext(context.Context) CryptoKeyIAMMemberConditionPtrOutput }
CryptoKeyIAMMemberConditionPtrInput is an input type that accepts CryptoKeyIAMMemberConditionArgs, CryptoKeyIAMMemberConditionPtr and CryptoKeyIAMMemberConditionPtrOutput values. You can construct a concrete instance of `CryptoKeyIAMMemberConditionPtrInput` via:
CryptoKeyIAMMemberConditionArgs{...} or: nil
func CryptoKeyIAMMemberConditionPtr ¶
func CryptoKeyIAMMemberConditionPtr(v *CryptoKeyIAMMemberConditionArgs) CryptoKeyIAMMemberConditionPtrInput
type CryptoKeyIAMMemberConditionPtrOutput ¶
type CryptoKeyIAMMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMMemberConditionPtrOutput) Description ¶
func (o CryptoKeyIAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (CryptoKeyIAMMemberConditionPtrOutput) ElementType ¶
func (CryptoKeyIAMMemberConditionPtrOutput) ElementType() reflect.Type
func (CryptoKeyIAMMemberConditionPtrOutput) Expression ¶
func (o CryptoKeyIAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (CryptoKeyIAMMemberConditionPtrOutput) Title ¶
func (o CryptoKeyIAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (CryptoKeyIAMMemberConditionPtrOutput) ToCryptoKeyIAMMemberConditionPtrOutput ¶
func (o CryptoKeyIAMMemberConditionPtrOutput) ToCryptoKeyIAMMemberConditionPtrOutput() CryptoKeyIAMMemberConditionPtrOutput
func (CryptoKeyIAMMemberConditionPtrOutput) ToCryptoKeyIAMMemberConditionPtrOutputWithContext ¶
func (o CryptoKeyIAMMemberConditionPtrOutput) ToCryptoKeyIAMMemberConditionPtrOutputWithContext(ctx context.Context) CryptoKeyIAMMemberConditionPtrOutput
type CryptoKeyIAMMemberInput ¶
type CryptoKeyIAMMemberInput interface { pulumi.Input ToCryptoKeyIAMMemberOutput() CryptoKeyIAMMemberOutput ToCryptoKeyIAMMemberOutputWithContext(ctx context.Context) CryptoKeyIAMMemberOutput }
type CryptoKeyIAMMemberMap ¶
type CryptoKeyIAMMemberMap map[string]CryptoKeyIAMMemberInput
func (CryptoKeyIAMMemberMap) ElementType ¶
func (CryptoKeyIAMMemberMap) ElementType() reflect.Type
func (CryptoKeyIAMMemberMap) ToCryptoKeyIAMMemberMapOutput ¶
func (i CryptoKeyIAMMemberMap) ToCryptoKeyIAMMemberMapOutput() CryptoKeyIAMMemberMapOutput
func (CryptoKeyIAMMemberMap) ToCryptoKeyIAMMemberMapOutputWithContext ¶
func (i CryptoKeyIAMMemberMap) ToCryptoKeyIAMMemberMapOutputWithContext(ctx context.Context) CryptoKeyIAMMemberMapOutput
type CryptoKeyIAMMemberMapInput ¶
type CryptoKeyIAMMemberMapInput interface { pulumi.Input ToCryptoKeyIAMMemberMapOutput() CryptoKeyIAMMemberMapOutput ToCryptoKeyIAMMemberMapOutputWithContext(context.Context) CryptoKeyIAMMemberMapOutput }
CryptoKeyIAMMemberMapInput is an input type that accepts CryptoKeyIAMMemberMap and CryptoKeyIAMMemberMapOutput values. You can construct a concrete instance of `CryptoKeyIAMMemberMapInput` via:
CryptoKeyIAMMemberMap{ "key": CryptoKeyIAMMemberArgs{...} }
type CryptoKeyIAMMemberMapOutput ¶
type CryptoKeyIAMMemberMapOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMMemberMapOutput) ElementType ¶
func (CryptoKeyIAMMemberMapOutput) ElementType() reflect.Type
func (CryptoKeyIAMMemberMapOutput) MapIndex ¶
func (o CryptoKeyIAMMemberMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyIAMMemberOutput
func (CryptoKeyIAMMemberMapOutput) ToCryptoKeyIAMMemberMapOutput ¶
func (o CryptoKeyIAMMemberMapOutput) ToCryptoKeyIAMMemberMapOutput() CryptoKeyIAMMemberMapOutput
func (CryptoKeyIAMMemberMapOutput) ToCryptoKeyIAMMemberMapOutputWithContext ¶
func (o CryptoKeyIAMMemberMapOutput) ToCryptoKeyIAMMemberMapOutputWithContext(ctx context.Context) CryptoKeyIAMMemberMapOutput
type CryptoKeyIAMMemberOutput ¶
type CryptoKeyIAMMemberOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMMemberOutput) Condition ¶
func (o CryptoKeyIAMMemberOutput) Condition() CryptoKeyIAMMemberConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (CryptoKeyIAMMemberOutput) CryptoKeyId ¶
func (o CryptoKeyIAMMemberOutput) CryptoKeyId() pulumi.StringOutput
The crypto key ID, in the form `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback.
func (CryptoKeyIAMMemberOutput) ElementType ¶
func (CryptoKeyIAMMemberOutput) ElementType() reflect.Type
func (CryptoKeyIAMMemberOutput) Etag ¶
func (o CryptoKeyIAMMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the project's IAM policy.
func (CryptoKeyIAMMemberOutput) Member ¶
func (o CryptoKeyIAMMemberOutput) Member() pulumi.StringOutput
Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
func (CryptoKeyIAMMemberOutput) Role ¶
func (o CryptoKeyIAMMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (CryptoKeyIAMMemberOutput) ToCryptoKeyIAMMemberOutput ¶
func (o CryptoKeyIAMMemberOutput) ToCryptoKeyIAMMemberOutput() CryptoKeyIAMMemberOutput
func (CryptoKeyIAMMemberOutput) ToCryptoKeyIAMMemberOutputWithContext ¶
func (o CryptoKeyIAMMemberOutput) ToCryptoKeyIAMMemberOutputWithContext(ctx context.Context) CryptoKeyIAMMemberOutput
type CryptoKeyIAMMemberState ¶
type CryptoKeyIAMMemberState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition CryptoKeyIAMMemberConditionPtrInput // The crypto key ID, in the form // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. CryptoKeyId pulumi.StringPtrInput // (Computed) The etag of the project's IAM policy. Etag pulumi.StringPtrInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringPtrInput // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (CryptoKeyIAMMemberState) ElementType ¶
func (CryptoKeyIAMMemberState) ElementType() reflect.Type
type CryptoKeyIAMPolicy ¶
type CryptoKeyIAMPolicy struct { pulumi.CustomResourceState // The crypto key ID, in the form // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"` // (Computed) The etag of the project's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` }
Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:
* `kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached. * `kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved. * `kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.
> **Note:** `kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `kms.CryptoKeyIAMBinding` and `kms.CryptoKeyIAMMember` or they will fight over what your policy should be.
> **Note:** `kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } key, err := kms.NewCryptoKey(ctx, "key", &kms.CryptoKeyArgs{ Name: pulumi.String("crypto-key-example"), KeyRing: keyring.ID(), RotationPeriod: pulumi.String("7776000s"), }) if err != nil { return err } admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/cloudkms.cryptoKeyEncrypter", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewCryptoKeyIAMPolicy(ctx, "crypto_key", &kms.CryptoKeyIAMPolicyArgs{ CryptoKeyId: key.ID(), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/cloudkms.cryptoKeyEncrypter", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } return nil }) }
```
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{ CryptoKeyId: pulumi.Any(key.Id), Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{ CryptoKeyId: pulumi.Any(key.Id), Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.CryptoKeyIAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{ CryptoKeyId: pulumi.Any(key.Id), Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{ CryptoKeyId: pulumi.Any(key.Id), Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.CryptoKeyIAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
### Importing IAM policies
IAM policy imports use the identifier of the KMS crypto key only. For example:
* `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`
An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:
tf
import {
id = "{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}" to = google_kms_crypto_key_iam_policy.default
}
The `pulumi import` command can also be used:
```sh $ pulumi import gcp:kms/cryptoKeyIAMPolicy:CryptoKeyIAMPolicy default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}} ```
func GetCryptoKeyIAMPolicy ¶
func GetCryptoKeyIAMPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *CryptoKeyIAMPolicyState, opts ...pulumi.ResourceOption) (*CryptoKeyIAMPolicy, error)
GetCryptoKeyIAMPolicy gets an existing CryptoKeyIAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewCryptoKeyIAMPolicy ¶
func NewCryptoKeyIAMPolicy(ctx *pulumi.Context, name string, args *CryptoKeyIAMPolicyArgs, opts ...pulumi.ResourceOption) (*CryptoKeyIAMPolicy, error)
NewCryptoKeyIAMPolicy registers a new resource with the given unique name, arguments, and options.
func (*CryptoKeyIAMPolicy) ElementType ¶
func (*CryptoKeyIAMPolicy) ElementType() reflect.Type
func (*CryptoKeyIAMPolicy) ToCryptoKeyIAMPolicyOutput ¶
func (i *CryptoKeyIAMPolicy) ToCryptoKeyIAMPolicyOutput() CryptoKeyIAMPolicyOutput
func (*CryptoKeyIAMPolicy) ToCryptoKeyIAMPolicyOutputWithContext ¶
func (i *CryptoKeyIAMPolicy) ToCryptoKeyIAMPolicyOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyOutput
type CryptoKeyIAMPolicyArgs ¶
type CryptoKeyIAMPolicyArgs struct { // The crypto key ID, in the form // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. CryptoKeyId pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput }
The set of arguments for constructing a CryptoKeyIAMPolicy resource.
func (CryptoKeyIAMPolicyArgs) ElementType ¶
func (CryptoKeyIAMPolicyArgs) ElementType() reflect.Type
type CryptoKeyIAMPolicyArray ¶
type CryptoKeyIAMPolicyArray []CryptoKeyIAMPolicyInput
func (CryptoKeyIAMPolicyArray) ElementType ¶
func (CryptoKeyIAMPolicyArray) ElementType() reflect.Type
func (CryptoKeyIAMPolicyArray) ToCryptoKeyIAMPolicyArrayOutput ¶
func (i CryptoKeyIAMPolicyArray) ToCryptoKeyIAMPolicyArrayOutput() CryptoKeyIAMPolicyArrayOutput
func (CryptoKeyIAMPolicyArray) ToCryptoKeyIAMPolicyArrayOutputWithContext ¶
func (i CryptoKeyIAMPolicyArray) ToCryptoKeyIAMPolicyArrayOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyArrayOutput
type CryptoKeyIAMPolicyArrayInput ¶
type CryptoKeyIAMPolicyArrayInput interface { pulumi.Input ToCryptoKeyIAMPolicyArrayOutput() CryptoKeyIAMPolicyArrayOutput ToCryptoKeyIAMPolicyArrayOutputWithContext(context.Context) CryptoKeyIAMPolicyArrayOutput }
CryptoKeyIAMPolicyArrayInput is an input type that accepts CryptoKeyIAMPolicyArray and CryptoKeyIAMPolicyArrayOutput values. You can construct a concrete instance of `CryptoKeyIAMPolicyArrayInput` via:
CryptoKeyIAMPolicyArray{ CryptoKeyIAMPolicyArgs{...} }
type CryptoKeyIAMPolicyArrayOutput ¶
type CryptoKeyIAMPolicyArrayOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMPolicyArrayOutput) ElementType ¶
func (CryptoKeyIAMPolicyArrayOutput) ElementType() reflect.Type
func (CryptoKeyIAMPolicyArrayOutput) Index ¶
func (o CryptoKeyIAMPolicyArrayOutput) Index(i pulumi.IntInput) CryptoKeyIAMPolicyOutput
func (CryptoKeyIAMPolicyArrayOutput) ToCryptoKeyIAMPolicyArrayOutput ¶
func (o CryptoKeyIAMPolicyArrayOutput) ToCryptoKeyIAMPolicyArrayOutput() CryptoKeyIAMPolicyArrayOutput
func (CryptoKeyIAMPolicyArrayOutput) ToCryptoKeyIAMPolicyArrayOutputWithContext ¶
func (o CryptoKeyIAMPolicyArrayOutput) ToCryptoKeyIAMPolicyArrayOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyArrayOutput
type CryptoKeyIAMPolicyInput ¶
type CryptoKeyIAMPolicyInput interface { pulumi.Input ToCryptoKeyIAMPolicyOutput() CryptoKeyIAMPolicyOutput ToCryptoKeyIAMPolicyOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyOutput }
type CryptoKeyIAMPolicyMap ¶
type CryptoKeyIAMPolicyMap map[string]CryptoKeyIAMPolicyInput
func (CryptoKeyIAMPolicyMap) ElementType ¶
func (CryptoKeyIAMPolicyMap) ElementType() reflect.Type
func (CryptoKeyIAMPolicyMap) ToCryptoKeyIAMPolicyMapOutput ¶
func (i CryptoKeyIAMPolicyMap) ToCryptoKeyIAMPolicyMapOutput() CryptoKeyIAMPolicyMapOutput
func (CryptoKeyIAMPolicyMap) ToCryptoKeyIAMPolicyMapOutputWithContext ¶
func (i CryptoKeyIAMPolicyMap) ToCryptoKeyIAMPolicyMapOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyMapOutput
type CryptoKeyIAMPolicyMapInput ¶
type CryptoKeyIAMPolicyMapInput interface { pulumi.Input ToCryptoKeyIAMPolicyMapOutput() CryptoKeyIAMPolicyMapOutput ToCryptoKeyIAMPolicyMapOutputWithContext(context.Context) CryptoKeyIAMPolicyMapOutput }
CryptoKeyIAMPolicyMapInput is an input type that accepts CryptoKeyIAMPolicyMap and CryptoKeyIAMPolicyMapOutput values. You can construct a concrete instance of `CryptoKeyIAMPolicyMapInput` via:
CryptoKeyIAMPolicyMap{ "key": CryptoKeyIAMPolicyArgs{...} }
type CryptoKeyIAMPolicyMapOutput ¶
type CryptoKeyIAMPolicyMapOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMPolicyMapOutput) ElementType ¶
func (CryptoKeyIAMPolicyMapOutput) ElementType() reflect.Type
func (CryptoKeyIAMPolicyMapOutput) MapIndex ¶
func (o CryptoKeyIAMPolicyMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyIAMPolicyOutput
func (CryptoKeyIAMPolicyMapOutput) ToCryptoKeyIAMPolicyMapOutput ¶
func (o CryptoKeyIAMPolicyMapOutput) ToCryptoKeyIAMPolicyMapOutput() CryptoKeyIAMPolicyMapOutput
func (CryptoKeyIAMPolicyMapOutput) ToCryptoKeyIAMPolicyMapOutputWithContext ¶
func (o CryptoKeyIAMPolicyMapOutput) ToCryptoKeyIAMPolicyMapOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyMapOutput
type CryptoKeyIAMPolicyOutput ¶
type CryptoKeyIAMPolicyOutput struct{ *pulumi.OutputState }
func (CryptoKeyIAMPolicyOutput) CryptoKeyId ¶
func (o CryptoKeyIAMPolicyOutput) CryptoKeyId() pulumi.StringOutput
The crypto key ID, in the form `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback.
func (CryptoKeyIAMPolicyOutput) ElementType ¶
func (CryptoKeyIAMPolicyOutput) ElementType() reflect.Type
func (CryptoKeyIAMPolicyOutput) Etag ¶
func (o CryptoKeyIAMPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the project's IAM policy.
func (CryptoKeyIAMPolicyOutput) PolicyData ¶
func (o CryptoKeyIAMPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (CryptoKeyIAMPolicyOutput) ToCryptoKeyIAMPolicyOutput ¶
func (o CryptoKeyIAMPolicyOutput) ToCryptoKeyIAMPolicyOutput() CryptoKeyIAMPolicyOutput
func (CryptoKeyIAMPolicyOutput) ToCryptoKeyIAMPolicyOutputWithContext ¶
func (o CryptoKeyIAMPolicyOutput) ToCryptoKeyIAMPolicyOutputWithContext(ctx context.Context) CryptoKeyIAMPolicyOutput
type CryptoKeyIAMPolicyState ¶
type CryptoKeyIAMPolicyState struct { // The crypto key ID, in the form // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. CryptoKeyId pulumi.StringPtrInput // (Computed) The etag of the project's IAM policy. Etag pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput }
func (CryptoKeyIAMPolicyState) ElementType ¶
func (CryptoKeyIAMPolicyState) ElementType() reflect.Type
type CryptoKeyInput ¶
type CryptoKeyInput interface { pulumi.Input ToCryptoKeyOutput() CryptoKeyOutput ToCryptoKeyOutputWithContext(ctx context.Context) CryptoKeyOutput }
type CryptoKeyKeyAccessJustificationsPolicy ¶
type CryptoKeyKeyAccessJustificationsPolicy struct { // The list of allowed reasons for access to this CryptoKey. Zero allowed // access reasons means all encrypt, decrypt, and sign operations for // this CryptoKey will fail. AllowedAccessReasons []string `pulumi:"allowedAccessReasons"` }
type CryptoKeyKeyAccessJustificationsPolicyArgs ¶
type CryptoKeyKeyAccessJustificationsPolicyArgs struct { // The list of allowed reasons for access to this CryptoKey. Zero allowed // access reasons means all encrypt, decrypt, and sign operations for // this CryptoKey will fail. AllowedAccessReasons pulumi.StringArrayInput `pulumi:"allowedAccessReasons"` }
func (CryptoKeyKeyAccessJustificationsPolicyArgs) ElementType ¶
func (CryptoKeyKeyAccessJustificationsPolicyArgs) ElementType() reflect.Type
func (CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyOutput ¶
func (i CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyOutput() CryptoKeyKeyAccessJustificationsPolicyOutput
func (CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyOutputWithContext ¶
func (i CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyOutput
func (CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput ¶
func (i CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput() CryptoKeyKeyAccessJustificationsPolicyPtrOutput
func (CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext ¶
func (i CryptoKeyKeyAccessJustificationsPolicyArgs) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyPtrOutput
type CryptoKeyKeyAccessJustificationsPolicyInput ¶
type CryptoKeyKeyAccessJustificationsPolicyInput interface { pulumi.Input ToCryptoKeyKeyAccessJustificationsPolicyOutput() CryptoKeyKeyAccessJustificationsPolicyOutput ToCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(context.Context) CryptoKeyKeyAccessJustificationsPolicyOutput }
CryptoKeyKeyAccessJustificationsPolicyInput is an input type that accepts CryptoKeyKeyAccessJustificationsPolicyArgs and CryptoKeyKeyAccessJustificationsPolicyOutput values. You can construct a concrete instance of `CryptoKeyKeyAccessJustificationsPolicyInput` via:
CryptoKeyKeyAccessJustificationsPolicyArgs{...}
type CryptoKeyKeyAccessJustificationsPolicyOutput ¶
type CryptoKeyKeyAccessJustificationsPolicyOutput struct{ *pulumi.OutputState }
func (CryptoKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons ¶
func (o CryptoKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons() pulumi.StringArrayOutput
The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
func (CryptoKeyKeyAccessJustificationsPolicyOutput) ElementType ¶
func (CryptoKeyKeyAccessJustificationsPolicyOutput) ElementType() reflect.Type
func (CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyOutput ¶
func (o CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyOutput() CryptoKeyKeyAccessJustificationsPolicyOutput
func (CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyOutputWithContext ¶
func (o CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyOutput
func (CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput ¶
func (o CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput() CryptoKeyKeyAccessJustificationsPolicyPtrOutput
func (CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext ¶
func (o CryptoKeyKeyAccessJustificationsPolicyOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyPtrOutput
type CryptoKeyKeyAccessJustificationsPolicyPtrInput ¶
type CryptoKeyKeyAccessJustificationsPolicyPtrInput interface { pulumi.Input ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput() CryptoKeyKeyAccessJustificationsPolicyPtrOutput ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext(context.Context) CryptoKeyKeyAccessJustificationsPolicyPtrOutput }
CryptoKeyKeyAccessJustificationsPolicyPtrInput is an input type that accepts CryptoKeyKeyAccessJustificationsPolicyArgs, CryptoKeyKeyAccessJustificationsPolicyPtr and CryptoKeyKeyAccessJustificationsPolicyPtrOutput values. You can construct a concrete instance of `CryptoKeyKeyAccessJustificationsPolicyPtrInput` via:
CryptoKeyKeyAccessJustificationsPolicyArgs{...} or: nil
func CryptoKeyKeyAccessJustificationsPolicyPtr ¶
func CryptoKeyKeyAccessJustificationsPolicyPtr(v *CryptoKeyKeyAccessJustificationsPolicyArgs) CryptoKeyKeyAccessJustificationsPolicyPtrInput
type CryptoKeyKeyAccessJustificationsPolicyPtrOutput ¶
type CryptoKeyKeyAccessJustificationsPolicyPtrOutput struct{ *pulumi.OutputState }
func (CryptoKeyKeyAccessJustificationsPolicyPtrOutput) AllowedAccessReasons ¶
func (o CryptoKeyKeyAccessJustificationsPolicyPtrOutput) AllowedAccessReasons() pulumi.StringArrayOutput
The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
func (CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ElementType ¶
func (CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ElementType() reflect.Type
func (CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput ¶
func (o CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutput() CryptoKeyKeyAccessJustificationsPolicyPtrOutput
func (CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext ¶
func (o CryptoKeyKeyAccessJustificationsPolicyPtrOutput) ToCryptoKeyKeyAccessJustificationsPolicyPtrOutputWithContext(ctx context.Context) CryptoKeyKeyAccessJustificationsPolicyPtrOutput
type CryptoKeyMap ¶
type CryptoKeyMap map[string]CryptoKeyInput
func (CryptoKeyMap) ElementType ¶
func (CryptoKeyMap) ElementType() reflect.Type
func (CryptoKeyMap) ToCryptoKeyMapOutput ¶
func (i CryptoKeyMap) ToCryptoKeyMapOutput() CryptoKeyMapOutput
func (CryptoKeyMap) ToCryptoKeyMapOutputWithContext ¶
func (i CryptoKeyMap) ToCryptoKeyMapOutputWithContext(ctx context.Context) CryptoKeyMapOutput
type CryptoKeyMapInput ¶
type CryptoKeyMapInput interface { pulumi.Input ToCryptoKeyMapOutput() CryptoKeyMapOutput ToCryptoKeyMapOutputWithContext(context.Context) CryptoKeyMapOutput }
CryptoKeyMapInput is an input type that accepts CryptoKeyMap and CryptoKeyMapOutput values. You can construct a concrete instance of `CryptoKeyMapInput` via:
CryptoKeyMap{ "key": CryptoKeyArgs{...} }
type CryptoKeyMapOutput ¶
type CryptoKeyMapOutput struct{ *pulumi.OutputState }
func (CryptoKeyMapOutput) ElementType ¶
func (CryptoKeyMapOutput) ElementType() reflect.Type
func (CryptoKeyMapOutput) MapIndex ¶
func (o CryptoKeyMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyOutput
func (CryptoKeyMapOutput) ToCryptoKeyMapOutput ¶
func (o CryptoKeyMapOutput) ToCryptoKeyMapOutput() CryptoKeyMapOutput
func (CryptoKeyMapOutput) ToCryptoKeyMapOutputWithContext ¶
func (o CryptoKeyMapOutput) ToCryptoKeyMapOutputWithContext(ctx context.Context) CryptoKeyMapOutput
type CryptoKeyOutput ¶
type CryptoKeyOutput struct{ *pulumi.OutputState }
func (CryptoKeyOutput) CryptoKeyBackend ¶
func (o CryptoKeyOutput) CryptoKeyBackend() pulumi.StringOutput
The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
func (CryptoKeyOutput) DestroyScheduledDuration ¶
func (o CryptoKeyOutput) DestroyScheduledDuration() pulumi.StringOutput
The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.
func (CryptoKeyOutput) EffectiveLabels ¶
func (o CryptoKeyOutput) EffectiveLabels() pulumi.StringMapOutput
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
func (CryptoKeyOutput) ElementType ¶
func (CryptoKeyOutput) ElementType() reflect.Type
func (CryptoKeyOutput) ImportOnly ¶
func (o CryptoKeyOutput) ImportOnly() pulumi.BoolOutput
Whether this key may contain imported versions only.
func (CryptoKeyOutput) KeyAccessJustificationsPolicy ¶
func (o CryptoKeyOutput) KeyAccessJustificationsPolicy() CryptoKeyKeyAccessJustificationsPolicyOutput
The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. This field is currently in beta and is subject to change. Structure is documented below.
func (CryptoKeyOutput) KeyRing ¶
func (o CryptoKeyOutput) KeyRing() pulumi.StringOutput
The KeyRing that this key belongs to. Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
***
func (CryptoKeyOutput) Labels ¶
func (o CryptoKeyOutput) Labels() pulumi.StringMapOutput
Labels with user-defined metadata to apply to this resource.
**Note**: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field `effectiveLabels` for all of the labels present on the resource.
func (CryptoKeyOutput) Name ¶
func (o CryptoKeyOutput) Name() pulumi.StringOutput
The resource name for the CryptoKey.
func (CryptoKeyOutput) Primaries ¶
func (o CryptoKeyOutput) Primaries() CryptoKeyPrimaryArrayOutput
A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset. Structure is documented below.
func (CryptoKeyOutput) PulumiLabels ¶
func (o CryptoKeyOutput) PulumiLabels() pulumi.StringMapOutput
The combination of labels configured directly on the resource and default labels configured on the provider.
func (CryptoKeyOutput) Purpose ¶
func (o CryptoKeyOutput) Purpose() pulumi.StringPtrOutput
The immutable purpose of this CryptoKey. See the [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) for possible inputs. Default value is "ENCRYPT_DECRYPT".
func (CryptoKeyOutput) RotationPeriod ¶
func (o CryptoKeyOutput) RotationPeriod() pulumi.StringPtrOutput
Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter `s` (seconds). It must be greater than a day (ie, 86400).
func (CryptoKeyOutput) SkipInitialVersionCreation ¶
func (o CryptoKeyOutput) SkipInitialVersionCreation() pulumi.BoolPtrOutput
If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the `kms.CryptoKeyVersion` resource to create a new CryptoKeyVersion or `kms.KeyRingImportJob` resource to import the CryptoKeyVersion.
func (CryptoKeyOutput) ToCryptoKeyOutput ¶
func (o CryptoKeyOutput) ToCryptoKeyOutput() CryptoKeyOutput
func (CryptoKeyOutput) ToCryptoKeyOutputWithContext ¶
func (o CryptoKeyOutput) ToCryptoKeyOutputWithContext(ctx context.Context) CryptoKeyOutput
func (CryptoKeyOutput) VersionTemplate ¶
func (o CryptoKeyOutput) VersionTemplate() CryptoKeyVersionTemplateOutput
A template describing settings for new crypto key versions. Structure is documented below.
type CryptoKeyPrimary ¶
type CryptoKeyPrimaryArgs ¶
type CryptoKeyPrimaryArgs struct { // The resource name for the CryptoKey. Name pulumi.StringPtrInput `pulumi:"name"` // (Output) // The current state of the CryptoKeyVersion. State pulumi.StringPtrInput `pulumi:"state"` }
func (CryptoKeyPrimaryArgs) ElementType ¶
func (CryptoKeyPrimaryArgs) ElementType() reflect.Type
func (CryptoKeyPrimaryArgs) ToCryptoKeyPrimaryOutput ¶
func (i CryptoKeyPrimaryArgs) ToCryptoKeyPrimaryOutput() CryptoKeyPrimaryOutput
func (CryptoKeyPrimaryArgs) ToCryptoKeyPrimaryOutputWithContext ¶
func (i CryptoKeyPrimaryArgs) ToCryptoKeyPrimaryOutputWithContext(ctx context.Context) CryptoKeyPrimaryOutput
type CryptoKeyPrimaryArray ¶
type CryptoKeyPrimaryArray []CryptoKeyPrimaryInput
func (CryptoKeyPrimaryArray) ElementType ¶
func (CryptoKeyPrimaryArray) ElementType() reflect.Type
func (CryptoKeyPrimaryArray) ToCryptoKeyPrimaryArrayOutput ¶
func (i CryptoKeyPrimaryArray) ToCryptoKeyPrimaryArrayOutput() CryptoKeyPrimaryArrayOutput
func (CryptoKeyPrimaryArray) ToCryptoKeyPrimaryArrayOutputWithContext ¶
func (i CryptoKeyPrimaryArray) ToCryptoKeyPrimaryArrayOutputWithContext(ctx context.Context) CryptoKeyPrimaryArrayOutput
type CryptoKeyPrimaryArrayInput ¶
type CryptoKeyPrimaryArrayInput interface { pulumi.Input ToCryptoKeyPrimaryArrayOutput() CryptoKeyPrimaryArrayOutput ToCryptoKeyPrimaryArrayOutputWithContext(context.Context) CryptoKeyPrimaryArrayOutput }
CryptoKeyPrimaryArrayInput is an input type that accepts CryptoKeyPrimaryArray and CryptoKeyPrimaryArrayOutput values. You can construct a concrete instance of `CryptoKeyPrimaryArrayInput` via:
CryptoKeyPrimaryArray{ CryptoKeyPrimaryArgs{...} }
type CryptoKeyPrimaryArrayOutput ¶
type CryptoKeyPrimaryArrayOutput struct{ *pulumi.OutputState }
func (CryptoKeyPrimaryArrayOutput) ElementType ¶
func (CryptoKeyPrimaryArrayOutput) ElementType() reflect.Type
func (CryptoKeyPrimaryArrayOutput) Index ¶
func (o CryptoKeyPrimaryArrayOutput) Index(i pulumi.IntInput) CryptoKeyPrimaryOutput
func (CryptoKeyPrimaryArrayOutput) ToCryptoKeyPrimaryArrayOutput ¶
func (o CryptoKeyPrimaryArrayOutput) ToCryptoKeyPrimaryArrayOutput() CryptoKeyPrimaryArrayOutput
func (CryptoKeyPrimaryArrayOutput) ToCryptoKeyPrimaryArrayOutputWithContext ¶
func (o CryptoKeyPrimaryArrayOutput) ToCryptoKeyPrimaryArrayOutputWithContext(ctx context.Context) CryptoKeyPrimaryArrayOutput
type CryptoKeyPrimaryInput ¶
type CryptoKeyPrimaryInput interface { pulumi.Input ToCryptoKeyPrimaryOutput() CryptoKeyPrimaryOutput ToCryptoKeyPrimaryOutputWithContext(context.Context) CryptoKeyPrimaryOutput }
CryptoKeyPrimaryInput is an input type that accepts CryptoKeyPrimaryArgs and CryptoKeyPrimaryOutput values. You can construct a concrete instance of `CryptoKeyPrimaryInput` via:
CryptoKeyPrimaryArgs{...}
type CryptoKeyPrimaryOutput ¶
type CryptoKeyPrimaryOutput struct{ *pulumi.OutputState }
func (CryptoKeyPrimaryOutput) ElementType ¶
func (CryptoKeyPrimaryOutput) ElementType() reflect.Type
func (CryptoKeyPrimaryOutput) Name ¶
func (o CryptoKeyPrimaryOutput) Name() pulumi.StringPtrOutput
The resource name for the CryptoKey.
func (CryptoKeyPrimaryOutput) State ¶
func (o CryptoKeyPrimaryOutput) State() pulumi.StringPtrOutput
(Output) The current state of the CryptoKeyVersion.
func (CryptoKeyPrimaryOutput) ToCryptoKeyPrimaryOutput ¶
func (o CryptoKeyPrimaryOutput) ToCryptoKeyPrimaryOutput() CryptoKeyPrimaryOutput
func (CryptoKeyPrimaryOutput) ToCryptoKeyPrimaryOutputWithContext ¶
func (o CryptoKeyPrimaryOutput) ToCryptoKeyPrimaryOutputWithContext(ctx context.Context) CryptoKeyPrimaryOutput
type CryptoKeyState ¶
type CryptoKeyState struct { // The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. // The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys. CryptoKeyBackend pulumi.StringPtrInput // The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. // If not specified at creation time, the default duration is 30 days. DestroyScheduledDuration pulumi.StringPtrInput // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. EffectiveLabels pulumi.StringMapInput // Whether this key may contain imported versions only. ImportOnly pulumi.BoolPtrInput // The policy used for Key Access Justifications Policy Enforcement. If this // field is present and this key is enrolled in Key Access Justifications // Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and // sign operations, and the operation will fail if rejected by the policy. The // policy is defined by specifying zero or more allowed justification codes. // https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes // By default, this field is absent, and all justification codes are allowed. // This field is currently in beta and is subject to change. // Structure is documented below. KeyAccessJustificationsPolicy CryptoKeyKeyAccessJustificationsPolicyPtrInput // The KeyRing that this key belongs to. // Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`. // // *** KeyRing pulumi.StringPtrInput // Labels with user-defined metadata to apply to this resource. // // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. // Please refer to the field `effectiveLabels` for all of the labels present on the resource. Labels pulumi.StringMapInput // The resource name for the CryptoKey. Name pulumi.StringPtrInput // A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. // Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset. // Structure is documented below. Primaries CryptoKeyPrimaryArrayInput // The combination of labels configured directly on the resource // and default labels configured on the provider. PulumiLabels pulumi.StringMapInput // The immutable purpose of this CryptoKey. See the // [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) // for possible inputs. // Default value is "ENCRYPT_DECRYPT". Purpose pulumi.StringPtrInput // Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. // The first rotation will take place after the specified period. The rotation period has // the format of a decimal number with up to 9 fractional digits, followed by the // letter `s` (seconds). It must be greater than a day (ie, 86400). RotationPeriod pulumi.StringPtrInput // If set to true, the request will create a CryptoKey without any CryptoKeyVersions. // You must use the `kms.CryptoKeyVersion` resource to create a new CryptoKeyVersion // or `kms.KeyRingImportJob` resource to import the CryptoKeyVersion. SkipInitialVersionCreation pulumi.BoolPtrInput // A template describing settings for new crypto key versions. // Structure is documented below. VersionTemplate CryptoKeyVersionTemplatePtrInput }
func (CryptoKeyState) ElementType ¶
func (CryptoKeyState) ElementType() reflect.Type
type CryptoKeyVersion ¶
type CryptoKeyVersion struct { pulumi.CustomResourceState // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm pulumi.StringOutput `pulumi:"algorithm"` // Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. // Only provided for key versions with protectionLevel HSM. // Structure is documented below. Attestations CryptoKeyVersionAttestationArrayOutput `pulumi:"attestations"` // The name of the cryptoKey associated with the CryptoKeyVersions. // Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'` // // *** CryptoKey pulumi.StringOutput `pulumi:"cryptoKey"` // ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. // Structure is documented below. ExternalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput `pulumi:"externalProtectionLevelOptions"` // The time this CryptoKeyVersion key material was generated GenerateTime pulumi.StringOutput `pulumi:"generateTime"` // The resource name for this CryptoKeyVersion. Name pulumi.StringOutput `pulumi:"name"` // The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. ProtectionLevel pulumi.StringOutput `pulumi:"protectionLevel"` // The current state of the CryptoKeyVersion. // Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`. State pulumi.StringOutput `pulumi:"state"` }
A `CryptoKeyVersion` represents an individual cryptographic key, and the associated key material.
Destroying a cryptoKeyVersion will not delete the resource from the project.
To get more information about CryptoKeyVersion, see:
* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions) * How-to Guides
- [Creating a key Version](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions/create)
## Example Usage
### Kms Crypto Key Version Basic
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } cryptokey, err := kms.NewCryptoKey(ctx, "cryptokey", &kms.CryptoKeyArgs{ Name: pulumi.String("crypto-key-example"), KeyRing: keyring.ID(), RotationPeriod: pulumi.String("7776000s"), }) if err != nil { return err } _, err = kms.NewCryptoKeyVersion(ctx, "example-key", &kms.CryptoKeyVersionArgs{ CryptoKey: cryptokey.ID(), }) if err != nil { return err } return nil }) }
```
## Import
CryptoKeyVersion can be imported using any of these accepted formats:
* `{{name}}`
When using the `pulumi import` command, CryptoKeyVersion can be imported using one of the formats above. For example:
```sh $ pulumi import gcp:kms/cryptoKeyVersion:CryptoKeyVersion default {{name}} ```
func GetCryptoKeyVersion ¶
func GetCryptoKeyVersion(ctx *pulumi.Context, name string, id pulumi.IDInput, state *CryptoKeyVersionState, opts ...pulumi.ResourceOption) (*CryptoKeyVersion, error)
GetCryptoKeyVersion gets an existing CryptoKeyVersion resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewCryptoKeyVersion ¶
func NewCryptoKeyVersion(ctx *pulumi.Context, name string, args *CryptoKeyVersionArgs, opts ...pulumi.ResourceOption) (*CryptoKeyVersion, error)
NewCryptoKeyVersion registers a new resource with the given unique name, arguments, and options.
func (*CryptoKeyVersion) ElementType ¶
func (*CryptoKeyVersion) ElementType() reflect.Type
func (*CryptoKeyVersion) ToCryptoKeyVersionOutput ¶
func (i *CryptoKeyVersion) ToCryptoKeyVersionOutput() CryptoKeyVersionOutput
func (*CryptoKeyVersion) ToCryptoKeyVersionOutputWithContext ¶
func (i *CryptoKeyVersion) ToCryptoKeyVersionOutputWithContext(ctx context.Context) CryptoKeyVersionOutput
type CryptoKeyVersionArgs ¶
type CryptoKeyVersionArgs struct { // The name of the cryptoKey associated with the CryptoKeyVersions. // Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'` // // *** CryptoKey pulumi.StringInput // ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. // Structure is documented below. ExternalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptionsPtrInput // The current state of the CryptoKeyVersion. // Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`. State pulumi.StringPtrInput }
The set of arguments for constructing a CryptoKeyVersion resource.
func (CryptoKeyVersionArgs) ElementType ¶
func (CryptoKeyVersionArgs) ElementType() reflect.Type
type CryptoKeyVersionArray ¶
type CryptoKeyVersionArray []CryptoKeyVersionInput
func (CryptoKeyVersionArray) ElementType ¶
func (CryptoKeyVersionArray) ElementType() reflect.Type
func (CryptoKeyVersionArray) ToCryptoKeyVersionArrayOutput ¶
func (i CryptoKeyVersionArray) ToCryptoKeyVersionArrayOutput() CryptoKeyVersionArrayOutput
func (CryptoKeyVersionArray) ToCryptoKeyVersionArrayOutputWithContext ¶
func (i CryptoKeyVersionArray) ToCryptoKeyVersionArrayOutputWithContext(ctx context.Context) CryptoKeyVersionArrayOutput
type CryptoKeyVersionArrayInput ¶
type CryptoKeyVersionArrayInput interface { pulumi.Input ToCryptoKeyVersionArrayOutput() CryptoKeyVersionArrayOutput ToCryptoKeyVersionArrayOutputWithContext(context.Context) CryptoKeyVersionArrayOutput }
CryptoKeyVersionArrayInput is an input type that accepts CryptoKeyVersionArray and CryptoKeyVersionArrayOutput values. You can construct a concrete instance of `CryptoKeyVersionArrayInput` via:
CryptoKeyVersionArray{ CryptoKeyVersionArgs{...} }
type CryptoKeyVersionArrayOutput ¶
type CryptoKeyVersionArrayOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionArrayOutput) ElementType ¶
func (CryptoKeyVersionArrayOutput) ElementType() reflect.Type
func (CryptoKeyVersionArrayOutput) Index ¶
func (o CryptoKeyVersionArrayOutput) Index(i pulumi.IntInput) CryptoKeyVersionOutput
func (CryptoKeyVersionArrayOutput) ToCryptoKeyVersionArrayOutput ¶
func (o CryptoKeyVersionArrayOutput) ToCryptoKeyVersionArrayOutput() CryptoKeyVersionArrayOutput
func (CryptoKeyVersionArrayOutput) ToCryptoKeyVersionArrayOutputWithContext ¶
func (o CryptoKeyVersionArrayOutput) ToCryptoKeyVersionArrayOutputWithContext(ctx context.Context) CryptoKeyVersionArrayOutput
type CryptoKeyVersionAttestation ¶
type CryptoKeyVersionAttestation struct { // The certificate chains needed to validate the attestation // Structure is documented below. CertChains *CryptoKeyVersionAttestationCertChains `pulumi:"certChains"` // (Output) // The attestation data provided by the HSM when the key operation was performed. Content *string `pulumi:"content"` // ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. // Structure is documented below. // // Deprecated: `externalProtectionLevelOptions` is being un-nested from the `attestation` field. Please use the top level `externalProtectionLevelOptions` field instead. ExternalProtectionLevelOptions *CryptoKeyVersionAttestationExternalProtectionLevelOptions `pulumi:"externalProtectionLevelOptions"` // (Output) // The format of the attestation data. Format *string `pulumi:"format"` }
type CryptoKeyVersionAttestationArgs ¶
type CryptoKeyVersionAttestationArgs struct { // The certificate chains needed to validate the attestation // Structure is documented below. CertChains CryptoKeyVersionAttestationCertChainsPtrInput `pulumi:"certChains"` // (Output) // The attestation data provided by the HSM when the key operation was performed. Content pulumi.StringPtrInput `pulumi:"content"` // ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. // Structure is documented below. // // Deprecated: `externalProtectionLevelOptions` is being un-nested from the `attestation` field. Please use the top level `externalProtectionLevelOptions` field instead. ExternalProtectionLevelOptions CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput `pulumi:"externalProtectionLevelOptions"` // (Output) // The format of the attestation data. Format pulumi.StringPtrInput `pulumi:"format"` }
func (CryptoKeyVersionAttestationArgs) ElementType ¶
func (CryptoKeyVersionAttestationArgs) ElementType() reflect.Type
func (CryptoKeyVersionAttestationArgs) ToCryptoKeyVersionAttestationOutput ¶
func (i CryptoKeyVersionAttestationArgs) ToCryptoKeyVersionAttestationOutput() CryptoKeyVersionAttestationOutput
func (CryptoKeyVersionAttestationArgs) ToCryptoKeyVersionAttestationOutputWithContext ¶
func (i CryptoKeyVersionAttestationArgs) ToCryptoKeyVersionAttestationOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationOutput
type CryptoKeyVersionAttestationArray ¶
type CryptoKeyVersionAttestationArray []CryptoKeyVersionAttestationInput
func (CryptoKeyVersionAttestationArray) ElementType ¶
func (CryptoKeyVersionAttestationArray) ElementType() reflect.Type
func (CryptoKeyVersionAttestationArray) ToCryptoKeyVersionAttestationArrayOutput ¶
func (i CryptoKeyVersionAttestationArray) ToCryptoKeyVersionAttestationArrayOutput() CryptoKeyVersionAttestationArrayOutput
func (CryptoKeyVersionAttestationArray) ToCryptoKeyVersionAttestationArrayOutputWithContext ¶
func (i CryptoKeyVersionAttestationArray) ToCryptoKeyVersionAttestationArrayOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationArrayOutput
type CryptoKeyVersionAttestationArrayInput ¶
type CryptoKeyVersionAttestationArrayInput interface { pulumi.Input ToCryptoKeyVersionAttestationArrayOutput() CryptoKeyVersionAttestationArrayOutput ToCryptoKeyVersionAttestationArrayOutputWithContext(context.Context) CryptoKeyVersionAttestationArrayOutput }
CryptoKeyVersionAttestationArrayInput is an input type that accepts CryptoKeyVersionAttestationArray and CryptoKeyVersionAttestationArrayOutput values. You can construct a concrete instance of `CryptoKeyVersionAttestationArrayInput` via:
CryptoKeyVersionAttestationArray{ CryptoKeyVersionAttestationArgs{...} }
type CryptoKeyVersionAttestationArrayOutput ¶
type CryptoKeyVersionAttestationArrayOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionAttestationArrayOutput) ElementType ¶
func (CryptoKeyVersionAttestationArrayOutput) ElementType() reflect.Type
func (CryptoKeyVersionAttestationArrayOutput) ToCryptoKeyVersionAttestationArrayOutput ¶
func (o CryptoKeyVersionAttestationArrayOutput) ToCryptoKeyVersionAttestationArrayOutput() CryptoKeyVersionAttestationArrayOutput
func (CryptoKeyVersionAttestationArrayOutput) ToCryptoKeyVersionAttestationArrayOutputWithContext ¶
func (o CryptoKeyVersionAttestationArrayOutput) ToCryptoKeyVersionAttestationArrayOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationArrayOutput
type CryptoKeyVersionAttestationCertChains ¶
type CryptoKeyVersionAttestationCertChains struct { // Cavium certificate chain corresponding to the attestation. CaviumCerts []string `pulumi:"caviumCerts"` // Google card certificate chain corresponding to the attestation. GoogleCardCerts []string `pulumi:"googleCardCerts"` // Google partition certificate chain corresponding to the attestation. GooglePartitionCerts []string `pulumi:"googlePartitionCerts"` }
type CryptoKeyVersionAttestationCertChainsArgs ¶
type CryptoKeyVersionAttestationCertChainsArgs struct { // Cavium certificate chain corresponding to the attestation. CaviumCerts pulumi.StringArrayInput `pulumi:"caviumCerts"` // Google card certificate chain corresponding to the attestation. GoogleCardCerts pulumi.StringArrayInput `pulumi:"googleCardCerts"` // Google partition certificate chain corresponding to the attestation. GooglePartitionCerts pulumi.StringArrayInput `pulumi:"googlePartitionCerts"` }
func (CryptoKeyVersionAttestationCertChainsArgs) ElementType ¶
func (CryptoKeyVersionAttestationCertChainsArgs) ElementType() reflect.Type
func (CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsOutput ¶
func (i CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsOutput() CryptoKeyVersionAttestationCertChainsOutput
func (CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsOutputWithContext ¶
func (i CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsOutput
func (CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsPtrOutput ¶
func (i CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsPtrOutput() CryptoKeyVersionAttestationCertChainsPtrOutput
func (CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext ¶
func (i CryptoKeyVersionAttestationCertChainsArgs) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsPtrOutput
type CryptoKeyVersionAttestationCertChainsInput ¶
type CryptoKeyVersionAttestationCertChainsInput interface { pulumi.Input ToCryptoKeyVersionAttestationCertChainsOutput() CryptoKeyVersionAttestationCertChainsOutput ToCryptoKeyVersionAttestationCertChainsOutputWithContext(context.Context) CryptoKeyVersionAttestationCertChainsOutput }
CryptoKeyVersionAttestationCertChainsInput is an input type that accepts CryptoKeyVersionAttestationCertChainsArgs and CryptoKeyVersionAttestationCertChainsOutput values. You can construct a concrete instance of `CryptoKeyVersionAttestationCertChainsInput` via:
CryptoKeyVersionAttestationCertChainsArgs{...}
type CryptoKeyVersionAttestationCertChainsOutput ¶
type CryptoKeyVersionAttestationCertChainsOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionAttestationCertChainsOutput) CaviumCerts ¶
func (o CryptoKeyVersionAttestationCertChainsOutput) CaviumCerts() pulumi.StringArrayOutput
Cavium certificate chain corresponding to the attestation.
func (CryptoKeyVersionAttestationCertChainsOutput) ElementType ¶
func (CryptoKeyVersionAttestationCertChainsOutput) ElementType() reflect.Type
func (CryptoKeyVersionAttestationCertChainsOutput) GoogleCardCerts ¶
func (o CryptoKeyVersionAttestationCertChainsOutput) GoogleCardCerts() pulumi.StringArrayOutput
Google card certificate chain corresponding to the attestation.
func (CryptoKeyVersionAttestationCertChainsOutput) GooglePartitionCerts ¶
func (o CryptoKeyVersionAttestationCertChainsOutput) GooglePartitionCerts() pulumi.StringArrayOutput
Google partition certificate chain corresponding to the attestation.
func (CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsOutput ¶
func (o CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsOutput() CryptoKeyVersionAttestationCertChainsOutput
func (CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsOutputWithContext ¶
func (o CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsOutput
func (CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutput ¶
func (o CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutput() CryptoKeyVersionAttestationCertChainsPtrOutput
func (CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext ¶
func (o CryptoKeyVersionAttestationCertChainsOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsPtrOutput
type CryptoKeyVersionAttestationCertChainsPtrInput ¶
type CryptoKeyVersionAttestationCertChainsPtrInput interface { pulumi.Input ToCryptoKeyVersionAttestationCertChainsPtrOutput() CryptoKeyVersionAttestationCertChainsPtrOutput ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext(context.Context) CryptoKeyVersionAttestationCertChainsPtrOutput }
CryptoKeyVersionAttestationCertChainsPtrInput is an input type that accepts CryptoKeyVersionAttestationCertChainsArgs, CryptoKeyVersionAttestationCertChainsPtr and CryptoKeyVersionAttestationCertChainsPtrOutput values. You can construct a concrete instance of `CryptoKeyVersionAttestationCertChainsPtrInput` via:
CryptoKeyVersionAttestationCertChainsArgs{...} or: nil
func CryptoKeyVersionAttestationCertChainsPtr ¶
func CryptoKeyVersionAttestationCertChainsPtr(v *CryptoKeyVersionAttestationCertChainsArgs) CryptoKeyVersionAttestationCertChainsPtrInput
type CryptoKeyVersionAttestationCertChainsPtrOutput ¶
type CryptoKeyVersionAttestationCertChainsPtrOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionAttestationCertChainsPtrOutput) CaviumCerts ¶
func (o CryptoKeyVersionAttestationCertChainsPtrOutput) CaviumCerts() pulumi.StringArrayOutput
Cavium certificate chain corresponding to the attestation.
func (CryptoKeyVersionAttestationCertChainsPtrOutput) ElementType ¶
func (CryptoKeyVersionAttestationCertChainsPtrOutput) ElementType() reflect.Type
func (CryptoKeyVersionAttestationCertChainsPtrOutput) GoogleCardCerts ¶
func (o CryptoKeyVersionAttestationCertChainsPtrOutput) GoogleCardCerts() pulumi.StringArrayOutput
Google card certificate chain corresponding to the attestation.
func (CryptoKeyVersionAttestationCertChainsPtrOutput) GooglePartitionCerts ¶
func (o CryptoKeyVersionAttestationCertChainsPtrOutput) GooglePartitionCerts() pulumi.StringArrayOutput
Google partition certificate chain corresponding to the attestation.
func (CryptoKeyVersionAttestationCertChainsPtrOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutput ¶
func (o CryptoKeyVersionAttestationCertChainsPtrOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutput() CryptoKeyVersionAttestationCertChainsPtrOutput
func (CryptoKeyVersionAttestationCertChainsPtrOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext ¶
func (o CryptoKeyVersionAttestationCertChainsPtrOutput) ToCryptoKeyVersionAttestationCertChainsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationCertChainsPtrOutput
type CryptoKeyVersionAttestationExternalProtectionLevelOptions ¶
type CryptoKeyVersionAttestationExternalProtectionLevelOptions struct { // The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. EkmConnectionKeyPath *string `pulumi:"ekmConnectionKeyPath"` // The URI for an external resource that this CryptoKeyVersion represents. ExternalKeyUri *string `pulumi:"externalKeyUri"` }
type CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs ¶
type CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs struct { // The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. EkmConnectionKeyPath pulumi.StringPtrInput `pulumi:"ekmConnectionKeyPath"` // The URI for an external resource that this CryptoKeyVersion represents. ExternalKeyUri pulumi.StringPtrInput `pulumi:"externalKeyUri"` }
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ElementType ¶
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ElementType() reflect.Type
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput ¶
func (i CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutputWithContext ¶
func (i CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput ¶
func (i CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext ¶
func (i CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
type CryptoKeyVersionAttestationExternalProtectionLevelOptionsInput ¶
type CryptoKeyVersionAttestationExternalProtectionLevelOptionsInput interface { pulumi.Input ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutputWithContext(context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput }
CryptoKeyVersionAttestationExternalProtectionLevelOptionsInput is an input type that accepts CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs and CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput values. You can construct a concrete instance of `CryptoKeyVersionAttestationExternalProtectionLevelOptionsInput` via:
CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs{...}
type CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput ¶
type CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) EkmConnectionKeyPath ¶
func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput
The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ElementType ¶
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ElementType() reflect.Type
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ExternalKeyUri ¶
func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ExternalKeyUri() pulumi.StringPtrOutput
The URI for an external resource that this CryptoKeyVersion represents.
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput ¶
func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutputWithContext ¶
func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput ¶
func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext ¶
func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
type CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput ¶
type CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput interface { pulumi.Input ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext(context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput }
CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput is an input type that accepts CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs, CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtr and CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput values. You can construct a concrete instance of `CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput` via:
CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs{...} or: nil
func CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtr ¶
func CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtr(v *CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrInput
type CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput ¶
type CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) EkmConnectionKeyPath ¶
func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput
The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ElementType ¶
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ElementType() reflect.Type
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ExternalKeyUri ¶
func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ExternalKeyUri() pulumi.StringPtrOutput
The URI for an external resource that this CryptoKeyVersion represents.
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput ¶
func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
func (CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext ¶
func (o CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
type CryptoKeyVersionAttestationInput ¶
type CryptoKeyVersionAttestationInput interface { pulumi.Input ToCryptoKeyVersionAttestationOutput() CryptoKeyVersionAttestationOutput ToCryptoKeyVersionAttestationOutputWithContext(context.Context) CryptoKeyVersionAttestationOutput }
CryptoKeyVersionAttestationInput is an input type that accepts CryptoKeyVersionAttestationArgs and CryptoKeyVersionAttestationOutput values. You can construct a concrete instance of `CryptoKeyVersionAttestationInput` via:
CryptoKeyVersionAttestationArgs{...}
type CryptoKeyVersionAttestationOutput ¶
type CryptoKeyVersionAttestationOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionAttestationOutput) CertChains ¶
func (o CryptoKeyVersionAttestationOutput) CertChains() CryptoKeyVersionAttestationCertChainsPtrOutput
The certificate chains needed to validate the attestation Structure is documented below.
func (CryptoKeyVersionAttestationOutput) Content ¶
func (o CryptoKeyVersionAttestationOutput) Content() pulumi.StringPtrOutput
(Output) The attestation data provided by the HSM when the key operation was performed.
func (CryptoKeyVersionAttestationOutput) ElementType ¶
func (CryptoKeyVersionAttestationOutput) ElementType() reflect.Type
func (CryptoKeyVersionAttestationOutput) ExternalProtectionLevelOptions
deprecated
func (o CryptoKeyVersionAttestationOutput) ExternalProtectionLevelOptions() CryptoKeyVersionAttestationExternalProtectionLevelOptionsPtrOutput
ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
Deprecated: `externalProtectionLevelOptions` is being un-nested from the `attestation` field. Please use the top level `externalProtectionLevelOptions` field instead.
func (CryptoKeyVersionAttestationOutput) Format ¶
func (o CryptoKeyVersionAttestationOutput) Format() pulumi.StringPtrOutput
(Output) The format of the attestation data.
func (CryptoKeyVersionAttestationOutput) ToCryptoKeyVersionAttestationOutput ¶
func (o CryptoKeyVersionAttestationOutput) ToCryptoKeyVersionAttestationOutput() CryptoKeyVersionAttestationOutput
func (CryptoKeyVersionAttestationOutput) ToCryptoKeyVersionAttestationOutputWithContext ¶
func (o CryptoKeyVersionAttestationOutput) ToCryptoKeyVersionAttestationOutputWithContext(ctx context.Context) CryptoKeyVersionAttestationOutput
type CryptoKeyVersionExternalProtectionLevelOptions ¶
type CryptoKeyVersionExternalProtectionLevelOptions struct { // The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. EkmConnectionKeyPath *string `pulumi:"ekmConnectionKeyPath"` // The URI for an external resource that this CryptoKeyVersion represents. ExternalKeyUri *string `pulumi:"externalKeyUri"` }
type CryptoKeyVersionExternalProtectionLevelOptionsArgs ¶
type CryptoKeyVersionExternalProtectionLevelOptionsArgs struct { // The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. EkmConnectionKeyPath pulumi.StringPtrInput `pulumi:"ekmConnectionKeyPath"` // The URI for an external resource that this CryptoKeyVersion represents. ExternalKeyUri pulumi.StringPtrInput `pulumi:"externalKeyUri"` }
func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ElementType ¶
func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ElementType() reflect.Type
func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsOutput ¶
func (i CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsOutput() CryptoKeyVersionExternalProtectionLevelOptionsOutput
func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsOutputWithContext ¶
func (i CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsOutput
func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput ¶
func (i CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
func (CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext ¶
func (i CryptoKeyVersionExternalProtectionLevelOptionsArgs) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
type CryptoKeyVersionExternalProtectionLevelOptionsInput ¶
type CryptoKeyVersionExternalProtectionLevelOptionsInput interface { pulumi.Input ToCryptoKeyVersionExternalProtectionLevelOptionsOutput() CryptoKeyVersionExternalProtectionLevelOptionsOutput ToCryptoKeyVersionExternalProtectionLevelOptionsOutputWithContext(context.Context) CryptoKeyVersionExternalProtectionLevelOptionsOutput }
CryptoKeyVersionExternalProtectionLevelOptionsInput is an input type that accepts CryptoKeyVersionExternalProtectionLevelOptionsArgs and CryptoKeyVersionExternalProtectionLevelOptionsOutput values. You can construct a concrete instance of `CryptoKeyVersionExternalProtectionLevelOptionsInput` via:
CryptoKeyVersionExternalProtectionLevelOptionsArgs{...}
type CryptoKeyVersionExternalProtectionLevelOptionsOutput ¶
type CryptoKeyVersionExternalProtectionLevelOptionsOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) EkmConnectionKeyPath ¶
func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput
The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ElementType ¶
func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ElementType() reflect.Type
func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ExternalKeyUri ¶
func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ExternalKeyUri() pulumi.StringPtrOutput
The URI for an external resource that this CryptoKeyVersion represents.
func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsOutput ¶
func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsOutput() CryptoKeyVersionExternalProtectionLevelOptionsOutput
func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsOutputWithContext ¶
func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsOutput
func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput ¶
func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
func (CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext ¶
func (o CryptoKeyVersionExternalProtectionLevelOptionsOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
type CryptoKeyVersionExternalProtectionLevelOptionsPtrInput ¶
type CryptoKeyVersionExternalProtectionLevelOptionsPtrInput interface { pulumi.Input ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext(context.Context) CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput }
CryptoKeyVersionExternalProtectionLevelOptionsPtrInput is an input type that accepts CryptoKeyVersionExternalProtectionLevelOptionsArgs, CryptoKeyVersionExternalProtectionLevelOptionsPtr and CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput values. You can construct a concrete instance of `CryptoKeyVersionExternalProtectionLevelOptionsPtrInput` via:
CryptoKeyVersionExternalProtectionLevelOptionsArgs{...} or: nil
func CryptoKeyVersionExternalProtectionLevelOptionsPtr ¶
func CryptoKeyVersionExternalProtectionLevelOptionsPtr(v *CryptoKeyVersionExternalProtectionLevelOptionsArgs) CryptoKeyVersionExternalProtectionLevelOptionsPtrInput
type CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput ¶
type CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) EkmConnectionKeyPath ¶
func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput
The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ElementType ¶
func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ElementType() reflect.Type
func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ExternalKeyUri ¶
func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ExternalKeyUri() pulumi.StringPtrOutput
The URI for an external resource that this CryptoKeyVersion represents.
func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput ¶
func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutput() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
func (CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext ¶
func (o CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput) ToCryptoKeyVersionExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
type CryptoKeyVersionInput ¶
type CryptoKeyVersionInput interface { pulumi.Input ToCryptoKeyVersionOutput() CryptoKeyVersionOutput ToCryptoKeyVersionOutputWithContext(ctx context.Context) CryptoKeyVersionOutput }
type CryptoKeyVersionMap ¶
type CryptoKeyVersionMap map[string]CryptoKeyVersionInput
func (CryptoKeyVersionMap) ElementType ¶
func (CryptoKeyVersionMap) ElementType() reflect.Type
func (CryptoKeyVersionMap) ToCryptoKeyVersionMapOutput ¶
func (i CryptoKeyVersionMap) ToCryptoKeyVersionMapOutput() CryptoKeyVersionMapOutput
func (CryptoKeyVersionMap) ToCryptoKeyVersionMapOutputWithContext ¶
func (i CryptoKeyVersionMap) ToCryptoKeyVersionMapOutputWithContext(ctx context.Context) CryptoKeyVersionMapOutput
type CryptoKeyVersionMapInput ¶
type CryptoKeyVersionMapInput interface { pulumi.Input ToCryptoKeyVersionMapOutput() CryptoKeyVersionMapOutput ToCryptoKeyVersionMapOutputWithContext(context.Context) CryptoKeyVersionMapOutput }
CryptoKeyVersionMapInput is an input type that accepts CryptoKeyVersionMap and CryptoKeyVersionMapOutput values. You can construct a concrete instance of `CryptoKeyVersionMapInput` via:
CryptoKeyVersionMap{ "key": CryptoKeyVersionArgs{...} }
type CryptoKeyVersionMapOutput ¶
type CryptoKeyVersionMapOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionMapOutput) ElementType ¶
func (CryptoKeyVersionMapOutput) ElementType() reflect.Type
func (CryptoKeyVersionMapOutput) MapIndex ¶
func (o CryptoKeyVersionMapOutput) MapIndex(k pulumi.StringInput) CryptoKeyVersionOutput
func (CryptoKeyVersionMapOutput) ToCryptoKeyVersionMapOutput ¶
func (o CryptoKeyVersionMapOutput) ToCryptoKeyVersionMapOutput() CryptoKeyVersionMapOutput
func (CryptoKeyVersionMapOutput) ToCryptoKeyVersionMapOutputWithContext ¶
func (o CryptoKeyVersionMapOutput) ToCryptoKeyVersionMapOutputWithContext(ctx context.Context) CryptoKeyVersionMapOutput
type CryptoKeyVersionOutput ¶
type CryptoKeyVersionOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionOutput) Algorithm ¶
func (o CryptoKeyVersionOutput) Algorithm() pulumi.StringOutput
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
func (CryptoKeyVersionOutput) Attestations ¶
func (o CryptoKeyVersionOutput) Attestations() CryptoKeyVersionAttestationArrayOutput
Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
func (CryptoKeyVersionOutput) CryptoKey ¶
func (o CryptoKeyVersionOutput) CryptoKey() pulumi.StringOutput
The name of the cryptoKey associated with the CryptoKeyVersions. Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'`
***
func (CryptoKeyVersionOutput) ElementType ¶
func (CryptoKeyVersionOutput) ElementType() reflect.Type
func (CryptoKeyVersionOutput) ExternalProtectionLevelOptions ¶
func (o CryptoKeyVersionOutput) ExternalProtectionLevelOptions() CryptoKeyVersionExternalProtectionLevelOptionsPtrOutput
ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
func (CryptoKeyVersionOutput) GenerateTime ¶
func (o CryptoKeyVersionOutput) GenerateTime() pulumi.StringOutput
The time this CryptoKeyVersion key material was generated
func (CryptoKeyVersionOutput) Name ¶
func (o CryptoKeyVersionOutput) Name() pulumi.StringOutput
The resource name for this CryptoKeyVersion.
func (CryptoKeyVersionOutput) ProtectionLevel ¶
func (o CryptoKeyVersionOutput) ProtectionLevel() pulumi.StringOutput
The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
func (CryptoKeyVersionOutput) State ¶
func (o CryptoKeyVersionOutput) State() pulumi.StringOutput
The current state of the CryptoKeyVersion. Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`.
func (CryptoKeyVersionOutput) ToCryptoKeyVersionOutput ¶
func (o CryptoKeyVersionOutput) ToCryptoKeyVersionOutput() CryptoKeyVersionOutput
func (CryptoKeyVersionOutput) ToCryptoKeyVersionOutputWithContext ¶
func (o CryptoKeyVersionOutput) ToCryptoKeyVersionOutputWithContext(ctx context.Context) CryptoKeyVersionOutput
type CryptoKeyVersionState ¶
type CryptoKeyVersionState struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm pulumi.StringPtrInput // Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. // Only provided for key versions with protectionLevel HSM. // Structure is documented below. Attestations CryptoKeyVersionAttestationArrayInput // The name of the cryptoKey associated with the CryptoKeyVersions. // Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'` // // *** CryptoKey pulumi.StringPtrInput // ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. // Structure is documented below. ExternalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptionsPtrInput // The time this CryptoKeyVersion key material was generated GenerateTime pulumi.StringPtrInput // The resource name for this CryptoKeyVersion. Name pulumi.StringPtrInput // The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. ProtectionLevel pulumi.StringPtrInput // The current state of the CryptoKeyVersion. // Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`. State pulumi.StringPtrInput }
func (CryptoKeyVersionState) ElementType ¶
func (CryptoKeyVersionState) ElementType() reflect.Type
type CryptoKeyVersionTemplate ¶
type CryptoKeyVersionTemplate struct { // The algorithm to use when creating a version based on this template. // See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. Algorithm string `pulumi:"algorithm"` // The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". ProtectionLevel *string `pulumi:"protectionLevel"` }
type CryptoKeyVersionTemplateArgs ¶
type CryptoKeyVersionTemplateArgs struct { // The algorithm to use when creating a version based on this template. // See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. Algorithm pulumi.StringInput `pulumi:"algorithm"` // The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". ProtectionLevel pulumi.StringPtrInput `pulumi:"protectionLevel"` }
func (CryptoKeyVersionTemplateArgs) ElementType ¶
func (CryptoKeyVersionTemplateArgs) ElementType() reflect.Type
func (CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutput ¶
func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutput() CryptoKeyVersionTemplateOutput
func (CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutputWithContext ¶
func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateOutput
func (CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutput ¶
func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput
func (CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutputWithContext ¶
func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplatePtrOutput
type CryptoKeyVersionTemplateInput ¶
type CryptoKeyVersionTemplateInput interface { pulumi.Input ToCryptoKeyVersionTemplateOutput() CryptoKeyVersionTemplateOutput ToCryptoKeyVersionTemplateOutputWithContext(context.Context) CryptoKeyVersionTemplateOutput }
CryptoKeyVersionTemplateInput is an input type that accepts CryptoKeyVersionTemplateArgs and CryptoKeyVersionTemplateOutput values. You can construct a concrete instance of `CryptoKeyVersionTemplateInput` via:
CryptoKeyVersionTemplateArgs{...}
type CryptoKeyVersionTemplateOutput ¶
type CryptoKeyVersionTemplateOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionTemplateOutput) Algorithm ¶
func (o CryptoKeyVersionTemplateOutput) Algorithm() pulumi.StringOutput
The algorithm to use when creating a version based on this template. See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
func (CryptoKeyVersionTemplateOutput) ElementType ¶
func (CryptoKeyVersionTemplateOutput) ElementType() reflect.Type
func (CryptoKeyVersionTemplateOutput) ProtectionLevel ¶
func (o CryptoKeyVersionTemplateOutput) ProtectionLevel() pulumi.StringPtrOutput
The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
func (CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutput ¶
func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutput() CryptoKeyVersionTemplateOutput
func (CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutputWithContext ¶
func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateOutput
func (CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutput ¶
func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput
func (CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext ¶
func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplatePtrOutput
type CryptoKeyVersionTemplatePtrInput ¶
type CryptoKeyVersionTemplatePtrInput interface { pulumi.Input ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput ToCryptoKeyVersionTemplatePtrOutputWithContext(context.Context) CryptoKeyVersionTemplatePtrOutput }
CryptoKeyVersionTemplatePtrInput is an input type that accepts CryptoKeyVersionTemplateArgs, CryptoKeyVersionTemplatePtr and CryptoKeyVersionTemplatePtrOutput values. You can construct a concrete instance of `CryptoKeyVersionTemplatePtrInput` via:
CryptoKeyVersionTemplateArgs{...} or: nil
func CryptoKeyVersionTemplatePtr ¶
func CryptoKeyVersionTemplatePtr(v *CryptoKeyVersionTemplateArgs) CryptoKeyVersionTemplatePtrInput
type CryptoKeyVersionTemplatePtrOutput ¶
type CryptoKeyVersionTemplatePtrOutput struct{ *pulumi.OutputState }
func (CryptoKeyVersionTemplatePtrOutput) Algorithm ¶
func (o CryptoKeyVersionTemplatePtrOutput) Algorithm() pulumi.StringPtrOutput
The algorithm to use when creating a version based on this template. See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
func (CryptoKeyVersionTemplatePtrOutput) Elem ¶
func (o CryptoKeyVersionTemplatePtrOutput) Elem() CryptoKeyVersionTemplateOutput
func (CryptoKeyVersionTemplatePtrOutput) ElementType ¶
func (CryptoKeyVersionTemplatePtrOutput) ElementType() reflect.Type
func (CryptoKeyVersionTemplatePtrOutput) ProtectionLevel ¶
func (o CryptoKeyVersionTemplatePtrOutput) ProtectionLevel() pulumi.StringPtrOutput
The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
func (CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutput ¶
func (o CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput
func (CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext ¶
func (o CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplatePtrOutput
type EkmConnection ¶
type EkmConnection struct { pulumi.CustomResourceState // Output only. The time at which the EkmConnection was created. // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". CreateTime pulumi.StringOutput `pulumi:"createTime"` // Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if // KeyManagementMode is CLOUD_KMS. CryptoSpacePath pulumi.StringOutput `pulumi:"cryptoSpacePath"` // Optional. Etag of the currently stored EkmConnection. Etag pulumi.StringOutput `pulumi:"etag"` // Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL Default // value: "MANUAL" Possible values: ["MANUAL", "CLOUD_KMS"] KeyManagementMode pulumi.StringPtrOutput `pulumi:"keyManagementMode"` // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. Location pulumi.StringOutput `pulumi:"location"` // The resource name for the EkmConnection. Name pulumi.StringOutput `pulumi:"name"` Project pulumi.StringOutput `pulumi:"project"` // A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported // Structure is documented below. ServiceResolvers EkmConnectionServiceResolverArrayOutput `pulumi:"serviceResolvers"` }
`Ekm Connections` are used to control the connection settings for an `EXTERNAL_VPC` CryptoKey. It is used to connect customer's external key manager to Google Cloud EKM.
> **Note:** Ekm Connections cannot be deleted from Google Cloud Platform.
To get more information about EkmConnection, see:
* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.ekmConnections) * How-to Guides
- [Creating a Ekm Connection](https://cloud.google.com/kms/docs/create-ekm-connection)
## Example Usage
### Kms Ekm Connection Basic
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnection(ctx, "example-ekmconnection", &kms.EkmConnectionArgs{ Name: pulumi.String("ekmconnection_example"), Location: pulumi.String("us-central1"), KeyManagementMode: pulumi.String("MANUAL"), ServiceResolvers: kms.EkmConnectionServiceResolverArray{ &kms.EkmConnectionServiceResolverArgs{ ServiceDirectoryService: pulumi.String("projects/project_id/locations/us-central1/namespaces/namespace_name/services/service_name"), Hostname: pulumi.String("example-ekm.goog"), ServerCertificates: kms.EkmConnectionServiceResolverServerCertificateArray{ &kms.EkmConnectionServiceResolverServerCertificateArgs{ RawDer: pulumi.String("==HAwIBCCAr6gAwIBAgIUWR+EV4lqiV7Ql12VY=="), }, }, }, }, }) if err != nil { return err } return nil }) }
```
## Import
EkmConnection can be imported using any of these accepted formats:
* `projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}`
* `{{project}}/{{location}}/{{name}}`
* `{{location}}/{{name}}`
When using the `pulumi import` command, EkmConnection can be imported using one of the formats above. For example:
```sh $ pulumi import gcp:kms/ekmConnection:EkmConnection default projects/{{project}}/locations/{{location}}/ekmConnections/{{name}} ```
```sh $ pulumi import gcp:kms/ekmConnection:EkmConnection default {{project}}/{{location}}/{{name}} ```
```sh $ pulumi import gcp:kms/ekmConnection:EkmConnection default {{location}}/{{name}} ```
func GetEkmConnection ¶
func GetEkmConnection(ctx *pulumi.Context, name string, id pulumi.IDInput, state *EkmConnectionState, opts ...pulumi.ResourceOption) (*EkmConnection, error)
GetEkmConnection gets an existing EkmConnection resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewEkmConnection ¶
func NewEkmConnection(ctx *pulumi.Context, name string, args *EkmConnectionArgs, opts ...pulumi.ResourceOption) (*EkmConnection, error)
NewEkmConnection registers a new resource with the given unique name, arguments, and options.
func (*EkmConnection) ElementType ¶
func (*EkmConnection) ElementType() reflect.Type
func (*EkmConnection) ToEkmConnectionOutput ¶
func (i *EkmConnection) ToEkmConnectionOutput() EkmConnectionOutput
func (*EkmConnection) ToEkmConnectionOutputWithContext ¶
func (i *EkmConnection) ToEkmConnectionOutputWithContext(ctx context.Context) EkmConnectionOutput
type EkmConnectionArgs ¶
type EkmConnectionArgs struct { // Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if // KeyManagementMode is CLOUD_KMS. CryptoSpacePath pulumi.StringPtrInput // Optional. Etag of the currently stored EkmConnection. Etag pulumi.StringPtrInput // Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL Default // value: "MANUAL" Possible values: ["MANUAL", "CLOUD_KMS"] KeyManagementMode pulumi.StringPtrInput // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. Location pulumi.StringInput // The resource name for the EkmConnection. Name pulumi.StringPtrInput Project pulumi.StringPtrInput // A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported // Structure is documented below. ServiceResolvers EkmConnectionServiceResolverArrayInput }
The set of arguments for constructing a EkmConnection resource.
func (EkmConnectionArgs) ElementType ¶
func (EkmConnectionArgs) ElementType() reflect.Type
type EkmConnectionArray ¶
type EkmConnectionArray []EkmConnectionInput
func (EkmConnectionArray) ElementType ¶
func (EkmConnectionArray) ElementType() reflect.Type
func (EkmConnectionArray) ToEkmConnectionArrayOutput ¶
func (i EkmConnectionArray) ToEkmConnectionArrayOutput() EkmConnectionArrayOutput
func (EkmConnectionArray) ToEkmConnectionArrayOutputWithContext ¶
func (i EkmConnectionArray) ToEkmConnectionArrayOutputWithContext(ctx context.Context) EkmConnectionArrayOutput
type EkmConnectionArrayInput ¶
type EkmConnectionArrayInput interface { pulumi.Input ToEkmConnectionArrayOutput() EkmConnectionArrayOutput ToEkmConnectionArrayOutputWithContext(context.Context) EkmConnectionArrayOutput }
EkmConnectionArrayInput is an input type that accepts EkmConnectionArray and EkmConnectionArrayOutput values. You can construct a concrete instance of `EkmConnectionArrayInput` via:
EkmConnectionArray{ EkmConnectionArgs{...} }
type EkmConnectionArrayOutput ¶
type EkmConnectionArrayOutput struct{ *pulumi.OutputState }
func (EkmConnectionArrayOutput) ElementType ¶
func (EkmConnectionArrayOutput) ElementType() reflect.Type
func (EkmConnectionArrayOutput) Index ¶
func (o EkmConnectionArrayOutput) Index(i pulumi.IntInput) EkmConnectionOutput
func (EkmConnectionArrayOutput) ToEkmConnectionArrayOutput ¶
func (o EkmConnectionArrayOutput) ToEkmConnectionArrayOutput() EkmConnectionArrayOutput
func (EkmConnectionArrayOutput) ToEkmConnectionArrayOutputWithContext ¶
func (o EkmConnectionArrayOutput) ToEkmConnectionArrayOutputWithContext(ctx context.Context) EkmConnectionArrayOutput
type EkmConnectionIamBinding ¶
type EkmConnectionIamBinding struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition EkmConnectionIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringOutput `pulumi:"location"` // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Members pulumi.StringArrayOutput `pulumi:"members"` // Used to find the parent resource to bind the IAM policy to Name pulumi.StringOutput `pulumi:"name"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:
* `kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached. * `kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved. * `kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection
> **Note:** `kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `kms.EkmConnectionIamBinding` and `kms.EkmConnectionIamMember` or they will fight over what your policy should be.
> **Note:** `kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## kms.EkmConnectionIamPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## kms.EkmConnectionIamBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.EkmConnectionIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## kms.EkmConnectionIamMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.EkmConnectionIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## This resource supports User Project Overrides.
-
# IAM policy for Cloud Key Management Service EkmConnection Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:
* `kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached. * `kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved. * `kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection
> **Note:** `kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `kms.EkmConnectionIamBinding` and `kms.EkmConnectionIamMember` or they will fight over what your policy should be.
> **Note:** `kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## kms.EkmConnectionIamPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## kms.EkmConnectionIamBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.EkmConnectionIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## kms.EkmConnectionIamMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.EkmConnectionIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms:
* projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}
* {{project}}/{{location}}/{{name}}
* {{location}}/{{name}}
Any variables not passed in the import command will be taken from the provider configuration.
Cloud Key Management Service ekmconnection IAM resources can be imported using the resource identifiers, role, and member.
IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
```sh $ pulumi import gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding editor "projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer user:jane@example.com" ```
IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
```sh $ pulumi import gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding editor "projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer" ```
IAM policy imports use the identifier of the resource in question, e.g.
```sh $ pulumi import gcp:kms/ekmConnectionIamBinding:EkmConnectionIamBinding editor projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} ```
-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetEkmConnectionIamBinding ¶
func GetEkmConnectionIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *EkmConnectionIamBindingState, opts ...pulumi.ResourceOption) (*EkmConnectionIamBinding, error)
GetEkmConnectionIamBinding gets an existing EkmConnectionIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewEkmConnectionIamBinding ¶
func NewEkmConnectionIamBinding(ctx *pulumi.Context, name string, args *EkmConnectionIamBindingArgs, opts ...pulumi.ResourceOption) (*EkmConnectionIamBinding, error)
NewEkmConnectionIamBinding registers a new resource with the given unique name, arguments, and options.
func (*EkmConnectionIamBinding) ElementType ¶
func (*EkmConnectionIamBinding) ElementType() reflect.Type
func (*EkmConnectionIamBinding) ToEkmConnectionIamBindingOutput ¶
func (i *EkmConnectionIamBinding) ToEkmConnectionIamBindingOutput() EkmConnectionIamBindingOutput
func (*EkmConnectionIamBinding) ToEkmConnectionIamBindingOutputWithContext ¶
func (i *EkmConnectionIamBinding) ToEkmConnectionIamBindingOutputWithContext(ctx context.Context) EkmConnectionIamBindingOutput
type EkmConnectionIamBindingArgs ¶
type EkmConnectionIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition EkmConnectionIamBindingConditionPtrInput // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Members pulumi.StringArrayInput // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a EkmConnectionIamBinding resource.
func (EkmConnectionIamBindingArgs) ElementType ¶
func (EkmConnectionIamBindingArgs) ElementType() reflect.Type
type EkmConnectionIamBindingArray ¶
type EkmConnectionIamBindingArray []EkmConnectionIamBindingInput
func (EkmConnectionIamBindingArray) ElementType ¶
func (EkmConnectionIamBindingArray) ElementType() reflect.Type
func (EkmConnectionIamBindingArray) ToEkmConnectionIamBindingArrayOutput ¶
func (i EkmConnectionIamBindingArray) ToEkmConnectionIamBindingArrayOutput() EkmConnectionIamBindingArrayOutput
func (EkmConnectionIamBindingArray) ToEkmConnectionIamBindingArrayOutputWithContext ¶
func (i EkmConnectionIamBindingArray) ToEkmConnectionIamBindingArrayOutputWithContext(ctx context.Context) EkmConnectionIamBindingArrayOutput
type EkmConnectionIamBindingArrayInput ¶
type EkmConnectionIamBindingArrayInput interface { pulumi.Input ToEkmConnectionIamBindingArrayOutput() EkmConnectionIamBindingArrayOutput ToEkmConnectionIamBindingArrayOutputWithContext(context.Context) EkmConnectionIamBindingArrayOutput }
EkmConnectionIamBindingArrayInput is an input type that accepts EkmConnectionIamBindingArray and EkmConnectionIamBindingArrayOutput values. You can construct a concrete instance of `EkmConnectionIamBindingArrayInput` via:
EkmConnectionIamBindingArray{ EkmConnectionIamBindingArgs{...} }
type EkmConnectionIamBindingArrayOutput ¶
type EkmConnectionIamBindingArrayOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamBindingArrayOutput) ElementType ¶
func (EkmConnectionIamBindingArrayOutput) ElementType() reflect.Type
func (EkmConnectionIamBindingArrayOutput) Index ¶
func (o EkmConnectionIamBindingArrayOutput) Index(i pulumi.IntInput) EkmConnectionIamBindingOutput
func (EkmConnectionIamBindingArrayOutput) ToEkmConnectionIamBindingArrayOutput ¶
func (o EkmConnectionIamBindingArrayOutput) ToEkmConnectionIamBindingArrayOutput() EkmConnectionIamBindingArrayOutput
func (EkmConnectionIamBindingArrayOutput) ToEkmConnectionIamBindingArrayOutputWithContext ¶
func (o EkmConnectionIamBindingArrayOutput) ToEkmConnectionIamBindingArrayOutputWithContext(ctx context.Context) EkmConnectionIamBindingArrayOutput
type EkmConnectionIamBindingCondition ¶
type EkmConnectionIamBindingCondition struct { Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type EkmConnectionIamBindingConditionArgs ¶
type EkmConnectionIamBindingConditionArgs struct { Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (EkmConnectionIamBindingConditionArgs) ElementType ¶
func (EkmConnectionIamBindingConditionArgs) ElementType() reflect.Type
func (EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionOutput ¶
func (i EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionOutput() EkmConnectionIamBindingConditionOutput
func (EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionOutputWithContext ¶
func (i EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionOutput
func (EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionPtrOutput ¶
func (i EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionPtrOutput() EkmConnectionIamBindingConditionPtrOutput
func (EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionPtrOutputWithContext ¶
func (i EkmConnectionIamBindingConditionArgs) ToEkmConnectionIamBindingConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionPtrOutput
type EkmConnectionIamBindingConditionInput ¶
type EkmConnectionIamBindingConditionInput interface { pulumi.Input ToEkmConnectionIamBindingConditionOutput() EkmConnectionIamBindingConditionOutput ToEkmConnectionIamBindingConditionOutputWithContext(context.Context) EkmConnectionIamBindingConditionOutput }
EkmConnectionIamBindingConditionInput is an input type that accepts EkmConnectionIamBindingConditionArgs and EkmConnectionIamBindingConditionOutput values. You can construct a concrete instance of `EkmConnectionIamBindingConditionInput` via:
EkmConnectionIamBindingConditionArgs{...}
type EkmConnectionIamBindingConditionOutput ¶
type EkmConnectionIamBindingConditionOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamBindingConditionOutput) Description ¶
func (o EkmConnectionIamBindingConditionOutput) Description() pulumi.StringPtrOutput
func (EkmConnectionIamBindingConditionOutput) ElementType ¶
func (EkmConnectionIamBindingConditionOutput) ElementType() reflect.Type
func (EkmConnectionIamBindingConditionOutput) Expression ¶
func (o EkmConnectionIamBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (EkmConnectionIamBindingConditionOutput) Title ¶
func (o EkmConnectionIamBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionOutput ¶
func (o EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionOutput() EkmConnectionIamBindingConditionOutput
func (EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionOutputWithContext ¶
func (o EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionOutput
func (EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionPtrOutput ¶
func (o EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionPtrOutput() EkmConnectionIamBindingConditionPtrOutput
func (EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionPtrOutputWithContext ¶
func (o EkmConnectionIamBindingConditionOutput) ToEkmConnectionIamBindingConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionPtrOutput
type EkmConnectionIamBindingConditionPtrInput ¶
type EkmConnectionIamBindingConditionPtrInput interface { pulumi.Input ToEkmConnectionIamBindingConditionPtrOutput() EkmConnectionIamBindingConditionPtrOutput ToEkmConnectionIamBindingConditionPtrOutputWithContext(context.Context) EkmConnectionIamBindingConditionPtrOutput }
EkmConnectionIamBindingConditionPtrInput is an input type that accepts EkmConnectionIamBindingConditionArgs, EkmConnectionIamBindingConditionPtr and EkmConnectionIamBindingConditionPtrOutput values. You can construct a concrete instance of `EkmConnectionIamBindingConditionPtrInput` via:
EkmConnectionIamBindingConditionArgs{...} or: nil
func EkmConnectionIamBindingConditionPtr ¶
func EkmConnectionIamBindingConditionPtr(v *EkmConnectionIamBindingConditionArgs) EkmConnectionIamBindingConditionPtrInput
type EkmConnectionIamBindingConditionPtrOutput ¶
type EkmConnectionIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamBindingConditionPtrOutput) Description ¶
func (o EkmConnectionIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
func (EkmConnectionIamBindingConditionPtrOutput) ElementType ¶
func (EkmConnectionIamBindingConditionPtrOutput) ElementType() reflect.Type
func (EkmConnectionIamBindingConditionPtrOutput) Expression ¶
func (o EkmConnectionIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (EkmConnectionIamBindingConditionPtrOutput) Title ¶
func (o EkmConnectionIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (EkmConnectionIamBindingConditionPtrOutput) ToEkmConnectionIamBindingConditionPtrOutput ¶
func (o EkmConnectionIamBindingConditionPtrOutput) ToEkmConnectionIamBindingConditionPtrOutput() EkmConnectionIamBindingConditionPtrOutput
func (EkmConnectionIamBindingConditionPtrOutput) ToEkmConnectionIamBindingConditionPtrOutputWithContext ¶
func (o EkmConnectionIamBindingConditionPtrOutput) ToEkmConnectionIamBindingConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamBindingConditionPtrOutput
type EkmConnectionIamBindingInput ¶
type EkmConnectionIamBindingInput interface { pulumi.Input ToEkmConnectionIamBindingOutput() EkmConnectionIamBindingOutput ToEkmConnectionIamBindingOutputWithContext(ctx context.Context) EkmConnectionIamBindingOutput }
type EkmConnectionIamBindingMap ¶
type EkmConnectionIamBindingMap map[string]EkmConnectionIamBindingInput
func (EkmConnectionIamBindingMap) ElementType ¶
func (EkmConnectionIamBindingMap) ElementType() reflect.Type
func (EkmConnectionIamBindingMap) ToEkmConnectionIamBindingMapOutput ¶
func (i EkmConnectionIamBindingMap) ToEkmConnectionIamBindingMapOutput() EkmConnectionIamBindingMapOutput
func (EkmConnectionIamBindingMap) ToEkmConnectionIamBindingMapOutputWithContext ¶
func (i EkmConnectionIamBindingMap) ToEkmConnectionIamBindingMapOutputWithContext(ctx context.Context) EkmConnectionIamBindingMapOutput
type EkmConnectionIamBindingMapInput ¶
type EkmConnectionIamBindingMapInput interface { pulumi.Input ToEkmConnectionIamBindingMapOutput() EkmConnectionIamBindingMapOutput ToEkmConnectionIamBindingMapOutputWithContext(context.Context) EkmConnectionIamBindingMapOutput }
EkmConnectionIamBindingMapInput is an input type that accepts EkmConnectionIamBindingMap and EkmConnectionIamBindingMapOutput values. You can construct a concrete instance of `EkmConnectionIamBindingMapInput` via:
EkmConnectionIamBindingMap{ "key": EkmConnectionIamBindingArgs{...} }
type EkmConnectionIamBindingMapOutput ¶
type EkmConnectionIamBindingMapOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamBindingMapOutput) ElementType ¶
func (EkmConnectionIamBindingMapOutput) ElementType() reflect.Type
func (EkmConnectionIamBindingMapOutput) MapIndex ¶
func (o EkmConnectionIamBindingMapOutput) MapIndex(k pulumi.StringInput) EkmConnectionIamBindingOutput
func (EkmConnectionIamBindingMapOutput) ToEkmConnectionIamBindingMapOutput ¶
func (o EkmConnectionIamBindingMapOutput) ToEkmConnectionIamBindingMapOutput() EkmConnectionIamBindingMapOutput
func (EkmConnectionIamBindingMapOutput) ToEkmConnectionIamBindingMapOutputWithContext ¶
func (o EkmConnectionIamBindingMapOutput) ToEkmConnectionIamBindingMapOutputWithContext(ctx context.Context) EkmConnectionIamBindingMapOutput
type EkmConnectionIamBindingOutput ¶
type EkmConnectionIamBindingOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamBindingOutput) Condition ¶
func (o EkmConnectionIamBindingOutput) Condition() EkmConnectionIamBindingConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (EkmConnectionIamBindingOutput) ElementType ¶
func (EkmConnectionIamBindingOutput) ElementType() reflect.Type
func (EkmConnectionIamBindingOutput) Etag ¶
func (o EkmConnectionIamBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (EkmConnectionIamBindingOutput) Location ¶
func (o EkmConnectionIamBindingOutput) Location() pulumi.StringOutput
The location for the EkmConnection. A full list of valid locations can be found by running `gcloud kms locations list`. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration.
func (EkmConnectionIamBindingOutput) Members ¶
func (o EkmConnectionIamBindingOutput) Members() pulumi.StringArrayOutput
Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (EkmConnectionIamBindingOutput) Name ¶
func (o EkmConnectionIamBindingOutput) Name() pulumi.StringOutput
Used to find the parent resource to bind the IAM policy to
func (EkmConnectionIamBindingOutput) Project ¶
func (o EkmConnectionIamBindingOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
func (EkmConnectionIamBindingOutput) Role ¶
func (o EkmConnectionIamBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutput ¶
func (o EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutput() EkmConnectionIamBindingOutput
func (EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutputWithContext ¶
func (o EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutputWithContext(ctx context.Context) EkmConnectionIamBindingOutput
type EkmConnectionIamBindingState ¶
type EkmConnectionIamBindingState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition EkmConnectionIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Members pulumi.StringArrayInput // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (EkmConnectionIamBindingState) ElementType ¶
func (EkmConnectionIamBindingState) ElementType() reflect.Type
type EkmConnectionIamMember ¶
type EkmConnectionIamMember struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition EkmConnectionIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringOutput `pulumi:"location"` // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Member pulumi.StringOutput `pulumi:"member"` // Used to find the parent resource to bind the IAM policy to Name pulumi.StringOutput `pulumi:"name"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:
* `kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached. * `kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved. * `kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection
> **Note:** `kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `kms.EkmConnectionIamBinding` and `kms.EkmConnectionIamMember` or they will fight over what your policy should be.
> **Note:** `kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## kms.EkmConnectionIamPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## kms.EkmConnectionIamBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.EkmConnectionIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## kms.EkmConnectionIamMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.EkmConnectionIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## This resource supports User Project Overrides.
-
# IAM policy for Cloud Key Management Service EkmConnection Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:
* `kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached. * `kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved. * `kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection
> **Note:** `kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `kms.EkmConnectionIamBinding` and `kms.EkmConnectionIamMember` or they will fight over what your policy should be.
> **Note:** `kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## kms.EkmConnectionIamPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## kms.EkmConnectionIamBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.EkmConnectionIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## kms.EkmConnectionIamMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.EkmConnectionIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms:
* projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}
* {{project}}/{{location}}/{{name}}
* {{location}}/{{name}}
Any variables not passed in the import command will be taken from the provider configuration.
Cloud Key Management Service ekmconnection IAM resources can be imported using the resource identifiers, role, and member.
IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
```sh $ pulumi import gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember editor "projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer user:jane@example.com" ```
IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
```sh $ pulumi import gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember editor "projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer" ```
IAM policy imports use the identifier of the resource in question, e.g.
```sh $ pulumi import gcp:kms/ekmConnectionIamMember:EkmConnectionIamMember editor projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} ```
-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetEkmConnectionIamMember ¶
func GetEkmConnectionIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *EkmConnectionIamMemberState, opts ...pulumi.ResourceOption) (*EkmConnectionIamMember, error)
GetEkmConnectionIamMember gets an existing EkmConnectionIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewEkmConnectionIamMember ¶
func NewEkmConnectionIamMember(ctx *pulumi.Context, name string, args *EkmConnectionIamMemberArgs, opts ...pulumi.ResourceOption) (*EkmConnectionIamMember, error)
NewEkmConnectionIamMember registers a new resource with the given unique name, arguments, and options.
func (*EkmConnectionIamMember) ElementType ¶
func (*EkmConnectionIamMember) ElementType() reflect.Type
func (*EkmConnectionIamMember) ToEkmConnectionIamMemberOutput ¶
func (i *EkmConnectionIamMember) ToEkmConnectionIamMemberOutput() EkmConnectionIamMemberOutput
func (*EkmConnectionIamMember) ToEkmConnectionIamMemberOutputWithContext ¶
func (i *EkmConnectionIamMember) ToEkmConnectionIamMemberOutputWithContext(ctx context.Context) EkmConnectionIamMemberOutput
type EkmConnectionIamMemberArgs ¶
type EkmConnectionIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition EkmConnectionIamMemberConditionPtrInput // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Member pulumi.StringInput // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a EkmConnectionIamMember resource.
func (EkmConnectionIamMemberArgs) ElementType ¶
func (EkmConnectionIamMemberArgs) ElementType() reflect.Type
type EkmConnectionIamMemberArray ¶
type EkmConnectionIamMemberArray []EkmConnectionIamMemberInput
func (EkmConnectionIamMemberArray) ElementType ¶
func (EkmConnectionIamMemberArray) ElementType() reflect.Type
func (EkmConnectionIamMemberArray) ToEkmConnectionIamMemberArrayOutput ¶
func (i EkmConnectionIamMemberArray) ToEkmConnectionIamMemberArrayOutput() EkmConnectionIamMemberArrayOutput
func (EkmConnectionIamMemberArray) ToEkmConnectionIamMemberArrayOutputWithContext ¶
func (i EkmConnectionIamMemberArray) ToEkmConnectionIamMemberArrayOutputWithContext(ctx context.Context) EkmConnectionIamMemberArrayOutput
type EkmConnectionIamMemberArrayInput ¶
type EkmConnectionIamMemberArrayInput interface { pulumi.Input ToEkmConnectionIamMemberArrayOutput() EkmConnectionIamMemberArrayOutput ToEkmConnectionIamMemberArrayOutputWithContext(context.Context) EkmConnectionIamMemberArrayOutput }
EkmConnectionIamMemberArrayInput is an input type that accepts EkmConnectionIamMemberArray and EkmConnectionIamMemberArrayOutput values. You can construct a concrete instance of `EkmConnectionIamMemberArrayInput` via:
EkmConnectionIamMemberArray{ EkmConnectionIamMemberArgs{...} }
type EkmConnectionIamMemberArrayOutput ¶
type EkmConnectionIamMemberArrayOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamMemberArrayOutput) ElementType ¶
func (EkmConnectionIamMemberArrayOutput) ElementType() reflect.Type
func (EkmConnectionIamMemberArrayOutput) Index ¶
func (o EkmConnectionIamMemberArrayOutput) Index(i pulumi.IntInput) EkmConnectionIamMemberOutput
func (EkmConnectionIamMemberArrayOutput) ToEkmConnectionIamMemberArrayOutput ¶
func (o EkmConnectionIamMemberArrayOutput) ToEkmConnectionIamMemberArrayOutput() EkmConnectionIamMemberArrayOutput
func (EkmConnectionIamMemberArrayOutput) ToEkmConnectionIamMemberArrayOutputWithContext ¶
func (o EkmConnectionIamMemberArrayOutput) ToEkmConnectionIamMemberArrayOutputWithContext(ctx context.Context) EkmConnectionIamMemberArrayOutput
type EkmConnectionIamMemberCondition ¶
type EkmConnectionIamMemberCondition struct { Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type EkmConnectionIamMemberConditionArgs ¶
type EkmConnectionIamMemberConditionArgs struct { Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (EkmConnectionIamMemberConditionArgs) ElementType ¶
func (EkmConnectionIamMemberConditionArgs) ElementType() reflect.Type
func (EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionOutput ¶
func (i EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionOutput() EkmConnectionIamMemberConditionOutput
func (EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionOutputWithContext ¶
func (i EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionOutput
func (EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionPtrOutput ¶
func (i EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionPtrOutput() EkmConnectionIamMemberConditionPtrOutput
func (EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionPtrOutputWithContext ¶
func (i EkmConnectionIamMemberConditionArgs) ToEkmConnectionIamMemberConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionPtrOutput
type EkmConnectionIamMemberConditionInput ¶
type EkmConnectionIamMemberConditionInput interface { pulumi.Input ToEkmConnectionIamMemberConditionOutput() EkmConnectionIamMemberConditionOutput ToEkmConnectionIamMemberConditionOutputWithContext(context.Context) EkmConnectionIamMemberConditionOutput }
EkmConnectionIamMemberConditionInput is an input type that accepts EkmConnectionIamMemberConditionArgs and EkmConnectionIamMemberConditionOutput values. You can construct a concrete instance of `EkmConnectionIamMemberConditionInput` via:
EkmConnectionIamMemberConditionArgs{...}
type EkmConnectionIamMemberConditionOutput ¶
type EkmConnectionIamMemberConditionOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamMemberConditionOutput) Description ¶
func (o EkmConnectionIamMemberConditionOutput) Description() pulumi.StringPtrOutput
func (EkmConnectionIamMemberConditionOutput) ElementType ¶
func (EkmConnectionIamMemberConditionOutput) ElementType() reflect.Type
func (EkmConnectionIamMemberConditionOutput) Expression ¶
func (o EkmConnectionIamMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (EkmConnectionIamMemberConditionOutput) Title ¶
func (o EkmConnectionIamMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionOutput ¶
func (o EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionOutput() EkmConnectionIamMemberConditionOutput
func (EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionOutputWithContext ¶
func (o EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionOutput
func (EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionPtrOutput ¶
func (o EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionPtrOutput() EkmConnectionIamMemberConditionPtrOutput
func (EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionPtrOutputWithContext ¶
func (o EkmConnectionIamMemberConditionOutput) ToEkmConnectionIamMemberConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionPtrOutput
type EkmConnectionIamMemberConditionPtrInput ¶
type EkmConnectionIamMemberConditionPtrInput interface { pulumi.Input ToEkmConnectionIamMemberConditionPtrOutput() EkmConnectionIamMemberConditionPtrOutput ToEkmConnectionIamMemberConditionPtrOutputWithContext(context.Context) EkmConnectionIamMemberConditionPtrOutput }
EkmConnectionIamMemberConditionPtrInput is an input type that accepts EkmConnectionIamMemberConditionArgs, EkmConnectionIamMemberConditionPtr and EkmConnectionIamMemberConditionPtrOutput values. You can construct a concrete instance of `EkmConnectionIamMemberConditionPtrInput` via:
EkmConnectionIamMemberConditionArgs{...} or: nil
func EkmConnectionIamMemberConditionPtr ¶
func EkmConnectionIamMemberConditionPtr(v *EkmConnectionIamMemberConditionArgs) EkmConnectionIamMemberConditionPtrInput
type EkmConnectionIamMemberConditionPtrOutput ¶
type EkmConnectionIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamMemberConditionPtrOutput) Description ¶
func (o EkmConnectionIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
func (EkmConnectionIamMemberConditionPtrOutput) ElementType ¶
func (EkmConnectionIamMemberConditionPtrOutput) ElementType() reflect.Type
func (EkmConnectionIamMemberConditionPtrOutput) Expression ¶
func (o EkmConnectionIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (EkmConnectionIamMemberConditionPtrOutput) Title ¶
func (o EkmConnectionIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (EkmConnectionIamMemberConditionPtrOutput) ToEkmConnectionIamMemberConditionPtrOutput ¶
func (o EkmConnectionIamMemberConditionPtrOutput) ToEkmConnectionIamMemberConditionPtrOutput() EkmConnectionIamMemberConditionPtrOutput
func (EkmConnectionIamMemberConditionPtrOutput) ToEkmConnectionIamMemberConditionPtrOutputWithContext ¶
func (o EkmConnectionIamMemberConditionPtrOutput) ToEkmConnectionIamMemberConditionPtrOutputWithContext(ctx context.Context) EkmConnectionIamMemberConditionPtrOutput
type EkmConnectionIamMemberInput ¶
type EkmConnectionIamMemberInput interface { pulumi.Input ToEkmConnectionIamMemberOutput() EkmConnectionIamMemberOutput ToEkmConnectionIamMemberOutputWithContext(ctx context.Context) EkmConnectionIamMemberOutput }
type EkmConnectionIamMemberMap ¶
type EkmConnectionIamMemberMap map[string]EkmConnectionIamMemberInput
func (EkmConnectionIamMemberMap) ElementType ¶
func (EkmConnectionIamMemberMap) ElementType() reflect.Type
func (EkmConnectionIamMemberMap) ToEkmConnectionIamMemberMapOutput ¶
func (i EkmConnectionIamMemberMap) ToEkmConnectionIamMemberMapOutput() EkmConnectionIamMemberMapOutput
func (EkmConnectionIamMemberMap) ToEkmConnectionIamMemberMapOutputWithContext ¶
func (i EkmConnectionIamMemberMap) ToEkmConnectionIamMemberMapOutputWithContext(ctx context.Context) EkmConnectionIamMemberMapOutput
type EkmConnectionIamMemberMapInput ¶
type EkmConnectionIamMemberMapInput interface { pulumi.Input ToEkmConnectionIamMemberMapOutput() EkmConnectionIamMemberMapOutput ToEkmConnectionIamMemberMapOutputWithContext(context.Context) EkmConnectionIamMemberMapOutput }
EkmConnectionIamMemberMapInput is an input type that accepts EkmConnectionIamMemberMap and EkmConnectionIamMemberMapOutput values. You can construct a concrete instance of `EkmConnectionIamMemberMapInput` via:
EkmConnectionIamMemberMap{ "key": EkmConnectionIamMemberArgs{...} }
type EkmConnectionIamMemberMapOutput ¶
type EkmConnectionIamMemberMapOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamMemberMapOutput) ElementType ¶
func (EkmConnectionIamMemberMapOutput) ElementType() reflect.Type
func (EkmConnectionIamMemberMapOutput) MapIndex ¶
func (o EkmConnectionIamMemberMapOutput) MapIndex(k pulumi.StringInput) EkmConnectionIamMemberOutput
func (EkmConnectionIamMemberMapOutput) ToEkmConnectionIamMemberMapOutput ¶
func (o EkmConnectionIamMemberMapOutput) ToEkmConnectionIamMemberMapOutput() EkmConnectionIamMemberMapOutput
func (EkmConnectionIamMemberMapOutput) ToEkmConnectionIamMemberMapOutputWithContext ¶
func (o EkmConnectionIamMemberMapOutput) ToEkmConnectionIamMemberMapOutputWithContext(ctx context.Context) EkmConnectionIamMemberMapOutput
type EkmConnectionIamMemberOutput ¶
type EkmConnectionIamMemberOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamMemberOutput) Condition ¶
func (o EkmConnectionIamMemberOutput) Condition() EkmConnectionIamMemberConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (EkmConnectionIamMemberOutput) ElementType ¶
func (EkmConnectionIamMemberOutput) ElementType() reflect.Type
func (EkmConnectionIamMemberOutput) Etag ¶
func (o EkmConnectionIamMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (EkmConnectionIamMemberOutput) Location ¶
func (o EkmConnectionIamMemberOutput) Location() pulumi.StringOutput
The location for the EkmConnection. A full list of valid locations can be found by running `gcloud kms locations list`. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration.
func (EkmConnectionIamMemberOutput) Member ¶
func (o EkmConnectionIamMemberOutput) Member() pulumi.StringOutput
Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (EkmConnectionIamMemberOutput) Name ¶
func (o EkmConnectionIamMemberOutput) Name() pulumi.StringOutput
Used to find the parent resource to bind the IAM policy to
func (EkmConnectionIamMemberOutput) Project ¶
func (o EkmConnectionIamMemberOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
func (EkmConnectionIamMemberOutput) Role ¶
func (o EkmConnectionIamMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutput ¶
func (o EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutput() EkmConnectionIamMemberOutput
func (EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutputWithContext ¶
func (o EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutputWithContext(ctx context.Context) EkmConnectionIamMemberOutput
type EkmConnectionIamMemberState ¶
type EkmConnectionIamMemberState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition EkmConnectionIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Member pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `kms.EkmConnectionIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (EkmConnectionIamMemberState) ElementType ¶
func (EkmConnectionIamMemberState) ElementType() reflect.Type
type EkmConnectionIamPolicy ¶
type EkmConnectionIamPolicy struct { pulumi.CustomResourceState // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringOutput `pulumi:"location"` // Used to find the parent resource to bind the IAM policy to Name pulumi.StringOutput `pulumi:"name"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` }
Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:
* `kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached. * `kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved. * `kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection
> **Note:** `kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `kms.EkmConnectionIamBinding` and `kms.EkmConnectionIamMember` or they will fight over what your policy should be.
> **Note:** `kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## kms.EkmConnectionIamPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## kms.EkmConnectionIamBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.EkmConnectionIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## kms.EkmConnectionIamMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.EkmConnectionIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## This resource supports User Project Overrides.
-
# IAM policy for Cloud Key Management Service EkmConnection Three different resources help you manage your IAM policy for Cloud Key Management Service EkmConnection. Each of these resources serves a different use case:
* `kms.EkmConnectionIamPolicy`: Authoritative. Sets the IAM policy for the ekmconnection and replaces any existing policy already attached. * `kms.EkmConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the ekmconnection are preserved. * `kms.EkmConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the ekmconnection are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `kms.EkmConnectionIamPolicy`: Retrieves the IAM policy for the ekmconnection
> **Note:** `kms.EkmConnectionIamPolicy` **cannot** be used in conjunction with `kms.EkmConnectionIamBinding` and `kms.EkmConnectionIamMember` or they will fight over what your policy should be.
> **Note:** `kms.EkmConnectionIamBinding` resources **can be** used in conjunction with `kms.EkmConnectionIamMember` resources **only if** they do not grant privilege to the same role.
> **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
## kms.EkmConnectionIamPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewEkmConnectionIamPolicy(ctx, "policy", &kms.EkmConnectionIamPolicyArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
``` ## kms.EkmConnectionIamBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamBinding(ctx, "binding", &kms.EkmConnectionIamBindingArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.EkmConnectionIamBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
``` ## kms.EkmConnectionIamMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewEkmConnectionIamMember(ctx, "member", &kms.EkmConnectionIamMemberArgs{ Project: pulumi.Any(example_ekmconnection.Project), Location: pulumi.Any(example_ekmconnection.Location), Name: pulumi.Any(example_ekmconnection.Name), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.EkmConnectionIamMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms:
* projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}
* {{project}}/{{location}}/{{name}}
* {{location}}/{{name}}
Any variables not passed in the import command will be taken from the provider configuration.
Cloud Key Management Service ekmconnection IAM resources can be imported using the resource identifiers, role, and member.
IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
```sh $ pulumi import gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy editor "projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer user:jane@example.com" ```
IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
```sh $ pulumi import gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy editor "projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} roles/viewer" ```
IAM policy imports use the identifier of the resource in question, e.g.
```sh $ pulumi import gcp:kms/ekmConnectionIamPolicy:EkmConnectionIamPolicy editor projects/{{project}}/locations/{{location}}/ekmConnections/{{ekm_connection}} ```
-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetEkmConnectionIamPolicy ¶
func GetEkmConnectionIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *EkmConnectionIamPolicyState, opts ...pulumi.ResourceOption) (*EkmConnectionIamPolicy, error)
GetEkmConnectionIamPolicy gets an existing EkmConnectionIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewEkmConnectionIamPolicy ¶
func NewEkmConnectionIamPolicy(ctx *pulumi.Context, name string, args *EkmConnectionIamPolicyArgs, opts ...pulumi.ResourceOption) (*EkmConnectionIamPolicy, error)
NewEkmConnectionIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*EkmConnectionIamPolicy) ElementType ¶
func (*EkmConnectionIamPolicy) ElementType() reflect.Type
func (*EkmConnectionIamPolicy) ToEkmConnectionIamPolicyOutput ¶
func (i *EkmConnectionIamPolicy) ToEkmConnectionIamPolicyOutput() EkmConnectionIamPolicyOutput
func (*EkmConnectionIamPolicy) ToEkmConnectionIamPolicyOutputWithContext ¶
func (i *EkmConnectionIamPolicy) ToEkmConnectionIamPolicyOutputWithContext(ctx context.Context) EkmConnectionIamPolicyOutput
type EkmConnectionIamPolicyArgs ¶
type EkmConnectionIamPolicyArgs struct { // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput }
The set of arguments for constructing a EkmConnectionIamPolicy resource.
func (EkmConnectionIamPolicyArgs) ElementType ¶
func (EkmConnectionIamPolicyArgs) ElementType() reflect.Type
type EkmConnectionIamPolicyArray ¶
type EkmConnectionIamPolicyArray []EkmConnectionIamPolicyInput
func (EkmConnectionIamPolicyArray) ElementType ¶
func (EkmConnectionIamPolicyArray) ElementType() reflect.Type
func (EkmConnectionIamPolicyArray) ToEkmConnectionIamPolicyArrayOutput ¶
func (i EkmConnectionIamPolicyArray) ToEkmConnectionIamPolicyArrayOutput() EkmConnectionIamPolicyArrayOutput
func (EkmConnectionIamPolicyArray) ToEkmConnectionIamPolicyArrayOutputWithContext ¶
func (i EkmConnectionIamPolicyArray) ToEkmConnectionIamPolicyArrayOutputWithContext(ctx context.Context) EkmConnectionIamPolicyArrayOutput
type EkmConnectionIamPolicyArrayInput ¶
type EkmConnectionIamPolicyArrayInput interface { pulumi.Input ToEkmConnectionIamPolicyArrayOutput() EkmConnectionIamPolicyArrayOutput ToEkmConnectionIamPolicyArrayOutputWithContext(context.Context) EkmConnectionIamPolicyArrayOutput }
EkmConnectionIamPolicyArrayInput is an input type that accepts EkmConnectionIamPolicyArray and EkmConnectionIamPolicyArrayOutput values. You can construct a concrete instance of `EkmConnectionIamPolicyArrayInput` via:
EkmConnectionIamPolicyArray{ EkmConnectionIamPolicyArgs{...} }
type EkmConnectionIamPolicyArrayOutput ¶
type EkmConnectionIamPolicyArrayOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamPolicyArrayOutput) ElementType ¶
func (EkmConnectionIamPolicyArrayOutput) ElementType() reflect.Type
func (EkmConnectionIamPolicyArrayOutput) Index ¶
func (o EkmConnectionIamPolicyArrayOutput) Index(i pulumi.IntInput) EkmConnectionIamPolicyOutput
func (EkmConnectionIamPolicyArrayOutput) ToEkmConnectionIamPolicyArrayOutput ¶
func (o EkmConnectionIamPolicyArrayOutput) ToEkmConnectionIamPolicyArrayOutput() EkmConnectionIamPolicyArrayOutput
func (EkmConnectionIamPolicyArrayOutput) ToEkmConnectionIamPolicyArrayOutputWithContext ¶
func (o EkmConnectionIamPolicyArrayOutput) ToEkmConnectionIamPolicyArrayOutputWithContext(ctx context.Context) EkmConnectionIamPolicyArrayOutput
type EkmConnectionIamPolicyInput ¶
type EkmConnectionIamPolicyInput interface { pulumi.Input ToEkmConnectionIamPolicyOutput() EkmConnectionIamPolicyOutput ToEkmConnectionIamPolicyOutputWithContext(ctx context.Context) EkmConnectionIamPolicyOutput }
type EkmConnectionIamPolicyMap ¶
type EkmConnectionIamPolicyMap map[string]EkmConnectionIamPolicyInput
func (EkmConnectionIamPolicyMap) ElementType ¶
func (EkmConnectionIamPolicyMap) ElementType() reflect.Type
func (EkmConnectionIamPolicyMap) ToEkmConnectionIamPolicyMapOutput ¶
func (i EkmConnectionIamPolicyMap) ToEkmConnectionIamPolicyMapOutput() EkmConnectionIamPolicyMapOutput
func (EkmConnectionIamPolicyMap) ToEkmConnectionIamPolicyMapOutputWithContext ¶
func (i EkmConnectionIamPolicyMap) ToEkmConnectionIamPolicyMapOutputWithContext(ctx context.Context) EkmConnectionIamPolicyMapOutput
type EkmConnectionIamPolicyMapInput ¶
type EkmConnectionIamPolicyMapInput interface { pulumi.Input ToEkmConnectionIamPolicyMapOutput() EkmConnectionIamPolicyMapOutput ToEkmConnectionIamPolicyMapOutputWithContext(context.Context) EkmConnectionIamPolicyMapOutput }
EkmConnectionIamPolicyMapInput is an input type that accepts EkmConnectionIamPolicyMap and EkmConnectionIamPolicyMapOutput values. You can construct a concrete instance of `EkmConnectionIamPolicyMapInput` via:
EkmConnectionIamPolicyMap{ "key": EkmConnectionIamPolicyArgs{...} }
type EkmConnectionIamPolicyMapOutput ¶
type EkmConnectionIamPolicyMapOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamPolicyMapOutput) ElementType ¶
func (EkmConnectionIamPolicyMapOutput) ElementType() reflect.Type
func (EkmConnectionIamPolicyMapOutput) MapIndex ¶
func (o EkmConnectionIamPolicyMapOutput) MapIndex(k pulumi.StringInput) EkmConnectionIamPolicyOutput
func (EkmConnectionIamPolicyMapOutput) ToEkmConnectionIamPolicyMapOutput ¶
func (o EkmConnectionIamPolicyMapOutput) ToEkmConnectionIamPolicyMapOutput() EkmConnectionIamPolicyMapOutput
func (EkmConnectionIamPolicyMapOutput) ToEkmConnectionIamPolicyMapOutputWithContext ¶
func (o EkmConnectionIamPolicyMapOutput) ToEkmConnectionIamPolicyMapOutputWithContext(ctx context.Context) EkmConnectionIamPolicyMapOutput
type EkmConnectionIamPolicyOutput ¶
type EkmConnectionIamPolicyOutput struct{ *pulumi.OutputState }
func (EkmConnectionIamPolicyOutput) ElementType ¶
func (EkmConnectionIamPolicyOutput) ElementType() reflect.Type
func (EkmConnectionIamPolicyOutput) Etag ¶
func (o EkmConnectionIamPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (EkmConnectionIamPolicyOutput) Location ¶
func (o EkmConnectionIamPolicyOutput) Location() pulumi.StringOutput
The location for the EkmConnection. A full list of valid locations can be found by running `gcloud kms locations list`. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration.
func (EkmConnectionIamPolicyOutput) Name ¶
func (o EkmConnectionIamPolicyOutput) Name() pulumi.StringOutput
Used to find the parent resource to bind the IAM policy to
func (EkmConnectionIamPolicyOutput) PolicyData ¶
func (o EkmConnectionIamPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (EkmConnectionIamPolicyOutput) Project ¶
func (o EkmConnectionIamPolicyOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
func (EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutput ¶
func (o EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutput() EkmConnectionIamPolicyOutput
func (EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutputWithContext ¶
func (o EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutputWithContext(ctx context.Context) EkmConnectionIamPolicyOutput
type EkmConnectionIamPolicyState ¶
type EkmConnectionIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput }
func (EkmConnectionIamPolicyState) ElementType ¶
func (EkmConnectionIamPolicyState) ElementType() reflect.Type
type EkmConnectionInput ¶
type EkmConnectionInput interface { pulumi.Input ToEkmConnectionOutput() EkmConnectionOutput ToEkmConnectionOutputWithContext(ctx context.Context) EkmConnectionOutput }
type EkmConnectionMap ¶
type EkmConnectionMap map[string]EkmConnectionInput
func (EkmConnectionMap) ElementType ¶
func (EkmConnectionMap) ElementType() reflect.Type
func (EkmConnectionMap) ToEkmConnectionMapOutput ¶
func (i EkmConnectionMap) ToEkmConnectionMapOutput() EkmConnectionMapOutput
func (EkmConnectionMap) ToEkmConnectionMapOutputWithContext ¶
func (i EkmConnectionMap) ToEkmConnectionMapOutputWithContext(ctx context.Context) EkmConnectionMapOutput
type EkmConnectionMapInput ¶
type EkmConnectionMapInput interface { pulumi.Input ToEkmConnectionMapOutput() EkmConnectionMapOutput ToEkmConnectionMapOutputWithContext(context.Context) EkmConnectionMapOutput }
EkmConnectionMapInput is an input type that accepts EkmConnectionMap and EkmConnectionMapOutput values. You can construct a concrete instance of `EkmConnectionMapInput` via:
EkmConnectionMap{ "key": EkmConnectionArgs{...} }
type EkmConnectionMapOutput ¶
type EkmConnectionMapOutput struct{ *pulumi.OutputState }
func (EkmConnectionMapOutput) ElementType ¶
func (EkmConnectionMapOutput) ElementType() reflect.Type
func (EkmConnectionMapOutput) MapIndex ¶
func (o EkmConnectionMapOutput) MapIndex(k pulumi.StringInput) EkmConnectionOutput
func (EkmConnectionMapOutput) ToEkmConnectionMapOutput ¶
func (o EkmConnectionMapOutput) ToEkmConnectionMapOutput() EkmConnectionMapOutput
func (EkmConnectionMapOutput) ToEkmConnectionMapOutputWithContext ¶
func (o EkmConnectionMapOutput) ToEkmConnectionMapOutputWithContext(ctx context.Context) EkmConnectionMapOutput
type EkmConnectionOutput ¶
type EkmConnectionOutput struct{ *pulumi.OutputState }
func (EkmConnectionOutput) CreateTime ¶
func (o EkmConnectionOutput) CreateTime() pulumi.StringOutput
Output only. The time at which the EkmConnection was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
func (EkmConnectionOutput) CryptoSpacePath ¶
func (o EkmConnectionOutput) CryptoSpacePath() pulumi.StringOutput
Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.
func (EkmConnectionOutput) ElementType ¶
func (EkmConnectionOutput) ElementType() reflect.Type
func (EkmConnectionOutput) Etag ¶
func (o EkmConnectionOutput) Etag() pulumi.StringOutput
Optional. Etag of the currently stored EkmConnection.
func (EkmConnectionOutput) KeyManagementMode ¶
func (o EkmConnectionOutput) KeyManagementMode() pulumi.StringPtrOutput
Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL Default value: "MANUAL" Possible values: ["MANUAL", "CLOUD_KMS"]
func (EkmConnectionOutput) Location ¶
func (o EkmConnectionOutput) Location() pulumi.StringOutput
The location for the EkmConnection. A full list of valid locations can be found by running `gcloud kms locations list`.
func (EkmConnectionOutput) Name ¶
func (o EkmConnectionOutput) Name() pulumi.StringOutput
The resource name for the EkmConnection.
func (EkmConnectionOutput) Project ¶
func (o EkmConnectionOutput) Project() pulumi.StringOutput
func (EkmConnectionOutput) ServiceResolvers ¶
func (o EkmConnectionOutput) ServiceResolvers() EkmConnectionServiceResolverArrayOutput
A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported Structure is documented below.
func (EkmConnectionOutput) ToEkmConnectionOutput ¶
func (o EkmConnectionOutput) ToEkmConnectionOutput() EkmConnectionOutput
func (EkmConnectionOutput) ToEkmConnectionOutputWithContext ¶
func (o EkmConnectionOutput) ToEkmConnectionOutputWithContext(ctx context.Context) EkmConnectionOutput
type EkmConnectionServiceResolver ¶
type EkmConnectionServiceResolver struct { // Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest. EndpointFilter *string `pulumi:"endpointFilter"` // Required. The hostname of the EKM replica used at TLS and HTTP layers. Hostname string `pulumi:"hostname"` // Required. A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported. // Structure is documented below. ServerCertificates []EkmConnectionServiceResolverServerCertificate `pulumi:"serverCertificates"` // Required. The resource name of the Service Directory service pointing to an EKM replica, in the format projects/*/locations/*/namespaces/*/services/* ServiceDirectoryService string `pulumi:"serviceDirectoryService"` }
type EkmConnectionServiceResolverArgs ¶
type EkmConnectionServiceResolverArgs struct { // Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest. EndpointFilter pulumi.StringPtrInput `pulumi:"endpointFilter"` // Required. The hostname of the EKM replica used at TLS and HTTP layers. Hostname pulumi.StringInput `pulumi:"hostname"` // Required. A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported. // Structure is documented below. ServerCertificates EkmConnectionServiceResolverServerCertificateArrayInput `pulumi:"serverCertificates"` // Required. The resource name of the Service Directory service pointing to an EKM replica, in the format projects/*/locations/*/namespaces/*/services/* ServiceDirectoryService pulumi.StringInput `pulumi:"serviceDirectoryService"` }
func (EkmConnectionServiceResolverArgs) ElementType ¶
func (EkmConnectionServiceResolverArgs) ElementType() reflect.Type
func (EkmConnectionServiceResolverArgs) ToEkmConnectionServiceResolverOutput ¶
func (i EkmConnectionServiceResolverArgs) ToEkmConnectionServiceResolverOutput() EkmConnectionServiceResolverOutput
func (EkmConnectionServiceResolverArgs) ToEkmConnectionServiceResolverOutputWithContext ¶
func (i EkmConnectionServiceResolverArgs) ToEkmConnectionServiceResolverOutputWithContext(ctx context.Context) EkmConnectionServiceResolverOutput
type EkmConnectionServiceResolverArray ¶
type EkmConnectionServiceResolverArray []EkmConnectionServiceResolverInput
func (EkmConnectionServiceResolverArray) ElementType ¶
func (EkmConnectionServiceResolverArray) ElementType() reflect.Type
func (EkmConnectionServiceResolverArray) ToEkmConnectionServiceResolverArrayOutput ¶
func (i EkmConnectionServiceResolverArray) ToEkmConnectionServiceResolverArrayOutput() EkmConnectionServiceResolverArrayOutput
func (EkmConnectionServiceResolverArray) ToEkmConnectionServiceResolverArrayOutputWithContext ¶
func (i EkmConnectionServiceResolverArray) ToEkmConnectionServiceResolverArrayOutputWithContext(ctx context.Context) EkmConnectionServiceResolverArrayOutput
type EkmConnectionServiceResolverArrayInput ¶
type EkmConnectionServiceResolverArrayInput interface { pulumi.Input ToEkmConnectionServiceResolverArrayOutput() EkmConnectionServiceResolverArrayOutput ToEkmConnectionServiceResolverArrayOutputWithContext(context.Context) EkmConnectionServiceResolverArrayOutput }
EkmConnectionServiceResolverArrayInput is an input type that accepts EkmConnectionServiceResolverArray and EkmConnectionServiceResolverArrayOutput values. You can construct a concrete instance of `EkmConnectionServiceResolverArrayInput` via:
EkmConnectionServiceResolverArray{ EkmConnectionServiceResolverArgs{...} }
type EkmConnectionServiceResolverArrayOutput ¶
type EkmConnectionServiceResolverArrayOutput struct{ *pulumi.OutputState }
func (EkmConnectionServiceResolverArrayOutput) ElementType ¶
func (EkmConnectionServiceResolverArrayOutput) ElementType() reflect.Type
func (EkmConnectionServiceResolverArrayOutput) ToEkmConnectionServiceResolverArrayOutput ¶
func (o EkmConnectionServiceResolverArrayOutput) ToEkmConnectionServiceResolverArrayOutput() EkmConnectionServiceResolverArrayOutput
func (EkmConnectionServiceResolverArrayOutput) ToEkmConnectionServiceResolverArrayOutputWithContext ¶
func (o EkmConnectionServiceResolverArrayOutput) ToEkmConnectionServiceResolverArrayOutputWithContext(ctx context.Context) EkmConnectionServiceResolverArrayOutput
type EkmConnectionServiceResolverInput ¶
type EkmConnectionServiceResolverInput interface { pulumi.Input ToEkmConnectionServiceResolverOutput() EkmConnectionServiceResolverOutput ToEkmConnectionServiceResolverOutputWithContext(context.Context) EkmConnectionServiceResolverOutput }
EkmConnectionServiceResolverInput is an input type that accepts EkmConnectionServiceResolverArgs and EkmConnectionServiceResolverOutput values. You can construct a concrete instance of `EkmConnectionServiceResolverInput` via:
EkmConnectionServiceResolverArgs{...}
type EkmConnectionServiceResolverOutput ¶
type EkmConnectionServiceResolverOutput struct{ *pulumi.OutputState }
func (EkmConnectionServiceResolverOutput) ElementType ¶
func (EkmConnectionServiceResolverOutput) ElementType() reflect.Type
func (EkmConnectionServiceResolverOutput) EndpointFilter ¶
func (o EkmConnectionServiceResolverOutput) EndpointFilter() pulumi.StringPtrOutput
Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
func (EkmConnectionServiceResolverOutput) Hostname ¶
func (o EkmConnectionServiceResolverOutput) Hostname() pulumi.StringOutput
Required. The hostname of the EKM replica used at TLS and HTTP layers.
func (EkmConnectionServiceResolverOutput) ServerCertificates ¶
func (o EkmConnectionServiceResolverOutput) ServerCertificates() EkmConnectionServiceResolverServerCertificateArrayOutput
Required. A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported. Structure is documented below.
func (EkmConnectionServiceResolverOutput) ServiceDirectoryService ¶
func (o EkmConnectionServiceResolverOutput) ServiceDirectoryService() pulumi.StringOutput
Required. The resource name of the Service Directory service pointing to an EKM replica, in the format projects/*/locations/*/namespaces/*/services/*
func (EkmConnectionServiceResolverOutput) ToEkmConnectionServiceResolverOutput ¶
func (o EkmConnectionServiceResolverOutput) ToEkmConnectionServiceResolverOutput() EkmConnectionServiceResolverOutput
func (EkmConnectionServiceResolverOutput) ToEkmConnectionServiceResolverOutputWithContext ¶
func (o EkmConnectionServiceResolverOutput) ToEkmConnectionServiceResolverOutputWithContext(ctx context.Context) EkmConnectionServiceResolverOutput
type EkmConnectionServiceResolverServerCertificate ¶
type EkmConnectionServiceResolverServerCertificate struct { // (Output) // Output only. The issuer distinguished name in RFC 2253 format. Only present if parsed is true. Issuer *string `pulumi:"issuer"` // (Output) // Output only. The certificate is not valid after this time. Only present if parsed is true. // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". NotAfterTime *string `pulumi:"notAfterTime"` // (Output) // Output only. The certificate is not valid before this time. Only present if parsed is true. // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". NotBeforeTime *string `pulumi:"notBeforeTime"` // (Output) // Output only. True if the certificate was parsed successfully. Parsed *bool `pulumi:"parsed"` // Required. The raw certificate bytes in DER format. A base64-encoded string. RawDer string `pulumi:"rawDer"` // (Output) // Output only. The certificate serial number as a hex string. Only present if parsed is true. SerialNumber *string `pulumi:"serialNumber"` // (Output) // Output only. The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true. Sha256Fingerprint *string `pulumi:"sha256Fingerprint"` // (Output) // Output only. The subject distinguished name in RFC 2253 format. Only present if parsed is true. Subject *string `pulumi:"subject"` // (Output) // Output only. The subject Alternative DNS names. Only present if parsed is true. // // *** SubjectAlternativeDnsNames []string `pulumi:"subjectAlternativeDnsNames"` }
type EkmConnectionServiceResolverServerCertificateArgs ¶
type EkmConnectionServiceResolverServerCertificateArgs struct { // (Output) // Output only. The issuer distinguished name in RFC 2253 format. Only present if parsed is true. Issuer pulumi.StringPtrInput `pulumi:"issuer"` // (Output) // Output only. The certificate is not valid after this time. Only present if parsed is true. // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". NotAfterTime pulumi.StringPtrInput `pulumi:"notAfterTime"` // (Output) // Output only. The certificate is not valid before this time. Only present if parsed is true. // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". NotBeforeTime pulumi.StringPtrInput `pulumi:"notBeforeTime"` // (Output) // Output only. True if the certificate was parsed successfully. Parsed pulumi.BoolPtrInput `pulumi:"parsed"` // Required. The raw certificate bytes in DER format. A base64-encoded string. RawDer pulumi.StringInput `pulumi:"rawDer"` // (Output) // Output only. The certificate serial number as a hex string. Only present if parsed is true. SerialNumber pulumi.StringPtrInput `pulumi:"serialNumber"` // (Output) // Output only. The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true. Sha256Fingerprint pulumi.StringPtrInput `pulumi:"sha256Fingerprint"` // (Output) // Output only. The subject distinguished name in RFC 2253 format. Only present if parsed is true. Subject pulumi.StringPtrInput `pulumi:"subject"` // (Output) // Output only. The subject Alternative DNS names. Only present if parsed is true. // // *** SubjectAlternativeDnsNames pulumi.StringArrayInput `pulumi:"subjectAlternativeDnsNames"` }
func (EkmConnectionServiceResolverServerCertificateArgs) ElementType ¶
func (EkmConnectionServiceResolverServerCertificateArgs) ElementType() reflect.Type
func (EkmConnectionServiceResolverServerCertificateArgs) ToEkmConnectionServiceResolverServerCertificateOutput ¶
func (i EkmConnectionServiceResolverServerCertificateArgs) ToEkmConnectionServiceResolverServerCertificateOutput() EkmConnectionServiceResolverServerCertificateOutput
func (EkmConnectionServiceResolverServerCertificateArgs) ToEkmConnectionServiceResolverServerCertificateOutputWithContext ¶
func (i EkmConnectionServiceResolverServerCertificateArgs) ToEkmConnectionServiceResolverServerCertificateOutputWithContext(ctx context.Context) EkmConnectionServiceResolverServerCertificateOutput
type EkmConnectionServiceResolverServerCertificateArray ¶
type EkmConnectionServiceResolverServerCertificateArray []EkmConnectionServiceResolverServerCertificateInput
func (EkmConnectionServiceResolverServerCertificateArray) ElementType ¶
func (EkmConnectionServiceResolverServerCertificateArray) ElementType() reflect.Type
func (EkmConnectionServiceResolverServerCertificateArray) ToEkmConnectionServiceResolverServerCertificateArrayOutput ¶
func (i EkmConnectionServiceResolverServerCertificateArray) ToEkmConnectionServiceResolverServerCertificateArrayOutput() EkmConnectionServiceResolverServerCertificateArrayOutput
func (EkmConnectionServiceResolverServerCertificateArray) ToEkmConnectionServiceResolverServerCertificateArrayOutputWithContext ¶
func (i EkmConnectionServiceResolverServerCertificateArray) ToEkmConnectionServiceResolverServerCertificateArrayOutputWithContext(ctx context.Context) EkmConnectionServiceResolverServerCertificateArrayOutput
type EkmConnectionServiceResolverServerCertificateArrayInput ¶
type EkmConnectionServiceResolverServerCertificateArrayInput interface { pulumi.Input ToEkmConnectionServiceResolverServerCertificateArrayOutput() EkmConnectionServiceResolverServerCertificateArrayOutput ToEkmConnectionServiceResolverServerCertificateArrayOutputWithContext(context.Context) EkmConnectionServiceResolverServerCertificateArrayOutput }
EkmConnectionServiceResolverServerCertificateArrayInput is an input type that accepts EkmConnectionServiceResolverServerCertificateArray and EkmConnectionServiceResolverServerCertificateArrayOutput values. You can construct a concrete instance of `EkmConnectionServiceResolverServerCertificateArrayInput` via:
EkmConnectionServiceResolverServerCertificateArray{ EkmConnectionServiceResolverServerCertificateArgs{...} }
type EkmConnectionServiceResolverServerCertificateArrayOutput ¶
type EkmConnectionServiceResolverServerCertificateArrayOutput struct{ *pulumi.OutputState }
func (EkmConnectionServiceResolverServerCertificateArrayOutput) ElementType ¶
func (EkmConnectionServiceResolverServerCertificateArrayOutput) ElementType() reflect.Type
func (EkmConnectionServiceResolverServerCertificateArrayOutput) ToEkmConnectionServiceResolverServerCertificateArrayOutput ¶
func (o EkmConnectionServiceResolverServerCertificateArrayOutput) ToEkmConnectionServiceResolverServerCertificateArrayOutput() EkmConnectionServiceResolverServerCertificateArrayOutput
func (EkmConnectionServiceResolverServerCertificateArrayOutput) ToEkmConnectionServiceResolverServerCertificateArrayOutputWithContext ¶
func (o EkmConnectionServiceResolverServerCertificateArrayOutput) ToEkmConnectionServiceResolverServerCertificateArrayOutputWithContext(ctx context.Context) EkmConnectionServiceResolverServerCertificateArrayOutput
type EkmConnectionServiceResolverServerCertificateInput ¶
type EkmConnectionServiceResolverServerCertificateInput interface { pulumi.Input ToEkmConnectionServiceResolverServerCertificateOutput() EkmConnectionServiceResolverServerCertificateOutput ToEkmConnectionServiceResolverServerCertificateOutputWithContext(context.Context) EkmConnectionServiceResolverServerCertificateOutput }
EkmConnectionServiceResolverServerCertificateInput is an input type that accepts EkmConnectionServiceResolverServerCertificateArgs and EkmConnectionServiceResolverServerCertificateOutput values. You can construct a concrete instance of `EkmConnectionServiceResolverServerCertificateInput` via:
EkmConnectionServiceResolverServerCertificateArgs{...}
type EkmConnectionServiceResolverServerCertificateOutput ¶
type EkmConnectionServiceResolverServerCertificateOutput struct{ *pulumi.OutputState }
func (EkmConnectionServiceResolverServerCertificateOutput) ElementType ¶
func (EkmConnectionServiceResolverServerCertificateOutput) ElementType() reflect.Type
func (EkmConnectionServiceResolverServerCertificateOutput) Issuer ¶
func (o EkmConnectionServiceResolverServerCertificateOutput) Issuer() pulumi.StringPtrOutput
(Output) Output only. The issuer distinguished name in RFC 2253 format. Only present if parsed is true.
func (EkmConnectionServiceResolverServerCertificateOutput) NotAfterTime ¶
func (o EkmConnectionServiceResolverServerCertificateOutput) NotAfterTime() pulumi.StringPtrOutput
(Output) Output only. The certificate is not valid after this time. Only present if parsed is true. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
func (EkmConnectionServiceResolverServerCertificateOutput) NotBeforeTime ¶
func (o EkmConnectionServiceResolverServerCertificateOutput) NotBeforeTime() pulumi.StringPtrOutput
(Output) Output only. The certificate is not valid before this time. Only present if parsed is true. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
func (EkmConnectionServiceResolverServerCertificateOutput) Parsed ¶
func (o EkmConnectionServiceResolverServerCertificateOutput) Parsed() pulumi.BoolPtrOutput
(Output) Output only. True if the certificate was parsed successfully.
func (EkmConnectionServiceResolverServerCertificateOutput) RawDer ¶
func (o EkmConnectionServiceResolverServerCertificateOutput) RawDer() pulumi.StringOutput
Required. The raw certificate bytes in DER format. A base64-encoded string.
func (EkmConnectionServiceResolverServerCertificateOutput) SerialNumber ¶
func (o EkmConnectionServiceResolverServerCertificateOutput) SerialNumber() pulumi.StringPtrOutput
(Output) Output only. The certificate serial number as a hex string. Only present if parsed is true.
func (EkmConnectionServiceResolverServerCertificateOutput) Sha256Fingerprint ¶
func (o EkmConnectionServiceResolverServerCertificateOutput) Sha256Fingerprint() pulumi.StringPtrOutput
(Output) Output only. The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true.
func (EkmConnectionServiceResolverServerCertificateOutput) Subject ¶
func (o EkmConnectionServiceResolverServerCertificateOutput) Subject() pulumi.StringPtrOutput
(Output) Output only. The subject distinguished name in RFC 2253 format. Only present if parsed is true.
func (EkmConnectionServiceResolverServerCertificateOutput) SubjectAlternativeDnsNames ¶
func (o EkmConnectionServiceResolverServerCertificateOutput) SubjectAlternativeDnsNames() pulumi.StringArrayOutput
(Output) Output only. The subject Alternative DNS names. Only present if parsed is true.
***
func (EkmConnectionServiceResolverServerCertificateOutput) ToEkmConnectionServiceResolverServerCertificateOutput ¶
func (o EkmConnectionServiceResolverServerCertificateOutput) ToEkmConnectionServiceResolverServerCertificateOutput() EkmConnectionServiceResolverServerCertificateOutput
func (EkmConnectionServiceResolverServerCertificateOutput) ToEkmConnectionServiceResolverServerCertificateOutputWithContext ¶
func (o EkmConnectionServiceResolverServerCertificateOutput) ToEkmConnectionServiceResolverServerCertificateOutputWithContext(ctx context.Context) EkmConnectionServiceResolverServerCertificateOutput
type EkmConnectionState ¶
type EkmConnectionState struct { // Output only. The time at which the EkmConnection was created. // A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". CreateTime pulumi.StringPtrInput // Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if // KeyManagementMode is CLOUD_KMS. CryptoSpacePath pulumi.StringPtrInput // Optional. Etag of the currently stored EkmConnection. Etag pulumi.StringPtrInput // Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL Default // value: "MANUAL" Possible values: ["MANUAL", "CLOUD_KMS"] KeyManagementMode pulumi.StringPtrInput // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. Location pulumi.StringPtrInput // The resource name for the EkmConnection. Name pulumi.StringPtrInput Project pulumi.StringPtrInput // A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported // Structure is documented below. ServiceResolvers EkmConnectionServiceResolverArrayInput }
func (EkmConnectionState) ElementType ¶
func (EkmConnectionState) ElementType() reflect.Type
type GetCryptoKeyIamPolicyArgs ¶
type GetCryptoKeyIamPolicyArgs struct { // The crypto key ID, in the form CryptoKeyId string `pulumi:"cryptoKeyId"` }
A collection of arguments for invoking getCryptoKeyIamPolicy.
type GetCryptoKeyIamPolicyOutputArgs ¶
type GetCryptoKeyIamPolicyOutputArgs struct { // The crypto key ID, in the form CryptoKeyId pulumi.StringInput `pulumi:"cryptoKeyId"` }
A collection of arguments for invoking getCryptoKeyIamPolicy.
func (GetCryptoKeyIamPolicyOutputArgs) ElementType ¶
func (GetCryptoKeyIamPolicyOutputArgs) ElementType() reflect.Type
type GetCryptoKeyIamPolicyResult ¶
type GetCryptoKeyIamPolicyResult struct { CryptoKeyId string `pulumi:"cryptoKeyId"` // (Computed) The etag of the IAM policy. Etag string `pulumi:"etag"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // (Computed) The policy data PolicyData string `pulumi:"policyData"` }
A collection of values returned by getCryptoKeyIamPolicy.
func GetCryptoKeyIamPolicy ¶
func GetCryptoKeyIamPolicy(ctx *pulumi.Context, args *GetCryptoKeyIamPolicyArgs, opts ...pulumi.InvokeOption) (*GetCryptoKeyIamPolicyResult, error)
Retrieves the current IAM policy data for a Google Cloud KMS crypto key.
## example
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.GetCryptoKeyIamPolicy(ctx, &kms.GetCryptoKeyIamPolicyArgs{ CryptoKeyId: cryptoKey.Id, }, nil) if err != nil { return err } return nil }) }
```
type GetCryptoKeyIamPolicyResultOutput ¶
type GetCryptoKeyIamPolicyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getCryptoKeyIamPolicy.
func GetCryptoKeyIamPolicyOutput ¶
func GetCryptoKeyIamPolicyOutput(ctx *pulumi.Context, args GetCryptoKeyIamPolicyOutputArgs, opts ...pulumi.InvokeOption) GetCryptoKeyIamPolicyResultOutput
func (GetCryptoKeyIamPolicyResultOutput) CryptoKeyId ¶
func (o GetCryptoKeyIamPolicyResultOutput) CryptoKeyId() pulumi.StringOutput
func (GetCryptoKeyIamPolicyResultOutput) ElementType ¶
func (GetCryptoKeyIamPolicyResultOutput) ElementType() reflect.Type
func (GetCryptoKeyIamPolicyResultOutput) Etag ¶
func (o GetCryptoKeyIamPolicyResultOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (GetCryptoKeyIamPolicyResultOutput) Id ¶
func (o GetCryptoKeyIamPolicyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetCryptoKeyIamPolicyResultOutput) PolicyData ¶
func (o GetCryptoKeyIamPolicyResultOutput) PolicyData() pulumi.StringOutput
(Computed) The policy data
func (GetCryptoKeyIamPolicyResultOutput) ToGetCryptoKeyIamPolicyResultOutput ¶
func (o GetCryptoKeyIamPolicyResultOutput) ToGetCryptoKeyIamPolicyResultOutput() GetCryptoKeyIamPolicyResultOutput
func (GetCryptoKeyIamPolicyResultOutput) ToGetCryptoKeyIamPolicyResultOutputWithContext ¶
func (o GetCryptoKeyIamPolicyResultOutput) ToGetCryptoKeyIamPolicyResultOutputWithContext(ctx context.Context) GetCryptoKeyIamPolicyResultOutput
type GetCryptoKeyLatestVersionArgs ¶ added in v8.1.0
type GetCryptoKeyLatestVersionArgs struct { // The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the // `kms.CryptoKey` resource/datasource. CryptoKey string `pulumi:"cryptoKey"` // The filter argument is used to add a filter query parameter that limits which type of cryptoKeyVersion is retrieved as the latest by the data source: ?filter={{filter}}. When no value is provided there is no filtering. // // Example filter values if filtering on state. // // * `"state:ENABLED"` will retrieve the latest cryptoKeyVersion that has the state "ENABLED". // // [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering) Filter *string `pulumi:"filter"` }
A collection of arguments for invoking getCryptoKeyLatestVersion.
type GetCryptoKeyLatestVersionOutputArgs ¶ added in v8.1.0
type GetCryptoKeyLatestVersionOutputArgs struct { // The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the // `kms.CryptoKey` resource/datasource. CryptoKey pulumi.StringInput `pulumi:"cryptoKey"` // The filter argument is used to add a filter query parameter that limits which type of cryptoKeyVersion is retrieved as the latest by the data source: ?filter={{filter}}. When no value is provided there is no filtering. // // Example filter values if filtering on state. // // * `"state:ENABLED"` will retrieve the latest cryptoKeyVersion that has the state "ENABLED". // // [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering) Filter pulumi.StringPtrInput `pulumi:"filter"` }
A collection of arguments for invoking getCryptoKeyLatestVersion.
func (GetCryptoKeyLatestVersionOutputArgs) ElementType ¶ added in v8.1.0
func (GetCryptoKeyLatestVersionOutputArgs) ElementType() reflect.Type
type GetCryptoKeyLatestVersionPublicKey ¶ added in v8.1.0
type GetCryptoKeyLatestVersionPublicKey struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm string `pulumi:"algorithm"` // The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info. Pem string `pulumi:"pem"` }
type GetCryptoKeyLatestVersionPublicKeyArgs ¶ added in v8.1.0
type GetCryptoKeyLatestVersionPublicKeyArgs struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm pulumi.StringInput `pulumi:"algorithm"` // The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info. Pem pulumi.StringInput `pulumi:"pem"` }
func (GetCryptoKeyLatestVersionPublicKeyArgs) ElementType ¶ added in v8.1.0
func (GetCryptoKeyLatestVersionPublicKeyArgs) ElementType() reflect.Type
func (GetCryptoKeyLatestVersionPublicKeyArgs) ToGetCryptoKeyLatestVersionPublicKeyOutput ¶ added in v8.1.0
func (i GetCryptoKeyLatestVersionPublicKeyArgs) ToGetCryptoKeyLatestVersionPublicKeyOutput() GetCryptoKeyLatestVersionPublicKeyOutput
func (GetCryptoKeyLatestVersionPublicKeyArgs) ToGetCryptoKeyLatestVersionPublicKeyOutputWithContext ¶ added in v8.1.0
func (i GetCryptoKeyLatestVersionPublicKeyArgs) ToGetCryptoKeyLatestVersionPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionPublicKeyOutput
type GetCryptoKeyLatestVersionPublicKeyArray ¶ added in v8.1.0
type GetCryptoKeyLatestVersionPublicKeyArray []GetCryptoKeyLatestVersionPublicKeyInput
func (GetCryptoKeyLatestVersionPublicKeyArray) ElementType ¶ added in v8.1.0
func (GetCryptoKeyLatestVersionPublicKeyArray) ElementType() reflect.Type
func (GetCryptoKeyLatestVersionPublicKeyArray) ToGetCryptoKeyLatestVersionPublicKeyArrayOutput ¶ added in v8.1.0
func (i GetCryptoKeyLatestVersionPublicKeyArray) ToGetCryptoKeyLatestVersionPublicKeyArrayOutput() GetCryptoKeyLatestVersionPublicKeyArrayOutput
func (GetCryptoKeyLatestVersionPublicKeyArray) ToGetCryptoKeyLatestVersionPublicKeyArrayOutputWithContext ¶ added in v8.1.0
func (i GetCryptoKeyLatestVersionPublicKeyArray) ToGetCryptoKeyLatestVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionPublicKeyArrayOutput
type GetCryptoKeyLatestVersionPublicKeyArrayInput ¶ added in v8.1.0
type GetCryptoKeyLatestVersionPublicKeyArrayInput interface { pulumi.Input ToGetCryptoKeyLatestVersionPublicKeyArrayOutput() GetCryptoKeyLatestVersionPublicKeyArrayOutput ToGetCryptoKeyLatestVersionPublicKeyArrayOutputWithContext(context.Context) GetCryptoKeyLatestVersionPublicKeyArrayOutput }
GetCryptoKeyLatestVersionPublicKeyArrayInput is an input type that accepts GetCryptoKeyLatestVersionPublicKeyArray and GetCryptoKeyLatestVersionPublicKeyArrayOutput values. You can construct a concrete instance of `GetCryptoKeyLatestVersionPublicKeyArrayInput` via:
GetCryptoKeyLatestVersionPublicKeyArray{ GetCryptoKeyLatestVersionPublicKeyArgs{...} }
type GetCryptoKeyLatestVersionPublicKeyArrayOutput ¶ added in v8.1.0
type GetCryptoKeyLatestVersionPublicKeyArrayOutput struct{ *pulumi.OutputState }
func (GetCryptoKeyLatestVersionPublicKeyArrayOutput) ElementType ¶ added in v8.1.0
func (GetCryptoKeyLatestVersionPublicKeyArrayOutput) ElementType() reflect.Type
func (GetCryptoKeyLatestVersionPublicKeyArrayOutput) ToGetCryptoKeyLatestVersionPublicKeyArrayOutput ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionPublicKeyArrayOutput) ToGetCryptoKeyLatestVersionPublicKeyArrayOutput() GetCryptoKeyLatestVersionPublicKeyArrayOutput
func (GetCryptoKeyLatestVersionPublicKeyArrayOutput) ToGetCryptoKeyLatestVersionPublicKeyArrayOutputWithContext ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionPublicKeyArrayOutput) ToGetCryptoKeyLatestVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionPublicKeyArrayOutput
type GetCryptoKeyLatestVersionPublicKeyInput ¶ added in v8.1.0
type GetCryptoKeyLatestVersionPublicKeyInput interface { pulumi.Input ToGetCryptoKeyLatestVersionPublicKeyOutput() GetCryptoKeyLatestVersionPublicKeyOutput ToGetCryptoKeyLatestVersionPublicKeyOutputWithContext(context.Context) GetCryptoKeyLatestVersionPublicKeyOutput }
GetCryptoKeyLatestVersionPublicKeyInput is an input type that accepts GetCryptoKeyLatestVersionPublicKeyArgs and GetCryptoKeyLatestVersionPublicKeyOutput values. You can construct a concrete instance of `GetCryptoKeyLatestVersionPublicKeyInput` via:
GetCryptoKeyLatestVersionPublicKeyArgs{...}
type GetCryptoKeyLatestVersionPublicKeyOutput ¶ added in v8.1.0
type GetCryptoKeyLatestVersionPublicKeyOutput struct{ *pulumi.OutputState }
func (GetCryptoKeyLatestVersionPublicKeyOutput) Algorithm ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionPublicKeyOutput) Algorithm() pulumi.StringOutput
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
func (GetCryptoKeyLatestVersionPublicKeyOutput) ElementType ¶ added in v8.1.0
func (GetCryptoKeyLatestVersionPublicKeyOutput) ElementType() reflect.Type
func (GetCryptoKeyLatestVersionPublicKeyOutput) Pem ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionPublicKeyOutput) Pem() pulumi.StringOutput
The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
func (GetCryptoKeyLatestVersionPublicKeyOutput) ToGetCryptoKeyLatestVersionPublicKeyOutput ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionPublicKeyOutput) ToGetCryptoKeyLatestVersionPublicKeyOutput() GetCryptoKeyLatestVersionPublicKeyOutput
func (GetCryptoKeyLatestVersionPublicKeyOutput) ToGetCryptoKeyLatestVersionPublicKeyOutputWithContext ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionPublicKeyOutput) ToGetCryptoKeyLatestVersionPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionPublicKeyOutput
type GetCryptoKeyLatestVersionResult ¶ added in v8.1.0
type GetCryptoKeyLatestVersionResult struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm string `pulumi:"algorithm"` CryptoKey string `pulumi:"cryptoKey"` Filter *string `pulumi:"filter"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Name string `pulumi:"name"` // The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. See the [protectionLevel reference](https://cloud.google.com/kms/docs/reference/rest/v1/ProtectionLevel) for possible outputs. ProtectionLevel string `pulumi:"protectionLevel"` // If the enclosing CryptoKey has purpose `ASYMMETRIC_SIGN` or `ASYMMETRIC_DECRYPT`, this block contains details about the public key associated to this CryptoKeyVersion. Structure is documented below. PublicKeys []GetCryptoKeyLatestVersionPublicKey `pulumi:"publicKeys"` // The current state of the latest CryptoKeyVersion. See the [state reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions#CryptoKeyVersion.CryptoKeyVersionState) for possible outputs. State string `pulumi:"state"` Version int `pulumi:"version"` }
A collection of values returned by getCryptoKeyLatestVersion.
func GetCryptoKeyLatestVersion ¶ added in v8.1.0
func GetCryptoKeyLatestVersion(ctx *pulumi.Context, args *GetCryptoKeyLatestVersionArgs, opts ...pulumi.InvokeOption) (*GetCryptoKeyLatestVersionResult, error)
Provides access to the latest Google Cloud Platform KMS CryptoKeyVersion in a CryptoKey. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{ Name: "my-key-ring", Location: "us-central1", }, nil) if err != nil { return err } _, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{ Name: "my-crypto-key", KeyRing: myKeyRing.Id, }, nil) if err != nil { return err } _, err = kms.GetCryptoKeyLatestVersion(ctx, &kms.GetCryptoKeyLatestVersionArgs{ CryptoKey: myKey.Id, }, nil) if err != nil { return err } return nil }) }
```
type GetCryptoKeyLatestVersionResultOutput ¶ added in v8.1.0
type GetCryptoKeyLatestVersionResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getCryptoKeyLatestVersion.
func GetCryptoKeyLatestVersionOutput ¶ added in v8.1.0
func GetCryptoKeyLatestVersionOutput(ctx *pulumi.Context, args GetCryptoKeyLatestVersionOutputArgs, opts ...pulumi.InvokeOption) GetCryptoKeyLatestVersionResultOutput
func (GetCryptoKeyLatestVersionResultOutput) Algorithm ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionResultOutput) Algorithm() pulumi.StringOutput
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
func (GetCryptoKeyLatestVersionResultOutput) CryptoKey ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionResultOutput) CryptoKey() pulumi.StringOutput
func (GetCryptoKeyLatestVersionResultOutput) ElementType ¶ added in v8.1.0
func (GetCryptoKeyLatestVersionResultOutput) ElementType() reflect.Type
func (GetCryptoKeyLatestVersionResultOutput) Filter ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionResultOutput) Filter() pulumi.StringPtrOutput
func (GetCryptoKeyLatestVersionResultOutput) Id ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetCryptoKeyLatestVersionResultOutput) Name ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionResultOutput) Name() pulumi.StringOutput
func (GetCryptoKeyLatestVersionResultOutput) ProtectionLevel ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionResultOutput) ProtectionLevel() pulumi.StringOutput
The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. See the [protectionLevel reference](https://cloud.google.com/kms/docs/reference/rest/v1/ProtectionLevel) for possible outputs.
func (GetCryptoKeyLatestVersionResultOutput) PublicKeys ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionResultOutput) PublicKeys() GetCryptoKeyLatestVersionPublicKeyArrayOutput
If the enclosing CryptoKey has purpose `ASYMMETRIC_SIGN` or `ASYMMETRIC_DECRYPT`, this block contains details about the public key associated to this CryptoKeyVersion. Structure is documented below.
func (GetCryptoKeyLatestVersionResultOutput) State ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionResultOutput) State() pulumi.StringOutput
The current state of the latest CryptoKeyVersion. See the [state reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions#CryptoKeyVersion.CryptoKeyVersionState) for possible outputs.
func (GetCryptoKeyLatestVersionResultOutput) ToGetCryptoKeyLatestVersionResultOutput ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionResultOutput) ToGetCryptoKeyLatestVersionResultOutput() GetCryptoKeyLatestVersionResultOutput
func (GetCryptoKeyLatestVersionResultOutput) ToGetCryptoKeyLatestVersionResultOutputWithContext ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionResultOutput) ToGetCryptoKeyLatestVersionResultOutputWithContext(ctx context.Context) GetCryptoKeyLatestVersionResultOutput
func (GetCryptoKeyLatestVersionResultOutput) Version ¶ added in v8.1.0
func (o GetCryptoKeyLatestVersionResultOutput) Version() pulumi.IntOutput
type GetCryptoKeyVersionsArgs ¶ added in v8.1.0
type GetCryptoKeyVersionsArgs struct { // The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the // `kms.CryptoKey` resource/datasource. CryptoKey string `pulumi:"cryptoKey"` // The filter argument is used to add a filter query parameter that limits which versions are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering. // // Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}/cryptoKeyVersions. // // * `"name:my-key-"` will retrieve cryptoKeyVersions that contain "my-key-" anywhere in their name. // * `"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1/cryptoKeyVersions/my-version-1"` will only retrieve a key with that exact name. // // [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering) Filter *string `pulumi:"filter"` }
A collection of arguments for invoking getCryptoKeyVersions.
type GetCryptoKeyVersionsOutputArgs ¶ added in v8.1.0
type GetCryptoKeyVersionsOutputArgs struct { // The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the // `kms.CryptoKey` resource/datasource. CryptoKey pulumi.StringInput `pulumi:"cryptoKey"` // The filter argument is used to add a filter query parameter that limits which versions are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering. // // Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}/cryptoKeyVersions. // // * `"name:my-key-"` will retrieve cryptoKeyVersions that contain "my-key-" anywhere in their name. // * `"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1/cryptoKeyVersions/my-version-1"` will only retrieve a key with that exact name. // // [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering) Filter pulumi.StringPtrInput `pulumi:"filter"` }
A collection of arguments for invoking getCryptoKeyVersions.
func (GetCryptoKeyVersionsOutputArgs) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsOutputArgs) ElementType() reflect.Type
type GetCryptoKeyVersionsPublicKey ¶ added in v8.1.0
type GetCryptoKeyVersionsPublicKey struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm string `pulumi:"algorithm"` // The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info. Pem string `pulumi:"pem"` }
type GetCryptoKeyVersionsPublicKeyArgs ¶ added in v8.1.0
type GetCryptoKeyVersionsPublicKeyArgs struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm pulumi.StringInput `pulumi:"algorithm"` // The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info. Pem pulumi.StringInput `pulumi:"pem"` }
func (GetCryptoKeyVersionsPublicKeyArgs) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsPublicKeyArgs) ElementType() reflect.Type
func (GetCryptoKeyVersionsPublicKeyArgs) ToGetCryptoKeyVersionsPublicKeyOutput ¶ added in v8.1.0
func (i GetCryptoKeyVersionsPublicKeyArgs) ToGetCryptoKeyVersionsPublicKeyOutput() GetCryptoKeyVersionsPublicKeyOutput
func (GetCryptoKeyVersionsPublicKeyArgs) ToGetCryptoKeyVersionsPublicKeyOutputWithContext ¶ added in v8.1.0
func (i GetCryptoKeyVersionsPublicKeyArgs) ToGetCryptoKeyVersionsPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyVersionsPublicKeyOutput
type GetCryptoKeyVersionsPublicKeyArray ¶ added in v8.1.0
type GetCryptoKeyVersionsPublicKeyArray []GetCryptoKeyVersionsPublicKeyInput
func (GetCryptoKeyVersionsPublicKeyArray) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsPublicKeyArray) ElementType() reflect.Type
func (GetCryptoKeyVersionsPublicKeyArray) ToGetCryptoKeyVersionsPublicKeyArrayOutput ¶ added in v8.1.0
func (i GetCryptoKeyVersionsPublicKeyArray) ToGetCryptoKeyVersionsPublicKeyArrayOutput() GetCryptoKeyVersionsPublicKeyArrayOutput
func (GetCryptoKeyVersionsPublicKeyArray) ToGetCryptoKeyVersionsPublicKeyArrayOutputWithContext ¶ added in v8.1.0
func (i GetCryptoKeyVersionsPublicKeyArray) ToGetCryptoKeyVersionsPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsPublicKeyArrayOutput
type GetCryptoKeyVersionsPublicKeyArrayInput ¶ added in v8.1.0
type GetCryptoKeyVersionsPublicKeyArrayInput interface { pulumi.Input ToGetCryptoKeyVersionsPublicKeyArrayOutput() GetCryptoKeyVersionsPublicKeyArrayOutput ToGetCryptoKeyVersionsPublicKeyArrayOutputWithContext(context.Context) GetCryptoKeyVersionsPublicKeyArrayOutput }
GetCryptoKeyVersionsPublicKeyArrayInput is an input type that accepts GetCryptoKeyVersionsPublicKeyArray and GetCryptoKeyVersionsPublicKeyArrayOutput values. You can construct a concrete instance of `GetCryptoKeyVersionsPublicKeyArrayInput` via:
GetCryptoKeyVersionsPublicKeyArray{ GetCryptoKeyVersionsPublicKeyArgs{...} }
type GetCryptoKeyVersionsPublicKeyArrayOutput ¶ added in v8.1.0
type GetCryptoKeyVersionsPublicKeyArrayOutput struct{ *pulumi.OutputState }
func (GetCryptoKeyVersionsPublicKeyArrayOutput) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsPublicKeyArrayOutput) ElementType() reflect.Type
func (GetCryptoKeyVersionsPublicKeyArrayOutput) ToGetCryptoKeyVersionsPublicKeyArrayOutput ¶ added in v8.1.0
func (o GetCryptoKeyVersionsPublicKeyArrayOutput) ToGetCryptoKeyVersionsPublicKeyArrayOutput() GetCryptoKeyVersionsPublicKeyArrayOutput
func (GetCryptoKeyVersionsPublicKeyArrayOutput) ToGetCryptoKeyVersionsPublicKeyArrayOutputWithContext ¶ added in v8.1.0
func (o GetCryptoKeyVersionsPublicKeyArrayOutput) ToGetCryptoKeyVersionsPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsPublicKeyArrayOutput
type GetCryptoKeyVersionsPublicKeyInput ¶ added in v8.1.0
type GetCryptoKeyVersionsPublicKeyInput interface { pulumi.Input ToGetCryptoKeyVersionsPublicKeyOutput() GetCryptoKeyVersionsPublicKeyOutput ToGetCryptoKeyVersionsPublicKeyOutputWithContext(context.Context) GetCryptoKeyVersionsPublicKeyOutput }
GetCryptoKeyVersionsPublicKeyInput is an input type that accepts GetCryptoKeyVersionsPublicKeyArgs and GetCryptoKeyVersionsPublicKeyOutput values. You can construct a concrete instance of `GetCryptoKeyVersionsPublicKeyInput` via:
GetCryptoKeyVersionsPublicKeyArgs{...}
type GetCryptoKeyVersionsPublicKeyOutput ¶ added in v8.1.0
type GetCryptoKeyVersionsPublicKeyOutput struct{ *pulumi.OutputState }
func (GetCryptoKeyVersionsPublicKeyOutput) Algorithm ¶ added in v8.1.0
func (o GetCryptoKeyVersionsPublicKeyOutput) Algorithm() pulumi.StringOutput
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
func (GetCryptoKeyVersionsPublicKeyOutput) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsPublicKeyOutput) ElementType() reflect.Type
func (GetCryptoKeyVersionsPublicKeyOutput) Pem ¶ added in v8.1.0
func (o GetCryptoKeyVersionsPublicKeyOutput) Pem() pulumi.StringOutput
The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
func (GetCryptoKeyVersionsPublicKeyOutput) ToGetCryptoKeyVersionsPublicKeyOutput ¶ added in v8.1.0
func (o GetCryptoKeyVersionsPublicKeyOutput) ToGetCryptoKeyVersionsPublicKeyOutput() GetCryptoKeyVersionsPublicKeyOutput
func (GetCryptoKeyVersionsPublicKeyOutput) ToGetCryptoKeyVersionsPublicKeyOutputWithContext ¶ added in v8.1.0
func (o GetCryptoKeyVersionsPublicKeyOutput) ToGetCryptoKeyVersionsPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyVersionsPublicKeyOutput
type GetCryptoKeyVersionsResult ¶ added in v8.1.0
type GetCryptoKeyVersionsResult struct { CryptoKey string `pulumi:"cryptoKey"` Filter *string `pulumi:"filter"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` PublicKeys []GetCryptoKeyVersionsPublicKey `pulumi:"publicKeys"` // A list of all the retrieved crypto key versions from the provided crypto key. This list is influenced by the provided filter argument. Versions []GetCryptoKeyVersionsVersion `pulumi:"versions"` }
A collection of values returned by getCryptoKeyVersions.
func GetCryptoKeyVersions ¶ added in v8.1.0
func GetCryptoKeyVersions(ctx *pulumi.Context, args *GetCryptoKeyVersionsArgs, opts ...pulumi.InvokeOption) (*GetCryptoKeyVersionsResult, error)
Provides access to Google Cloud Platform KMS CryptoKeyVersions. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{ Name: "my-key-ring", Location: "us-central1", }, nil) if err != nil { return err } _, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{ Name: "my-crypto-key", KeyRing: myKeyRing.Id, }, nil) if err != nil { return err } _, err = kms.GetCryptoKeyVersions(ctx, &kms.GetCryptoKeyVersionsArgs{ CryptoKey: myKey.Id, }, nil) if err != nil { return err } return nil }) }
```
type GetCryptoKeyVersionsResultOutput ¶ added in v8.1.0
type GetCryptoKeyVersionsResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getCryptoKeyVersions.
func GetCryptoKeyVersionsOutput ¶ added in v8.1.0
func GetCryptoKeyVersionsOutput(ctx *pulumi.Context, args GetCryptoKeyVersionsOutputArgs, opts ...pulumi.InvokeOption) GetCryptoKeyVersionsResultOutput
func (GetCryptoKeyVersionsResultOutput) CryptoKey ¶ added in v8.1.0
func (o GetCryptoKeyVersionsResultOutput) CryptoKey() pulumi.StringOutput
func (GetCryptoKeyVersionsResultOutput) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsResultOutput) ElementType() reflect.Type
func (GetCryptoKeyVersionsResultOutput) Filter ¶ added in v8.1.0
func (o GetCryptoKeyVersionsResultOutput) Filter() pulumi.StringPtrOutput
func (GetCryptoKeyVersionsResultOutput) Id ¶ added in v8.1.0
func (o GetCryptoKeyVersionsResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetCryptoKeyVersionsResultOutput) PublicKeys ¶ added in v8.1.0
func (o GetCryptoKeyVersionsResultOutput) PublicKeys() GetCryptoKeyVersionsPublicKeyArrayOutput
func (GetCryptoKeyVersionsResultOutput) ToGetCryptoKeyVersionsResultOutput ¶ added in v8.1.0
func (o GetCryptoKeyVersionsResultOutput) ToGetCryptoKeyVersionsResultOutput() GetCryptoKeyVersionsResultOutput
func (GetCryptoKeyVersionsResultOutput) ToGetCryptoKeyVersionsResultOutputWithContext ¶ added in v8.1.0
func (o GetCryptoKeyVersionsResultOutput) ToGetCryptoKeyVersionsResultOutputWithContext(ctx context.Context) GetCryptoKeyVersionsResultOutput
func (GetCryptoKeyVersionsResultOutput) Versions ¶ added in v8.1.0
func (o GetCryptoKeyVersionsResultOutput) Versions() GetCryptoKeyVersionsVersionArrayOutput
A list of all the retrieved crypto key versions from the provided crypto key. This list is influenced by the provided filter argument.
type GetCryptoKeyVersionsVersion ¶ added in v8.1.0
type GetCryptoKeyVersionsVersion struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm string `pulumi:"algorithm"` // The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the // `kms.CryptoKey` resource/datasource. CryptoKey string `pulumi:"cryptoKey"` Id string `pulumi:"id"` Name string `pulumi:"name"` ProtectionLevel string `pulumi:"protectionLevel"` PublicKeys []GetCryptoKeyVersionsVersionPublicKey `pulumi:"publicKeys"` State string `pulumi:"state"` Version int `pulumi:"version"` }
type GetCryptoKeyVersionsVersionArgs ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionArgs struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm pulumi.StringInput `pulumi:"algorithm"` // The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the // `kms.CryptoKey` resource/datasource. CryptoKey pulumi.StringInput `pulumi:"cryptoKey"` Id pulumi.StringInput `pulumi:"id"` Name pulumi.StringInput `pulumi:"name"` ProtectionLevel pulumi.StringInput `pulumi:"protectionLevel"` PublicKeys GetCryptoKeyVersionsVersionPublicKeyArrayInput `pulumi:"publicKeys"` State pulumi.StringInput `pulumi:"state"` Version pulumi.IntInput `pulumi:"version"` }
func (GetCryptoKeyVersionsVersionArgs) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsVersionArgs) ElementType() reflect.Type
func (GetCryptoKeyVersionsVersionArgs) ToGetCryptoKeyVersionsVersionOutput ¶ added in v8.1.0
func (i GetCryptoKeyVersionsVersionArgs) ToGetCryptoKeyVersionsVersionOutput() GetCryptoKeyVersionsVersionOutput
func (GetCryptoKeyVersionsVersionArgs) ToGetCryptoKeyVersionsVersionOutputWithContext ¶ added in v8.1.0
func (i GetCryptoKeyVersionsVersionArgs) ToGetCryptoKeyVersionsVersionOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionOutput
type GetCryptoKeyVersionsVersionArray ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionArray []GetCryptoKeyVersionsVersionInput
func (GetCryptoKeyVersionsVersionArray) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsVersionArray) ElementType() reflect.Type
func (GetCryptoKeyVersionsVersionArray) ToGetCryptoKeyVersionsVersionArrayOutput ¶ added in v8.1.0
func (i GetCryptoKeyVersionsVersionArray) ToGetCryptoKeyVersionsVersionArrayOutput() GetCryptoKeyVersionsVersionArrayOutput
func (GetCryptoKeyVersionsVersionArray) ToGetCryptoKeyVersionsVersionArrayOutputWithContext ¶ added in v8.1.0
func (i GetCryptoKeyVersionsVersionArray) ToGetCryptoKeyVersionsVersionArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionArrayOutput
type GetCryptoKeyVersionsVersionArrayInput ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionArrayInput interface { pulumi.Input ToGetCryptoKeyVersionsVersionArrayOutput() GetCryptoKeyVersionsVersionArrayOutput ToGetCryptoKeyVersionsVersionArrayOutputWithContext(context.Context) GetCryptoKeyVersionsVersionArrayOutput }
GetCryptoKeyVersionsVersionArrayInput is an input type that accepts GetCryptoKeyVersionsVersionArray and GetCryptoKeyVersionsVersionArrayOutput values. You can construct a concrete instance of `GetCryptoKeyVersionsVersionArrayInput` via:
GetCryptoKeyVersionsVersionArray{ GetCryptoKeyVersionsVersionArgs{...} }
type GetCryptoKeyVersionsVersionArrayOutput ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionArrayOutput struct{ *pulumi.OutputState }
func (GetCryptoKeyVersionsVersionArrayOutput) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsVersionArrayOutput) ElementType() reflect.Type
func (GetCryptoKeyVersionsVersionArrayOutput) ToGetCryptoKeyVersionsVersionArrayOutput ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionArrayOutput) ToGetCryptoKeyVersionsVersionArrayOutput() GetCryptoKeyVersionsVersionArrayOutput
func (GetCryptoKeyVersionsVersionArrayOutput) ToGetCryptoKeyVersionsVersionArrayOutputWithContext ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionArrayOutput) ToGetCryptoKeyVersionsVersionArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionArrayOutput
type GetCryptoKeyVersionsVersionInput ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionInput interface { pulumi.Input ToGetCryptoKeyVersionsVersionOutput() GetCryptoKeyVersionsVersionOutput ToGetCryptoKeyVersionsVersionOutputWithContext(context.Context) GetCryptoKeyVersionsVersionOutput }
GetCryptoKeyVersionsVersionInput is an input type that accepts GetCryptoKeyVersionsVersionArgs and GetCryptoKeyVersionsVersionOutput values. You can construct a concrete instance of `GetCryptoKeyVersionsVersionInput` via:
GetCryptoKeyVersionsVersionArgs{...}
type GetCryptoKeyVersionsVersionOutput ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionOutput struct{ *pulumi.OutputState }
func (GetCryptoKeyVersionsVersionOutput) Algorithm ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionOutput) Algorithm() pulumi.StringOutput
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
func (GetCryptoKeyVersionsVersionOutput) CryptoKey ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionOutput) CryptoKey() pulumi.StringOutput
The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the `kms.CryptoKey` resource/datasource.
func (GetCryptoKeyVersionsVersionOutput) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsVersionOutput) ElementType() reflect.Type
func (GetCryptoKeyVersionsVersionOutput) Id ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionOutput) Id() pulumi.StringOutput
func (GetCryptoKeyVersionsVersionOutput) Name ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionOutput) Name() pulumi.StringOutput
func (GetCryptoKeyVersionsVersionOutput) ProtectionLevel ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionOutput) ProtectionLevel() pulumi.StringOutput
func (GetCryptoKeyVersionsVersionOutput) PublicKeys ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionOutput) PublicKeys() GetCryptoKeyVersionsVersionPublicKeyArrayOutput
func (GetCryptoKeyVersionsVersionOutput) State ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionOutput) State() pulumi.StringOutput
func (GetCryptoKeyVersionsVersionOutput) ToGetCryptoKeyVersionsVersionOutput ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionOutput) ToGetCryptoKeyVersionsVersionOutput() GetCryptoKeyVersionsVersionOutput
func (GetCryptoKeyVersionsVersionOutput) ToGetCryptoKeyVersionsVersionOutputWithContext ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionOutput) ToGetCryptoKeyVersionsVersionOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionOutput
func (GetCryptoKeyVersionsVersionOutput) Version ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionOutput) Version() pulumi.IntOutput
type GetCryptoKeyVersionsVersionPublicKey ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionPublicKey struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm string `pulumi:"algorithm"` // The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info. Pem string `pulumi:"pem"` }
type GetCryptoKeyVersionsVersionPublicKeyArgs ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionPublicKeyArgs struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm pulumi.StringInput `pulumi:"algorithm"` // The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info. Pem pulumi.StringInput `pulumi:"pem"` }
func (GetCryptoKeyVersionsVersionPublicKeyArgs) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsVersionPublicKeyArgs) ElementType() reflect.Type
func (GetCryptoKeyVersionsVersionPublicKeyArgs) ToGetCryptoKeyVersionsVersionPublicKeyOutput ¶ added in v8.1.0
func (i GetCryptoKeyVersionsVersionPublicKeyArgs) ToGetCryptoKeyVersionsVersionPublicKeyOutput() GetCryptoKeyVersionsVersionPublicKeyOutput
func (GetCryptoKeyVersionsVersionPublicKeyArgs) ToGetCryptoKeyVersionsVersionPublicKeyOutputWithContext ¶ added in v8.1.0
func (i GetCryptoKeyVersionsVersionPublicKeyArgs) ToGetCryptoKeyVersionsVersionPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionPublicKeyOutput
type GetCryptoKeyVersionsVersionPublicKeyArray ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionPublicKeyArray []GetCryptoKeyVersionsVersionPublicKeyInput
func (GetCryptoKeyVersionsVersionPublicKeyArray) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsVersionPublicKeyArray) ElementType() reflect.Type
func (GetCryptoKeyVersionsVersionPublicKeyArray) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutput ¶ added in v8.1.0
func (i GetCryptoKeyVersionsVersionPublicKeyArray) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutput() GetCryptoKeyVersionsVersionPublicKeyArrayOutput
func (GetCryptoKeyVersionsVersionPublicKeyArray) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutputWithContext ¶ added in v8.1.0
func (i GetCryptoKeyVersionsVersionPublicKeyArray) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionPublicKeyArrayOutput
type GetCryptoKeyVersionsVersionPublicKeyArrayInput ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionPublicKeyArrayInput interface { pulumi.Input ToGetCryptoKeyVersionsVersionPublicKeyArrayOutput() GetCryptoKeyVersionsVersionPublicKeyArrayOutput ToGetCryptoKeyVersionsVersionPublicKeyArrayOutputWithContext(context.Context) GetCryptoKeyVersionsVersionPublicKeyArrayOutput }
GetCryptoKeyVersionsVersionPublicKeyArrayInput is an input type that accepts GetCryptoKeyVersionsVersionPublicKeyArray and GetCryptoKeyVersionsVersionPublicKeyArrayOutput values. You can construct a concrete instance of `GetCryptoKeyVersionsVersionPublicKeyArrayInput` via:
GetCryptoKeyVersionsVersionPublicKeyArray{ GetCryptoKeyVersionsVersionPublicKeyArgs{...} }
type GetCryptoKeyVersionsVersionPublicKeyArrayOutput ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionPublicKeyArrayOutput struct{ *pulumi.OutputState }
func (GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ElementType() reflect.Type
func (GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutput ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutput() GetCryptoKeyVersionsVersionPublicKeyArrayOutput
func (GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutputWithContext ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionPublicKeyArrayOutput) ToGetCryptoKeyVersionsVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionPublicKeyArrayOutput
type GetCryptoKeyVersionsVersionPublicKeyInput ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionPublicKeyInput interface { pulumi.Input ToGetCryptoKeyVersionsVersionPublicKeyOutput() GetCryptoKeyVersionsVersionPublicKeyOutput ToGetCryptoKeyVersionsVersionPublicKeyOutputWithContext(context.Context) GetCryptoKeyVersionsVersionPublicKeyOutput }
GetCryptoKeyVersionsVersionPublicKeyInput is an input type that accepts GetCryptoKeyVersionsVersionPublicKeyArgs and GetCryptoKeyVersionsVersionPublicKeyOutput values. You can construct a concrete instance of `GetCryptoKeyVersionsVersionPublicKeyInput` via:
GetCryptoKeyVersionsVersionPublicKeyArgs{...}
type GetCryptoKeyVersionsVersionPublicKeyOutput ¶ added in v8.1.0
type GetCryptoKeyVersionsVersionPublicKeyOutput struct{ *pulumi.OutputState }
func (GetCryptoKeyVersionsVersionPublicKeyOutput) Algorithm ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionPublicKeyOutput) Algorithm() pulumi.StringOutput
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
func (GetCryptoKeyVersionsVersionPublicKeyOutput) ElementType ¶ added in v8.1.0
func (GetCryptoKeyVersionsVersionPublicKeyOutput) ElementType() reflect.Type
func (GetCryptoKeyVersionsVersionPublicKeyOutput) Pem ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionPublicKeyOutput) Pem() pulumi.StringOutput
The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
func (GetCryptoKeyVersionsVersionPublicKeyOutput) ToGetCryptoKeyVersionsVersionPublicKeyOutput ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionPublicKeyOutput) ToGetCryptoKeyVersionsVersionPublicKeyOutput() GetCryptoKeyVersionsVersionPublicKeyOutput
func (GetCryptoKeyVersionsVersionPublicKeyOutput) ToGetCryptoKeyVersionsVersionPublicKeyOutputWithContext ¶ added in v8.1.0
func (o GetCryptoKeyVersionsVersionPublicKeyOutput) ToGetCryptoKeyVersionsVersionPublicKeyOutputWithContext(ctx context.Context) GetCryptoKeyVersionsVersionPublicKeyOutput
type GetCryptoKeysArgs ¶
type GetCryptoKeysArgs struct { // The filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering. // // Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}. // // * `"name:my-key-"` will retrieve keys that contain "my-key-" anywhere in their name. // * `"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1"` will only retrieve a key with that exact name. // // [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering) Filter *string `pulumi:"filter"` // The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'., KeyRing string `pulumi:"keyRing"` }
A collection of arguments for invoking getCryptoKeys.
type GetCryptoKeysKey ¶
type GetCryptoKeysKey struct { // The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. // The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys. CryptoKeyBackend string `pulumi:"cryptoKeyBackend"` // The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. // If not specified at creation time, the default duration is 30 days. DestroyScheduledDuration string `pulumi:"destroyScheduledDuration"` EffectiveLabels map[string]string `pulumi:"effectiveLabels"` Id string `pulumi:"id"` // Whether this key may contain imported versions only. ImportOnly bool `pulumi:"importOnly"` // The policy used for Key Access Justifications Policy Enforcement. If this // field is present and this key is enrolled in Key Access Justifications // Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and // sign operations, and the operation will fail if rejected by the policy. The // policy is defined by specifying zero or more allowed justification codes. // https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes // By default, this field is absent, and all justification codes are allowed. // This field is currently in beta and is subject to change. KeyAccessJustificationsPolicies []GetCryptoKeysKeyKeyAccessJustificationsPolicy `pulumi:"keyAccessJustificationsPolicies"` // The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'., KeyRing *string `pulumi:"keyRing"` // Labels with user-defined metadata to apply to this resource. // // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. // Please refer to the field 'effective_labels' for all of the labels present on the resource. Labels map[string]string `pulumi:"labels"` // The resource name for the CryptoKey. Name *string `pulumi:"name"` // A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. // Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset. Primaries []GetCryptoKeysKeyPrimary `pulumi:"primaries"` // The combination of labels configured directly on the resource // and default labels configured on the provider. PulumiLabels map[string]string `pulumi:"pulumiLabels"` // The immutable purpose of this CryptoKey. See the // [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) // for possible inputs. // Default value is "ENCRYPT_DECRYPT". Purpose string `pulumi:"purpose"` // Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. // The first rotation will take place after the specified period. The rotation period has // the format of a decimal number with up to 9 fractional digits, followed by the // letter 's' (seconds). It must be greater than a day (ie, 86400). RotationPeriod string `pulumi:"rotationPeriod"` // If set to true, the request will create a CryptoKey without any CryptoKeyVersions. // You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion // or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion. SkipInitialVersionCreation bool `pulumi:"skipInitialVersionCreation"` // A template describing settings for new crypto key versions. VersionTemplates []GetCryptoKeysKeyVersionTemplate `pulumi:"versionTemplates"` }
type GetCryptoKeysKeyArgs ¶
type GetCryptoKeysKeyArgs struct { // The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. // The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys. CryptoKeyBackend pulumi.StringInput `pulumi:"cryptoKeyBackend"` // The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. // If not specified at creation time, the default duration is 30 days. DestroyScheduledDuration pulumi.StringInput `pulumi:"destroyScheduledDuration"` EffectiveLabels pulumi.StringMapInput `pulumi:"effectiveLabels"` Id pulumi.StringInput `pulumi:"id"` // Whether this key may contain imported versions only. ImportOnly pulumi.BoolInput `pulumi:"importOnly"` // The policy used for Key Access Justifications Policy Enforcement. If this // field is present and this key is enrolled in Key Access Justifications // Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and // sign operations, and the operation will fail if rejected by the policy. The // policy is defined by specifying zero or more allowed justification codes. // https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes // By default, this field is absent, and all justification codes are allowed. // This field is currently in beta and is subject to change. KeyAccessJustificationsPolicies GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayInput `pulumi:"keyAccessJustificationsPolicies"` // The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'., KeyRing pulumi.StringPtrInput `pulumi:"keyRing"` // Labels with user-defined metadata to apply to this resource. // // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. // Please refer to the field 'effective_labels' for all of the labels present on the resource. Labels pulumi.StringMapInput `pulumi:"labels"` // The resource name for the CryptoKey. Name pulumi.StringPtrInput `pulumi:"name"` // A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. // Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset. Primaries GetCryptoKeysKeyPrimaryArrayInput `pulumi:"primaries"` // The combination of labels configured directly on the resource // and default labels configured on the provider. PulumiLabels pulumi.StringMapInput `pulumi:"pulumiLabels"` // The immutable purpose of this CryptoKey. See the // [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) // for possible inputs. // Default value is "ENCRYPT_DECRYPT". Purpose pulumi.StringInput `pulumi:"purpose"` // Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. // The first rotation will take place after the specified period. The rotation period has // the format of a decimal number with up to 9 fractional digits, followed by the // letter 's' (seconds). It must be greater than a day (ie, 86400). RotationPeriod pulumi.StringInput `pulumi:"rotationPeriod"` // If set to true, the request will create a CryptoKey without any CryptoKeyVersions. // You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion // or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion. SkipInitialVersionCreation pulumi.BoolInput `pulumi:"skipInitialVersionCreation"` // A template describing settings for new crypto key versions. VersionTemplates GetCryptoKeysKeyVersionTemplateArrayInput `pulumi:"versionTemplates"` }
func (GetCryptoKeysKeyArgs) ElementType ¶
func (GetCryptoKeysKeyArgs) ElementType() reflect.Type
func (GetCryptoKeysKeyArgs) ToGetCryptoKeysKeyOutput ¶
func (i GetCryptoKeysKeyArgs) ToGetCryptoKeysKeyOutput() GetCryptoKeysKeyOutput
func (GetCryptoKeysKeyArgs) ToGetCryptoKeysKeyOutputWithContext ¶
func (i GetCryptoKeysKeyArgs) ToGetCryptoKeysKeyOutputWithContext(ctx context.Context) GetCryptoKeysKeyOutput
type GetCryptoKeysKeyArray ¶
type GetCryptoKeysKeyArray []GetCryptoKeysKeyInput
func (GetCryptoKeysKeyArray) ElementType ¶
func (GetCryptoKeysKeyArray) ElementType() reflect.Type
func (GetCryptoKeysKeyArray) ToGetCryptoKeysKeyArrayOutput ¶
func (i GetCryptoKeysKeyArray) ToGetCryptoKeysKeyArrayOutput() GetCryptoKeysKeyArrayOutput
func (GetCryptoKeysKeyArray) ToGetCryptoKeysKeyArrayOutputWithContext ¶
func (i GetCryptoKeysKeyArray) ToGetCryptoKeysKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyArrayOutput
type GetCryptoKeysKeyArrayInput ¶
type GetCryptoKeysKeyArrayInput interface { pulumi.Input ToGetCryptoKeysKeyArrayOutput() GetCryptoKeysKeyArrayOutput ToGetCryptoKeysKeyArrayOutputWithContext(context.Context) GetCryptoKeysKeyArrayOutput }
GetCryptoKeysKeyArrayInput is an input type that accepts GetCryptoKeysKeyArray and GetCryptoKeysKeyArrayOutput values. You can construct a concrete instance of `GetCryptoKeysKeyArrayInput` via:
GetCryptoKeysKeyArray{ GetCryptoKeysKeyArgs{...} }
type GetCryptoKeysKeyArrayOutput ¶
type GetCryptoKeysKeyArrayOutput struct{ *pulumi.OutputState }
func (GetCryptoKeysKeyArrayOutput) ElementType ¶
func (GetCryptoKeysKeyArrayOutput) ElementType() reflect.Type
func (GetCryptoKeysKeyArrayOutput) Index ¶
func (o GetCryptoKeysKeyArrayOutput) Index(i pulumi.IntInput) GetCryptoKeysKeyOutput
func (GetCryptoKeysKeyArrayOutput) ToGetCryptoKeysKeyArrayOutput ¶
func (o GetCryptoKeysKeyArrayOutput) ToGetCryptoKeysKeyArrayOutput() GetCryptoKeysKeyArrayOutput
func (GetCryptoKeysKeyArrayOutput) ToGetCryptoKeysKeyArrayOutputWithContext ¶
func (o GetCryptoKeysKeyArrayOutput) ToGetCryptoKeysKeyArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyArrayOutput
type GetCryptoKeysKeyInput ¶
type GetCryptoKeysKeyInput interface { pulumi.Input ToGetCryptoKeysKeyOutput() GetCryptoKeysKeyOutput ToGetCryptoKeysKeyOutputWithContext(context.Context) GetCryptoKeysKeyOutput }
GetCryptoKeysKeyInput is an input type that accepts GetCryptoKeysKeyArgs and GetCryptoKeysKeyOutput values. You can construct a concrete instance of `GetCryptoKeysKeyInput` via:
GetCryptoKeysKeyArgs{...}
type GetCryptoKeysKeyKeyAccessJustificationsPolicy ¶
type GetCryptoKeysKeyKeyAccessJustificationsPolicy struct { // The list of allowed reasons for access to this CryptoKey. Zero allowed // access reasons means all encrypt, decrypt, and sign operations for // this CryptoKey will fail. AllowedAccessReasons []string `pulumi:"allowedAccessReasons"` }
type GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs ¶
type GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs struct { // The list of allowed reasons for access to this CryptoKey. Zero allowed // access reasons means all encrypt, decrypt, and sign operations for // this CryptoKey will fail. AllowedAccessReasons pulumi.StringArrayInput `pulumi:"allowedAccessReasons"` }
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ElementType ¶
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ElementType() reflect.Type
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutput ¶
func (i GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutputWithContext ¶
func (i GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput
type GetCryptoKeysKeyKeyAccessJustificationsPolicyArray ¶
type GetCryptoKeysKeyKeyAccessJustificationsPolicyArray []GetCryptoKeysKeyKeyAccessJustificationsPolicyInput
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ElementType ¶
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ElementType() reflect.Type
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput ¶
func (i GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutputWithContext ¶
func (i GetCryptoKeysKeyKeyAccessJustificationsPolicyArray) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
type GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayInput ¶
type GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayInput interface { pulumi.Input ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutputWithContext(context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput }
GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayInput is an input type that accepts GetCryptoKeysKeyKeyAccessJustificationsPolicyArray and GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput values. You can construct a concrete instance of `GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayInput` via:
GetCryptoKeysKeyKeyAccessJustificationsPolicyArray{ GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs{...} }
type GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput ¶
type GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput struct{ *pulumi.OutputState }
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ElementType ¶
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ElementType() reflect.Type
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput ¶
func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutputWithContext ¶
func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
type GetCryptoKeysKeyKeyAccessJustificationsPolicyInput ¶
type GetCryptoKeysKeyKeyAccessJustificationsPolicyInput interface { pulumi.Input ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutputWithContext(context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput }
GetCryptoKeysKeyKeyAccessJustificationsPolicyInput is an input type that accepts GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs and GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput values. You can construct a concrete instance of `GetCryptoKeysKeyKeyAccessJustificationsPolicyInput` via:
GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs{...}
type GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput ¶
type GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput struct{ *pulumi.OutputState }
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons ¶
func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons() pulumi.StringArrayOutput
The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ElementType ¶
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ElementType() reflect.Type
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutput ¶
func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutput() GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput
func (GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutputWithContext ¶
func (o GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput) ToGetCryptoKeysKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) GetCryptoKeysKeyKeyAccessJustificationsPolicyOutput
type GetCryptoKeysKeyOutput ¶
type GetCryptoKeysKeyOutput struct{ *pulumi.OutputState }
func (GetCryptoKeysKeyOutput) CryptoKeyBackend ¶
func (o GetCryptoKeysKeyOutput) CryptoKeyBackend() pulumi.StringOutput
The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
func (GetCryptoKeysKeyOutput) DestroyScheduledDuration ¶
func (o GetCryptoKeysKeyOutput) DestroyScheduledDuration() pulumi.StringOutput
The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.
func (GetCryptoKeysKeyOutput) EffectiveLabels ¶
func (o GetCryptoKeysKeyOutput) EffectiveLabels() pulumi.StringMapOutput
func (GetCryptoKeysKeyOutput) ElementType ¶
func (GetCryptoKeysKeyOutput) ElementType() reflect.Type
func (GetCryptoKeysKeyOutput) Id ¶
func (o GetCryptoKeysKeyOutput) Id() pulumi.StringOutput
func (GetCryptoKeysKeyOutput) ImportOnly ¶
func (o GetCryptoKeysKeyOutput) ImportOnly() pulumi.BoolOutput
Whether this key may contain imported versions only.
func (GetCryptoKeysKeyOutput) KeyAccessJustificationsPolicies ¶
func (o GetCryptoKeysKeyOutput) KeyAccessJustificationsPolicies() GetCryptoKeysKeyKeyAccessJustificationsPolicyArrayOutput
The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. This field is currently in beta and is subject to change.
func (GetCryptoKeysKeyOutput) KeyRing ¶
func (o GetCryptoKeysKeyOutput) KeyRing() pulumi.StringPtrOutput
The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
func (GetCryptoKeysKeyOutput) Labels ¶
func (o GetCryptoKeysKeyOutput) Labels() pulumi.StringMapOutput
Labels with user-defined metadata to apply to this resource.
**Note**: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
func (GetCryptoKeysKeyOutput) Name ¶
func (o GetCryptoKeysKeyOutput) Name() pulumi.StringPtrOutput
The resource name for the CryptoKey.
func (GetCryptoKeysKeyOutput) Primaries ¶
func (o GetCryptoKeysKeyOutput) Primaries() GetCryptoKeysKeyPrimaryArrayOutput
A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
func (GetCryptoKeysKeyOutput) PulumiLabels ¶
func (o GetCryptoKeysKeyOutput) PulumiLabels() pulumi.StringMapOutput
The combination of labels configured directly on the resource
and default labels configured on the provider.
func (GetCryptoKeysKeyOutput) Purpose ¶
func (o GetCryptoKeysKeyOutput) Purpose() pulumi.StringOutput
The immutable purpose of this CryptoKey. See the [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) for possible inputs. Default value is "ENCRYPT_DECRYPT".
func (GetCryptoKeysKeyOutput) RotationPeriod ¶
func (o GetCryptoKeysKeyOutput) RotationPeriod() pulumi.StringOutput
Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter 's' (seconds). It must be greater than a day (ie, 86400).
func (GetCryptoKeysKeyOutput) SkipInitialVersionCreation ¶
func (o GetCryptoKeysKeyOutput) SkipInitialVersionCreation() pulumi.BoolOutput
If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
func (GetCryptoKeysKeyOutput) ToGetCryptoKeysKeyOutput ¶
func (o GetCryptoKeysKeyOutput) ToGetCryptoKeysKeyOutput() GetCryptoKeysKeyOutput
func (GetCryptoKeysKeyOutput) ToGetCryptoKeysKeyOutputWithContext ¶
func (o GetCryptoKeysKeyOutput) ToGetCryptoKeysKeyOutputWithContext(ctx context.Context) GetCryptoKeysKeyOutput
func (GetCryptoKeysKeyOutput) VersionTemplates ¶
func (o GetCryptoKeysKeyOutput) VersionTemplates() GetCryptoKeysKeyVersionTemplateArrayOutput
A template describing settings for new crypto key versions.
type GetCryptoKeysKeyPrimary ¶
type GetCryptoKeysKeyPrimaryArgs ¶
type GetCryptoKeysKeyPrimaryArgs struct { // The resource name for this CryptoKeyVersion. Name pulumi.StringInput `pulumi:"name"` // The current state of the CryptoKeyVersion. State pulumi.StringInput `pulumi:"state"` }
func (GetCryptoKeysKeyPrimaryArgs) ElementType ¶
func (GetCryptoKeysKeyPrimaryArgs) ElementType() reflect.Type
func (GetCryptoKeysKeyPrimaryArgs) ToGetCryptoKeysKeyPrimaryOutput ¶
func (i GetCryptoKeysKeyPrimaryArgs) ToGetCryptoKeysKeyPrimaryOutput() GetCryptoKeysKeyPrimaryOutput
func (GetCryptoKeysKeyPrimaryArgs) ToGetCryptoKeysKeyPrimaryOutputWithContext ¶
func (i GetCryptoKeysKeyPrimaryArgs) ToGetCryptoKeysKeyPrimaryOutputWithContext(ctx context.Context) GetCryptoKeysKeyPrimaryOutput
type GetCryptoKeysKeyPrimaryArray ¶
type GetCryptoKeysKeyPrimaryArray []GetCryptoKeysKeyPrimaryInput
func (GetCryptoKeysKeyPrimaryArray) ElementType ¶
func (GetCryptoKeysKeyPrimaryArray) ElementType() reflect.Type
func (GetCryptoKeysKeyPrimaryArray) ToGetCryptoKeysKeyPrimaryArrayOutput ¶
func (i GetCryptoKeysKeyPrimaryArray) ToGetCryptoKeysKeyPrimaryArrayOutput() GetCryptoKeysKeyPrimaryArrayOutput
func (GetCryptoKeysKeyPrimaryArray) ToGetCryptoKeysKeyPrimaryArrayOutputWithContext ¶
func (i GetCryptoKeysKeyPrimaryArray) ToGetCryptoKeysKeyPrimaryArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyPrimaryArrayOutput
type GetCryptoKeysKeyPrimaryArrayInput ¶
type GetCryptoKeysKeyPrimaryArrayInput interface { pulumi.Input ToGetCryptoKeysKeyPrimaryArrayOutput() GetCryptoKeysKeyPrimaryArrayOutput ToGetCryptoKeysKeyPrimaryArrayOutputWithContext(context.Context) GetCryptoKeysKeyPrimaryArrayOutput }
GetCryptoKeysKeyPrimaryArrayInput is an input type that accepts GetCryptoKeysKeyPrimaryArray and GetCryptoKeysKeyPrimaryArrayOutput values. You can construct a concrete instance of `GetCryptoKeysKeyPrimaryArrayInput` via:
GetCryptoKeysKeyPrimaryArray{ GetCryptoKeysKeyPrimaryArgs{...} }
type GetCryptoKeysKeyPrimaryArrayOutput ¶
type GetCryptoKeysKeyPrimaryArrayOutput struct{ *pulumi.OutputState }
func (GetCryptoKeysKeyPrimaryArrayOutput) ElementType ¶
func (GetCryptoKeysKeyPrimaryArrayOutput) ElementType() reflect.Type
func (GetCryptoKeysKeyPrimaryArrayOutput) Index ¶
func (o GetCryptoKeysKeyPrimaryArrayOutput) Index(i pulumi.IntInput) GetCryptoKeysKeyPrimaryOutput
func (GetCryptoKeysKeyPrimaryArrayOutput) ToGetCryptoKeysKeyPrimaryArrayOutput ¶
func (o GetCryptoKeysKeyPrimaryArrayOutput) ToGetCryptoKeysKeyPrimaryArrayOutput() GetCryptoKeysKeyPrimaryArrayOutput
func (GetCryptoKeysKeyPrimaryArrayOutput) ToGetCryptoKeysKeyPrimaryArrayOutputWithContext ¶
func (o GetCryptoKeysKeyPrimaryArrayOutput) ToGetCryptoKeysKeyPrimaryArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyPrimaryArrayOutput
type GetCryptoKeysKeyPrimaryInput ¶
type GetCryptoKeysKeyPrimaryInput interface { pulumi.Input ToGetCryptoKeysKeyPrimaryOutput() GetCryptoKeysKeyPrimaryOutput ToGetCryptoKeysKeyPrimaryOutputWithContext(context.Context) GetCryptoKeysKeyPrimaryOutput }
GetCryptoKeysKeyPrimaryInput is an input type that accepts GetCryptoKeysKeyPrimaryArgs and GetCryptoKeysKeyPrimaryOutput values. You can construct a concrete instance of `GetCryptoKeysKeyPrimaryInput` via:
GetCryptoKeysKeyPrimaryArgs{...}
type GetCryptoKeysKeyPrimaryOutput ¶
type GetCryptoKeysKeyPrimaryOutput struct{ *pulumi.OutputState }
func (GetCryptoKeysKeyPrimaryOutput) ElementType ¶
func (GetCryptoKeysKeyPrimaryOutput) ElementType() reflect.Type
func (GetCryptoKeysKeyPrimaryOutput) Name ¶
func (o GetCryptoKeysKeyPrimaryOutput) Name() pulumi.StringOutput
The resource name for this CryptoKeyVersion.
func (GetCryptoKeysKeyPrimaryOutput) State ¶
func (o GetCryptoKeysKeyPrimaryOutput) State() pulumi.StringOutput
The current state of the CryptoKeyVersion.
func (GetCryptoKeysKeyPrimaryOutput) ToGetCryptoKeysKeyPrimaryOutput ¶
func (o GetCryptoKeysKeyPrimaryOutput) ToGetCryptoKeysKeyPrimaryOutput() GetCryptoKeysKeyPrimaryOutput
func (GetCryptoKeysKeyPrimaryOutput) ToGetCryptoKeysKeyPrimaryOutputWithContext ¶
func (o GetCryptoKeysKeyPrimaryOutput) ToGetCryptoKeysKeyPrimaryOutputWithContext(ctx context.Context) GetCryptoKeysKeyPrimaryOutput
type GetCryptoKeysKeyVersionTemplate ¶
type GetCryptoKeysKeyVersionTemplate struct { // The algorithm to use when creating a version based on this template. // See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. Algorithm string `pulumi:"algorithm"` // The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". ProtectionLevel string `pulumi:"protectionLevel"` }
type GetCryptoKeysKeyVersionTemplateArgs ¶
type GetCryptoKeysKeyVersionTemplateArgs struct { // The algorithm to use when creating a version based on this template. // See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. Algorithm pulumi.StringInput `pulumi:"algorithm"` // The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". ProtectionLevel pulumi.StringInput `pulumi:"protectionLevel"` }
func (GetCryptoKeysKeyVersionTemplateArgs) ElementType ¶
func (GetCryptoKeysKeyVersionTemplateArgs) ElementType() reflect.Type
func (GetCryptoKeysKeyVersionTemplateArgs) ToGetCryptoKeysKeyVersionTemplateOutput ¶
func (i GetCryptoKeysKeyVersionTemplateArgs) ToGetCryptoKeysKeyVersionTemplateOutput() GetCryptoKeysKeyVersionTemplateOutput
func (GetCryptoKeysKeyVersionTemplateArgs) ToGetCryptoKeysKeyVersionTemplateOutputWithContext ¶
func (i GetCryptoKeysKeyVersionTemplateArgs) ToGetCryptoKeysKeyVersionTemplateOutputWithContext(ctx context.Context) GetCryptoKeysKeyVersionTemplateOutput
type GetCryptoKeysKeyVersionTemplateArray ¶
type GetCryptoKeysKeyVersionTemplateArray []GetCryptoKeysKeyVersionTemplateInput
func (GetCryptoKeysKeyVersionTemplateArray) ElementType ¶
func (GetCryptoKeysKeyVersionTemplateArray) ElementType() reflect.Type
func (GetCryptoKeysKeyVersionTemplateArray) ToGetCryptoKeysKeyVersionTemplateArrayOutput ¶
func (i GetCryptoKeysKeyVersionTemplateArray) ToGetCryptoKeysKeyVersionTemplateArrayOutput() GetCryptoKeysKeyVersionTemplateArrayOutput
func (GetCryptoKeysKeyVersionTemplateArray) ToGetCryptoKeysKeyVersionTemplateArrayOutputWithContext ¶
func (i GetCryptoKeysKeyVersionTemplateArray) ToGetCryptoKeysKeyVersionTemplateArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyVersionTemplateArrayOutput
type GetCryptoKeysKeyVersionTemplateArrayInput ¶
type GetCryptoKeysKeyVersionTemplateArrayInput interface { pulumi.Input ToGetCryptoKeysKeyVersionTemplateArrayOutput() GetCryptoKeysKeyVersionTemplateArrayOutput ToGetCryptoKeysKeyVersionTemplateArrayOutputWithContext(context.Context) GetCryptoKeysKeyVersionTemplateArrayOutput }
GetCryptoKeysKeyVersionTemplateArrayInput is an input type that accepts GetCryptoKeysKeyVersionTemplateArray and GetCryptoKeysKeyVersionTemplateArrayOutput values. You can construct a concrete instance of `GetCryptoKeysKeyVersionTemplateArrayInput` via:
GetCryptoKeysKeyVersionTemplateArray{ GetCryptoKeysKeyVersionTemplateArgs{...} }
type GetCryptoKeysKeyVersionTemplateArrayOutput ¶
type GetCryptoKeysKeyVersionTemplateArrayOutput struct{ *pulumi.OutputState }
func (GetCryptoKeysKeyVersionTemplateArrayOutput) ElementType ¶
func (GetCryptoKeysKeyVersionTemplateArrayOutput) ElementType() reflect.Type
func (GetCryptoKeysKeyVersionTemplateArrayOutput) ToGetCryptoKeysKeyVersionTemplateArrayOutput ¶
func (o GetCryptoKeysKeyVersionTemplateArrayOutput) ToGetCryptoKeysKeyVersionTemplateArrayOutput() GetCryptoKeysKeyVersionTemplateArrayOutput
func (GetCryptoKeysKeyVersionTemplateArrayOutput) ToGetCryptoKeysKeyVersionTemplateArrayOutputWithContext ¶
func (o GetCryptoKeysKeyVersionTemplateArrayOutput) ToGetCryptoKeysKeyVersionTemplateArrayOutputWithContext(ctx context.Context) GetCryptoKeysKeyVersionTemplateArrayOutput
type GetCryptoKeysKeyVersionTemplateInput ¶
type GetCryptoKeysKeyVersionTemplateInput interface { pulumi.Input ToGetCryptoKeysKeyVersionTemplateOutput() GetCryptoKeysKeyVersionTemplateOutput ToGetCryptoKeysKeyVersionTemplateOutputWithContext(context.Context) GetCryptoKeysKeyVersionTemplateOutput }
GetCryptoKeysKeyVersionTemplateInput is an input type that accepts GetCryptoKeysKeyVersionTemplateArgs and GetCryptoKeysKeyVersionTemplateOutput values. You can construct a concrete instance of `GetCryptoKeysKeyVersionTemplateInput` via:
GetCryptoKeysKeyVersionTemplateArgs{...}
type GetCryptoKeysKeyVersionTemplateOutput ¶
type GetCryptoKeysKeyVersionTemplateOutput struct{ *pulumi.OutputState }
func (GetCryptoKeysKeyVersionTemplateOutput) Algorithm ¶
func (o GetCryptoKeysKeyVersionTemplateOutput) Algorithm() pulumi.StringOutput
The algorithm to use when creating a version based on this template. See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
func (GetCryptoKeysKeyVersionTemplateOutput) ElementType ¶
func (GetCryptoKeysKeyVersionTemplateOutput) ElementType() reflect.Type
func (GetCryptoKeysKeyVersionTemplateOutput) ProtectionLevel ¶
func (o GetCryptoKeysKeyVersionTemplateOutput) ProtectionLevel() pulumi.StringOutput
The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
func (GetCryptoKeysKeyVersionTemplateOutput) ToGetCryptoKeysKeyVersionTemplateOutput ¶
func (o GetCryptoKeysKeyVersionTemplateOutput) ToGetCryptoKeysKeyVersionTemplateOutput() GetCryptoKeysKeyVersionTemplateOutput
func (GetCryptoKeysKeyVersionTemplateOutput) ToGetCryptoKeysKeyVersionTemplateOutputWithContext ¶
func (o GetCryptoKeysKeyVersionTemplateOutput) ToGetCryptoKeysKeyVersionTemplateOutputWithContext(ctx context.Context) GetCryptoKeysKeyVersionTemplateOutput
type GetCryptoKeysOutputArgs ¶
type GetCryptoKeysOutputArgs struct { // The filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering. // // Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}. // // * `"name:my-key-"` will retrieve keys that contain "my-key-" anywhere in their name. // * `"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1"` will only retrieve a key with that exact name. // // [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering) Filter pulumi.StringPtrInput `pulumi:"filter"` // The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'., KeyRing pulumi.StringInput `pulumi:"keyRing"` }
A collection of arguments for invoking getCryptoKeys.
func (GetCryptoKeysOutputArgs) ElementType ¶
func (GetCryptoKeysOutputArgs) ElementType() reflect.Type
type GetCryptoKeysResult ¶
type GetCryptoKeysResult struct { Filter *string `pulumi:"filter"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` KeyRing string `pulumi:"keyRing"` // A list of all the retrieved keys from the provided key ring. This list is influenced by the provided filter argument. Keys []GetCryptoKeysKey `pulumi:"keys"` }
A collection of values returned by getCryptoKeys.
func GetCryptoKeys ¶
func GetCryptoKeys(ctx *pulumi.Context, args *GetCryptoKeysArgs, opts ...pulumi.InvokeOption) (*GetCryptoKeysResult, error)
Provides access to all Google Cloud Platform KMS CryptoKeys in a given KeyRing. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).
A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.
type GetCryptoKeysResultOutput ¶
type GetCryptoKeysResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getCryptoKeys.
func GetCryptoKeysOutput ¶
func GetCryptoKeysOutput(ctx *pulumi.Context, args GetCryptoKeysOutputArgs, opts ...pulumi.InvokeOption) GetCryptoKeysResultOutput
func (GetCryptoKeysResultOutput) ElementType ¶
func (GetCryptoKeysResultOutput) ElementType() reflect.Type
func (GetCryptoKeysResultOutput) Filter ¶
func (o GetCryptoKeysResultOutput) Filter() pulumi.StringPtrOutput
func (GetCryptoKeysResultOutput) Id ¶
func (o GetCryptoKeysResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetCryptoKeysResultOutput) KeyRing ¶
func (o GetCryptoKeysResultOutput) KeyRing() pulumi.StringOutput
func (GetCryptoKeysResultOutput) Keys ¶
func (o GetCryptoKeysResultOutput) Keys() GetCryptoKeysKeyArrayOutput
A list of all the retrieved keys from the provided key ring. This list is influenced by the provided filter argument.
func (GetCryptoKeysResultOutput) ToGetCryptoKeysResultOutput ¶
func (o GetCryptoKeysResultOutput) ToGetCryptoKeysResultOutput() GetCryptoKeysResultOutput
func (GetCryptoKeysResultOutput) ToGetCryptoKeysResultOutputWithContext ¶
func (o GetCryptoKeysResultOutput) ToGetCryptoKeysResultOutputWithContext(ctx context.Context) GetCryptoKeysResultOutput
type GetKMSCryptoKeyArgs ¶
type GetKMSCryptoKeyArgs struct { // The `id` of the Google Cloud Platform KeyRing to which the key belongs. KeyRing string `pulumi:"keyRing"` // The CryptoKey's name. // A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}` Name string `pulumi:"name"` }
A collection of arguments for invoking getKMSCryptoKey.
type GetKMSCryptoKeyKeyAccessJustificationsPolicy ¶
type GetKMSCryptoKeyKeyAccessJustificationsPolicy struct { // The list of allowed reasons for access to this CryptoKey. Zero allowed // access reasons means all encrypt, decrypt, and sign operations for // this CryptoKey will fail. AllowedAccessReasons []string `pulumi:"allowedAccessReasons"` }
type GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs ¶
type GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs struct { // The list of allowed reasons for access to this CryptoKey. Zero allowed // access reasons means all encrypt, decrypt, and sign operations for // this CryptoKey will fail. AllowedAccessReasons pulumi.StringArrayInput `pulumi:"allowedAccessReasons"` }
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ElementType ¶
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ElementType() reflect.Type
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutput ¶
func (i GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutputWithContext ¶
func (i GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput
type GetKMSCryptoKeyKeyAccessJustificationsPolicyArray ¶
type GetKMSCryptoKeyKeyAccessJustificationsPolicyArray []GetKMSCryptoKeyKeyAccessJustificationsPolicyInput
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ElementType ¶
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ElementType() reflect.Type
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput ¶
func (i GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutputWithContext ¶
func (i GetKMSCryptoKeyKeyAccessJustificationsPolicyArray) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
type GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayInput ¶
type GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayInput interface { pulumi.Input ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutputWithContext(context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput }
GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayInput is an input type that accepts GetKMSCryptoKeyKeyAccessJustificationsPolicyArray and GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput values. You can construct a concrete instance of `GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayInput` via:
GetKMSCryptoKeyKeyAccessJustificationsPolicyArray{ GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs{...} }
type GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput ¶
type GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput struct{ *pulumi.OutputState }
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ElementType ¶
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ElementType() reflect.Type
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput ¶
func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutputWithContext ¶
func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
type GetKMSCryptoKeyKeyAccessJustificationsPolicyInput ¶
type GetKMSCryptoKeyKeyAccessJustificationsPolicyInput interface { pulumi.Input ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput }
GetKMSCryptoKeyKeyAccessJustificationsPolicyInput is an input type that accepts GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs and GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput values. You can construct a concrete instance of `GetKMSCryptoKeyKeyAccessJustificationsPolicyInput` via:
GetKMSCryptoKeyKeyAccessJustificationsPolicyArgs{...}
type GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput ¶
type GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput struct{ *pulumi.OutputState }
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons ¶
func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) AllowedAccessReasons() pulumi.StringArrayOutput
The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ElementType ¶
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ElementType() reflect.Type
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutput ¶
func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutput() GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput
func (GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutputWithContext ¶
func (o GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput) ToGetKMSCryptoKeyKeyAccessJustificationsPolicyOutputWithContext(ctx context.Context) GetKMSCryptoKeyKeyAccessJustificationsPolicyOutput
type GetKMSCryptoKeyOutputArgs ¶
type GetKMSCryptoKeyOutputArgs struct { // The `id` of the Google Cloud Platform KeyRing to which the key belongs. KeyRing pulumi.StringInput `pulumi:"keyRing"` // The CryptoKey's name. // A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}` Name pulumi.StringInput `pulumi:"name"` }
A collection of arguments for invoking getKMSCryptoKey.
func (GetKMSCryptoKeyOutputArgs) ElementType ¶
func (GetKMSCryptoKeyOutputArgs) ElementType() reflect.Type
type GetKMSCryptoKeyPrimary ¶
type GetKMSCryptoKeyPrimary struct { // The CryptoKey's name. // A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}` Name string `pulumi:"name"` // The current state of the CryptoKeyVersion. State string `pulumi:"state"` }
type GetKMSCryptoKeyPrimaryArgs ¶
type GetKMSCryptoKeyPrimaryArgs struct { // The CryptoKey's name. // A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}` Name pulumi.StringInput `pulumi:"name"` // The current state of the CryptoKeyVersion. State pulumi.StringInput `pulumi:"state"` }
func (GetKMSCryptoKeyPrimaryArgs) ElementType ¶
func (GetKMSCryptoKeyPrimaryArgs) ElementType() reflect.Type
func (GetKMSCryptoKeyPrimaryArgs) ToGetKMSCryptoKeyPrimaryOutput ¶
func (i GetKMSCryptoKeyPrimaryArgs) ToGetKMSCryptoKeyPrimaryOutput() GetKMSCryptoKeyPrimaryOutput
func (GetKMSCryptoKeyPrimaryArgs) ToGetKMSCryptoKeyPrimaryOutputWithContext ¶
func (i GetKMSCryptoKeyPrimaryArgs) ToGetKMSCryptoKeyPrimaryOutputWithContext(ctx context.Context) GetKMSCryptoKeyPrimaryOutput
type GetKMSCryptoKeyPrimaryArray ¶
type GetKMSCryptoKeyPrimaryArray []GetKMSCryptoKeyPrimaryInput
func (GetKMSCryptoKeyPrimaryArray) ElementType ¶
func (GetKMSCryptoKeyPrimaryArray) ElementType() reflect.Type
func (GetKMSCryptoKeyPrimaryArray) ToGetKMSCryptoKeyPrimaryArrayOutput ¶
func (i GetKMSCryptoKeyPrimaryArray) ToGetKMSCryptoKeyPrimaryArrayOutput() GetKMSCryptoKeyPrimaryArrayOutput
func (GetKMSCryptoKeyPrimaryArray) ToGetKMSCryptoKeyPrimaryArrayOutputWithContext ¶
func (i GetKMSCryptoKeyPrimaryArray) ToGetKMSCryptoKeyPrimaryArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyPrimaryArrayOutput
type GetKMSCryptoKeyPrimaryArrayInput ¶
type GetKMSCryptoKeyPrimaryArrayInput interface { pulumi.Input ToGetKMSCryptoKeyPrimaryArrayOutput() GetKMSCryptoKeyPrimaryArrayOutput ToGetKMSCryptoKeyPrimaryArrayOutputWithContext(context.Context) GetKMSCryptoKeyPrimaryArrayOutput }
GetKMSCryptoKeyPrimaryArrayInput is an input type that accepts GetKMSCryptoKeyPrimaryArray and GetKMSCryptoKeyPrimaryArrayOutput values. You can construct a concrete instance of `GetKMSCryptoKeyPrimaryArrayInput` via:
GetKMSCryptoKeyPrimaryArray{ GetKMSCryptoKeyPrimaryArgs{...} }
type GetKMSCryptoKeyPrimaryArrayOutput ¶
type GetKMSCryptoKeyPrimaryArrayOutput struct{ *pulumi.OutputState }
func (GetKMSCryptoKeyPrimaryArrayOutput) ElementType ¶
func (GetKMSCryptoKeyPrimaryArrayOutput) ElementType() reflect.Type
func (GetKMSCryptoKeyPrimaryArrayOutput) Index ¶
func (o GetKMSCryptoKeyPrimaryArrayOutput) Index(i pulumi.IntInput) GetKMSCryptoKeyPrimaryOutput
func (GetKMSCryptoKeyPrimaryArrayOutput) ToGetKMSCryptoKeyPrimaryArrayOutput ¶
func (o GetKMSCryptoKeyPrimaryArrayOutput) ToGetKMSCryptoKeyPrimaryArrayOutput() GetKMSCryptoKeyPrimaryArrayOutput
func (GetKMSCryptoKeyPrimaryArrayOutput) ToGetKMSCryptoKeyPrimaryArrayOutputWithContext ¶
func (o GetKMSCryptoKeyPrimaryArrayOutput) ToGetKMSCryptoKeyPrimaryArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyPrimaryArrayOutput
type GetKMSCryptoKeyPrimaryInput ¶
type GetKMSCryptoKeyPrimaryInput interface { pulumi.Input ToGetKMSCryptoKeyPrimaryOutput() GetKMSCryptoKeyPrimaryOutput ToGetKMSCryptoKeyPrimaryOutputWithContext(context.Context) GetKMSCryptoKeyPrimaryOutput }
GetKMSCryptoKeyPrimaryInput is an input type that accepts GetKMSCryptoKeyPrimaryArgs and GetKMSCryptoKeyPrimaryOutput values. You can construct a concrete instance of `GetKMSCryptoKeyPrimaryInput` via:
GetKMSCryptoKeyPrimaryArgs{...}
type GetKMSCryptoKeyPrimaryOutput ¶
type GetKMSCryptoKeyPrimaryOutput struct{ *pulumi.OutputState }
func (GetKMSCryptoKeyPrimaryOutput) ElementType ¶
func (GetKMSCryptoKeyPrimaryOutput) ElementType() reflect.Type
func (GetKMSCryptoKeyPrimaryOutput) Name ¶
func (o GetKMSCryptoKeyPrimaryOutput) Name() pulumi.StringOutput
The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
func (GetKMSCryptoKeyPrimaryOutput) State ¶
func (o GetKMSCryptoKeyPrimaryOutput) State() pulumi.StringOutput
The current state of the CryptoKeyVersion.
func (GetKMSCryptoKeyPrimaryOutput) ToGetKMSCryptoKeyPrimaryOutput ¶
func (o GetKMSCryptoKeyPrimaryOutput) ToGetKMSCryptoKeyPrimaryOutput() GetKMSCryptoKeyPrimaryOutput
func (GetKMSCryptoKeyPrimaryOutput) ToGetKMSCryptoKeyPrimaryOutputWithContext ¶
func (o GetKMSCryptoKeyPrimaryOutput) ToGetKMSCryptoKeyPrimaryOutputWithContext(ctx context.Context) GetKMSCryptoKeyPrimaryOutput
type GetKMSCryptoKeyResult ¶
type GetKMSCryptoKeyResult struct { CryptoKeyBackend string `pulumi:"cryptoKeyBackend"` DestroyScheduledDuration string `pulumi:"destroyScheduledDuration"` EffectiveLabels map[string]string `pulumi:"effectiveLabels"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` ImportOnly bool `pulumi:"importOnly"` KeyAccessJustificationsPolicies []GetKMSCryptoKeyKeyAccessJustificationsPolicy `pulumi:"keyAccessJustificationsPolicies"` KeyRing string `pulumi:"keyRing"` Labels map[string]string `pulumi:"labels"` Name string `pulumi:"name"` Primaries []GetKMSCryptoKeyPrimary `pulumi:"primaries"` PulumiLabels map[string]string `pulumi:"pulumiLabels"` // Defines the cryptographic capabilities of the key. Purpose string `pulumi:"purpose"` // Every time this period passes, generate a new CryptoKeyVersion and set it as // the primary. The first rotation will take place after the specified period. The rotation period has the format // of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). RotationPeriod string `pulumi:"rotationPeriod"` SkipInitialVersionCreation bool `pulumi:"skipInitialVersionCreation"` VersionTemplates []GetKMSCryptoKeyVersionTemplate `pulumi:"versionTemplates"` }
A collection of values returned by getKMSCryptoKey.
func GetKMSCryptoKey ¶
func GetKMSCryptoKey(ctx *pulumi.Context, args *GetKMSCryptoKeyArgs, opts ...pulumi.InvokeOption) (*GetKMSCryptoKeyResult, error)
Provides access to a Google Cloud Platform KMS CryptoKey. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).
A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{ Name: "my-key-ring", Location: "us-central1", }, nil) if err != nil { return err } _, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{ Name: "my-crypto-key", KeyRing: myKeyRing.Id, }, nil) if err != nil { return err } return nil }) }
```
type GetKMSCryptoKeyResultOutput ¶
type GetKMSCryptoKeyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getKMSCryptoKey.
func GetKMSCryptoKeyOutput ¶
func GetKMSCryptoKeyOutput(ctx *pulumi.Context, args GetKMSCryptoKeyOutputArgs, opts ...pulumi.InvokeOption) GetKMSCryptoKeyResultOutput
func (GetKMSCryptoKeyResultOutput) CryptoKeyBackend ¶
func (o GetKMSCryptoKeyResultOutput) CryptoKeyBackend() pulumi.StringOutput
func (GetKMSCryptoKeyResultOutput) DestroyScheduledDuration ¶
func (o GetKMSCryptoKeyResultOutput) DestroyScheduledDuration() pulumi.StringOutput
func (GetKMSCryptoKeyResultOutput) EffectiveLabels ¶
func (o GetKMSCryptoKeyResultOutput) EffectiveLabels() pulumi.StringMapOutput
func (GetKMSCryptoKeyResultOutput) ElementType ¶
func (GetKMSCryptoKeyResultOutput) ElementType() reflect.Type
func (GetKMSCryptoKeyResultOutput) Id ¶
func (o GetKMSCryptoKeyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetKMSCryptoKeyResultOutput) ImportOnly ¶
func (o GetKMSCryptoKeyResultOutput) ImportOnly() pulumi.BoolOutput
func (GetKMSCryptoKeyResultOutput) KeyAccessJustificationsPolicies ¶
func (o GetKMSCryptoKeyResultOutput) KeyAccessJustificationsPolicies() GetKMSCryptoKeyKeyAccessJustificationsPolicyArrayOutput
func (GetKMSCryptoKeyResultOutput) KeyRing ¶
func (o GetKMSCryptoKeyResultOutput) KeyRing() pulumi.StringOutput
func (GetKMSCryptoKeyResultOutput) Labels ¶
func (o GetKMSCryptoKeyResultOutput) Labels() pulumi.StringMapOutput
func (GetKMSCryptoKeyResultOutput) Name ¶
func (o GetKMSCryptoKeyResultOutput) Name() pulumi.StringOutput
func (GetKMSCryptoKeyResultOutput) Primaries ¶
func (o GetKMSCryptoKeyResultOutput) Primaries() GetKMSCryptoKeyPrimaryArrayOutput
func (GetKMSCryptoKeyResultOutput) PulumiLabels ¶
func (o GetKMSCryptoKeyResultOutput) PulumiLabels() pulumi.StringMapOutput
func (GetKMSCryptoKeyResultOutput) Purpose ¶
func (o GetKMSCryptoKeyResultOutput) Purpose() pulumi.StringOutput
Defines the cryptographic capabilities of the key.
func (GetKMSCryptoKeyResultOutput) RotationPeriod ¶
func (o GetKMSCryptoKeyResultOutput) RotationPeriod() pulumi.StringOutput
Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
func (GetKMSCryptoKeyResultOutput) SkipInitialVersionCreation ¶
func (o GetKMSCryptoKeyResultOutput) SkipInitialVersionCreation() pulumi.BoolOutput
func (GetKMSCryptoKeyResultOutput) ToGetKMSCryptoKeyResultOutput ¶
func (o GetKMSCryptoKeyResultOutput) ToGetKMSCryptoKeyResultOutput() GetKMSCryptoKeyResultOutput
func (GetKMSCryptoKeyResultOutput) ToGetKMSCryptoKeyResultOutputWithContext ¶
func (o GetKMSCryptoKeyResultOutput) ToGetKMSCryptoKeyResultOutputWithContext(ctx context.Context) GetKMSCryptoKeyResultOutput
func (GetKMSCryptoKeyResultOutput) VersionTemplates ¶
func (o GetKMSCryptoKeyResultOutput) VersionTemplates() GetKMSCryptoKeyVersionTemplateArrayOutput
type GetKMSCryptoKeyVersionArgs ¶
type GetKMSCryptoKeyVersionArgs struct { // The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the // `kms.CryptoKey` resource/datasource. CryptoKey string `pulumi:"cryptoKey"` // The version number for this CryptoKeyVersion. Defaults to `1`. Version *int `pulumi:"version"` }
A collection of arguments for invoking getKMSCryptoKeyVersion.
type GetKMSCryptoKeyVersionOutputArgs ¶
type GetKMSCryptoKeyVersionOutputArgs struct { // The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the // `kms.CryptoKey` resource/datasource. CryptoKey pulumi.StringInput `pulumi:"cryptoKey"` // The version number for this CryptoKeyVersion. Defaults to `1`. Version pulumi.IntPtrInput `pulumi:"version"` }
A collection of arguments for invoking getKMSCryptoKeyVersion.
func (GetKMSCryptoKeyVersionOutputArgs) ElementType ¶
func (GetKMSCryptoKeyVersionOutputArgs) ElementType() reflect.Type
type GetKMSCryptoKeyVersionPublicKey ¶
type GetKMSCryptoKeyVersionPublicKey struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm string `pulumi:"algorithm"` // The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info. Pem string `pulumi:"pem"` }
type GetKMSCryptoKeyVersionPublicKeyArgs ¶
type GetKMSCryptoKeyVersionPublicKeyArgs struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm pulumi.StringInput `pulumi:"algorithm"` // The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info. Pem pulumi.StringInput `pulumi:"pem"` }
func (GetKMSCryptoKeyVersionPublicKeyArgs) ElementType ¶
func (GetKMSCryptoKeyVersionPublicKeyArgs) ElementType() reflect.Type
func (GetKMSCryptoKeyVersionPublicKeyArgs) ToGetKMSCryptoKeyVersionPublicKeyOutput ¶
func (i GetKMSCryptoKeyVersionPublicKeyArgs) ToGetKMSCryptoKeyVersionPublicKeyOutput() GetKMSCryptoKeyVersionPublicKeyOutput
func (GetKMSCryptoKeyVersionPublicKeyArgs) ToGetKMSCryptoKeyVersionPublicKeyOutputWithContext ¶
func (i GetKMSCryptoKeyVersionPublicKeyArgs) ToGetKMSCryptoKeyVersionPublicKeyOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionPublicKeyOutput
type GetKMSCryptoKeyVersionPublicKeyArray ¶
type GetKMSCryptoKeyVersionPublicKeyArray []GetKMSCryptoKeyVersionPublicKeyInput
func (GetKMSCryptoKeyVersionPublicKeyArray) ElementType ¶
func (GetKMSCryptoKeyVersionPublicKeyArray) ElementType() reflect.Type
func (GetKMSCryptoKeyVersionPublicKeyArray) ToGetKMSCryptoKeyVersionPublicKeyArrayOutput ¶
func (i GetKMSCryptoKeyVersionPublicKeyArray) ToGetKMSCryptoKeyVersionPublicKeyArrayOutput() GetKMSCryptoKeyVersionPublicKeyArrayOutput
func (GetKMSCryptoKeyVersionPublicKeyArray) ToGetKMSCryptoKeyVersionPublicKeyArrayOutputWithContext ¶
func (i GetKMSCryptoKeyVersionPublicKeyArray) ToGetKMSCryptoKeyVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionPublicKeyArrayOutput
type GetKMSCryptoKeyVersionPublicKeyArrayInput ¶
type GetKMSCryptoKeyVersionPublicKeyArrayInput interface { pulumi.Input ToGetKMSCryptoKeyVersionPublicKeyArrayOutput() GetKMSCryptoKeyVersionPublicKeyArrayOutput ToGetKMSCryptoKeyVersionPublicKeyArrayOutputWithContext(context.Context) GetKMSCryptoKeyVersionPublicKeyArrayOutput }
GetKMSCryptoKeyVersionPublicKeyArrayInput is an input type that accepts GetKMSCryptoKeyVersionPublicKeyArray and GetKMSCryptoKeyVersionPublicKeyArrayOutput values. You can construct a concrete instance of `GetKMSCryptoKeyVersionPublicKeyArrayInput` via:
GetKMSCryptoKeyVersionPublicKeyArray{ GetKMSCryptoKeyVersionPublicKeyArgs{...} }
type GetKMSCryptoKeyVersionPublicKeyArrayOutput ¶
type GetKMSCryptoKeyVersionPublicKeyArrayOutput struct{ *pulumi.OutputState }
func (GetKMSCryptoKeyVersionPublicKeyArrayOutput) ElementType ¶
func (GetKMSCryptoKeyVersionPublicKeyArrayOutput) ElementType() reflect.Type
func (GetKMSCryptoKeyVersionPublicKeyArrayOutput) ToGetKMSCryptoKeyVersionPublicKeyArrayOutput ¶
func (o GetKMSCryptoKeyVersionPublicKeyArrayOutput) ToGetKMSCryptoKeyVersionPublicKeyArrayOutput() GetKMSCryptoKeyVersionPublicKeyArrayOutput
func (GetKMSCryptoKeyVersionPublicKeyArrayOutput) ToGetKMSCryptoKeyVersionPublicKeyArrayOutputWithContext ¶
func (o GetKMSCryptoKeyVersionPublicKeyArrayOutput) ToGetKMSCryptoKeyVersionPublicKeyArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionPublicKeyArrayOutput
type GetKMSCryptoKeyVersionPublicKeyInput ¶
type GetKMSCryptoKeyVersionPublicKeyInput interface { pulumi.Input ToGetKMSCryptoKeyVersionPublicKeyOutput() GetKMSCryptoKeyVersionPublicKeyOutput ToGetKMSCryptoKeyVersionPublicKeyOutputWithContext(context.Context) GetKMSCryptoKeyVersionPublicKeyOutput }
GetKMSCryptoKeyVersionPublicKeyInput is an input type that accepts GetKMSCryptoKeyVersionPublicKeyArgs and GetKMSCryptoKeyVersionPublicKeyOutput values. You can construct a concrete instance of `GetKMSCryptoKeyVersionPublicKeyInput` via:
GetKMSCryptoKeyVersionPublicKeyArgs{...}
type GetKMSCryptoKeyVersionPublicKeyOutput ¶
type GetKMSCryptoKeyVersionPublicKeyOutput struct{ *pulumi.OutputState }
func (GetKMSCryptoKeyVersionPublicKeyOutput) Algorithm ¶
func (o GetKMSCryptoKeyVersionPublicKeyOutput) Algorithm() pulumi.StringOutput
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
func (GetKMSCryptoKeyVersionPublicKeyOutput) ElementType ¶
func (GetKMSCryptoKeyVersionPublicKeyOutput) ElementType() reflect.Type
func (GetKMSCryptoKeyVersionPublicKeyOutput) Pem ¶
func (o GetKMSCryptoKeyVersionPublicKeyOutput) Pem() pulumi.StringOutput
The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
func (GetKMSCryptoKeyVersionPublicKeyOutput) ToGetKMSCryptoKeyVersionPublicKeyOutput ¶
func (o GetKMSCryptoKeyVersionPublicKeyOutput) ToGetKMSCryptoKeyVersionPublicKeyOutput() GetKMSCryptoKeyVersionPublicKeyOutput
func (GetKMSCryptoKeyVersionPublicKeyOutput) ToGetKMSCryptoKeyVersionPublicKeyOutputWithContext ¶
func (o GetKMSCryptoKeyVersionPublicKeyOutput) ToGetKMSCryptoKeyVersionPublicKeyOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionPublicKeyOutput
type GetKMSCryptoKeyVersionResult ¶
type GetKMSCryptoKeyVersionResult struct { // The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. Algorithm string `pulumi:"algorithm"` CryptoKey string `pulumi:"cryptoKey"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*` Name string `pulumi:"name"` // The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. See the [protectionLevel reference](https://cloud.google.com/kms/docs/reference/rest/v1/ProtectionLevel) for possible outputs. ProtectionLevel string `pulumi:"protectionLevel"` // If the enclosing CryptoKey has purpose `ASYMMETRIC_SIGN` or `ASYMMETRIC_DECRYPT`, this block contains details about the public key associated to this CryptoKeyVersion. Structure is documented below. PublicKeys []GetKMSCryptoKeyVersionPublicKey `pulumi:"publicKeys"` // The current state of the CryptoKeyVersion. See the [state reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions#CryptoKeyVersion.CryptoKeyVersionState) for possible outputs. State string `pulumi:"state"` Version *int `pulumi:"version"` }
A collection of values returned by getKMSCryptoKeyVersion.
func GetKMSCryptoKeyVersion ¶
func GetKMSCryptoKeyVersion(ctx *pulumi.Context, args *GetKMSCryptoKeyVersionArgs, opts ...pulumi.InvokeOption) (*GetKMSCryptoKeyVersionResult, error)
Provides access to a Google Cloud Platform KMS CryptoKeyVersion. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).
A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{ Name: "my-key-ring", Location: "us-central1", }, nil) if err != nil { return err } _, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{ Name: "my-crypto-key", KeyRing: myKeyRing.Id, }, nil) if err != nil { return err } _, err = kms.GetKMSCryptoKeyVersion(ctx, &kms.GetKMSCryptoKeyVersionArgs{ CryptoKey: myKey.Id, }, nil) if err != nil { return err } return nil }) }
```
type GetKMSCryptoKeyVersionResultOutput ¶
type GetKMSCryptoKeyVersionResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getKMSCryptoKeyVersion.
func GetKMSCryptoKeyVersionOutput ¶
func GetKMSCryptoKeyVersionOutput(ctx *pulumi.Context, args GetKMSCryptoKeyVersionOutputArgs, opts ...pulumi.InvokeOption) GetKMSCryptoKeyVersionResultOutput
func (GetKMSCryptoKeyVersionResultOutput) Algorithm ¶
func (o GetKMSCryptoKeyVersionResultOutput) Algorithm() pulumi.StringOutput
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
func (GetKMSCryptoKeyVersionResultOutput) CryptoKey ¶
func (o GetKMSCryptoKeyVersionResultOutput) CryptoKey() pulumi.StringOutput
func (GetKMSCryptoKeyVersionResultOutput) ElementType ¶
func (GetKMSCryptoKeyVersionResultOutput) ElementType() reflect.Type
func (GetKMSCryptoKeyVersionResultOutput) Id ¶
func (o GetKMSCryptoKeyVersionResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetKMSCryptoKeyVersionResultOutput) Name ¶
func (o GetKMSCryptoKeyVersionResultOutput) Name() pulumi.StringOutput
The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`
func (GetKMSCryptoKeyVersionResultOutput) ProtectionLevel ¶
func (o GetKMSCryptoKeyVersionResultOutput) ProtectionLevel() pulumi.StringOutput
The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. See the [protectionLevel reference](https://cloud.google.com/kms/docs/reference/rest/v1/ProtectionLevel) for possible outputs.
func (GetKMSCryptoKeyVersionResultOutput) PublicKeys ¶
func (o GetKMSCryptoKeyVersionResultOutput) PublicKeys() GetKMSCryptoKeyVersionPublicKeyArrayOutput
If the enclosing CryptoKey has purpose `ASYMMETRIC_SIGN` or `ASYMMETRIC_DECRYPT`, this block contains details about the public key associated to this CryptoKeyVersion. Structure is documented below.
func (GetKMSCryptoKeyVersionResultOutput) State ¶
func (o GetKMSCryptoKeyVersionResultOutput) State() pulumi.StringOutput
The current state of the CryptoKeyVersion. See the [state reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions#CryptoKeyVersion.CryptoKeyVersionState) for possible outputs.
func (GetKMSCryptoKeyVersionResultOutput) ToGetKMSCryptoKeyVersionResultOutput ¶
func (o GetKMSCryptoKeyVersionResultOutput) ToGetKMSCryptoKeyVersionResultOutput() GetKMSCryptoKeyVersionResultOutput
func (GetKMSCryptoKeyVersionResultOutput) ToGetKMSCryptoKeyVersionResultOutputWithContext ¶
func (o GetKMSCryptoKeyVersionResultOutput) ToGetKMSCryptoKeyVersionResultOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionResultOutput
func (GetKMSCryptoKeyVersionResultOutput) Version ¶
func (o GetKMSCryptoKeyVersionResultOutput) Version() pulumi.IntPtrOutput
type GetKMSCryptoKeyVersionTemplate ¶
type GetKMSCryptoKeyVersionTemplate struct { // The algorithm to use when creating a version based on this template. // See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. Algorithm string `pulumi:"algorithm"` // The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". ProtectionLevel string `pulumi:"protectionLevel"` }
type GetKMSCryptoKeyVersionTemplateArgs ¶
type GetKMSCryptoKeyVersionTemplateArgs struct { // The algorithm to use when creating a version based on this template. // See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. Algorithm pulumi.StringInput `pulumi:"algorithm"` // The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". ProtectionLevel pulumi.StringInput `pulumi:"protectionLevel"` }
func (GetKMSCryptoKeyVersionTemplateArgs) ElementType ¶
func (GetKMSCryptoKeyVersionTemplateArgs) ElementType() reflect.Type
func (GetKMSCryptoKeyVersionTemplateArgs) ToGetKMSCryptoKeyVersionTemplateOutput ¶
func (i GetKMSCryptoKeyVersionTemplateArgs) ToGetKMSCryptoKeyVersionTemplateOutput() GetKMSCryptoKeyVersionTemplateOutput
func (GetKMSCryptoKeyVersionTemplateArgs) ToGetKMSCryptoKeyVersionTemplateOutputWithContext ¶
func (i GetKMSCryptoKeyVersionTemplateArgs) ToGetKMSCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionTemplateOutput
type GetKMSCryptoKeyVersionTemplateArray ¶
type GetKMSCryptoKeyVersionTemplateArray []GetKMSCryptoKeyVersionTemplateInput
func (GetKMSCryptoKeyVersionTemplateArray) ElementType ¶
func (GetKMSCryptoKeyVersionTemplateArray) ElementType() reflect.Type
func (GetKMSCryptoKeyVersionTemplateArray) ToGetKMSCryptoKeyVersionTemplateArrayOutput ¶
func (i GetKMSCryptoKeyVersionTemplateArray) ToGetKMSCryptoKeyVersionTemplateArrayOutput() GetKMSCryptoKeyVersionTemplateArrayOutput
func (GetKMSCryptoKeyVersionTemplateArray) ToGetKMSCryptoKeyVersionTemplateArrayOutputWithContext ¶
func (i GetKMSCryptoKeyVersionTemplateArray) ToGetKMSCryptoKeyVersionTemplateArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionTemplateArrayOutput
type GetKMSCryptoKeyVersionTemplateArrayInput ¶
type GetKMSCryptoKeyVersionTemplateArrayInput interface { pulumi.Input ToGetKMSCryptoKeyVersionTemplateArrayOutput() GetKMSCryptoKeyVersionTemplateArrayOutput ToGetKMSCryptoKeyVersionTemplateArrayOutputWithContext(context.Context) GetKMSCryptoKeyVersionTemplateArrayOutput }
GetKMSCryptoKeyVersionTemplateArrayInput is an input type that accepts GetKMSCryptoKeyVersionTemplateArray and GetKMSCryptoKeyVersionTemplateArrayOutput values. You can construct a concrete instance of `GetKMSCryptoKeyVersionTemplateArrayInput` via:
GetKMSCryptoKeyVersionTemplateArray{ GetKMSCryptoKeyVersionTemplateArgs{...} }
type GetKMSCryptoKeyVersionTemplateArrayOutput ¶
type GetKMSCryptoKeyVersionTemplateArrayOutput struct{ *pulumi.OutputState }
func (GetKMSCryptoKeyVersionTemplateArrayOutput) ElementType ¶
func (GetKMSCryptoKeyVersionTemplateArrayOutput) ElementType() reflect.Type
func (GetKMSCryptoKeyVersionTemplateArrayOutput) ToGetKMSCryptoKeyVersionTemplateArrayOutput ¶
func (o GetKMSCryptoKeyVersionTemplateArrayOutput) ToGetKMSCryptoKeyVersionTemplateArrayOutput() GetKMSCryptoKeyVersionTemplateArrayOutput
func (GetKMSCryptoKeyVersionTemplateArrayOutput) ToGetKMSCryptoKeyVersionTemplateArrayOutputWithContext ¶
func (o GetKMSCryptoKeyVersionTemplateArrayOutput) ToGetKMSCryptoKeyVersionTemplateArrayOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionTemplateArrayOutput
type GetKMSCryptoKeyVersionTemplateInput ¶
type GetKMSCryptoKeyVersionTemplateInput interface { pulumi.Input ToGetKMSCryptoKeyVersionTemplateOutput() GetKMSCryptoKeyVersionTemplateOutput ToGetKMSCryptoKeyVersionTemplateOutputWithContext(context.Context) GetKMSCryptoKeyVersionTemplateOutput }
GetKMSCryptoKeyVersionTemplateInput is an input type that accepts GetKMSCryptoKeyVersionTemplateArgs and GetKMSCryptoKeyVersionTemplateOutput values. You can construct a concrete instance of `GetKMSCryptoKeyVersionTemplateInput` via:
GetKMSCryptoKeyVersionTemplateArgs{...}
type GetKMSCryptoKeyVersionTemplateOutput ¶
type GetKMSCryptoKeyVersionTemplateOutput struct{ *pulumi.OutputState }
func (GetKMSCryptoKeyVersionTemplateOutput) Algorithm ¶
func (o GetKMSCryptoKeyVersionTemplateOutput) Algorithm() pulumi.StringOutput
The algorithm to use when creating a version based on this template. See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
func (GetKMSCryptoKeyVersionTemplateOutput) ElementType ¶
func (GetKMSCryptoKeyVersionTemplateOutput) ElementType() reflect.Type
func (GetKMSCryptoKeyVersionTemplateOutput) ProtectionLevel ¶
func (o GetKMSCryptoKeyVersionTemplateOutput) ProtectionLevel() pulumi.StringOutput
The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
func (GetKMSCryptoKeyVersionTemplateOutput) ToGetKMSCryptoKeyVersionTemplateOutput ¶
func (o GetKMSCryptoKeyVersionTemplateOutput) ToGetKMSCryptoKeyVersionTemplateOutput() GetKMSCryptoKeyVersionTemplateOutput
func (GetKMSCryptoKeyVersionTemplateOutput) ToGetKMSCryptoKeyVersionTemplateOutputWithContext ¶
func (o GetKMSCryptoKeyVersionTemplateOutput) ToGetKMSCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) GetKMSCryptoKeyVersionTemplateOutput
type GetKMSKeyRingArgs ¶
type GetKMSKeyRingArgs struct { // The Google Cloud Platform location for the KeyRing. // A full list of valid locations can be found by running `gcloud kms locations list`. // // *** Location string `pulumi:"location"` // The KeyRing's name. // A KeyRing name must exist within the provided location and match the regular expression `[a-zA-Z0-9_-]{1,63}` Name string `pulumi:"name"` // The project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` }
A collection of arguments for invoking getKMSKeyRing.
type GetKMSKeyRingOutputArgs ¶
type GetKMSKeyRingOutputArgs struct { // The Google Cloud Platform location for the KeyRing. // A full list of valid locations can be found by running `gcloud kms locations list`. // // *** Location pulumi.StringInput `pulumi:"location"` // The KeyRing's name. // A KeyRing name must exist within the provided location and match the regular expression `[a-zA-Z0-9_-]{1,63}` Name pulumi.StringInput `pulumi:"name"` // The project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` }
A collection of arguments for invoking getKMSKeyRing.
func (GetKMSKeyRingOutputArgs) ElementType ¶
func (GetKMSKeyRingOutputArgs) ElementType() reflect.Type
type GetKMSKeyRingResult ¶
type GetKMSKeyRingResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Location string `pulumi:"location"` Name string `pulumi:"name"` Project *string `pulumi:"project"` }
A collection of values returned by getKMSKeyRing.
func GetKMSKeyRing ¶
func GetKMSKeyRing(ctx *pulumi.Context, args *GetKMSKeyRingArgs, opts ...pulumi.InvokeOption) (*GetKMSKeyRingResult, error)
Provides access to Google Cloud Platform KMS KeyRing. For more information see [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).
A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project and resides in a specific location.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{ Name: "my-key-ring", Location: "us-central1", }, nil) if err != nil { return err } return nil }) }
```
type GetKMSKeyRingResultOutput ¶
type GetKMSKeyRingResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getKMSKeyRing.
func GetKMSKeyRingOutput ¶
func GetKMSKeyRingOutput(ctx *pulumi.Context, args GetKMSKeyRingOutputArgs, opts ...pulumi.InvokeOption) GetKMSKeyRingResultOutput
func (GetKMSKeyRingResultOutput) ElementType ¶
func (GetKMSKeyRingResultOutput) ElementType() reflect.Type
func (GetKMSKeyRingResultOutput) Id ¶
func (o GetKMSKeyRingResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetKMSKeyRingResultOutput) Location ¶
func (o GetKMSKeyRingResultOutput) Location() pulumi.StringOutput
func (GetKMSKeyRingResultOutput) Name ¶
func (o GetKMSKeyRingResultOutput) Name() pulumi.StringOutput
func (GetKMSKeyRingResultOutput) Project ¶
func (o GetKMSKeyRingResultOutput) Project() pulumi.StringPtrOutput
func (GetKMSKeyRingResultOutput) ToGetKMSKeyRingResultOutput ¶
func (o GetKMSKeyRingResultOutput) ToGetKMSKeyRingResultOutput() GetKMSKeyRingResultOutput
func (GetKMSKeyRingResultOutput) ToGetKMSKeyRingResultOutputWithContext ¶
func (o GetKMSKeyRingResultOutput) ToGetKMSKeyRingResultOutputWithContext(ctx context.Context) GetKMSKeyRingResultOutput
type GetKMSSecretArgs ¶
type GetKMSSecretArgs struct { // The [additional authenticated data](https://cloud.google.com/kms/docs/additional-authenticated-data) used for integrity checks during encryption and decryption. AdditionalAuthenticatedData *string `pulumi:"additionalAuthenticatedData"` // The ciphertext to be decrypted, encoded in base64 Ciphertext string `pulumi:"ciphertext"` // The id of the CryptoKey that will be used to // decrypt the provided ciphertext. This is represented by the format // `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`. CryptoKey string `pulumi:"cryptoKey"` }
A collection of arguments for invoking getKMSSecret.
type GetKMSSecretAsymmetricArgs ¶
type GetKMSSecretAsymmetricArgs struct { // The ciphertext to be decrypted, encoded in base64 Ciphertext string `pulumi:"ciphertext"` // The crc32 checksum of the `ciphertext` in hexadecimal notation. If not specified, it will be computed. Crc32 *string `pulumi:"crc32"` // The id of the CryptoKey version that will be used to // decrypt the provided ciphertext. This is represented by the format // `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}`. CryptoKeyVersion string `pulumi:"cryptoKeyVersion"` }
A collection of arguments for invoking getKMSSecretAsymmetric.
type GetKMSSecretAsymmetricOutputArgs ¶
type GetKMSSecretAsymmetricOutputArgs struct { // The ciphertext to be decrypted, encoded in base64 Ciphertext pulumi.StringInput `pulumi:"ciphertext"` // The crc32 checksum of the `ciphertext` in hexadecimal notation. If not specified, it will be computed. Crc32 pulumi.StringPtrInput `pulumi:"crc32"` // The id of the CryptoKey version that will be used to // decrypt the provided ciphertext. This is represented by the format // `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}`. CryptoKeyVersion pulumi.StringInput `pulumi:"cryptoKeyVersion"` }
A collection of arguments for invoking getKMSSecretAsymmetric.
func (GetKMSSecretAsymmetricOutputArgs) ElementType ¶
func (GetKMSSecretAsymmetricOutputArgs) ElementType() reflect.Type
type GetKMSSecretAsymmetricResult ¶
type GetKMSSecretAsymmetricResult struct { Ciphertext string `pulumi:"ciphertext"` // Contains the crc32 checksum of the provided ciphertext. Crc32 *string `pulumi:"crc32"` CryptoKeyVersion string `pulumi:"cryptoKeyVersion"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // Contains the result of decrypting the provided ciphertext. Plaintext string `pulumi:"plaintext"` }
A collection of values returned by getKMSSecretAsymmetric.
func GetKMSSecretAsymmetric ¶
func GetKMSSecretAsymmetric(ctx *pulumi.Context, args *GetKMSSecretAsymmetricArgs, opts ...pulumi.InvokeOption) (*GetKMSSecretAsymmetricResult, error)
## Example Usage
First, create a KMS KeyRing and CryptoKey using the resource definitions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { myKeyRing, err := kms.NewKeyRing(ctx, "my_key_ring", &kms.KeyRingArgs{ Project: pulumi.String("my-project"), Name: pulumi.String("my-key-ring"), Location: pulumi.String("us-central1"), }) if err != nil { return err } myCryptoKeyCryptoKey, err := kms.NewCryptoKey(ctx, "my_crypto_key", &kms.CryptoKeyArgs{ Name: pulumi.String("my-crypto-key"), KeyRing: myKeyRing.ID(), Purpose: pulumi.String("ASYMMETRIC_DECRYPT"), VersionTemplate: &kms.CryptoKeyVersionTemplateArgs{ Algorithm: pulumi.String("RSA_DECRYPT_OAEP_4096_SHA256"), }, }) if err != nil { return err } _ = kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{ CryptoKey: myCryptoKeyCryptoKey.ID(), }, nil) return nil }) }
```
Next, use the [Cloud SDK](https://cloud.google.com/kms/docs/encrypt-decrypt-rsa#kms-encrypt-asymmetric-cli) to encrypt some sensitive information:
Finally, reference the encrypted ciphertext in your resource definitions:
```go package main
import (
"fmt" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql" "github.com/pulumi/pulumi-random/sdk/v4/go/random" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.GetKMSSecretAsymmetric(ctx, &kms.GetKMSSecretAsymmetricArgs{ CryptoKeyVersion: myCryptoKey.Id, Crc32: pulumi.StringRef("12c59e54"), Ciphertext: ` M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1 J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9 A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
`,
}, nil) if err != nil { return err } dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{ ByteLength: pulumi.Int(4), }) if err != nil { return err } main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{ Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) { return fmt.Sprintf("main-instance-%v", hex), nil }).(pulumi.StringOutput), DatabaseVersion: pulumi.String("MYSQL_5_7"), Settings: &sql.DatabaseInstanceSettingsArgs{ Tier: pulumi.String("db-f1-micro"), }, }) if err != nil { return err } _, err = sql.NewUser(ctx, "users", &sql.UserArgs{ Name: pulumi.String("me"), Instance: main.Name, Host: pulumi.String("me.com"), Password: pulumi.Any(sqlUserPasswordGoogleKmsSecret.Plaintext), }) if err != nil { return err } return nil }) }
```
This will result in a Cloud SQL user being created with password `my-secret-password`.
type GetKMSSecretAsymmetricResultOutput ¶
type GetKMSSecretAsymmetricResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getKMSSecretAsymmetric.
func GetKMSSecretAsymmetricOutput ¶
func GetKMSSecretAsymmetricOutput(ctx *pulumi.Context, args GetKMSSecretAsymmetricOutputArgs, opts ...pulumi.InvokeOption) GetKMSSecretAsymmetricResultOutput
func (GetKMSSecretAsymmetricResultOutput) Ciphertext ¶
func (o GetKMSSecretAsymmetricResultOutput) Ciphertext() pulumi.StringOutput
func (GetKMSSecretAsymmetricResultOutput) Crc32 ¶
func (o GetKMSSecretAsymmetricResultOutput) Crc32() pulumi.StringPtrOutput
Contains the crc32 checksum of the provided ciphertext.
func (GetKMSSecretAsymmetricResultOutput) CryptoKeyVersion ¶
func (o GetKMSSecretAsymmetricResultOutput) CryptoKeyVersion() pulumi.StringOutput
func (GetKMSSecretAsymmetricResultOutput) ElementType ¶
func (GetKMSSecretAsymmetricResultOutput) ElementType() reflect.Type
func (GetKMSSecretAsymmetricResultOutput) Id ¶
func (o GetKMSSecretAsymmetricResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetKMSSecretAsymmetricResultOutput) Plaintext ¶
func (o GetKMSSecretAsymmetricResultOutput) Plaintext() pulumi.StringOutput
Contains the result of decrypting the provided ciphertext.
func (GetKMSSecretAsymmetricResultOutput) ToGetKMSSecretAsymmetricResultOutput ¶
func (o GetKMSSecretAsymmetricResultOutput) ToGetKMSSecretAsymmetricResultOutput() GetKMSSecretAsymmetricResultOutput
func (GetKMSSecretAsymmetricResultOutput) ToGetKMSSecretAsymmetricResultOutputWithContext ¶
func (o GetKMSSecretAsymmetricResultOutput) ToGetKMSSecretAsymmetricResultOutputWithContext(ctx context.Context) GetKMSSecretAsymmetricResultOutput
type GetKMSSecretCiphertextArgs ¶
type GetKMSSecretCiphertextArgs struct { // The id of the CryptoKey that will be used to // encrypt the provided plaintext. This is represented by the format // `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`. CryptoKey string `pulumi:"cryptoKey"` // The plaintext to be encrypted Plaintext string `pulumi:"plaintext"` }
A collection of arguments for invoking getKMSSecretCiphertext.
type GetKMSSecretCiphertextOutputArgs ¶
type GetKMSSecretCiphertextOutputArgs struct { // The id of the CryptoKey that will be used to // encrypt the provided plaintext. This is represented by the format // `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`. CryptoKey pulumi.StringInput `pulumi:"cryptoKey"` // The plaintext to be encrypted Plaintext pulumi.StringInput `pulumi:"plaintext"` }
A collection of arguments for invoking getKMSSecretCiphertext.
func (GetKMSSecretCiphertextOutputArgs) ElementType ¶
func (GetKMSSecretCiphertextOutputArgs) ElementType() reflect.Type
type GetKMSSecretCiphertextResult ¶
type GetKMSSecretCiphertextResult struct { // Contains the result of encrypting the provided plaintext, encoded in base64. Ciphertext string `pulumi:"ciphertext"` CryptoKey string `pulumi:"cryptoKey"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Plaintext string `pulumi:"plaintext"` }
A collection of values returned by getKMSSecretCiphertext.
func GetKMSSecretCiphertext ¶
func GetKMSSecretCiphertext(ctx *pulumi.Context, args *GetKMSSecretCiphertextArgs, opts ...pulumi.InvokeOption) (*GetKMSSecretCiphertextResult, error)
!> **Warning:** This data source is deprecated. Use the `kms.SecretCiphertext` **resource** instead.
This data source allows you to encrypt data with Google Cloud KMS and use the ciphertext within your resource definitions.
For more information see [the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).
> **NOTE:** Using this data source will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.
## Example Usage
First, create a KMS KeyRing and CryptoKey using the resource definitions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { myKeyRing, err := kms.NewKeyRing(ctx, "my_key_ring", &kms.KeyRingArgs{ Project: pulumi.String("my-project"), Name: pulumi.String("my-key-ring"), Location: pulumi.String("us-central1"), }) if err != nil { return err } _, err = kms.NewCryptoKey(ctx, "my_crypto_key", &kms.CryptoKeyArgs{ Name: pulumi.String("my-crypto-key"), KeyRing: myKeyRing.ID(), }) if err != nil { return err } return nil }) }
```
Next, encrypt some sensitive information and use the encrypted data in your resource definitions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { myPassword, err := kms.GetKMSSecretCiphertext(ctx, &kms.GetKMSSecretCiphertextArgs{ CryptoKey: myCryptoKey.Id, Plaintext: "my-secret-password", }, nil) if err != nil { return err } _, err = compute.NewInstance(ctx, "instance", &compute.InstanceArgs{ NetworkInterfaces: compute.InstanceNetworkInterfaceArray{ &compute.InstanceNetworkInterfaceArgs{ AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{ &compute.InstanceNetworkInterfaceAccessConfigArgs{}, }, Network: pulumi.String("default"), }, }, Name: pulumi.String("test"), MachineType: pulumi.String("e2-medium"), Zone: pulumi.String("us-central1-a"), BootDisk: &compute.InstanceBootDiskArgs{ InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{ Image: pulumi.String("debian-cloud/debian-11"), }, }, Metadata: pulumi.StringMap{ "password": pulumi.String(myPassword.Ciphertext), }, }) if err != nil { return err } return nil }) }
```
The resulting instance can then access the encrypted password from its metadata and decrypt it, e.g. using the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/decrypt)):
type GetKMSSecretCiphertextResultOutput ¶
type GetKMSSecretCiphertextResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getKMSSecretCiphertext.
func GetKMSSecretCiphertextOutput ¶
func GetKMSSecretCiphertextOutput(ctx *pulumi.Context, args GetKMSSecretCiphertextOutputArgs, opts ...pulumi.InvokeOption) GetKMSSecretCiphertextResultOutput
func (GetKMSSecretCiphertextResultOutput) Ciphertext ¶
func (o GetKMSSecretCiphertextResultOutput) Ciphertext() pulumi.StringOutput
Contains the result of encrypting the provided plaintext, encoded in base64.
func (GetKMSSecretCiphertextResultOutput) CryptoKey ¶
func (o GetKMSSecretCiphertextResultOutput) CryptoKey() pulumi.StringOutput
func (GetKMSSecretCiphertextResultOutput) ElementType ¶
func (GetKMSSecretCiphertextResultOutput) ElementType() reflect.Type
func (GetKMSSecretCiphertextResultOutput) Id ¶
func (o GetKMSSecretCiphertextResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetKMSSecretCiphertextResultOutput) Plaintext ¶
func (o GetKMSSecretCiphertextResultOutput) Plaintext() pulumi.StringOutput
func (GetKMSSecretCiphertextResultOutput) ToGetKMSSecretCiphertextResultOutput ¶
func (o GetKMSSecretCiphertextResultOutput) ToGetKMSSecretCiphertextResultOutput() GetKMSSecretCiphertextResultOutput
func (GetKMSSecretCiphertextResultOutput) ToGetKMSSecretCiphertextResultOutputWithContext ¶
func (o GetKMSSecretCiphertextResultOutput) ToGetKMSSecretCiphertextResultOutputWithContext(ctx context.Context) GetKMSSecretCiphertextResultOutput
type GetKMSSecretOutputArgs ¶
type GetKMSSecretOutputArgs struct { // The [additional authenticated data](https://cloud.google.com/kms/docs/additional-authenticated-data) used for integrity checks during encryption and decryption. AdditionalAuthenticatedData pulumi.StringPtrInput `pulumi:"additionalAuthenticatedData"` // The ciphertext to be decrypted, encoded in base64 Ciphertext pulumi.StringInput `pulumi:"ciphertext"` // The id of the CryptoKey that will be used to // decrypt the provided ciphertext. This is represented by the format // `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`. CryptoKey pulumi.StringInput `pulumi:"cryptoKey"` }
A collection of arguments for invoking getKMSSecret.
func (GetKMSSecretOutputArgs) ElementType ¶
func (GetKMSSecretOutputArgs) ElementType() reflect.Type
type GetKMSSecretResult ¶
type GetKMSSecretResult struct { AdditionalAuthenticatedData *string `pulumi:"additionalAuthenticatedData"` Ciphertext string `pulumi:"ciphertext"` CryptoKey string `pulumi:"cryptoKey"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // Contains the result of decrypting the provided ciphertext. Plaintext string `pulumi:"plaintext"` }
A collection of values returned by getKMSSecret.
func GetKMSSecret ¶
func GetKMSSecret(ctx *pulumi.Context, args *GetKMSSecretArgs, opts ...pulumi.InvokeOption) (*GetKMSSecretResult, error)
This data source allows you to use data encrypted with Google Cloud KMS within your resource definitions.
For more information see [the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).
> **NOTE:** Using this data provider will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.
## Example Usage
First, create a KMS KeyRing and CryptoKey using the resource definitions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { myKeyRing, err := kms.NewKeyRing(ctx, "my_key_ring", &kms.KeyRingArgs{ Project: pulumi.String("my-project"), Name: pulumi.String("my-key-ring"), Location: pulumi.String("us-central1"), }) if err != nil { return err } _, err = kms.NewCryptoKey(ctx, "my_crypto_key", &kms.CryptoKeyArgs{ Name: pulumi.String("my-crypto-key"), KeyRing: myKeyRing.ID(), }) if err != nil { return err } return nil }) }
```
Next, use the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/encrypt) to encrypt some sensitive information:
Finally, reference the encrypted ciphertext in your resource definitions:
```go package main
import (
"fmt" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/sql" "github.com/pulumi/pulumi-random/sdk/v4/go/random" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { sqlUserPassword, err := kms.GetKMSSecret(ctx, &kms.GetKMSSecretArgs{ CryptoKey: myCryptoKey.Id, Ciphertext: "CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=", }, nil) if err != nil { return err } dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{ ByteLength: pulumi.Int(4), }) if err != nil { return err } main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{ Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) { return fmt.Sprintf("main-instance-%v", hex), nil }).(pulumi.StringOutput), DatabaseVersion: pulumi.String("MYSQL_5_7"), Settings: &sql.DatabaseInstanceSettingsArgs{ Tier: pulumi.String("db-f1-micro"), }, }) if err != nil { return err } _, err = sql.NewUser(ctx, "users", &sql.UserArgs{ Name: pulumi.String("me"), Instance: main.Name, Host: pulumi.String("me.com"), Password: pulumi.String(sqlUserPassword.Plaintext), }) if err != nil { return err } return nil }) }
```
This will result in a Cloud SQL user being created with password `my-secret-password`.
type GetKMSSecretResultOutput ¶
type GetKMSSecretResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getKMSSecret.
func GetKMSSecretOutput ¶
func GetKMSSecretOutput(ctx *pulumi.Context, args GetKMSSecretOutputArgs, opts ...pulumi.InvokeOption) GetKMSSecretResultOutput
func (GetKMSSecretResultOutput) AdditionalAuthenticatedData ¶
func (o GetKMSSecretResultOutput) AdditionalAuthenticatedData() pulumi.StringPtrOutput
func (GetKMSSecretResultOutput) Ciphertext ¶
func (o GetKMSSecretResultOutput) Ciphertext() pulumi.StringOutput
func (GetKMSSecretResultOutput) CryptoKey ¶
func (o GetKMSSecretResultOutput) CryptoKey() pulumi.StringOutput
func (GetKMSSecretResultOutput) ElementType ¶
func (GetKMSSecretResultOutput) ElementType() reflect.Type
func (GetKMSSecretResultOutput) Id ¶
func (o GetKMSSecretResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetKMSSecretResultOutput) Plaintext ¶
func (o GetKMSSecretResultOutput) Plaintext() pulumi.StringOutput
Contains the result of decrypting the provided ciphertext.
func (GetKMSSecretResultOutput) ToGetKMSSecretResultOutput ¶
func (o GetKMSSecretResultOutput) ToGetKMSSecretResultOutput() GetKMSSecretResultOutput
func (GetKMSSecretResultOutput) ToGetKMSSecretResultOutputWithContext ¶
func (o GetKMSSecretResultOutput) ToGetKMSSecretResultOutputWithContext(ctx context.Context) GetKMSSecretResultOutput
type GetKeyRingIamPolicyArgs ¶
type GetKeyRingIamPolicyArgs struct { // The key ring ID, in the form // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. KeyRingId string `pulumi:"keyRingId"` }
A collection of arguments for invoking getKeyRingIamPolicy.
type GetKeyRingIamPolicyOutputArgs ¶
type GetKeyRingIamPolicyOutputArgs struct { // The key ring ID, in the form // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. KeyRingId pulumi.StringInput `pulumi:"keyRingId"` }
A collection of arguments for invoking getKeyRingIamPolicy.
func (GetKeyRingIamPolicyOutputArgs) ElementType ¶
func (GetKeyRingIamPolicyOutputArgs) ElementType() reflect.Type
type GetKeyRingIamPolicyResult ¶
type GetKeyRingIamPolicyResult struct { // (Computed) The etag of the IAM policy. Etag string `pulumi:"etag"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` KeyRingId string `pulumi:"keyRingId"` // (Computed) The policy data PolicyData string `pulumi:"policyData"` }
A collection of values returned by getKeyRingIamPolicy.
func GetKeyRingIamPolicy ¶
func GetKeyRingIamPolicy(ctx *pulumi.Context, args *GetKeyRingIamPolicyArgs, opts ...pulumi.InvokeOption) (*GetKeyRingIamPolicyResult, error)
Retrieves the current IAM policy data for a Google Cloud KMS key ring.
## example
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.GetKeyRingIamPolicy(ctx, &kms.GetKeyRingIamPolicyArgs{ KeyRingId: "{project_id}/{location_name}/{key_ring_name}", }, nil) if err != nil { return err } return nil }) }
```
type GetKeyRingIamPolicyResultOutput ¶
type GetKeyRingIamPolicyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getKeyRingIamPolicy.
func GetKeyRingIamPolicyOutput ¶
func GetKeyRingIamPolicyOutput(ctx *pulumi.Context, args GetKeyRingIamPolicyOutputArgs, opts ...pulumi.InvokeOption) GetKeyRingIamPolicyResultOutput
func (GetKeyRingIamPolicyResultOutput) ElementType ¶
func (GetKeyRingIamPolicyResultOutput) ElementType() reflect.Type
func (GetKeyRingIamPolicyResultOutput) Etag ¶
func (o GetKeyRingIamPolicyResultOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (GetKeyRingIamPolicyResultOutput) Id ¶
func (o GetKeyRingIamPolicyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetKeyRingIamPolicyResultOutput) KeyRingId ¶
func (o GetKeyRingIamPolicyResultOutput) KeyRingId() pulumi.StringOutput
func (GetKeyRingIamPolicyResultOutput) PolicyData ¶
func (o GetKeyRingIamPolicyResultOutput) PolicyData() pulumi.StringOutput
(Computed) The policy data
func (GetKeyRingIamPolicyResultOutput) ToGetKeyRingIamPolicyResultOutput ¶
func (o GetKeyRingIamPolicyResultOutput) ToGetKeyRingIamPolicyResultOutput() GetKeyRingIamPolicyResultOutput
func (GetKeyRingIamPolicyResultOutput) ToGetKeyRingIamPolicyResultOutputWithContext ¶
func (o GetKeyRingIamPolicyResultOutput) ToGetKeyRingIamPolicyResultOutputWithContext(ctx context.Context) GetKeyRingIamPolicyResultOutput
type GetKeyRingsArgs ¶
type GetKeyRingsArgs struct { Filter *string `pulumi:"filter"` Location string `pulumi:"location"` Project *string `pulumi:"project"` }
A collection of arguments for invoking getKeyRings.
type GetKeyRingsKeyRing ¶
type GetKeyRingsKeyRingArgs ¶
type GetKeyRingsKeyRingArgs struct { Id pulumi.StringInput `pulumi:"id"` Name pulumi.StringInput `pulumi:"name"` }
func (GetKeyRingsKeyRingArgs) ElementType ¶
func (GetKeyRingsKeyRingArgs) ElementType() reflect.Type
func (GetKeyRingsKeyRingArgs) ToGetKeyRingsKeyRingOutput ¶
func (i GetKeyRingsKeyRingArgs) ToGetKeyRingsKeyRingOutput() GetKeyRingsKeyRingOutput
func (GetKeyRingsKeyRingArgs) ToGetKeyRingsKeyRingOutputWithContext ¶
func (i GetKeyRingsKeyRingArgs) ToGetKeyRingsKeyRingOutputWithContext(ctx context.Context) GetKeyRingsKeyRingOutput
type GetKeyRingsKeyRingArray ¶
type GetKeyRingsKeyRingArray []GetKeyRingsKeyRingInput
func (GetKeyRingsKeyRingArray) ElementType ¶
func (GetKeyRingsKeyRingArray) ElementType() reflect.Type
func (GetKeyRingsKeyRingArray) ToGetKeyRingsKeyRingArrayOutput ¶
func (i GetKeyRingsKeyRingArray) ToGetKeyRingsKeyRingArrayOutput() GetKeyRingsKeyRingArrayOutput
func (GetKeyRingsKeyRingArray) ToGetKeyRingsKeyRingArrayOutputWithContext ¶
func (i GetKeyRingsKeyRingArray) ToGetKeyRingsKeyRingArrayOutputWithContext(ctx context.Context) GetKeyRingsKeyRingArrayOutput
type GetKeyRingsKeyRingArrayInput ¶
type GetKeyRingsKeyRingArrayInput interface { pulumi.Input ToGetKeyRingsKeyRingArrayOutput() GetKeyRingsKeyRingArrayOutput ToGetKeyRingsKeyRingArrayOutputWithContext(context.Context) GetKeyRingsKeyRingArrayOutput }
GetKeyRingsKeyRingArrayInput is an input type that accepts GetKeyRingsKeyRingArray and GetKeyRingsKeyRingArrayOutput values. You can construct a concrete instance of `GetKeyRingsKeyRingArrayInput` via:
GetKeyRingsKeyRingArray{ GetKeyRingsKeyRingArgs{...} }
type GetKeyRingsKeyRingArrayOutput ¶
type GetKeyRingsKeyRingArrayOutput struct{ *pulumi.OutputState }
func (GetKeyRingsKeyRingArrayOutput) ElementType ¶
func (GetKeyRingsKeyRingArrayOutput) ElementType() reflect.Type
func (GetKeyRingsKeyRingArrayOutput) Index ¶
func (o GetKeyRingsKeyRingArrayOutput) Index(i pulumi.IntInput) GetKeyRingsKeyRingOutput
func (GetKeyRingsKeyRingArrayOutput) ToGetKeyRingsKeyRingArrayOutput ¶
func (o GetKeyRingsKeyRingArrayOutput) ToGetKeyRingsKeyRingArrayOutput() GetKeyRingsKeyRingArrayOutput
func (GetKeyRingsKeyRingArrayOutput) ToGetKeyRingsKeyRingArrayOutputWithContext ¶
func (o GetKeyRingsKeyRingArrayOutput) ToGetKeyRingsKeyRingArrayOutputWithContext(ctx context.Context) GetKeyRingsKeyRingArrayOutput
type GetKeyRingsKeyRingInput ¶
type GetKeyRingsKeyRingInput interface { pulumi.Input ToGetKeyRingsKeyRingOutput() GetKeyRingsKeyRingOutput ToGetKeyRingsKeyRingOutputWithContext(context.Context) GetKeyRingsKeyRingOutput }
GetKeyRingsKeyRingInput is an input type that accepts GetKeyRingsKeyRingArgs and GetKeyRingsKeyRingOutput values. You can construct a concrete instance of `GetKeyRingsKeyRingInput` via:
GetKeyRingsKeyRingArgs{...}
type GetKeyRingsKeyRingOutput ¶
type GetKeyRingsKeyRingOutput struct{ *pulumi.OutputState }
func (GetKeyRingsKeyRingOutput) ElementType ¶
func (GetKeyRingsKeyRingOutput) ElementType() reflect.Type
func (GetKeyRingsKeyRingOutput) Id ¶
func (o GetKeyRingsKeyRingOutput) Id() pulumi.StringOutput
func (GetKeyRingsKeyRingOutput) Name ¶
func (o GetKeyRingsKeyRingOutput) Name() pulumi.StringOutput
func (GetKeyRingsKeyRingOutput) ToGetKeyRingsKeyRingOutput ¶
func (o GetKeyRingsKeyRingOutput) ToGetKeyRingsKeyRingOutput() GetKeyRingsKeyRingOutput
func (GetKeyRingsKeyRingOutput) ToGetKeyRingsKeyRingOutputWithContext ¶
func (o GetKeyRingsKeyRingOutput) ToGetKeyRingsKeyRingOutputWithContext(ctx context.Context) GetKeyRingsKeyRingOutput
type GetKeyRingsOutputArgs ¶
type GetKeyRingsOutputArgs struct { Filter pulumi.StringPtrInput `pulumi:"filter"` Location pulumi.StringInput `pulumi:"location"` Project pulumi.StringPtrInput `pulumi:"project"` }
A collection of arguments for invoking getKeyRings.
func (GetKeyRingsOutputArgs) ElementType ¶
func (GetKeyRingsOutputArgs) ElementType() reflect.Type
type GetKeyRingsResult ¶
type GetKeyRingsResult struct { Filter *string `pulumi:"filter"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` KeyRings []GetKeyRingsKeyRing `pulumi:"keyRings"` Location string `pulumi:"location"` Project *string `pulumi:"project"` }
A collection of values returned by getKeyRings.
func GetKeyRings ¶
func GetKeyRings(ctx *pulumi.Context, args *GetKeyRingsArgs, opts ...pulumi.InvokeOption) (*GetKeyRingsResult, error)
type GetKeyRingsResultOutput ¶
type GetKeyRingsResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getKeyRings.
func GetKeyRingsOutput ¶
func GetKeyRingsOutput(ctx *pulumi.Context, args GetKeyRingsOutputArgs, opts ...pulumi.InvokeOption) GetKeyRingsResultOutput
func (GetKeyRingsResultOutput) ElementType ¶
func (GetKeyRingsResultOutput) ElementType() reflect.Type
func (GetKeyRingsResultOutput) Filter ¶
func (o GetKeyRingsResultOutput) Filter() pulumi.StringPtrOutput
func (GetKeyRingsResultOutput) Id ¶
func (o GetKeyRingsResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetKeyRingsResultOutput) KeyRings ¶
func (o GetKeyRingsResultOutput) KeyRings() GetKeyRingsKeyRingArrayOutput
func (GetKeyRingsResultOutput) Location ¶
func (o GetKeyRingsResultOutput) Location() pulumi.StringOutput
func (GetKeyRingsResultOutput) Project ¶
func (o GetKeyRingsResultOutput) Project() pulumi.StringPtrOutput
func (GetKeyRingsResultOutput) ToGetKeyRingsResultOutput ¶
func (o GetKeyRingsResultOutput) ToGetKeyRingsResultOutput() GetKeyRingsResultOutput
func (GetKeyRingsResultOutput) ToGetKeyRingsResultOutputWithContext ¶
func (o GetKeyRingsResultOutput) ToGetKeyRingsResultOutputWithContext(ctx context.Context) GetKeyRingsResultOutput
type KeyHandle ¶
type KeyHandle struct { pulumi.CustomResourceState // A reference to a Cloud KMS CryptoKey that can be used for CMEK in the requested // product/project/location, for example // `projects/1/locations/us-east1/keyRings/foo/cryptoKeys/bar-ffffff` KmsKey pulumi.StringOutput `pulumi:"kmsKey"` // The location for the KeyHandle. // A full list of valid locations can be found by running `gcloud kms locations list`. // // *** Location pulumi.StringOutput `pulumi:"location"` // The resource name for the KeyHandle. Name pulumi.StringOutput `pulumi:"name"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // Selector of the resource type where we want to protect resources. // For example, `storage.googleapis.com/Bucket`. ResourceTypeSelector pulumi.StringOutput `pulumi:"resourceTypeSelector"` }
## Example Usage
### Kms Key Handle Basic
```go package main
import (
"fmt" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects" "github.com/pulumi/pulumi-time/sdk/go/time" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { // Create Folder in GCP Organization autokmsFolder, err := organizations.NewFolder(ctx, "autokms_folder", &organizations.FolderArgs{ DisplayName: pulumi.String("my-folder"), Parent: pulumi.String("organizations/123456789"), DeletionProtection: pulumi.Bool(false), }) if err != nil { return err } // Create the key project keyProject, err := organizations.NewProject(ctx, "key_project", &organizations.ProjectArgs{ ProjectId: pulumi.String("key-proj"), Name: pulumi.String("key-proj"), FolderId: autokmsFolder.FolderId, BillingAccount: pulumi.String("000000-0000000-0000000-000000"), DeletionPolicy: pulumi.String("DELETE"), }, pulumi.DependsOn([]pulumi.Resource{ autokmsFolder, })) if err != nil { return err } // Create the resource project resourceProject, err := organizations.NewProject(ctx, "resource_project", &organizations.ProjectArgs{ ProjectId: pulumi.String("res-proj"), Name: pulumi.String("res-proj"), FolderId: autokmsFolder.FolderId, BillingAccount: pulumi.String("000000-0000000-0000000-000000"), DeletionPolicy: pulumi.String("DELETE"), }, pulumi.DependsOn([]pulumi.Resource{ autokmsFolder, })) if err != nil { return err } // Enable the Cloud KMS API kmsApiService, err := projects.NewService(ctx, "kms_api_service", &projects.ServiceArgs{ Service: pulumi.String("cloudkms.googleapis.com"), Project: keyProject.ProjectId, DisableOnDestroy: pulumi.Bool(false), DisableDependentServices: pulumi.Bool(true), }, pulumi.DependsOn([]pulumi.Resource{ keyProject, })) if err != nil { return err } // Wait delay after enabling APIs waitEnableServiceApi, err := time.NewSleep(ctx, "wait_enable_service_api", &time.SleepArgs{ CreateDuration: "30s", }, pulumi.DependsOn([]pulumi.Resource{ kmsApiService, })) if err != nil { return err } // Create KMS Service Agent kmsServiceAgent, err := projects.NewServiceIdentity(ctx, "kms_service_agent", &projects.ServiceIdentityArgs{ Service: pulumi.String("cloudkms.googleapis.com"), Project: keyProject.Number, }, pulumi.DependsOn([]pulumi.Resource{ waitEnableServiceApi, })) if err != nil { return err } // Wait delay after creating service agent. waitServiceAgent, err := time.NewSleep(ctx, "wait_service_agent", &time.SleepArgs{ CreateDuration: "10s", }, pulumi.DependsOn([]pulumi.Resource{ kmsServiceAgent, })) if err != nil { return err } // Grant the KMS Service Agent the Cloud KMS Admin role autokeyProjectAdmin, err := projects.NewIAMMember(ctx, "autokey_project_admin", &projects.IAMMemberArgs{ Project: keyProject.ProjectId, Role: pulumi.String("roles/cloudkms.admin"), Member: keyProject.Number.ApplyT(func(number string) (string, error) { return fmt.Sprintf("serviceAccount:service-%v@gcp-sa-cloudkms.iam.gserviceaccount.com", number), nil }).(pulumi.StringOutput), }, pulumi.DependsOn([]pulumi.Resource{ waitServiceAgent, })) if err != nil { return err } // Wait delay after granting IAM permissions waitSrvAccPermissions, err := time.NewSleep(ctx, "wait_srv_acc_permissions", &time.SleepArgs{ CreateDuration: "10s", }, pulumi.DependsOn([]pulumi.Resource{ autokeyProjectAdmin, })) if err != nil { return err } autokeyConfig, err := kms.NewAutokeyConfig(ctx, "autokey_config", &kms.AutokeyConfigArgs{ Folder: autokmsFolder.FolderId, KeyProject: keyProject.ProjectId.ApplyT(func(projectId string) (string, error) { return fmt.Sprintf("projects/%v", projectId), nil }).(pulumi.StringOutput), }, pulumi.DependsOn([]pulumi.Resource{ waitSrvAccPermissions, })) if err != nil { return err } // Wait delay for autokey config to take effect waitAutokeyConfig, err := time.NewSleep(ctx, "wait_autokey_config", &time.SleepArgs{ CreateDuration: "10s", }, pulumi.DependsOn([]pulumi.Resource{ autokeyConfig, })) if err != nil { return err } _, err = kms.NewKeyHandle(ctx, "example-keyhandle", &kms.KeyHandleArgs{ Project: resourceProject.ProjectId, Name: pulumi.String("tf-test-key-handle"), Location: pulumi.String("global"), ResourceTypeSelector: pulumi.String("storage.googleapis.com/Bucket"), }, pulumi.DependsOn([]pulumi.Resource{ waitAutokeyConfig, })) if err != nil { return err } return nil }) }
```
## Import
KeyHandle can be imported using any of these accepted formats:
* `projects/{{project}}/locations/{{location}}/keyHandles/{{name}}`
* `{{project}}/{{location}}/{{name}}`
* `{{location}}/{{name}}`
When using the `pulumi import` command, KeyHandle can be imported using one of the formats above. For example:
```sh $ pulumi import gcp:kms/keyHandle:KeyHandle default projects/{{project}}/locations/{{location}}/keyHandles/{{name}} ```
```sh $ pulumi import gcp:kms/keyHandle:KeyHandle default {{project}}/{{location}}/{{name}} ```
```sh $ pulumi import gcp:kms/keyHandle:KeyHandle default {{location}}/{{name}} ```
func GetKeyHandle ¶
func GetKeyHandle(ctx *pulumi.Context, name string, id pulumi.IDInput, state *KeyHandleState, opts ...pulumi.ResourceOption) (*KeyHandle, error)
GetKeyHandle gets an existing KeyHandle resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewKeyHandle ¶
func NewKeyHandle(ctx *pulumi.Context, name string, args *KeyHandleArgs, opts ...pulumi.ResourceOption) (*KeyHandle, error)
NewKeyHandle registers a new resource with the given unique name, arguments, and options.
func (*KeyHandle) ElementType ¶
func (*KeyHandle) ToKeyHandleOutput ¶
func (i *KeyHandle) ToKeyHandleOutput() KeyHandleOutput
func (*KeyHandle) ToKeyHandleOutputWithContext ¶
func (i *KeyHandle) ToKeyHandleOutputWithContext(ctx context.Context) KeyHandleOutput
type KeyHandleArgs ¶
type KeyHandleArgs struct { // The location for the KeyHandle. // A full list of valid locations can be found by running `gcloud kms locations list`. // // *** Location pulumi.StringInput // The resource name for the KeyHandle. Name pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput // Selector of the resource type where we want to protect resources. // For example, `storage.googleapis.com/Bucket`. ResourceTypeSelector pulumi.StringInput }
The set of arguments for constructing a KeyHandle resource.
func (KeyHandleArgs) ElementType ¶
func (KeyHandleArgs) ElementType() reflect.Type
type KeyHandleArray ¶
type KeyHandleArray []KeyHandleInput
func (KeyHandleArray) ElementType ¶
func (KeyHandleArray) ElementType() reflect.Type
func (KeyHandleArray) ToKeyHandleArrayOutput ¶
func (i KeyHandleArray) ToKeyHandleArrayOutput() KeyHandleArrayOutput
func (KeyHandleArray) ToKeyHandleArrayOutputWithContext ¶
func (i KeyHandleArray) ToKeyHandleArrayOutputWithContext(ctx context.Context) KeyHandleArrayOutput
type KeyHandleArrayInput ¶
type KeyHandleArrayInput interface { pulumi.Input ToKeyHandleArrayOutput() KeyHandleArrayOutput ToKeyHandleArrayOutputWithContext(context.Context) KeyHandleArrayOutput }
KeyHandleArrayInput is an input type that accepts KeyHandleArray and KeyHandleArrayOutput values. You can construct a concrete instance of `KeyHandleArrayInput` via:
KeyHandleArray{ KeyHandleArgs{...} }
type KeyHandleArrayOutput ¶
type KeyHandleArrayOutput struct{ *pulumi.OutputState }
func (KeyHandleArrayOutput) ElementType ¶
func (KeyHandleArrayOutput) ElementType() reflect.Type
func (KeyHandleArrayOutput) Index ¶
func (o KeyHandleArrayOutput) Index(i pulumi.IntInput) KeyHandleOutput
func (KeyHandleArrayOutput) ToKeyHandleArrayOutput ¶
func (o KeyHandleArrayOutput) ToKeyHandleArrayOutput() KeyHandleArrayOutput
func (KeyHandleArrayOutput) ToKeyHandleArrayOutputWithContext ¶
func (o KeyHandleArrayOutput) ToKeyHandleArrayOutputWithContext(ctx context.Context) KeyHandleArrayOutput
type KeyHandleInput ¶
type KeyHandleInput interface { pulumi.Input ToKeyHandleOutput() KeyHandleOutput ToKeyHandleOutputWithContext(ctx context.Context) KeyHandleOutput }
type KeyHandleMap ¶
type KeyHandleMap map[string]KeyHandleInput
func (KeyHandleMap) ElementType ¶
func (KeyHandleMap) ElementType() reflect.Type
func (KeyHandleMap) ToKeyHandleMapOutput ¶
func (i KeyHandleMap) ToKeyHandleMapOutput() KeyHandleMapOutput
func (KeyHandleMap) ToKeyHandleMapOutputWithContext ¶
func (i KeyHandleMap) ToKeyHandleMapOutputWithContext(ctx context.Context) KeyHandleMapOutput
type KeyHandleMapInput ¶
type KeyHandleMapInput interface { pulumi.Input ToKeyHandleMapOutput() KeyHandleMapOutput ToKeyHandleMapOutputWithContext(context.Context) KeyHandleMapOutput }
KeyHandleMapInput is an input type that accepts KeyHandleMap and KeyHandleMapOutput values. You can construct a concrete instance of `KeyHandleMapInput` via:
KeyHandleMap{ "key": KeyHandleArgs{...} }
type KeyHandleMapOutput ¶
type KeyHandleMapOutput struct{ *pulumi.OutputState }
func (KeyHandleMapOutput) ElementType ¶
func (KeyHandleMapOutput) ElementType() reflect.Type
func (KeyHandleMapOutput) MapIndex ¶
func (o KeyHandleMapOutput) MapIndex(k pulumi.StringInput) KeyHandleOutput
func (KeyHandleMapOutput) ToKeyHandleMapOutput ¶
func (o KeyHandleMapOutput) ToKeyHandleMapOutput() KeyHandleMapOutput
func (KeyHandleMapOutput) ToKeyHandleMapOutputWithContext ¶
func (o KeyHandleMapOutput) ToKeyHandleMapOutputWithContext(ctx context.Context) KeyHandleMapOutput
type KeyHandleOutput ¶
type KeyHandleOutput struct{ *pulumi.OutputState }
func (KeyHandleOutput) ElementType ¶
func (KeyHandleOutput) ElementType() reflect.Type
func (KeyHandleOutput) KmsKey ¶
func (o KeyHandleOutput) KmsKey() pulumi.StringOutput
A reference to a Cloud KMS CryptoKey that can be used for CMEK in the requested product/project/location, for example `projects/1/locations/us-east1/keyRings/foo/cryptoKeys/bar-ffffff`
func (KeyHandleOutput) Location ¶
func (o KeyHandleOutput) Location() pulumi.StringOutput
The location for the KeyHandle. A full list of valid locations can be found by running `gcloud kms locations list`.
***
func (KeyHandleOutput) Name ¶
func (o KeyHandleOutput) Name() pulumi.StringOutput
The resource name for the KeyHandle.
func (KeyHandleOutput) Project ¶
func (o KeyHandleOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
func (KeyHandleOutput) ResourceTypeSelector ¶
func (o KeyHandleOutput) ResourceTypeSelector() pulumi.StringOutput
Selector of the resource type where we want to protect resources. For example, `storage.googleapis.com/Bucket`.
func (KeyHandleOutput) ToKeyHandleOutput ¶
func (o KeyHandleOutput) ToKeyHandleOutput() KeyHandleOutput
func (KeyHandleOutput) ToKeyHandleOutputWithContext ¶
func (o KeyHandleOutput) ToKeyHandleOutputWithContext(ctx context.Context) KeyHandleOutput
type KeyHandleState ¶
type KeyHandleState struct { // A reference to a Cloud KMS CryptoKey that can be used for CMEK in the requested // product/project/location, for example // `projects/1/locations/us-east1/keyRings/foo/cryptoKeys/bar-ffffff` KmsKey pulumi.StringPtrInput // The location for the KeyHandle. // A full list of valid locations can be found by running `gcloud kms locations list`. // // *** Location pulumi.StringPtrInput // The resource name for the KeyHandle. Name pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput // Selector of the resource type where we want to protect resources. // For example, `storage.googleapis.com/Bucket`. ResourceTypeSelector pulumi.StringPtrInput }
func (KeyHandleState) ElementType ¶
func (KeyHandleState) ElementType() reflect.Type
type KeyRing ¶
type KeyRing struct { pulumi.CustomResourceState // The location for the KeyRing. // A full list of valid locations can be found by running `gcloud kms locations list`. // // *** Location pulumi.StringOutput `pulumi:"location"` // The resource name for the KeyRing. Name pulumi.StringOutput `pulumi:"name"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` }
A `KeyRing` is a toplevel logical grouping of `CryptoKeys`.
> **Note:** KeyRings cannot be deleted from Google Cloud Platform. Destroying a provider-managed KeyRing will remove it from state but *will not delete the resource from the project.*
To get more information about KeyRing, see:
* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings) * How-to Guides
- [Creating a key ring](https://cloud.google.com/kms/docs/creating-keys#create_a_key_ring)
## Example Usage
### Kms Key Ring Basic
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRing(ctx, "example-keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } return nil }) }
```
## Import
KeyRing can be imported using any of these accepted formats:
* `projects/{{project}}/locations/{{location}}/keyRings/{{name}}`
* `{{project}}/{{location}}/{{name}}`
* `{{location}}/{{name}}`
When using the `pulumi import` command, KeyRing can be imported using one of the formats above. For example:
```sh $ pulumi import gcp:kms/keyRing:KeyRing default projects/{{project}}/locations/{{location}}/keyRings/{{name}} ```
```sh $ pulumi import gcp:kms/keyRing:KeyRing default {{project}}/{{location}}/{{name}} ```
```sh $ pulumi import gcp:kms/keyRing:KeyRing default {{location}}/{{name}} ```
func GetKeyRing ¶
func GetKeyRing(ctx *pulumi.Context, name string, id pulumi.IDInput, state *KeyRingState, opts ...pulumi.ResourceOption) (*KeyRing, error)
GetKeyRing gets an existing KeyRing resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewKeyRing ¶
func NewKeyRing(ctx *pulumi.Context, name string, args *KeyRingArgs, opts ...pulumi.ResourceOption) (*KeyRing, error)
NewKeyRing registers a new resource with the given unique name, arguments, and options.
func (*KeyRing) ElementType ¶
func (*KeyRing) ToKeyRingOutput ¶
func (i *KeyRing) ToKeyRingOutput() KeyRingOutput
func (*KeyRing) ToKeyRingOutputWithContext ¶
func (i *KeyRing) ToKeyRingOutputWithContext(ctx context.Context) KeyRingOutput
type KeyRingArgs ¶
type KeyRingArgs struct { // The location for the KeyRing. // A full list of valid locations can be found by running `gcloud kms locations list`. // // *** Location pulumi.StringInput // The resource name for the KeyRing. Name pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput }
The set of arguments for constructing a KeyRing resource.
func (KeyRingArgs) ElementType ¶
func (KeyRingArgs) ElementType() reflect.Type
type KeyRingArray ¶
type KeyRingArray []KeyRingInput
func (KeyRingArray) ElementType ¶
func (KeyRingArray) ElementType() reflect.Type
func (KeyRingArray) ToKeyRingArrayOutput ¶
func (i KeyRingArray) ToKeyRingArrayOutput() KeyRingArrayOutput
func (KeyRingArray) ToKeyRingArrayOutputWithContext ¶
func (i KeyRingArray) ToKeyRingArrayOutputWithContext(ctx context.Context) KeyRingArrayOutput
type KeyRingArrayInput ¶
type KeyRingArrayInput interface { pulumi.Input ToKeyRingArrayOutput() KeyRingArrayOutput ToKeyRingArrayOutputWithContext(context.Context) KeyRingArrayOutput }
KeyRingArrayInput is an input type that accepts KeyRingArray and KeyRingArrayOutput values. You can construct a concrete instance of `KeyRingArrayInput` via:
KeyRingArray{ KeyRingArgs{...} }
type KeyRingArrayOutput ¶
type KeyRingArrayOutput struct{ *pulumi.OutputState }
func (KeyRingArrayOutput) ElementType ¶
func (KeyRingArrayOutput) ElementType() reflect.Type
func (KeyRingArrayOutput) Index ¶
func (o KeyRingArrayOutput) Index(i pulumi.IntInput) KeyRingOutput
func (KeyRingArrayOutput) ToKeyRingArrayOutput ¶
func (o KeyRingArrayOutput) ToKeyRingArrayOutput() KeyRingArrayOutput
func (KeyRingArrayOutput) ToKeyRingArrayOutputWithContext ¶
func (o KeyRingArrayOutput) ToKeyRingArrayOutputWithContext(ctx context.Context) KeyRingArrayOutput
type KeyRingIAMBinding ¶
type KeyRingIAMBinding struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition KeyRingIAMBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the key ring's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The key ring ID, in the form // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. KeyRingId pulumi.StringOutput `pulumi:"keyRingId"` // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:
* `kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached. * `kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved. * `kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.
> **Note:** `kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `kms.KeyRingIAMBinding` and `kms.KeyRingIAMMember` or they will fight over what your policy should be.
> **Note:** `kms.KeyRingIAMBinding` resources **can be** used in conjunction with `kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.
## kms.KeyRingIAMPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/editor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{ KeyRingId: keyring.ID(), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/editor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{ KeyRingId: keyring.ID(), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
## kms.KeyRingIAMBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.KeyRingIAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## kms.KeyRingIAMMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.KeyRingIAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## kms.KeyRingIAMBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.KeyRingIAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## kms.KeyRingIAMMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.KeyRingIAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
### Importing IAM policies
IAM policy imports use the identifier of the Cloud KMS key ring only. For example:
* `{{project_id}}/{{location}}/{{key_ring_name}}`
An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:
tf
import {
id = "{{project_id}}/{{location}}/{{key_ring_name}}" to = google_kms_key_ring_iam_policy.default
}
The `pulumi import` command can also be used:
```sh $ pulumi import gcp:kms/keyRingIAMBinding:KeyRingIAMBinding default {{project_id}}/{{location}}/{{key_ring_name}} ```
func GetKeyRingIAMBinding ¶
func GetKeyRingIAMBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *KeyRingIAMBindingState, opts ...pulumi.ResourceOption) (*KeyRingIAMBinding, error)
GetKeyRingIAMBinding gets an existing KeyRingIAMBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewKeyRingIAMBinding ¶
func NewKeyRingIAMBinding(ctx *pulumi.Context, name string, args *KeyRingIAMBindingArgs, opts ...pulumi.ResourceOption) (*KeyRingIAMBinding, error)
NewKeyRingIAMBinding registers a new resource with the given unique name, arguments, and options.
func (*KeyRingIAMBinding) ElementType ¶
func (*KeyRingIAMBinding) ElementType() reflect.Type
func (*KeyRingIAMBinding) ToKeyRingIAMBindingOutput ¶
func (i *KeyRingIAMBinding) ToKeyRingIAMBindingOutput() KeyRingIAMBindingOutput
func (*KeyRingIAMBinding) ToKeyRingIAMBindingOutputWithContext ¶
func (i *KeyRingIAMBinding) ToKeyRingIAMBindingOutputWithContext(ctx context.Context) KeyRingIAMBindingOutput
type KeyRingIAMBindingArgs ¶
type KeyRingIAMBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition KeyRingIAMBindingConditionPtrInput // The key ring ID, in the form // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. KeyRingId pulumi.StringInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayInput // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a KeyRingIAMBinding resource.
func (KeyRingIAMBindingArgs) ElementType ¶
func (KeyRingIAMBindingArgs) ElementType() reflect.Type
type KeyRingIAMBindingArray ¶
type KeyRingIAMBindingArray []KeyRingIAMBindingInput
func (KeyRingIAMBindingArray) ElementType ¶
func (KeyRingIAMBindingArray) ElementType() reflect.Type
func (KeyRingIAMBindingArray) ToKeyRingIAMBindingArrayOutput ¶
func (i KeyRingIAMBindingArray) ToKeyRingIAMBindingArrayOutput() KeyRingIAMBindingArrayOutput
func (KeyRingIAMBindingArray) ToKeyRingIAMBindingArrayOutputWithContext ¶
func (i KeyRingIAMBindingArray) ToKeyRingIAMBindingArrayOutputWithContext(ctx context.Context) KeyRingIAMBindingArrayOutput
type KeyRingIAMBindingArrayInput ¶
type KeyRingIAMBindingArrayInput interface { pulumi.Input ToKeyRingIAMBindingArrayOutput() KeyRingIAMBindingArrayOutput ToKeyRingIAMBindingArrayOutputWithContext(context.Context) KeyRingIAMBindingArrayOutput }
KeyRingIAMBindingArrayInput is an input type that accepts KeyRingIAMBindingArray and KeyRingIAMBindingArrayOutput values. You can construct a concrete instance of `KeyRingIAMBindingArrayInput` via:
KeyRingIAMBindingArray{ KeyRingIAMBindingArgs{...} }
type KeyRingIAMBindingArrayOutput ¶
type KeyRingIAMBindingArrayOutput struct{ *pulumi.OutputState }
func (KeyRingIAMBindingArrayOutput) ElementType ¶
func (KeyRingIAMBindingArrayOutput) ElementType() reflect.Type
func (KeyRingIAMBindingArrayOutput) Index ¶
func (o KeyRingIAMBindingArrayOutput) Index(i pulumi.IntInput) KeyRingIAMBindingOutput
func (KeyRingIAMBindingArrayOutput) ToKeyRingIAMBindingArrayOutput ¶
func (o KeyRingIAMBindingArrayOutput) ToKeyRingIAMBindingArrayOutput() KeyRingIAMBindingArrayOutput
func (KeyRingIAMBindingArrayOutput) ToKeyRingIAMBindingArrayOutputWithContext ¶
func (o KeyRingIAMBindingArrayOutput) ToKeyRingIAMBindingArrayOutputWithContext(ctx context.Context) KeyRingIAMBindingArrayOutput
type KeyRingIAMBindingCondition ¶
type KeyRingIAMBindingCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type KeyRingIAMBindingConditionArgs ¶
type KeyRingIAMBindingConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (KeyRingIAMBindingConditionArgs) ElementType ¶
func (KeyRingIAMBindingConditionArgs) ElementType() reflect.Type
func (KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionOutput ¶
func (i KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionOutput() KeyRingIAMBindingConditionOutput
func (KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionOutputWithContext ¶
func (i KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionOutput
func (KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionPtrOutput ¶
func (i KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionPtrOutput() KeyRingIAMBindingConditionPtrOutput
func (KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionPtrOutputWithContext ¶
func (i KeyRingIAMBindingConditionArgs) ToKeyRingIAMBindingConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionPtrOutput
type KeyRingIAMBindingConditionInput ¶
type KeyRingIAMBindingConditionInput interface { pulumi.Input ToKeyRingIAMBindingConditionOutput() KeyRingIAMBindingConditionOutput ToKeyRingIAMBindingConditionOutputWithContext(context.Context) KeyRingIAMBindingConditionOutput }
KeyRingIAMBindingConditionInput is an input type that accepts KeyRingIAMBindingConditionArgs and KeyRingIAMBindingConditionOutput values. You can construct a concrete instance of `KeyRingIAMBindingConditionInput` via:
KeyRingIAMBindingConditionArgs{...}
type KeyRingIAMBindingConditionOutput ¶
type KeyRingIAMBindingConditionOutput struct{ *pulumi.OutputState }
func (KeyRingIAMBindingConditionOutput) Description ¶
func (o KeyRingIAMBindingConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (KeyRingIAMBindingConditionOutput) ElementType ¶
func (KeyRingIAMBindingConditionOutput) ElementType() reflect.Type
func (KeyRingIAMBindingConditionOutput) Expression ¶
func (o KeyRingIAMBindingConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (KeyRingIAMBindingConditionOutput) Title ¶
func (o KeyRingIAMBindingConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionOutput ¶
func (o KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionOutput() KeyRingIAMBindingConditionOutput
func (KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionOutputWithContext ¶
func (o KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionOutput
func (KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionPtrOutput ¶
func (o KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionPtrOutput() KeyRingIAMBindingConditionPtrOutput
func (KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionPtrOutputWithContext ¶
func (o KeyRingIAMBindingConditionOutput) ToKeyRingIAMBindingConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionPtrOutput
type KeyRingIAMBindingConditionPtrInput ¶
type KeyRingIAMBindingConditionPtrInput interface { pulumi.Input ToKeyRingIAMBindingConditionPtrOutput() KeyRingIAMBindingConditionPtrOutput ToKeyRingIAMBindingConditionPtrOutputWithContext(context.Context) KeyRingIAMBindingConditionPtrOutput }
KeyRingIAMBindingConditionPtrInput is an input type that accepts KeyRingIAMBindingConditionArgs, KeyRingIAMBindingConditionPtr and KeyRingIAMBindingConditionPtrOutput values. You can construct a concrete instance of `KeyRingIAMBindingConditionPtrInput` via:
KeyRingIAMBindingConditionArgs{...} or: nil
func KeyRingIAMBindingConditionPtr ¶
func KeyRingIAMBindingConditionPtr(v *KeyRingIAMBindingConditionArgs) KeyRingIAMBindingConditionPtrInput
type KeyRingIAMBindingConditionPtrOutput ¶
type KeyRingIAMBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (KeyRingIAMBindingConditionPtrOutput) Description ¶
func (o KeyRingIAMBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (KeyRingIAMBindingConditionPtrOutput) Elem ¶
func (o KeyRingIAMBindingConditionPtrOutput) Elem() KeyRingIAMBindingConditionOutput
func (KeyRingIAMBindingConditionPtrOutput) ElementType ¶
func (KeyRingIAMBindingConditionPtrOutput) ElementType() reflect.Type
func (KeyRingIAMBindingConditionPtrOutput) Expression ¶
func (o KeyRingIAMBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (KeyRingIAMBindingConditionPtrOutput) Title ¶
func (o KeyRingIAMBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (KeyRingIAMBindingConditionPtrOutput) ToKeyRingIAMBindingConditionPtrOutput ¶
func (o KeyRingIAMBindingConditionPtrOutput) ToKeyRingIAMBindingConditionPtrOutput() KeyRingIAMBindingConditionPtrOutput
func (KeyRingIAMBindingConditionPtrOutput) ToKeyRingIAMBindingConditionPtrOutputWithContext ¶
func (o KeyRingIAMBindingConditionPtrOutput) ToKeyRingIAMBindingConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMBindingConditionPtrOutput
type KeyRingIAMBindingInput ¶
type KeyRingIAMBindingInput interface { pulumi.Input ToKeyRingIAMBindingOutput() KeyRingIAMBindingOutput ToKeyRingIAMBindingOutputWithContext(ctx context.Context) KeyRingIAMBindingOutput }
type KeyRingIAMBindingMap ¶
type KeyRingIAMBindingMap map[string]KeyRingIAMBindingInput
func (KeyRingIAMBindingMap) ElementType ¶
func (KeyRingIAMBindingMap) ElementType() reflect.Type
func (KeyRingIAMBindingMap) ToKeyRingIAMBindingMapOutput ¶
func (i KeyRingIAMBindingMap) ToKeyRingIAMBindingMapOutput() KeyRingIAMBindingMapOutput
func (KeyRingIAMBindingMap) ToKeyRingIAMBindingMapOutputWithContext ¶
func (i KeyRingIAMBindingMap) ToKeyRingIAMBindingMapOutputWithContext(ctx context.Context) KeyRingIAMBindingMapOutput
type KeyRingIAMBindingMapInput ¶
type KeyRingIAMBindingMapInput interface { pulumi.Input ToKeyRingIAMBindingMapOutput() KeyRingIAMBindingMapOutput ToKeyRingIAMBindingMapOutputWithContext(context.Context) KeyRingIAMBindingMapOutput }
KeyRingIAMBindingMapInput is an input type that accepts KeyRingIAMBindingMap and KeyRingIAMBindingMapOutput values. You can construct a concrete instance of `KeyRingIAMBindingMapInput` via:
KeyRingIAMBindingMap{ "key": KeyRingIAMBindingArgs{...} }
type KeyRingIAMBindingMapOutput ¶
type KeyRingIAMBindingMapOutput struct{ *pulumi.OutputState }
func (KeyRingIAMBindingMapOutput) ElementType ¶
func (KeyRingIAMBindingMapOutput) ElementType() reflect.Type
func (KeyRingIAMBindingMapOutput) MapIndex ¶
func (o KeyRingIAMBindingMapOutput) MapIndex(k pulumi.StringInput) KeyRingIAMBindingOutput
func (KeyRingIAMBindingMapOutput) ToKeyRingIAMBindingMapOutput ¶
func (o KeyRingIAMBindingMapOutput) ToKeyRingIAMBindingMapOutput() KeyRingIAMBindingMapOutput
func (KeyRingIAMBindingMapOutput) ToKeyRingIAMBindingMapOutputWithContext ¶
func (o KeyRingIAMBindingMapOutput) ToKeyRingIAMBindingMapOutputWithContext(ctx context.Context) KeyRingIAMBindingMapOutput
type KeyRingIAMBindingOutput ¶
type KeyRingIAMBindingOutput struct{ *pulumi.OutputState }
func (KeyRingIAMBindingOutput) Condition ¶
func (o KeyRingIAMBindingOutput) Condition() KeyRingIAMBindingConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (KeyRingIAMBindingOutput) ElementType ¶
func (KeyRingIAMBindingOutput) ElementType() reflect.Type
func (KeyRingIAMBindingOutput) Etag ¶
func (o KeyRingIAMBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the key ring's IAM policy.
func (KeyRingIAMBindingOutput) KeyRingId ¶
func (o KeyRingIAMBindingOutput) KeyRingId() pulumi.StringOutput
The key ring ID, in the form `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback.
func (KeyRingIAMBindingOutput) Members ¶
func (o KeyRingIAMBindingOutput) Members() pulumi.StringArrayOutput
Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
func (KeyRingIAMBindingOutput) Role ¶
func (o KeyRingIAMBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (KeyRingIAMBindingOutput) ToKeyRingIAMBindingOutput ¶
func (o KeyRingIAMBindingOutput) ToKeyRingIAMBindingOutput() KeyRingIAMBindingOutput
func (KeyRingIAMBindingOutput) ToKeyRingIAMBindingOutputWithContext ¶
func (o KeyRingIAMBindingOutput) ToKeyRingIAMBindingOutputWithContext(ctx context.Context) KeyRingIAMBindingOutput
type KeyRingIAMBindingState ¶
type KeyRingIAMBindingState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition KeyRingIAMBindingConditionPtrInput // (Computed) The etag of the key ring's IAM policy. Etag pulumi.StringPtrInput // The key ring ID, in the form // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. KeyRingId pulumi.StringPtrInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayInput // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (KeyRingIAMBindingState) ElementType ¶
func (KeyRingIAMBindingState) ElementType() reflect.Type
type KeyRingIAMMember ¶
type KeyRingIAMMember struct { pulumi.CustomResourceState // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition KeyRingIAMMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the key ring's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The key ring ID, in the form // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. KeyRingId pulumi.StringOutput `pulumi:"keyRingId"` // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:
* `kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached. * `kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved. * `kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.
> **Note:** `kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `kms.KeyRingIAMBinding` and `kms.KeyRingIAMMember` or they will fight over what your policy should be.
> **Note:** `kms.KeyRingIAMBinding` resources **can be** used in conjunction with `kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.
## kms.KeyRingIAMPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/editor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{ KeyRingId: keyring.ID(), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/editor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{ KeyRingId: keyring.ID(), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
## kms.KeyRingIAMBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.KeyRingIAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## kms.KeyRingIAMMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.KeyRingIAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## kms.KeyRingIAMBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.KeyRingIAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## kms.KeyRingIAMMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.KeyRingIAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
### Importing IAM policies
IAM policy imports use the identifier of the Cloud KMS key ring only. For example:
* `{{project_id}}/{{location}}/{{key_ring_name}}`
An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:
tf
import {
id = "{{project_id}}/{{location}}/{{key_ring_name}}" to = google_kms_key_ring_iam_policy.default
}
The `pulumi import` command can also be used:
```sh $ pulumi import gcp:kms/keyRingIAMMember:KeyRingIAMMember default {{project_id}}/{{location}}/{{key_ring_name}} ```
func GetKeyRingIAMMember ¶
func GetKeyRingIAMMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *KeyRingIAMMemberState, opts ...pulumi.ResourceOption) (*KeyRingIAMMember, error)
GetKeyRingIAMMember gets an existing KeyRingIAMMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewKeyRingIAMMember ¶
func NewKeyRingIAMMember(ctx *pulumi.Context, name string, args *KeyRingIAMMemberArgs, opts ...pulumi.ResourceOption) (*KeyRingIAMMember, error)
NewKeyRingIAMMember registers a new resource with the given unique name, arguments, and options.
func (*KeyRingIAMMember) ElementType ¶
func (*KeyRingIAMMember) ElementType() reflect.Type
func (*KeyRingIAMMember) ToKeyRingIAMMemberOutput ¶
func (i *KeyRingIAMMember) ToKeyRingIAMMemberOutput() KeyRingIAMMemberOutput
func (*KeyRingIAMMember) ToKeyRingIAMMemberOutputWithContext ¶
func (i *KeyRingIAMMember) ToKeyRingIAMMemberOutputWithContext(ctx context.Context) KeyRingIAMMemberOutput
type KeyRingIAMMemberArgs ¶
type KeyRingIAMMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition KeyRingIAMMemberConditionPtrInput // The key ring ID, in the form // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. KeyRingId pulumi.StringInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringInput // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a KeyRingIAMMember resource.
func (KeyRingIAMMemberArgs) ElementType ¶
func (KeyRingIAMMemberArgs) ElementType() reflect.Type
type KeyRingIAMMemberArray ¶
type KeyRingIAMMemberArray []KeyRingIAMMemberInput
func (KeyRingIAMMemberArray) ElementType ¶
func (KeyRingIAMMemberArray) ElementType() reflect.Type
func (KeyRingIAMMemberArray) ToKeyRingIAMMemberArrayOutput ¶
func (i KeyRingIAMMemberArray) ToKeyRingIAMMemberArrayOutput() KeyRingIAMMemberArrayOutput
func (KeyRingIAMMemberArray) ToKeyRingIAMMemberArrayOutputWithContext ¶
func (i KeyRingIAMMemberArray) ToKeyRingIAMMemberArrayOutputWithContext(ctx context.Context) KeyRingIAMMemberArrayOutput
type KeyRingIAMMemberArrayInput ¶
type KeyRingIAMMemberArrayInput interface { pulumi.Input ToKeyRingIAMMemberArrayOutput() KeyRingIAMMemberArrayOutput ToKeyRingIAMMemberArrayOutputWithContext(context.Context) KeyRingIAMMemberArrayOutput }
KeyRingIAMMemberArrayInput is an input type that accepts KeyRingIAMMemberArray and KeyRingIAMMemberArrayOutput values. You can construct a concrete instance of `KeyRingIAMMemberArrayInput` via:
KeyRingIAMMemberArray{ KeyRingIAMMemberArgs{...} }
type KeyRingIAMMemberArrayOutput ¶
type KeyRingIAMMemberArrayOutput struct{ *pulumi.OutputState }
func (KeyRingIAMMemberArrayOutput) ElementType ¶
func (KeyRingIAMMemberArrayOutput) ElementType() reflect.Type
func (KeyRingIAMMemberArrayOutput) Index ¶
func (o KeyRingIAMMemberArrayOutput) Index(i pulumi.IntInput) KeyRingIAMMemberOutput
func (KeyRingIAMMemberArrayOutput) ToKeyRingIAMMemberArrayOutput ¶
func (o KeyRingIAMMemberArrayOutput) ToKeyRingIAMMemberArrayOutput() KeyRingIAMMemberArrayOutput
func (KeyRingIAMMemberArrayOutput) ToKeyRingIAMMemberArrayOutputWithContext ¶
func (o KeyRingIAMMemberArrayOutput) ToKeyRingIAMMemberArrayOutputWithContext(ctx context.Context) KeyRingIAMMemberArrayOutput
type KeyRingIAMMemberCondition ¶
type KeyRingIAMMemberCondition struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description *string `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression string `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title string `pulumi:"title"` }
type KeyRingIAMMemberConditionArgs ¶
type KeyRingIAMMemberConditionArgs struct { // An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. // // > **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the // identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will // consider it to be an entirely different resource and will treat it as such. Description pulumi.StringPtrInput `pulumi:"description"` // Textual representation of an expression in Common Expression Language syntax. Expression pulumi.StringInput `pulumi:"expression"` // A title for the expression, i.e. a short string describing its purpose. Title pulumi.StringInput `pulumi:"title"` }
func (KeyRingIAMMemberConditionArgs) ElementType ¶
func (KeyRingIAMMemberConditionArgs) ElementType() reflect.Type
func (KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionOutput ¶
func (i KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionOutput() KeyRingIAMMemberConditionOutput
func (KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionOutputWithContext ¶
func (i KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionOutput
func (KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionPtrOutput ¶
func (i KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionPtrOutput() KeyRingIAMMemberConditionPtrOutput
func (KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionPtrOutputWithContext ¶
func (i KeyRingIAMMemberConditionArgs) ToKeyRingIAMMemberConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionPtrOutput
type KeyRingIAMMemberConditionInput ¶
type KeyRingIAMMemberConditionInput interface { pulumi.Input ToKeyRingIAMMemberConditionOutput() KeyRingIAMMemberConditionOutput ToKeyRingIAMMemberConditionOutputWithContext(context.Context) KeyRingIAMMemberConditionOutput }
KeyRingIAMMemberConditionInput is an input type that accepts KeyRingIAMMemberConditionArgs and KeyRingIAMMemberConditionOutput values. You can construct a concrete instance of `KeyRingIAMMemberConditionInput` via:
KeyRingIAMMemberConditionArgs{...}
type KeyRingIAMMemberConditionOutput ¶
type KeyRingIAMMemberConditionOutput struct{ *pulumi.OutputState }
func (KeyRingIAMMemberConditionOutput) Description ¶
func (o KeyRingIAMMemberConditionOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (KeyRingIAMMemberConditionOutput) ElementType ¶
func (KeyRingIAMMemberConditionOutput) ElementType() reflect.Type
func (KeyRingIAMMemberConditionOutput) Expression ¶
func (o KeyRingIAMMemberConditionOutput) Expression() pulumi.StringOutput
Textual representation of an expression in Common Expression Language syntax.
func (KeyRingIAMMemberConditionOutput) Title ¶
func (o KeyRingIAMMemberConditionOutput) Title() pulumi.StringOutput
A title for the expression, i.e. a short string describing its purpose.
func (KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionOutput ¶
func (o KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionOutput() KeyRingIAMMemberConditionOutput
func (KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionOutputWithContext ¶
func (o KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionOutput
func (KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionPtrOutput ¶
func (o KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionPtrOutput() KeyRingIAMMemberConditionPtrOutput
func (KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionPtrOutputWithContext ¶
func (o KeyRingIAMMemberConditionOutput) ToKeyRingIAMMemberConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionPtrOutput
type KeyRingIAMMemberConditionPtrInput ¶
type KeyRingIAMMemberConditionPtrInput interface { pulumi.Input ToKeyRingIAMMemberConditionPtrOutput() KeyRingIAMMemberConditionPtrOutput ToKeyRingIAMMemberConditionPtrOutputWithContext(context.Context) KeyRingIAMMemberConditionPtrOutput }
KeyRingIAMMemberConditionPtrInput is an input type that accepts KeyRingIAMMemberConditionArgs, KeyRingIAMMemberConditionPtr and KeyRingIAMMemberConditionPtrOutput values. You can construct a concrete instance of `KeyRingIAMMemberConditionPtrInput` via:
KeyRingIAMMemberConditionArgs{...} or: nil
func KeyRingIAMMemberConditionPtr ¶
func KeyRingIAMMemberConditionPtr(v *KeyRingIAMMemberConditionArgs) KeyRingIAMMemberConditionPtrInput
type KeyRingIAMMemberConditionPtrOutput ¶
type KeyRingIAMMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (KeyRingIAMMemberConditionPtrOutput) Description ¶
func (o KeyRingIAMMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
> **Warning:** The provider considers the `role` and condition contents (`title`+`description`+`expression`) as the identifier for the binding. This means that if any part of the condition is changed out-of-band, the provider will consider it to be an entirely different resource and will treat it as such.
func (KeyRingIAMMemberConditionPtrOutput) Elem ¶
func (o KeyRingIAMMemberConditionPtrOutput) Elem() KeyRingIAMMemberConditionOutput
func (KeyRingIAMMemberConditionPtrOutput) ElementType ¶
func (KeyRingIAMMemberConditionPtrOutput) ElementType() reflect.Type
func (KeyRingIAMMemberConditionPtrOutput) Expression ¶
func (o KeyRingIAMMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
Textual representation of an expression in Common Expression Language syntax.
func (KeyRingIAMMemberConditionPtrOutput) Title ¶
func (o KeyRingIAMMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
A title for the expression, i.e. a short string describing its purpose.
func (KeyRingIAMMemberConditionPtrOutput) ToKeyRingIAMMemberConditionPtrOutput ¶
func (o KeyRingIAMMemberConditionPtrOutput) ToKeyRingIAMMemberConditionPtrOutput() KeyRingIAMMemberConditionPtrOutput
func (KeyRingIAMMemberConditionPtrOutput) ToKeyRingIAMMemberConditionPtrOutputWithContext ¶
func (o KeyRingIAMMemberConditionPtrOutput) ToKeyRingIAMMemberConditionPtrOutputWithContext(ctx context.Context) KeyRingIAMMemberConditionPtrOutput
type KeyRingIAMMemberInput ¶
type KeyRingIAMMemberInput interface { pulumi.Input ToKeyRingIAMMemberOutput() KeyRingIAMMemberOutput ToKeyRingIAMMemberOutputWithContext(ctx context.Context) KeyRingIAMMemberOutput }
type KeyRingIAMMemberMap ¶
type KeyRingIAMMemberMap map[string]KeyRingIAMMemberInput
func (KeyRingIAMMemberMap) ElementType ¶
func (KeyRingIAMMemberMap) ElementType() reflect.Type
func (KeyRingIAMMemberMap) ToKeyRingIAMMemberMapOutput ¶
func (i KeyRingIAMMemberMap) ToKeyRingIAMMemberMapOutput() KeyRingIAMMemberMapOutput
func (KeyRingIAMMemberMap) ToKeyRingIAMMemberMapOutputWithContext ¶
func (i KeyRingIAMMemberMap) ToKeyRingIAMMemberMapOutputWithContext(ctx context.Context) KeyRingIAMMemberMapOutput
type KeyRingIAMMemberMapInput ¶
type KeyRingIAMMemberMapInput interface { pulumi.Input ToKeyRingIAMMemberMapOutput() KeyRingIAMMemberMapOutput ToKeyRingIAMMemberMapOutputWithContext(context.Context) KeyRingIAMMemberMapOutput }
KeyRingIAMMemberMapInput is an input type that accepts KeyRingIAMMemberMap and KeyRingIAMMemberMapOutput values. You can construct a concrete instance of `KeyRingIAMMemberMapInput` via:
KeyRingIAMMemberMap{ "key": KeyRingIAMMemberArgs{...} }
type KeyRingIAMMemberMapOutput ¶
type KeyRingIAMMemberMapOutput struct{ *pulumi.OutputState }
func (KeyRingIAMMemberMapOutput) ElementType ¶
func (KeyRingIAMMemberMapOutput) ElementType() reflect.Type
func (KeyRingIAMMemberMapOutput) MapIndex ¶
func (o KeyRingIAMMemberMapOutput) MapIndex(k pulumi.StringInput) KeyRingIAMMemberOutput
func (KeyRingIAMMemberMapOutput) ToKeyRingIAMMemberMapOutput ¶
func (o KeyRingIAMMemberMapOutput) ToKeyRingIAMMemberMapOutput() KeyRingIAMMemberMapOutput
func (KeyRingIAMMemberMapOutput) ToKeyRingIAMMemberMapOutputWithContext ¶
func (o KeyRingIAMMemberMapOutput) ToKeyRingIAMMemberMapOutputWithContext(ctx context.Context) KeyRingIAMMemberMapOutput
type KeyRingIAMMemberOutput ¶
type KeyRingIAMMemberOutput struct{ *pulumi.OutputState }
func (KeyRingIAMMemberOutput) Condition ¶
func (o KeyRingIAMMemberOutput) Condition() KeyRingIAMMemberConditionPtrOutput
An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below.
func (KeyRingIAMMemberOutput) ElementType ¶
func (KeyRingIAMMemberOutput) ElementType() reflect.Type
func (KeyRingIAMMemberOutput) Etag ¶
func (o KeyRingIAMMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the key ring's IAM policy.
func (KeyRingIAMMemberOutput) KeyRingId ¶
func (o KeyRingIAMMemberOutput) KeyRingId() pulumi.StringOutput
The key ring ID, in the form `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback.
func (KeyRingIAMMemberOutput) Member ¶
func (o KeyRingIAMMemberOutput) Member() pulumi.StringOutput
Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
func (KeyRingIAMMemberOutput) Role ¶
func (o KeyRingIAMMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (KeyRingIAMMemberOutput) ToKeyRingIAMMemberOutput ¶
func (o KeyRingIAMMemberOutput) ToKeyRingIAMMemberOutput() KeyRingIAMMemberOutput
func (KeyRingIAMMemberOutput) ToKeyRingIAMMemberOutputWithContext ¶
func (o KeyRingIAMMemberOutput) ToKeyRingIAMMemberOutputWithContext(ctx context.Context) KeyRingIAMMemberOutput
type KeyRingIAMMemberState ¶
type KeyRingIAMMemberState struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition KeyRingIAMMemberConditionPtrInput // (Computed) The etag of the key ring's IAM policy. Etag pulumi.StringPtrInput // The key ring ID, in the form // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. KeyRingId pulumi.StringPtrInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringPtrInput // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (KeyRingIAMMemberState) ElementType ¶
func (KeyRingIAMMemberState) ElementType() reflect.Type
type KeyRingIAMPolicy ¶
type KeyRingIAMPolicy struct { pulumi.CustomResourceState // (Computed) The etag of the key ring's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The key ring ID, in the form // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. KeyRingId pulumi.StringOutput `pulumi:"keyRingId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` }
Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:
* `kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached. * `kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved. * `kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.
> **Note:** `kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `kms.KeyRingIAMBinding` and `kms.KeyRingIAMMember` or they will fight over what your policy should be.
> **Note:** `kms.KeyRingIAMBinding` resources **can be** used in conjunction with `kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.
## kms.KeyRingIAMPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/editor", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{ KeyRingId: keyring.ID(), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/editor", Members: []string{ "user:jane@example.com", }, Condition: { Title: "expires_after_2019_12_31", Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", }, }, }, }, nil) if err != nil { return err } _, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{ KeyRingId: keyring.ID(), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
## kms.KeyRingIAMBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.KeyRingIAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## kms.KeyRingIAMMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.KeyRingIAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## kms.KeyRingIAMBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, Condition: &kms.KeyRingIAMBindingConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## kms.KeyRingIAMMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
With IAM Conditions:
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ KeyRingId: pulumi.String("your-key-ring-id"), Role: pulumi.String("roles/cloudkms.admin"), Member: pulumi.String("user:jane@example.com"), Condition: &kms.KeyRingIAMMemberConditionArgs{ Title: pulumi.String("expires_after_2019_12_31"), Description: pulumi.String("Expiring at midnight of 2019-12-31"), Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), }, }) if err != nil { return err } return nil }) }
```
## Import
### Importing IAM policies
IAM policy imports use the identifier of the Cloud KMS key ring only. For example:
* `{{project_id}}/{{location}}/{{key_ring_name}}`
An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:
tf
import {
id = "{{project_id}}/{{location}}/{{key_ring_name}}" to = google_kms_key_ring_iam_policy.default
}
The `pulumi import` command can also be used:
```sh $ pulumi import gcp:kms/keyRingIAMPolicy:KeyRingIAMPolicy default {{project_id}}/{{location}}/{{key_ring_name}} ```
func GetKeyRingIAMPolicy ¶
func GetKeyRingIAMPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *KeyRingIAMPolicyState, opts ...pulumi.ResourceOption) (*KeyRingIAMPolicy, error)
GetKeyRingIAMPolicy gets an existing KeyRingIAMPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewKeyRingIAMPolicy ¶
func NewKeyRingIAMPolicy(ctx *pulumi.Context, name string, args *KeyRingIAMPolicyArgs, opts ...pulumi.ResourceOption) (*KeyRingIAMPolicy, error)
NewKeyRingIAMPolicy registers a new resource with the given unique name, arguments, and options.
func (*KeyRingIAMPolicy) ElementType ¶
func (*KeyRingIAMPolicy) ElementType() reflect.Type
func (*KeyRingIAMPolicy) ToKeyRingIAMPolicyOutput ¶
func (i *KeyRingIAMPolicy) ToKeyRingIAMPolicyOutput() KeyRingIAMPolicyOutput
func (*KeyRingIAMPolicy) ToKeyRingIAMPolicyOutputWithContext ¶
func (i *KeyRingIAMPolicy) ToKeyRingIAMPolicyOutputWithContext(ctx context.Context) KeyRingIAMPolicyOutput
type KeyRingIAMPolicyArgs ¶
type KeyRingIAMPolicyArgs struct { // The key ring ID, in the form // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. KeyRingId pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput }
The set of arguments for constructing a KeyRingIAMPolicy resource.
func (KeyRingIAMPolicyArgs) ElementType ¶
func (KeyRingIAMPolicyArgs) ElementType() reflect.Type
type KeyRingIAMPolicyArray ¶
type KeyRingIAMPolicyArray []KeyRingIAMPolicyInput
func (KeyRingIAMPolicyArray) ElementType ¶
func (KeyRingIAMPolicyArray) ElementType() reflect.Type
func (KeyRingIAMPolicyArray) ToKeyRingIAMPolicyArrayOutput ¶
func (i KeyRingIAMPolicyArray) ToKeyRingIAMPolicyArrayOutput() KeyRingIAMPolicyArrayOutput
func (KeyRingIAMPolicyArray) ToKeyRingIAMPolicyArrayOutputWithContext ¶
func (i KeyRingIAMPolicyArray) ToKeyRingIAMPolicyArrayOutputWithContext(ctx context.Context) KeyRingIAMPolicyArrayOutput
type KeyRingIAMPolicyArrayInput ¶
type KeyRingIAMPolicyArrayInput interface { pulumi.Input ToKeyRingIAMPolicyArrayOutput() KeyRingIAMPolicyArrayOutput ToKeyRingIAMPolicyArrayOutputWithContext(context.Context) KeyRingIAMPolicyArrayOutput }
KeyRingIAMPolicyArrayInput is an input type that accepts KeyRingIAMPolicyArray and KeyRingIAMPolicyArrayOutput values. You can construct a concrete instance of `KeyRingIAMPolicyArrayInput` via:
KeyRingIAMPolicyArray{ KeyRingIAMPolicyArgs{...} }
type KeyRingIAMPolicyArrayOutput ¶
type KeyRingIAMPolicyArrayOutput struct{ *pulumi.OutputState }
func (KeyRingIAMPolicyArrayOutput) ElementType ¶
func (KeyRingIAMPolicyArrayOutput) ElementType() reflect.Type
func (KeyRingIAMPolicyArrayOutput) Index ¶
func (o KeyRingIAMPolicyArrayOutput) Index(i pulumi.IntInput) KeyRingIAMPolicyOutput
func (KeyRingIAMPolicyArrayOutput) ToKeyRingIAMPolicyArrayOutput ¶
func (o KeyRingIAMPolicyArrayOutput) ToKeyRingIAMPolicyArrayOutput() KeyRingIAMPolicyArrayOutput
func (KeyRingIAMPolicyArrayOutput) ToKeyRingIAMPolicyArrayOutputWithContext ¶
func (o KeyRingIAMPolicyArrayOutput) ToKeyRingIAMPolicyArrayOutputWithContext(ctx context.Context) KeyRingIAMPolicyArrayOutput
type KeyRingIAMPolicyInput ¶
type KeyRingIAMPolicyInput interface { pulumi.Input ToKeyRingIAMPolicyOutput() KeyRingIAMPolicyOutput ToKeyRingIAMPolicyOutputWithContext(ctx context.Context) KeyRingIAMPolicyOutput }
type KeyRingIAMPolicyMap ¶
type KeyRingIAMPolicyMap map[string]KeyRingIAMPolicyInput
func (KeyRingIAMPolicyMap) ElementType ¶
func (KeyRingIAMPolicyMap) ElementType() reflect.Type
func (KeyRingIAMPolicyMap) ToKeyRingIAMPolicyMapOutput ¶
func (i KeyRingIAMPolicyMap) ToKeyRingIAMPolicyMapOutput() KeyRingIAMPolicyMapOutput
func (KeyRingIAMPolicyMap) ToKeyRingIAMPolicyMapOutputWithContext ¶
func (i KeyRingIAMPolicyMap) ToKeyRingIAMPolicyMapOutputWithContext(ctx context.Context) KeyRingIAMPolicyMapOutput
type KeyRingIAMPolicyMapInput ¶
type KeyRingIAMPolicyMapInput interface { pulumi.Input ToKeyRingIAMPolicyMapOutput() KeyRingIAMPolicyMapOutput ToKeyRingIAMPolicyMapOutputWithContext(context.Context) KeyRingIAMPolicyMapOutput }
KeyRingIAMPolicyMapInput is an input type that accepts KeyRingIAMPolicyMap and KeyRingIAMPolicyMapOutput values. You can construct a concrete instance of `KeyRingIAMPolicyMapInput` via:
KeyRingIAMPolicyMap{ "key": KeyRingIAMPolicyArgs{...} }
type KeyRingIAMPolicyMapOutput ¶
type KeyRingIAMPolicyMapOutput struct{ *pulumi.OutputState }
func (KeyRingIAMPolicyMapOutput) ElementType ¶
func (KeyRingIAMPolicyMapOutput) ElementType() reflect.Type
func (KeyRingIAMPolicyMapOutput) MapIndex ¶
func (o KeyRingIAMPolicyMapOutput) MapIndex(k pulumi.StringInput) KeyRingIAMPolicyOutput
func (KeyRingIAMPolicyMapOutput) ToKeyRingIAMPolicyMapOutput ¶
func (o KeyRingIAMPolicyMapOutput) ToKeyRingIAMPolicyMapOutput() KeyRingIAMPolicyMapOutput
func (KeyRingIAMPolicyMapOutput) ToKeyRingIAMPolicyMapOutputWithContext ¶
func (o KeyRingIAMPolicyMapOutput) ToKeyRingIAMPolicyMapOutputWithContext(ctx context.Context) KeyRingIAMPolicyMapOutput
type KeyRingIAMPolicyOutput ¶
type KeyRingIAMPolicyOutput struct{ *pulumi.OutputState }
func (KeyRingIAMPolicyOutput) ElementType ¶
func (KeyRingIAMPolicyOutput) ElementType() reflect.Type
func (KeyRingIAMPolicyOutput) Etag ¶
func (o KeyRingIAMPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the key ring's IAM policy.
func (KeyRingIAMPolicyOutput) KeyRingId ¶
func (o KeyRingIAMPolicyOutput) KeyRingId() pulumi.StringOutput
The key ring ID, in the form `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback.
func (KeyRingIAMPolicyOutput) PolicyData ¶
func (o KeyRingIAMPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (KeyRingIAMPolicyOutput) ToKeyRingIAMPolicyOutput ¶
func (o KeyRingIAMPolicyOutput) ToKeyRingIAMPolicyOutput() KeyRingIAMPolicyOutput
func (KeyRingIAMPolicyOutput) ToKeyRingIAMPolicyOutputWithContext ¶
func (o KeyRingIAMPolicyOutput) ToKeyRingIAMPolicyOutputWithContext(ctx context.Context) KeyRingIAMPolicyOutput
type KeyRingIAMPolicyState ¶
type KeyRingIAMPolicyState struct { // (Computed) The etag of the key ring's IAM policy. Etag pulumi.StringPtrInput // The key ring ID, in the form // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. KeyRingId pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput }
func (KeyRingIAMPolicyState) ElementType ¶
func (KeyRingIAMPolicyState) ElementType() reflect.Type
type KeyRingImportJob ¶
type KeyRingImportJob struct { pulumi.CustomResourceState // Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. // Use this statement to verify attributes of the key as stored on the HSM, independently of Google. // Only present if the chosen ImportMethod is one with a protection level of HSM. // Structure is documented below. Attestations KeyRingImportJobAttestationArrayOutput `pulumi:"attestations"` // The time at which this resource is scheduled for expiration and can no longer be used. // This is in RFC3339 text format. ExpireTime pulumi.StringOutput `pulumi:"expireTime"` // It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63} // // *** ImportJobId pulumi.StringOutput `pulumi:"importJobId"` // The wrapping method to be used for incoming key material. // Possible values are: `RSA_OAEP_3072_SHA1_AES_256`, `RSA_OAEP_4096_SHA1_AES_256`. ImportMethod pulumi.StringOutput `pulumi:"importMethod"` // The KeyRing that this import job belongs to. // Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`. KeyRing pulumi.StringOutput `pulumi:"keyRing"` // The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. Name pulumi.StringOutput `pulumi:"name"` // The protection level of the ImportJob. This must match the protectionLevel of the // versionTemplate on the CryptoKey you attempt to import into. // Possible values are: `SOFTWARE`, `HSM`, `EXTERNAL`. ProtectionLevel pulumi.StringOutput `pulumi:"protectionLevel"` // The public key with which to wrap key material prior to import. Only returned if state is `ACTIVE`. // Structure is documented below. PublicKeys KeyRingImportJobPublicKeyArrayOutput `pulumi:"publicKeys"` // The current state of the ImportJob, indicating if it can be used. State pulumi.StringOutput `pulumi:"state"` }
A `KeyRingImportJob` can be used to create `CryptoKeys` and `CryptoKeyVersions` using pre-existing key material, generated outside of Cloud KMS. A `KeyRingImportJob` expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the `KeyRingImportJob`'s public key.
> **Note:** KeyRingImportJobs cannot be deleted from Google Cloud Platform. Destroying a provider-managed KeyRingImportJob will remove it from state but *will not delete the resource from the project.*
To get more information about KeyRingImportJob, see:
* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.importJobs) * How-to Guides
- [Importing a key](https://cloud.google.com/kms/docs/importing-a-key)
## Example Usage
## Import
KeyRingImportJob can be imported using any of these accepted formats:
* `{{name}}`
When using the `pulumi import` command, KeyRingImportJob can be imported using one of the formats above. For example:
```sh $ pulumi import gcp:kms/keyRingImportJob:KeyRingImportJob default {{name}} ```
func GetKeyRingImportJob ¶
func GetKeyRingImportJob(ctx *pulumi.Context, name string, id pulumi.IDInput, state *KeyRingImportJobState, opts ...pulumi.ResourceOption) (*KeyRingImportJob, error)
GetKeyRingImportJob gets an existing KeyRingImportJob resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewKeyRingImportJob ¶
func NewKeyRingImportJob(ctx *pulumi.Context, name string, args *KeyRingImportJobArgs, opts ...pulumi.ResourceOption) (*KeyRingImportJob, error)
NewKeyRingImportJob registers a new resource with the given unique name, arguments, and options.
func (*KeyRingImportJob) ElementType ¶
func (*KeyRingImportJob) ElementType() reflect.Type
func (*KeyRingImportJob) ToKeyRingImportJobOutput ¶
func (i *KeyRingImportJob) ToKeyRingImportJobOutput() KeyRingImportJobOutput
func (*KeyRingImportJob) ToKeyRingImportJobOutputWithContext ¶
func (i *KeyRingImportJob) ToKeyRingImportJobOutputWithContext(ctx context.Context) KeyRingImportJobOutput
type KeyRingImportJobArgs ¶
type KeyRingImportJobArgs struct { // It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63} // // *** ImportJobId pulumi.StringInput // The wrapping method to be used for incoming key material. // Possible values are: `RSA_OAEP_3072_SHA1_AES_256`, `RSA_OAEP_4096_SHA1_AES_256`. ImportMethod pulumi.StringInput // The KeyRing that this import job belongs to. // Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`. KeyRing pulumi.StringInput // The protection level of the ImportJob. This must match the protectionLevel of the // versionTemplate on the CryptoKey you attempt to import into. // Possible values are: `SOFTWARE`, `HSM`, `EXTERNAL`. ProtectionLevel pulumi.StringInput }
The set of arguments for constructing a KeyRingImportJob resource.
func (KeyRingImportJobArgs) ElementType ¶
func (KeyRingImportJobArgs) ElementType() reflect.Type
type KeyRingImportJobArray ¶
type KeyRingImportJobArray []KeyRingImportJobInput
func (KeyRingImportJobArray) ElementType ¶
func (KeyRingImportJobArray) ElementType() reflect.Type
func (KeyRingImportJobArray) ToKeyRingImportJobArrayOutput ¶
func (i KeyRingImportJobArray) ToKeyRingImportJobArrayOutput() KeyRingImportJobArrayOutput
func (KeyRingImportJobArray) ToKeyRingImportJobArrayOutputWithContext ¶
func (i KeyRingImportJobArray) ToKeyRingImportJobArrayOutputWithContext(ctx context.Context) KeyRingImportJobArrayOutput
type KeyRingImportJobArrayInput ¶
type KeyRingImportJobArrayInput interface { pulumi.Input ToKeyRingImportJobArrayOutput() KeyRingImportJobArrayOutput ToKeyRingImportJobArrayOutputWithContext(context.Context) KeyRingImportJobArrayOutput }
KeyRingImportJobArrayInput is an input type that accepts KeyRingImportJobArray and KeyRingImportJobArrayOutput values. You can construct a concrete instance of `KeyRingImportJobArrayInput` via:
KeyRingImportJobArray{ KeyRingImportJobArgs{...} }
type KeyRingImportJobArrayOutput ¶
type KeyRingImportJobArrayOutput struct{ *pulumi.OutputState }
func (KeyRingImportJobArrayOutput) ElementType ¶
func (KeyRingImportJobArrayOutput) ElementType() reflect.Type
func (KeyRingImportJobArrayOutput) Index ¶
func (o KeyRingImportJobArrayOutput) Index(i pulumi.IntInput) KeyRingImportJobOutput
func (KeyRingImportJobArrayOutput) ToKeyRingImportJobArrayOutput ¶
func (o KeyRingImportJobArrayOutput) ToKeyRingImportJobArrayOutput() KeyRingImportJobArrayOutput
func (KeyRingImportJobArrayOutput) ToKeyRingImportJobArrayOutputWithContext ¶
func (o KeyRingImportJobArrayOutput) ToKeyRingImportJobArrayOutputWithContext(ctx context.Context) KeyRingImportJobArrayOutput
type KeyRingImportJobAttestationArgs ¶
type KeyRingImportJobAttestationArgs struct { // (Output) // The attestation data provided by the HSM when the key operation was performed. // A base64-encoded string. Content pulumi.StringPtrInput `pulumi:"content"` // (Output) // The format of the attestation data. Format pulumi.StringPtrInput `pulumi:"format"` }
func (KeyRingImportJobAttestationArgs) ElementType ¶
func (KeyRingImportJobAttestationArgs) ElementType() reflect.Type
func (KeyRingImportJobAttestationArgs) ToKeyRingImportJobAttestationOutput ¶
func (i KeyRingImportJobAttestationArgs) ToKeyRingImportJobAttestationOutput() KeyRingImportJobAttestationOutput
func (KeyRingImportJobAttestationArgs) ToKeyRingImportJobAttestationOutputWithContext ¶
func (i KeyRingImportJobAttestationArgs) ToKeyRingImportJobAttestationOutputWithContext(ctx context.Context) KeyRingImportJobAttestationOutput
type KeyRingImportJobAttestationArray ¶
type KeyRingImportJobAttestationArray []KeyRingImportJobAttestationInput
func (KeyRingImportJobAttestationArray) ElementType ¶
func (KeyRingImportJobAttestationArray) ElementType() reflect.Type
func (KeyRingImportJobAttestationArray) ToKeyRingImportJobAttestationArrayOutput ¶
func (i KeyRingImportJobAttestationArray) ToKeyRingImportJobAttestationArrayOutput() KeyRingImportJobAttestationArrayOutput
func (KeyRingImportJobAttestationArray) ToKeyRingImportJobAttestationArrayOutputWithContext ¶
func (i KeyRingImportJobAttestationArray) ToKeyRingImportJobAttestationArrayOutputWithContext(ctx context.Context) KeyRingImportJobAttestationArrayOutput
type KeyRingImportJobAttestationArrayInput ¶
type KeyRingImportJobAttestationArrayInput interface { pulumi.Input ToKeyRingImportJobAttestationArrayOutput() KeyRingImportJobAttestationArrayOutput ToKeyRingImportJobAttestationArrayOutputWithContext(context.Context) KeyRingImportJobAttestationArrayOutput }
KeyRingImportJobAttestationArrayInput is an input type that accepts KeyRingImportJobAttestationArray and KeyRingImportJobAttestationArrayOutput values. You can construct a concrete instance of `KeyRingImportJobAttestationArrayInput` via:
KeyRingImportJobAttestationArray{ KeyRingImportJobAttestationArgs{...} }
type KeyRingImportJobAttestationArrayOutput ¶
type KeyRingImportJobAttestationArrayOutput struct{ *pulumi.OutputState }
func (KeyRingImportJobAttestationArrayOutput) ElementType ¶
func (KeyRingImportJobAttestationArrayOutput) ElementType() reflect.Type
func (KeyRingImportJobAttestationArrayOutput) ToKeyRingImportJobAttestationArrayOutput ¶
func (o KeyRingImportJobAttestationArrayOutput) ToKeyRingImportJobAttestationArrayOutput() KeyRingImportJobAttestationArrayOutput
func (KeyRingImportJobAttestationArrayOutput) ToKeyRingImportJobAttestationArrayOutputWithContext ¶
func (o KeyRingImportJobAttestationArrayOutput) ToKeyRingImportJobAttestationArrayOutputWithContext(ctx context.Context) KeyRingImportJobAttestationArrayOutput
type KeyRingImportJobAttestationInput ¶
type KeyRingImportJobAttestationInput interface { pulumi.Input ToKeyRingImportJobAttestationOutput() KeyRingImportJobAttestationOutput ToKeyRingImportJobAttestationOutputWithContext(context.Context) KeyRingImportJobAttestationOutput }
KeyRingImportJobAttestationInput is an input type that accepts KeyRingImportJobAttestationArgs and KeyRingImportJobAttestationOutput values. You can construct a concrete instance of `KeyRingImportJobAttestationInput` via:
KeyRingImportJobAttestationArgs{...}
type KeyRingImportJobAttestationOutput ¶
type KeyRingImportJobAttestationOutput struct{ *pulumi.OutputState }
func (KeyRingImportJobAttestationOutput) Content ¶
func (o KeyRingImportJobAttestationOutput) Content() pulumi.StringPtrOutput
(Output) The attestation data provided by the HSM when the key operation was performed. A base64-encoded string.
func (KeyRingImportJobAttestationOutput) ElementType ¶
func (KeyRingImportJobAttestationOutput) ElementType() reflect.Type
func (KeyRingImportJobAttestationOutput) Format ¶
func (o KeyRingImportJobAttestationOutput) Format() pulumi.StringPtrOutput
(Output) The format of the attestation data.
func (KeyRingImportJobAttestationOutput) ToKeyRingImportJobAttestationOutput ¶
func (o KeyRingImportJobAttestationOutput) ToKeyRingImportJobAttestationOutput() KeyRingImportJobAttestationOutput
func (KeyRingImportJobAttestationOutput) ToKeyRingImportJobAttestationOutputWithContext ¶
func (o KeyRingImportJobAttestationOutput) ToKeyRingImportJobAttestationOutputWithContext(ctx context.Context) KeyRingImportJobAttestationOutput
type KeyRingImportJobInput ¶
type KeyRingImportJobInput interface { pulumi.Input ToKeyRingImportJobOutput() KeyRingImportJobOutput ToKeyRingImportJobOutputWithContext(ctx context.Context) KeyRingImportJobOutput }
type KeyRingImportJobMap ¶
type KeyRingImportJobMap map[string]KeyRingImportJobInput
func (KeyRingImportJobMap) ElementType ¶
func (KeyRingImportJobMap) ElementType() reflect.Type
func (KeyRingImportJobMap) ToKeyRingImportJobMapOutput ¶
func (i KeyRingImportJobMap) ToKeyRingImportJobMapOutput() KeyRingImportJobMapOutput
func (KeyRingImportJobMap) ToKeyRingImportJobMapOutputWithContext ¶
func (i KeyRingImportJobMap) ToKeyRingImportJobMapOutputWithContext(ctx context.Context) KeyRingImportJobMapOutput
type KeyRingImportJobMapInput ¶
type KeyRingImportJobMapInput interface { pulumi.Input ToKeyRingImportJobMapOutput() KeyRingImportJobMapOutput ToKeyRingImportJobMapOutputWithContext(context.Context) KeyRingImportJobMapOutput }
KeyRingImportJobMapInput is an input type that accepts KeyRingImportJobMap and KeyRingImportJobMapOutput values. You can construct a concrete instance of `KeyRingImportJobMapInput` via:
KeyRingImportJobMap{ "key": KeyRingImportJobArgs{...} }
type KeyRingImportJobMapOutput ¶
type KeyRingImportJobMapOutput struct{ *pulumi.OutputState }
func (KeyRingImportJobMapOutput) ElementType ¶
func (KeyRingImportJobMapOutput) ElementType() reflect.Type
func (KeyRingImportJobMapOutput) MapIndex ¶
func (o KeyRingImportJobMapOutput) MapIndex(k pulumi.StringInput) KeyRingImportJobOutput
func (KeyRingImportJobMapOutput) ToKeyRingImportJobMapOutput ¶
func (o KeyRingImportJobMapOutput) ToKeyRingImportJobMapOutput() KeyRingImportJobMapOutput
func (KeyRingImportJobMapOutput) ToKeyRingImportJobMapOutputWithContext ¶
func (o KeyRingImportJobMapOutput) ToKeyRingImportJobMapOutputWithContext(ctx context.Context) KeyRingImportJobMapOutput
type KeyRingImportJobOutput ¶
type KeyRingImportJobOutput struct{ *pulumi.OutputState }
func (KeyRingImportJobOutput) Attestations ¶
func (o KeyRingImportJobOutput) Attestations() KeyRingImportJobAttestationArrayOutput
Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM. Structure is documented below.
func (KeyRingImportJobOutput) ElementType ¶
func (KeyRingImportJobOutput) ElementType() reflect.Type
func (KeyRingImportJobOutput) ExpireTime ¶
func (o KeyRingImportJobOutput) ExpireTime() pulumi.StringOutput
The time at which this resource is scheduled for expiration and can no longer be used. This is in RFC3339 text format.
func (KeyRingImportJobOutput) ImportJobId ¶
func (o KeyRingImportJobOutput) ImportJobId() pulumi.StringOutput
It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
***
func (KeyRingImportJobOutput) ImportMethod ¶
func (o KeyRingImportJobOutput) ImportMethod() pulumi.StringOutput
The wrapping method to be used for incoming key material. Possible values are: `RSA_OAEP_3072_SHA1_AES_256`, `RSA_OAEP_4096_SHA1_AES_256`.
func (KeyRingImportJobOutput) KeyRing ¶
func (o KeyRingImportJobOutput) KeyRing() pulumi.StringOutput
The KeyRing that this import job belongs to. Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
func (KeyRingImportJobOutput) Name ¶
func (o KeyRingImportJobOutput) Name() pulumi.StringOutput
The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.
func (KeyRingImportJobOutput) ProtectionLevel ¶
func (o KeyRingImportJobOutput) ProtectionLevel() pulumi.StringOutput
The protection level of the ImportJob. This must match the protectionLevel of the versionTemplate on the CryptoKey you attempt to import into. Possible values are: `SOFTWARE`, `HSM`, `EXTERNAL`.
func (KeyRingImportJobOutput) PublicKeys ¶
func (o KeyRingImportJobOutput) PublicKeys() KeyRingImportJobPublicKeyArrayOutput
The public key with which to wrap key material prior to import. Only returned if state is `ACTIVE`. Structure is documented below.
func (KeyRingImportJobOutput) State ¶
func (o KeyRingImportJobOutput) State() pulumi.StringOutput
The current state of the ImportJob, indicating if it can be used.
func (KeyRingImportJobOutput) ToKeyRingImportJobOutput ¶
func (o KeyRingImportJobOutput) ToKeyRingImportJobOutput() KeyRingImportJobOutput
func (KeyRingImportJobOutput) ToKeyRingImportJobOutputWithContext ¶
func (o KeyRingImportJobOutput) ToKeyRingImportJobOutputWithContext(ctx context.Context) KeyRingImportJobOutput
type KeyRingImportJobPublicKeyArgs ¶
type KeyRingImportJobPublicKeyArgs struct { // (Output) // The public key, encoded in PEM format. For more information, see the RFC 7468 sections // for General Considerations and Textual Encoding of Subject Public Key Info. Pem pulumi.StringPtrInput `pulumi:"pem"` }
func (KeyRingImportJobPublicKeyArgs) ElementType ¶
func (KeyRingImportJobPublicKeyArgs) ElementType() reflect.Type
func (KeyRingImportJobPublicKeyArgs) ToKeyRingImportJobPublicKeyOutput ¶
func (i KeyRingImportJobPublicKeyArgs) ToKeyRingImportJobPublicKeyOutput() KeyRingImportJobPublicKeyOutput
func (KeyRingImportJobPublicKeyArgs) ToKeyRingImportJobPublicKeyOutputWithContext ¶
func (i KeyRingImportJobPublicKeyArgs) ToKeyRingImportJobPublicKeyOutputWithContext(ctx context.Context) KeyRingImportJobPublicKeyOutput
type KeyRingImportJobPublicKeyArray ¶
type KeyRingImportJobPublicKeyArray []KeyRingImportJobPublicKeyInput
func (KeyRingImportJobPublicKeyArray) ElementType ¶
func (KeyRingImportJobPublicKeyArray) ElementType() reflect.Type
func (KeyRingImportJobPublicKeyArray) ToKeyRingImportJobPublicKeyArrayOutput ¶
func (i KeyRingImportJobPublicKeyArray) ToKeyRingImportJobPublicKeyArrayOutput() KeyRingImportJobPublicKeyArrayOutput
func (KeyRingImportJobPublicKeyArray) ToKeyRingImportJobPublicKeyArrayOutputWithContext ¶
func (i KeyRingImportJobPublicKeyArray) ToKeyRingImportJobPublicKeyArrayOutputWithContext(ctx context.Context) KeyRingImportJobPublicKeyArrayOutput
type KeyRingImportJobPublicKeyArrayInput ¶
type KeyRingImportJobPublicKeyArrayInput interface { pulumi.Input ToKeyRingImportJobPublicKeyArrayOutput() KeyRingImportJobPublicKeyArrayOutput ToKeyRingImportJobPublicKeyArrayOutputWithContext(context.Context) KeyRingImportJobPublicKeyArrayOutput }
KeyRingImportJobPublicKeyArrayInput is an input type that accepts KeyRingImportJobPublicKeyArray and KeyRingImportJobPublicKeyArrayOutput values. You can construct a concrete instance of `KeyRingImportJobPublicKeyArrayInput` via:
KeyRingImportJobPublicKeyArray{ KeyRingImportJobPublicKeyArgs{...} }
type KeyRingImportJobPublicKeyArrayOutput ¶
type KeyRingImportJobPublicKeyArrayOutput struct{ *pulumi.OutputState }
func (KeyRingImportJobPublicKeyArrayOutput) ElementType ¶
func (KeyRingImportJobPublicKeyArrayOutput) ElementType() reflect.Type
func (KeyRingImportJobPublicKeyArrayOutput) Index ¶
func (o KeyRingImportJobPublicKeyArrayOutput) Index(i pulumi.IntInput) KeyRingImportJobPublicKeyOutput
func (KeyRingImportJobPublicKeyArrayOutput) ToKeyRingImportJobPublicKeyArrayOutput ¶
func (o KeyRingImportJobPublicKeyArrayOutput) ToKeyRingImportJobPublicKeyArrayOutput() KeyRingImportJobPublicKeyArrayOutput
func (KeyRingImportJobPublicKeyArrayOutput) ToKeyRingImportJobPublicKeyArrayOutputWithContext ¶
func (o KeyRingImportJobPublicKeyArrayOutput) ToKeyRingImportJobPublicKeyArrayOutputWithContext(ctx context.Context) KeyRingImportJobPublicKeyArrayOutput
type KeyRingImportJobPublicKeyInput ¶
type KeyRingImportJobPublicKeyInput interface { pulumi.Input ToKeyRingImportJobPublicKeyOutput() KeyRingImportJobPublicKeyOutput ToKeyRingImportJobPublicKeyOutputWithContext(context.Context) KeyRingImportJobPublicKeyOutput }
KeyRingImportJobPublicKeyInput is an input type that accepts KeyRingImportJobPublicKeyArgs and KeyRingImportJobPublicKeyOutput values. You can construct a concrete instance of `KeyRingImportJobPublicKeyInput` via:
KeyRingImportJobPublicKeyArgs{...}
type KeyRingImportJobPublicKeyOutput ¶
type KeyRingImportJobPublicKeyOutput struct{ *pulumi.OutputState }
func (KeyRingImportJobPublicKeyOutput) ElementType ¶
func (KeyRingImportJobPublicKeyOutput) ElementType() reflect.Type
func (KeyRingImportJobPublicKeyOutput) Pem ¶
func (o KeyRingImportJobPublicKeyOutput) Pem() pulumi.StringPtrOutput
(Output) The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.
func (KeyRingImportJobPublicKeyOutput) ToKeyRingImportJobPublicKeyOutput ¶
func (o KeyRingImportJobPublicKeyOutput) ToKeyRingImportJobPublicKeyOutput() KeyRingImportJobPublicKeyOutput
func (KeyRingImportJobPublicKeyOutput) ToKeyRingImportJobPublicKeyOutputWithContext ¶
func (o KeyRingImportJobPublicKeyOutput) ToKeyRingImportJobPublicKeyOutputWithContext(ctx context.Context) KeyRingImportJobPublicKeyOutput
type KeyRingImportJobState ¶
type KeyRingImportJobState struct { // Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. // Use this statement to verify attributes of the key as stored on the HSM, independently of Google. // Only present if the chosen ImportMethod is one with a protection level of HSM. // Structure is documented below. Attestations KeyRingImportJobAttestationArrayInput // The time at which this resource is scheduled for expiration and can no longer be used. // This is in RFC3339 text format. ExpireTime pulumi.StringPtrInput // It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63} // // *** ImportJobId pulumi.StringPtrInput // The wrapping method to be used for incoming key material. // Possible values are: `RSA_OAEP_3072_SHA1_AES_256`, `RSA_OAEP_4096_SHA1_AES_256`. ImportMethod pulumi.StringPtrInput // The KeyRing that this import job belongs to. // Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`. KeyRing pulumi.StringPtrInput // The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. Name pulumi.StringPtrInput // The protection level of the ImportJob. This must match the protectionLevel of the // versionTemplate on the CryptoKey you attempt to import into. // Possible values are: `SOFTWARE`, `HSM`, `EXTERNAL`. ProtectionLevel pulumi.StringPtrInput // The public key with which to wrap key material prior to import. Only returned if state is `ACTIVE`. // Structure is documented below. PublicKeys KeyRingImportJobPublicKeyArrayInput // The current state of the ImportJob, indicating if it can be used. State pulumi.StringPtrInput }
func (KeyRingImportJobState) ElementType ¶
func (KeyRingImportJobState) ElementType() reflect.Type
type KeyRingInput ¶
type KeyRingInput interface { pulumi.Input ToKeyRingOutput() KeyRingOutput ToKeyRingOutputWithContext(ctx context.Context) KeyRingOutput }
type KeyRingMap ¶
type KeyRingMap map[string]KeyRingInput
func (KeyRingMap) ElementType ¶
func (KeyRingMap) ElementType() reflect.Type
func (KeyRingMap) ToKeyRingMapOutput ¶
func (i KeyRingMap) ToKeyRingMapOutput() KeyRingMapOutput
func (KeyRingMap) ToKeyRingMapOutputWithContext ¶
func (i KeyRingMap) ToKeyRingMapOutputWithContext(ctx context.Context) KeyRingMapOutput
type KeyRingMapInput ¶
type KeyRingMapInput interface { pulumi.Input ToKeyRingMapOutput() KeyRingMapOutput ToKeyRingMapOutputWithContext(context.Context) KeyRingMapOutput }
KeyRingMapInput is an input type that accepts KeyRingMap and KeyRingMapOutput values. You can construct a concrete instance of `KeyRingMapInput` via:
KeyRingMap{ "key": KeyRingArgs{...} }
type KeyRingMapOutput ¶
type KeyRingMapOutput struct{ *pulumi.OutputState }
func (KeyRingMapOutput) ElementType ¶
func (KeyRingMapOutput) ElementType() reflect.Type
func (KeyRingMapOutput) MapIndex ¶
func (o KeyRingMapOutput) MapIndex(k pulumi.StringInput) KeyRingOutput
func (KeyRingMapOutput) ToKeyRingMapOutput ¶
func (o KeyRingMapOutput) ToKeyRingMapOutput() KeyRingMapOutput
func (KeyRingMapOutput) ToKeyRingMapOutputWithContext ¶
func (o KeyRingMapOutput) ToKeyRingMapOutputWithContext(ctx context.Context) KeyRingMapOutput
type KeyRingOutput ¶
type KeyRingOutput struct{ *pulumi.OutputState }
func (KeyRingOutput) ElementType ¶
func (KeyRingOutput) ElementType() reflect.Type
func (KeyRingOutput) Location ¶
func (o KeyRingOutput) Location() pulumi.StringOutput
The location for the KeyRing. A full list of valid locations can be found by running `gcloud kms locations list`.
***
func (KeyRingOutput) Name ¶
func (o KeyRingOutput) Name() pulumi.StringOutput
The resource name for the KeyRing.
func (KeyRingOutput) Project ¶
func (o KeyRingOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
func (KeyRingOutput) ToKeyRingOutput ¶
func (o KeyRingOutput) ToKeyRingOutput() KeyRingOutput
func (KeyRingOutput) ToKeyRingOutputWithContext ¶
func (o KeyRingOutput) ToKeyRingOutputWithContext(ctx context.Context) KeyRingOutput
type KeyRingState ¶
type KeyRingState struct { // The location for the KeyRing. // A full list of valid locations can be found by running `gcloud kms locations list`. // // *** Location pulumi.StringPtrInput // The resource name for the KeyRing. Name pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput }
func (KeyRingState) ElementType ¶
func (KeyRingState) ElementType() reflect.Type
type LookupEkmConnectionIamPolicyArgs ¶
type LookupEkmConnectionIamPolicyArgs struct { // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location *string `pulumi:"location"` // Used to find the parent resource to bind the IAM policy to Name string `pulumi:"name"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` }
A collection of arguments for invoking getEkmConnectionIamPolicy.
type LookupEkmConnectionIamPolicyOutputArgs ¶
type LookupEkmConnectionIamPolicyOutputArgs struct { // The location for the EkmConnection. // A full list of valid locations can be found by running `gcloud kms locations list`. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput `pulumi:"location"` // Used to find the parent resource to bind the IAM policy to Name pulumi.StringInput `pulumi:"name"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` }
A collection of arguments for invoking getEkmConnectionIamPolicy.
func (LookupEkmConnectionIamPolicyOutputArgs) ElementType ¶
func (LookupEkmConnectionIamPolicyOutputArgs) ElementType() reflect.Type
type LookupEkmConnectionIamPolicyResult ¶
type LookupEkmConnectionIamPolicyResult struct { // (Computed) The etag of the IAM policy. Etag string `pulumi:"etag"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Location string `pulumi:"location"` Name string `pulumi:"name"` // (Required only by `kms.EkmConnectionIamPolicy`) The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` Project string `pulumi:"project"` }
A collection of values returned by getEkmConnectionIamPolicy.
func LookupEkmConnectionIamPolicy ¶
func LookupEkmConnectionIamPolicy(ctx *pulumi.Context, args *LookupEkmConnectionIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupEkmConnectionIamPolicyResult, error)
Retrieves the current IAM policy data for ekmconnection
## example
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.LookupEkmConnectionIamPolicy(ctx, &kms.LookupEkmConnectionIamPolicyArgs{ Project: pulumi.StringRef(example_ekmconnection.Project), Location: pulumi.StringRef(example_ekmconnection.Location), Name: example_ekmconnection.Name, }, nil) if err != nil { return err } return nil }) }
```
type LookupEkmConnectionIamPolicyResultOutput ¶
type LookupEkmConnectionIamPolicyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getEkmConnectionIamPolicy.
func LookupEkmConnectionIamPolicyOutput ¶
func LookupEkmConnectionIamPolicyOutput(ctx *pulumi.Context, args LookupEkmConnectionIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupEkmConnectionIamPolicyResultOutput
func (LookupEkmConnectionIamPolicyResultOutput) ElementType ¶
func (LookupEkmConnectionIamPolicyResultOutput) ElementType() reflect.Type
func (LookupEkmConnectionIamPolicyResultOutput) Etag ¶
func (o LookupEkmConnectionIamPolicyResultOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (LookupEkmConnectionIamPolicyResultOutput) Id ¶
func (o LookupEkmConnectionIamPolicyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupEkmConnectionIamPolicyResultOutput) Location ¶
func (o LookupEkmConnectionIamPolicyResultOutput) Location() pulumi.StringOutput
func (LookupEkmConnectionIamPolicyResultOutput) Name ¶
func (o LookupEkmConnectionIamPolicyResultOutput) Name() pulumi.StringOutput
func (LookupEkmConnectionIamPolicyResultOutput) PolicyData ¶
func (o LookupEkmConnectionIamPolicyResultOutput) PolicyData() pulumi.StringOutput
(Required only by `kms.EkmConnectionIamPolicy`) The policy data generated by a `organizations.getIAMPolicy` data source.
func (LookupEkmConnectionIamPolicyResultOutput) Project ¶
func (o LookupEkmConnectionIamPolicyResultOutput) Project() pulumi.StringOutput
func (LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutput ¶
func (o LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutput() LookupEkmConnectionIamPolicyResultOutput
func (LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutputWithContext ¶
func (o LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutputWithContext(ctx context.Context) LookupEkmConnectionIamPolicyResultOutput
type SecretCiphertext ¶
type SecretCiphertext struct { pulumi.CustomResourceState // The additional authenticated data used for integrity checks during encryption and decryption. // **Note**: This property is sensitive and will not be displayed in the plan. AdditionalAuthenticatedData pulumi.StringPtrOutput `pulumi:"additionalAuthenticatedData"` // Contains the result of encrypting the provided plaintext, encoded in base64. Ciphertext pulumi.StringOutput `pulumi:"ciphertext"` // The full name of the CryptoKey that will be used to encrypt the provided plaintext. // Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'` // // *** CryptoKey pulumi.StringOutput `pulumi:"cryptoKey"` // The plaintext to be encrypted. // **Note**: This property is sensitive and will not be displayed in the plan. Plaintext pulumi.StringOutput `pulumi:"plaintext"` }
Encrypts secret data with Google Cloud KMS and provides access to the ciphertext.
> **NOTE:** Using this resource will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.
To get more information about SecretCiphertext, see:
* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys/encrypt) * How-to Guides
- [Encrypting and decrypting data with a symmetric key](https://cloud.google.com/kms/docs/encrypt-decrypt)
## Example Usage
### Kms Secret Ciphertext Basic
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ Name: pulumi.String("keyring-example"), Location: pulumi.String("global"), }) if err != nil { return err } cryptokey, err := kms.NewCryptoKey(ctx, "cryptokey", &kms.CryptoKeyArgs{ Name: pulumi.String("crypto-key-example"), KeyRing: keyring.ID(), RotationPeriod: pulumi.String("7776000s"), }) if err != nil { return err } myPassword, err := kms.NewSecretCiphertext(ctx, "my_password", &kms.SecretCiphertextArgs{ CryptoKey: cryptokey.ID(), Plaintext: pulumi.String("my-secret-password"), }) if err != nil { return err } _, err = compute.NewInstance(ctx, "instance", &compute.InstanceArgs{ NetworkInterfaces: compute.InstanceNetworkInterfaceArray{ &compute.InstanceNetworkInterfaceArgs{ AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{ &compute.InstanceNetworkInterfaceAccessConfigArgs{}, }, Network: pulumi.String("default"), }, }, Name: pulumi.String("my-instance"), MachineType: pulumi.String("e2-medium"), Zone: pulumi.String("us-central1-a"), BootDisk: &compute.InstanceBootDiskArgs{ InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{ Image: pulumi.String("debian-cloud/debian-11"), }, }, Metadata: pulumi.StringMap{ "password": myPassword.Ciphertext, }, }) if err != nil { return err } return nil }) }
```
## Import
This resource does not support import.
func GetSecretCiphertext ¶
func GetSecretCiphertext(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecretCiphertextState, opts ...pulumi.ResourceOption) (*SecretCiphertext, error)
GetSecretCiphertext gets an existing SecretCiphertext resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSecretCiphertext ¶
func NewSecretCiphertext(ctx *pulumi.Context, name string, args *SecretCiphertextArgs, opts ...pulumi.ResourceOption) (*SecretCiphertext, error)
NewSecretCiphertext registers a new resource with the given unique name, arguments, and options.
func (*SecretCiphertext) ElementType ¶
func (*SecretCiphertext) ElementType() reflect.Type
func (*SecretCiphertext) ToSecretCiphertextOutput ¶
func (i *SecretCiphertext) ToSecretCiphertextOutput() SecretCiphertextOutput
func (*SecretCiphertext) ToSecretCiphertextOutputWithContext ¶
func (i *SecretCiphertext) ToSecretCiphertextOutputWithContext(ctx context.Context) SecretCiphertextOutput
type SecretCiphertextArgs ¶
type SecretCiphertextArgs struct { // The additional authenticated data used for integrity checks during encryption and decryption. // **Note**: This property is sensitive and will not be displayed in the plan. AdditionalAuthenticatedData pulumi.StringPtrInput // The full name of the CryptoKey that will be used to encrypt the provided plaintext. // Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'` // // *** CryptoKey pulumi.StringInput // The plaintext to be encrypted. // **Note**: This property is sensitive and will not be displayed in the plan. Plaintext pulumi.StringInput }
The set of arguments for constructing a SecretCiphertext resource.
func (SecretCiphertextArgs) ElementType ¶
func (SecretCiphertextArgs) ElementType() reflect.Type
type SecretCiphertextArray ¶
type SecretCiphertextArray []SecretCiphertextInput
func (SecretCiphertextArray) ElementType ¶
func (SecretCiphertextArray) ElementType() reflect.Type
func (SecretCiphertextArray) ToSecretCiphertextArrayOutput ¶
func (i SecretCiphertextArray) ToSecretCiphertextArrayOutput() SecretCiphertextArrayOutput
func (SecretCiphertextArray) ToSecretCiphertextArrayOutputWithContext ¶
func (i SecretCiphertextArray) ToSecretCiphertextArrayOutputWithContext(ctx context.Context) SecretCiphertextArrayOutput
type SecretCiphertextArrayInput ¶
type SecretCiphertextArrayInput interface { pulumi.Input ToSecretCiphertextArrayOutput() SecretCiphertextArrayOutput ToSecretCiphertextArrayOutputWithContext(context.Context) SecretCiphertextArrayOutput }
SecretCiphertextArrayInput is an input type that accepts SecretCiphertextArray and SecretCiphertextArrayOutput values. You can construct a concrete instance of `SecretCiphertextArrayInput` via:
SecretCiphertextArray{ SecretCiphertextArgs{...} }
type SecretCiphertextArrayOutput ¶
type SecretCiphertextArrayOutput struct{ *pulumi.OutputState }
func (SecretCiphertextArrayOutput) ElementType ¶
func (SecretCiphertextArrayOutput) ElementType() reflect.Type
func (SecretCiphertextArrayOutput) Index ¶
func (o SecretCiphertextArrayOutput) Index(i pulumi.IntInput) SecretCiphertextOutput
func (SecretCiphertextArrayOutput) ToSecretCiphertextArrayOutput ¶
func (o SecretCiphertextArrayOutput) ToSecretCiphertextArrayOutput() SecretCiphertextArrayOutput
func (SecretCiphertextArrayOutput) ToSecretCiphertextArrayOutputWithContext ¶
func (o SecretCiphertextArrayOutput) ToSecretCiphertextArrayOutputWithContext(ctx context.Context) SecretCiphertextArrayOutput
type SecretCiphertextInput ¶
type SecretCiphertextInput interface { pulumi.Input ToSecretCiphertextOutput() SecretCiphertextOutput ToSecretCiphertextOutputWithContext(ctx context.Context) SecretCiphertextOutput }
type SecretCiphertextMap ¶
type SecretCiphertextMap map[string]SecretCiphertextInput
func (SecretCiphertextMap) ElementType ¶
func (SecretCiphertextMap) ElementType() reflect.Type
func (SecretCiphertextMap) ToSecretCiphertextMapOutput ¶
func (i SecretCiphertextMap) ToSecretCiphertextMapOutput() SecretCiphertextMapOutput
func (SecretCiphertextMap) ToSecretCiphertextMapOutputWithContext ¶
func (i SecretCiphertextMap) ToSecretCiphertextMapOutputWithContext(ctx context.Context) SecretCiphertextMapOutput
type SecretCiphertextMapInput ¶
type SecretCiphertextMapInput interface { pulumi.Input ToSecretCiphertextMapOutput() SecretCiphertextMapOutput ToSecretCiphertextMapOutputWithContext(context.Context) SecretCiphertextMapOutput }
SecretCiphertextMapInput is an input type that accepts SecretCiphertextMap and SecretCiphertextMapOutput values. You can construct a concrete instance of `SecretCiphertextMapInput` via:
SecretCiphertextMap{ "key": SecretCiphertextArgs{...} }
type SecretCiphertextMapOutput ¶
type SecretCiphertextMapOutput struct{ *pulumi.OutputState }
func (SecretCiphertextMapOutput) ElementType ¶
func (SecretCiphertextMapOutput) ElementType() reflect.Type
func (SecretCiphertextMapOutput) MapIndex ¶
func (o SecretCiphertextMapOutput) MapIndex(k pulumi.StringInput) SecretCiphertextOutput
func (SecretCiphertextMapOutput) ToSecretCiphertextMapOutput ¶
func (o SecretCiphertextMapOutput) ToSecretCiphertextMapOutput() SecretCiphertextMapOutput
func (SecretCiphertextMapOutput) ToSecretCiphertextMapOutputWithContext ¶
func (o SecretCiphertextMapOutput) ToSecretCiphertextMapOutputWithContext(ctx context.Context) SecretCiphertextMapOutput
type SecretCiphertextOutput ¶
type SecretCiphertextOutput struct{ *pulumi.OutputState }
func (SecretCiphertextOutput) AdditionalAuthenticatedData ¶
func (o SecretCiphertextOutput) AdditionalAuthenticatedData() pulumi.StringPtrOutput
The additional authenticated data used for integrity checks during encryption and decryption. **Note**: This property is sensitive and will not be displayed in the plan.
func (SecretCiphertextOutput) Ciphertext ¶
func (o SecretCiphertextOutput) Ciphertext() pulumi.StringOutput
Contains the result of encrypting the provided plaintext, encoded in base64.
func (SecretCiphertextOutput) CryptoKey ¶
func (o SecretCiphertextOutput) CryptoKey() pulumi.StringOutput
The full name of the CryptoKey that will be used to encrypt the provided plaintext. Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'`
***
func (SecretCiphertextOutput) ElementType ¶
func (SecretCiphertextOutput) ElementType() reflect.Type
func (SecretCiphertextOutput) Plaintext ¶
func (o SecretCiphertextOutput) Plaintext() pulumi.StringOutput
The plaintext to be encrypted. **Note**: This property is sensitive and will not be displayed in the plan.
func (SecretCiphertextOutput) ToSecretCiphertextOutput ¶
func (o SecretCiphertextOutput) ToSecretCiphertextOutput() SecretCiphertextOutput
func (SecretCiphertextOutput) ToSecretCiphertextOutputWithContext ¶
func (o SecretCiphertextOutput) ToSecretCiphertextOutputWithContext(ctx context.Context) SecretCiphertextOutput
type SecretCiphertextState ¶
type SecretCiphertextState struct { // The additional authenticated data used for integrity checks during encryption and decryption. // **Note**: This property is sensitive and will not be displayed in the plan. AdditionalAuthenticatedData pulumi.StringPtrInput // Contains the result of encrypting the provided plaintext, encoded in base64. Ciphertext pulumi.StringPtrInput // The full name of the CryptoKey that will be used to encrypt the provided plaintext. // Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'` // // *** CryptoKey pulumi.StringPtrInput // The plaintext to be encrypted. // **Note**: This property is sensitive and will not be displayed in the plan. Plaintext pulumi.StringPtrInput }
func (SecretCiphertextState) ElementType ¶
func (SecretCiphertextState) ElementType() reflect.Type
Source Files ¶
- autokeyConfig.go
- cryptoKey.go
- cryptoKeyIAMBinding.go
- cryptoKeyIAMMember.go
- cryptoKeyIAMPolicy.go
- cryptoKeyVersion.go
- ekmConnection.go
- ekmConnectionIamBinding.go
- ekmConnectionIamMember.go
- ekmConnectionIamPolicy.go
- getCryptoKeyIamPolicy.go
- getCryptoKeyLatestVersion.go
- getCryptoKeyVersions.go
- getCryptoKeys.go
- getEkmConnectionIamPolicy.go
- getKMSCryptoKey.go
- getKMSCryptoKeyVersion.go
- getKMSKeyRing.go
- getKMSSecret.go
- getKMSSecretAsymmetric.go
- getKMSSecretCiphertext.go
- getKeyRingIamPolicy.go
- getKeyRings.go
- init.go
- keyHandle.go
- keyRing.go
- keyRingIAMBinding.go
- keyRingIAMMember.go
- keyRingIAMPolicy.go
- keyRingImportJob.go
- pulumiTypes.go
- secretCiphertext.go