v1

package
v0.0.1-alpha.100 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 25, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Default case. Should never be this.
	AuditLogConfigLogTypeLogTypeUnspecified = AuditLogConfigLogType("LOG_TYPE_UNSPECIFIED")
	// Admin reads. Example: CloudIAM getIamPolicy
	AuditLogConfigLogTypeAdminRead = AuditLogConfigLogType("ADMIN_READ")
	// Data writes. Example: CloudSQL Users create
	AuditLogConfigLogTypeDataWrite = AuditLogConfigLogType("DATA_WRITE")
	// Data reads. Example: CloudSQL Users list
	AuditLogConfigLogTypeDataRead = AuditLogConfigLogType("DATA_READ")
)
View Source 
const (
	// Not specified.
	CryptoKeyPurposeCryptoKeyPurposeUnspecified = CryptoKeyPurpose("CRYPTO_KEY_PURPOSE_UNSPECIFIED")
	// CryptoKeys with this purpose may be used with Encrypt and Decrypt.
	CryptoKeyPurposeEncryptDecrypt = CryptoKeyPurpose("ENCRYPT_DECRYPT")
	// CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
	CryptoKeyPurposeAsymmetricSign = CryptoKeyPurpose("ASYMMETRIC_SIGN")
	// CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
	CryptoKeyPurposeAsymmetricDecrypt = CryptoKeyPurpose("ASYMMETRIC_DECRYPT")
	// CryptoKeys with this purpose may be used with RawEncrypt and RawDecrypt. This purpose is meant to be used for interoperable symmetric encryption and does not support automatic CryptoKey rotation.
	CryptoKeyPurposeRawEncryptDecrypt = CryptoKeyPurpose("RAW_ENCRYPT_DECRYPT")
	// CryptoKeys with this purpose may be used with MacSign.
	CryptoKeyPurposeMac = CryptoKeyPurpose("MAC")
)
View Source 
const (
	// Not specified.
	CryptoKeyVersionStateEnumCryptoKeyVersionStateUnspecified = CryptoKeyVersionStateEnum("CRYPTO_KEY_VERSION_STATE_UNSPECIFIED")
	// This version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
	CryptoKeyVersionStateEnumPendingGeneration = CryptoKeyVersionStateEnum("PENDING_GENERATION")
	// This version may be used for cryptographic operations.
	CryptoKeyVersionStateEnumEnabled = CryptoKeyVersionStateEnum("ENABLED")
	// This version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
	CryptoKeyVersionStateEnumDisabled = CryptoKeyVersionStateEnum("DISABLED")
	// This version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
	CryptoKeyVersionStateEnumDestroyed = CryptoKeyVersionStateEnum("DESTROYED")
	// This version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
	CryptoKeyVersionStateEnumDestroyScheduled = CryptoKeyVersionStateEnum("DESTROY_SCHEDULED")
	// This version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
	CryptoKeyVersionStateEnumPendingImport = CryptoKeyVersionStateEnum("PENDING_IMPORT")
	// This version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
	CryptoKeyVersionStateEnumImportFailed = CryptoKeyVersionStateEnum("IMPORT_FAILED")
	// This version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
	CryptoKeyVersionStateEnumGenerationFailed = CryptoKeyVersionStateEnum("GENERATION_FAILED")
	// This version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
	CryptoKeyVersionStateEnumPendingExternalDestruction = CryptoKeyVersionStateEnum("PENDING_EXTERNAL_DESTRUCTION")
	// This version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
	CryptoKeyVersionStateEnumExternalDestructionFailed = CryptoKeyVersionStateEnum("EXTERNAL_DESTRUCTION_FAILED")
)
View Source 
const (
	// Not specified.
	CryptoKeyVersionTemplateAlgorithmCryptoKeyVersionAlgorithmUnspecified = CryptoKeyVersionTemplateAlgorithm("CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED")
	// Creates symmetric encryption keys.
	CryptoKeyVersionTemplateAlgorithmGoogleSymmetricEncryption = CryptoKeyVersionTemplateAlgorithm("GOOGLE_SYMMETRIC_ENCRYPTION")
	// AES-GCM (Galois Counter Mode) using 128-bit keys.
	CryptoKeyVersionTemplateAlgorithmAes128Gcm = CryptoKeyVersionTemplateAlgorithm("AES_128_GCM")
	// AES-GCM (Galois Counter Mode) using 256-bit keys.
	CryptoKeyVersionTemplateAlgorithmAes256Gcm = CryptoKeyVersionTemplateAlgorithm("AES_256_GCM")
	// AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
	CryptoKeyVersionTemplateAlgorithmAes128Cbc = CryptoKeyVersionTemplateAlgorithm("AES_128_CBC")
	// AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
	CryptoKeyVersionTemplateAlgorithmAes256Cbc = CryptoKeyVersionTemplateAlgorithm("AES_256_CBC")
	// AES-CTR (Counter Mode) using 128-bit keys.
	CryptoKeyVersionTemplateAlgorithmAes128Ctr = CryptoKeyVersionTemplateAlgorithm("AES_128_CTR")
	// AES-CTR (Counter Mode) using 256-bit keys.
	CryptoKeyVersionTemplateAlgorithmAes256Ctr = CryptoKeyVersionTemplateAlgorithm("AES_256_CTR")
	// RSASSA-PSS 2048 bit key with a SHA256 digest.
	CryptoKeyVersionTemplateAlgorithmRsaSignPss2048Sha256 = CryptoKeyVersionTemplateAlgorithm("RSA_SIGN_PSS_2048_SHA256")
	// RSASSA-PSS 3072 bit key with a SHA256 digest.
	CryptoKeyVersionTemplateAlgorithmRsaSignPss3072Sha256 = CryptoKeyVersionTemplateAlgorithm("RSA_SIGN_PSS_3072_SHA256")
	// RSASSA-PSS 4096 bit key with a SHA256 digest.
	CryptoKeyVersionTemplateAlgorithmRsaSignPss4096Sha256 = CryptoKeyVersionTemplateAlgorithm("RSA_SIGN_PSS_4096_SHA256")
	// RSASSA-PSS 4096 bit key with a SHA512 digest.
	CryptoKeyVersionTemplateAlgorithmRsaSignPss4096Sha512 = CryptoKeyVersionTemplateAlgorithm("RSA_SIGN_PSS_4096_SHA512")
	// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
	CryptoKeyVersionTemplateAlgorithmRsaSignPkcs12048Sha256 = CryptoKeyVersionTemplateAlgorithm("RSA_SIGN_PKCS1_2048_SHA256")
	// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
	CryptoKeyVersionTemplateAlgorithmRsaSignPkcs13072Sha256 = CryptoKeyVersionTemplateAlgorithm("RSA_SIGN_PKCS1_3072_SHA256")
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
	CryptoKeyVersionTemplateAlgorithmRsaSignPkcs14096Sha256 = CryptoKeyVersionTemplateAlgorithm("RSA_SIGN_PKCS1_4096_SHA256")
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
	CryptoKeyVersionTemplateAlgorithmRsaSignPkcs14096Sha512 = CryptoKeyVersionTemplateAlgorithm("RSA_SIGN_PKCS1_4096_SHA512")
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
	CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs12048 = CryptoKeyVersionTemplateAlgorithm("RSA_SIGN_RAW_PKCS1_2048")
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
	CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs13072 = CryptoKeyVersionTemplateAlgorithm("RSA_SIGN_RAW_PKCS1_3072")
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
	CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs14096 = CryptoKeyVersionTemplateAlgorithm("RSA_SIGN_RAW_PKCS1_4096")
	// RSAES-OAEP 2048 bit key with a SHA256 digest.
	CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep2048Sha256 = CryptoKeyVersionTemplateAlgorithm("RSA_DECRYPT_OAEP_2048_SHA256")
	// RSAES-OAEP 3072 bit key with a SHA256 digest.
	CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep3072Sha256 = CryptoKeyVersionTemplateAlgorithm("RSA_DECRYPT_OAEP_3072_SHA256")
	// RSAES-OAEP 4096 bit key with a SHA256 digest.
	CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha256 = CryptoKeyVersionTemplateAlgorithm("RSA_DECRYPT_OAEP_4096_SHA256")
	// RSAES-OAEP 4096 bit key with a SHA512 digest.
	CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha512 = CryptoKeyVersionTemplateAlgorithm("RSA_DECRYPT_OAEP_4096_SHA512")
	// RSAES-OAEP 2048 bit key with a SHA1 digest.
	CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep2048Sha1 = CryptoKeyVersionTemplateAlgorithm("RSA_DECRYPT_OAEP_2048_SHA1")
	// RSAES-OAEP 3072 bit key with a SHA1 digest.
	CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep3072Sha1 = CryptoKeyVersionTemplateAlgorithm("RSA_DECRYPT_OAEP_3072_SHA1")
	// RSAES-OAEP 4096 bit key with a SHA1 digest.
	CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha1 = CryptoKeyVersionTemplateAlgorithm("RSA_DECRYPT_OAEP_4096_SHA1")
	// ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
	CryptoKeyVersionTemplateAlgorithmEcSignP256Sha256 = CryptoKeyVersionTemplateAlgorithm("EC_SIGN_P256_SHA256")
	// ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
	CryptoKeyVersionTemplateAlgorithmEcSignP384Sha384 = CryptoKeyVersionTemplateAlgorithm("EC_SIGN_P384_SHA384")
	// ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
	CryptoKeyVersionTemplateAlgorithmEcSignSecp256k1Sha256 = CryptoKeyVersionTemplateAlgorithm("EC_SIGN_SECP256K1_SHA256")
	// HMAC-SHA256 signing with a 256 bit key.
	CryptoKeyVersionTemplateAlgorithmHmacSha256 = CryptoKeyVersionTemplateAlgorithm("HMAC_SHA256")
	// HMAC-SHA1 signing with a 160 bit key.
	CryptoKeyVersionTemplateAlgorithmHmacSha1 = CryptoKeyVersionTemplateAlgorithm("HMAC_SHA1")
	// HMAC-SHA384 signing with a 384 bit key.
	CryptoKeyVersionTemplateAlgorithmHmacSha384 = CryptoKeyVersionTemplateAlgorithm("HMAC_SHA384")
	// HMAC-SHA512 signing with a 512 bit key.
	CryptoKeyVersionTemplateAlgorithmHmacSha512 = CryptoKeyVersionTemplateAlgorithm("HMAC_SHA512")
	// HMAC-SHA224 signing with a 224 bit key.
	CryptoKeyVersionTemplateAlgorithmHmacSha224 = CryptoKeyVersionTemplateAlgorithm("HMAC_SHA224")
	// Algorithm representing symmetric encryption by an external key manager.
	CryptoKeyVersionTemplateAlgorithmExternalSymmetricEncryption = CryptoKeyVersionTemplateAlgorithm("EXTERNAL_SYMMETRIC_ENCRYPTION")
)
View Source 
const (
	// Not specified.
	CryptoKeyVersionTemplateProtectionLevelProtectionLevelUnspecified = CryptoKeyVersionTemplateProtectionLevel("PROTECTION_LEVEL_UNSPECIFIED")
	// Crypto operations are performed in software.
	CryptoKeyVersionTemplateProtectionLevelSoftware = CryptoKeyVersionTemplateProtectionLevel("SOFTWARE")
	// Crypto operations are performed in a Hardware Security Module.
	CryptoKeyVersionTemplateProtectionLevelHsm = CryptoKeyVersionTemplateProtectionLevel("HSM")
	// Crypto operations are performed by an external key manager.
	CryptoKeyVersionTemplateProtectionLevelExternal = CryptoKeyVersionTemplateProtectionLevel("EXTERNAL")
	// Crypto operations are performed in an EKM-over-VPC backend.
	CryptoKeyVersionTemplateProtectionLevelExternalVpc = CryptoKeyVersionTemplateProtectionLevel("EXTERNAL_VPC")
)
View Source 
const (
	// Not specified.
	EkmConnectionKeyManagementModeKeyManagementModeUnspecified = EkmConnectionKeyManagementMode("KEY_MANAGEMENT_MODE_UNSPECIFIED")
	// EKM-side key management operations on CryptoKeys created with this EkmConnection must be initiated from the EKM directly and cannot be performed from Cloud KMS. This means that: * When creating a CryptoKeyVersion associated with this EkmConnection, the caller must supply the key path of pre-existing external key material that will be linked to the CryptoKeyVersion. * Destruction of external key material cannot be requested via the Cloud KMS API and must be performed directly in the EKM. * Automatic rotation of key material is not supported.
	EkmConnectionKeyManagementModeManual = EkmConnectionKeyManagementMode("MANUAL")
	// All CryptoKeys created with this EkmConnection use EKM-side key management operations initiated from Cloud KMS. This means that: * When a CryptoKeyVersion associated with this EkmConnection is created, the EKM automatically generates new key material and a new key path. The caller cannot supply the key path of pre-existing external key material. * Destruction of external key material associated with this EkmConnection can be requested by calling DestroyCryptoKeyVersion. * Automatic rotation of key material is supported.
	EkmConnectionKeyManagementModeCloudKms = EkmConnectionKeyManagementMode("CLOUD_KMS")
)
View Source 
const (
	// Not specified.
	ImportJobImportMethodImportMethodUnspecified = ImportJobImportMethod("IMPORT_METHOD_UNSPECIFIED")
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 3072 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJobImportMethodRsaOaep3072Sha1Aes256 = ImportJobImportMethod("RSA_OAEP_3072_SHA1_AES_256")
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 4096 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJobImportMethodRsaOaep4096Sha1Aes256 = ImportJobImportMethod("RSA_OAEP_4096_SHA1_AES_256")
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 3072 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJobImportMethodRsaOaep3072Sha256Aes256 = ImportJobImportMethod("RSA_OAEP_3072_SHA256_AES_256")
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 4096 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJobImportMethodRsaOaep4096Sha256Aes256 = ImportJobImportMethod("RSA_OAEP_4096_SHA256_AES_256")
	// This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The key material to be imported is wrapped directly with the RSA key. Due to technical limitations of RSA wrapping, this method cannot be used to wrap RSA keys for import.
	ImportJobImportMethodRsaOaep3072Sha256 = ImportJobImportMethod("RSA_OAEP_3072_SHA256")
	// This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The key material to be imported is wrapped directly with the RSA key. Due to technical limitations of RSA wrapping, this method cannot be used to wrap RSA keys for import.
	ImportJobImportMethodRsaOaep4096Sha256 = ImportJobImportMethod("RSA_OAEP_4096_SHA256")
)
View Source 
const (
	// Not specified.
	ImportJobProtectionLevelProtectionLevelUnspecified = ImportJobProtectionLevel("PROTECTION_LEVEL_UNSPECIFIED")
	// Crypto operations are performed in software.
	ImportJobProtectionLevelSoftware = ImportJobProtectionLevel("SOFTWARE")
	// Crypto operations are performed in a Hardware Security Module.
	ImportJobProtectionLevelHsm = ImportJobProtectionLevel("HSM")
	// Crypto operations are performed by an external key manager.
	ImportJobProtectionLevelExternal = ImportJobProtectionLevel("EXTERNAL")
	// Crypto operations are performed in an EKM-over-VPC backend.
	ImportJobProtectionLevelExternalVpc = ImportJobProtectionLevel("EXTERNAL_VPC")
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditConfig 

type AuditConfig struct {
	// The configuration for logging of each type of permission.
	AuditLogConfigs []AuditLogConfig `pulumi:"auditLogConfigs"`
	// Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service *string `pulumi:"service"`
}

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

type AuditConfigArgs 

type AuditConfigArgs struct {
	// The configuration for logging of each type of permission.
	AuditLogConfigs AuditLogConfigArrayInput `pulumi:"auditLogConfigs"`
	// Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service pulumi.StringPtrInput `pulumi:"service"`
}

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

func (AuditConfigArgs) ElementType 

func (AuditConfigArgs) ElementType() reflect.Type

func (AuditConfigArgs) ToAuditConfigOutput 

func (i AuditConfigArgs) ToAuditConfigOutput() AuditConfigOutput

func (AuditConfigArgs) ToAuditConfigOutputWithContext 

func (i AuditConfigArgs) ToAuditConfigOutputWithContext(ctx context.Context) AuditConfigOutput

type AuditConfigArray 

type AuditConfigArray []AuditConfigInput

func (AuditConfigArray) ElementType 

func (AuditConfigArray) ElementType() reflect.Type

func (AuditConfigArray) ToAuditConfigArrayOutput 

func (i AuditConfigArray) ToAuditConfigArrayOutput() AuditConfigArrayOutput

func (AuditConfigArray) ToAuditConfigArrayOutputWithContext 

func (i AuditConfigArray) ToAuditConfigArrayOutputWithContext(ctx context.Context) AuditConfigArrayOutput

type AuditConfigArrayInput 

type AuditConfigArrayInput interface {
	pulumi.Input

	ToAuditConfigArrayOutput() AuditConfigArrayOutput
	ToAuditConfigArrayOutputWithContext(context.Context) AuditConfigArrayOutput
}

AuditConfigArrayInput is an input type that accepts AuditConfigArray and AuditConfigArrayOutput values. You can construct a concrete instance of `AuditConfigArrayInput` via: 

AuditConfigArray{ AuditConfigArgs{...} }

type AuditConfigArrayOutput 

type AuditConfigArrayOutput struct{ *pulumi.OutputState }

func (AuditConfigArrayOutput) ElementType 

func (AuditConfigArrayOutput) ElementType() reflect.Type

func (AuditConfigArrayOutput) Index 

func (o AuditConfigArrayOutput) Index(i pulumi.IntInput) AuditConfigOutput

func (AuditConfigArrayOutput) ToAuditConfigArrayOutput 

func (o AuditConfigArrayOutput) ToAuditConfigArrayOutput() AuditConfigArrayOutput

func (AuditConfigArrayOutput) ToAuditConfigArrayOutputWithContext 

func (o AuditConfigArrayOutput) ToAuditConfigArrayOutputWithContext(ctx context.Context) AuditConfigArrayOutput

type AuditConfigInput 

type AuditConfigInput interface {
	pulumi.Input

	ToAuditConfigOutput() AuditConfigOutput
	ToAuditConfigOutputWithContext(context.Context) AuditConfigOutput
}

AuditConfigInput is an input type that accepts AuditConfigArgs and AuditConfigOutput values. You can construct a concrete instance of `AuditConfigInput` via: 

AuditConfigArgs{...}

type AuditConfigOutput 

type AuditConfigOutput struct{ *pulumi.OutputState }

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

func (AuditConfigOutput) AuditLogConfigs 

func (o AuditConfigOutput) AuditLogConfigs() AuditLogConfigArrayOutput

The configuration for logging of each type of permission.

func (AuditConfigOutput) ElementType 

func (AuditConfigOutput) ElementType() reflect.Type

func (AuditConfigOutput) Service 

func (o AuditConfigOutput) Service() pulumi.StringPtrOutput

Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.

func (AuditConfigOutput) ToAuditConfigOutput 

func (o AuditConfigOutput) ToAuditConfigOutput() AuditConfigOutput

func (AuditConfigOutput) ToAuditConfigOutputWithContext 

func (o AuditConfigOutput) ToAuditConfigOutputWithContext(ctx context.Context) AuditConfigOutput

type AuditConfigResponse 

type AuditConfigResponse struct {
	// The configuration for logging of each type of permission.
	AuditLogConfigs []AuditLogConfigResponse `pulumi:"auditLogConfigs"`
	// Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
	Service string `pulumi:"service"`
}

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

type AuditConfigResponseArrayOutput 

type AuditConfigResponseArrayOutput struct{ *pulumi.OutputState }

func (AuditConfigResponseArrayOutput) ElementType 

func (AuditConfigResponseArrayOutput) ElementType() reflect.Type

func (AuditConfigResponseArrayOutput) Index 

func (o AuditConfigResponseArrayOutput) Index(i pulumi.IntInput) AuditConfigResponseOutput

func (AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutput 

func (o AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutput() AuditConfigResponseArrayOutput

func (AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutputWithContext 

func (o AuditConfigResponseArrayOutput) ToAuditConfigResponseArrayOutputWithContext(ctx context.Context) AuditConfigResponseArrayOutput

type AuditConfigResponseOutput 

type AuditConfigResponseOutput struct{ *pulumi.OutputState }

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.

func (AuditConfigResponseOutput) AuditLogConfigs 

func (o AuditConfigResponseOutput) AuditLogConfigs() AuditLogConfigResponseArrayOutput

The configuration for logging of each type of permission.

func (AuditConfigResponseOutput) ElementType 

func (AuditConfigResponseOutput) ElementType() reflect.Type

func (AuditConfigResponseOutput) Service 

func (o AuditConfigResponseOutput) Service() pulumi.StringOutput

Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.

func (AuditConfigResponseOutput) ToAuditConfigResponseOutput 

func (o AuditConfigResponseOutput) ToAuditConfigResponseOutput() AuditConfigResponseOutput

func (AuditConfigResponseOutput) ToAuditConfigResponseOutputWithContext 

func (o AuditConfigResponseOutput) ToAuditConfigResponseOutputWithContext(ctx context.Context) AuditConfigResponseOutput

type AuditLogConfig 

type AuditLogConfig struct {
	// Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
	ExemptedMembers []string `pulumi:"exemptedMembers"`
	// The log type that this config enables.
	LogType *AuditLogConfigLogType `pulumi:"logType"`
}

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

type AuditLogConfigArgs 

type AuditLogConfigArgs struct {
	// Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
	ExemptedMembers pulumi.StringArrayInput `pulumi:"exemptedMembers"`
	// The log type that this config enables.
	LogType AuditLogConfigLogTypePtrInput `pulumi:"logType"`
}

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (AuditLogConfigArgs) ElementType 

func (AuditLogConfigArgs) ElementType() reflect.Type

func (AuditLogConfigArgs) ToAuditLogConfigOutput 

func (i AuditLogConfigArgs) ToAuditLogConfigOutput() AuditLogConfigOutput

func (AuditLogConfigArgs) ToAuditLogConfigOutputWithContext 

func (i AuditLogConfigArgs) ToAuditLogConfigOutputWithContext(ctx context.Context) AuditLogConfigOutput

type AuditLogConfigArray 

type AuditLogConfigArray []AuditLogConfigInput

func (AuditLogConfigArray) ElementType 

func (AuditLogConfigArray) ElementType() reflect.Type

func (AuditLogConfigArray) ToAuditLogConfigArrayOutput 

func (i AuditLogConfigArray) ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput

func (AuditLogConfigArray) ToAuditLogConfigArrayOutputWithContext 

func (i AuditLogConfigArray) ToAuditLogConfigArrayOutputWithContext(ctx context.Context) AuditLogConfigArrayOutput

type AuditLogConfigArrayInput 

type AuditLogConfigArrayInput interface {
	pulumi.Input

	ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput
	ToAuditLogConfigArrayOutputWithContext(context.Context) AuditLogConfigArrayOutput
}

AuditLogConfigArrayInput is an input type that accepts AuditLogConfigArray and AuditLogConfigArrayOutput values. You can construct a concrete instance of `AuditLogConfigArrayInput` via: 

AuditLogConfigArray{ AuditLogConfigArgs{...} }

type AuditLogConfigArrayOutput 

type AuditLogConfigArrayOutput struct{ *pulumi.OutputState }

func (AuditLogConfigArrayOutput) ElementType 

func (AuditLogConfigArrayOutput) ElementType() reflect.Type

func (AuditLogConfigArrayOutput) Index 

func (o AuditLogConfigArrayOutput) Index(i pulumi.IntInput) AuditLogConfigOutput

func (AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutput 

func (o AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutput() AuditLogConfigArrayOutput

func (AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutputWithContext 

func (o AuditLogConfigArrayOutput) ToAuditLogConfigArrayOutputWithContext(ctx context.Context) AuditLogConfigArrayOutput

type AuditLogConfigInput 

type AuditLogConfigInput interface {
	pulumi.Input

	ToAuditLogConfigOutput() AuditLogConfigOutput
	ToAuditLogConfigOutputWithContext(context.Context) AuditLogConfigOutput
}

AuditLogConfigInput is an input type that accepts AuditLogConfigArgs and AuditLogConfigOutput values. You can construct a concrete instance of `AuditLogConfigInput` via: 

AuditLogConfigArgs{...}

type AuditLogConfigLogType added in v0.4.0 

type AuditLogConfigLogType string

The log type that this config enables.

func (AuditLogConfigLogType) ElementType added in v0.4.0 

func (AuditLogConfigLogType) ElementType() reflect.Type

func (AuditLogConfigLogType) ToAuditLogConfigLogTypeOutput added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput

func (AuditLogConfigLogType) ToAuditLogConfigLogTypeOutputWithContext added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypeOutputWithContext(ctx context.Context) AuditLogConfigLogTypeOutput

func (AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutput added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutputWithContext added in v0.6.0 

func (e AuditLogConfigLogType) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogType) ToStringOutput added in v0.4.0 

func (e AuditLogConfigLogType) ToStringOutput() pulumi.StringOutput

func (AuditLogConfigLogType) ToStringOutputWithContext added in v0.4.0 

func (e AuditLogConfigLogType) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (AuditLogConfigLogType) ToStringPtrOutput added in v0.4.0 

func (e AuditLogConfigLogType) ToStringPtrOutput() pulumi.StringPtrOutput

func (AuditLogConfigLogType) ToStringPtrOutputWithContext added in v0.4.0 

func (e AuditLogConfigLogType) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type AuditLogConfigLogTypeInput added in v0.6.0 

type AuditLogConfigLogTypeInput interface {
	pulumi.Input

	ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput
	ToAuditLogConfigLogTypeOutputWithContext(context.Context) AuditLogConfigLogTypeOutput
}

AuditLogConfigLogTypeInput is an input type that accepts values of the AuditLogConfigLogType enum A concrete instance of `AuditLogConfigLogTypeInput` can be one of the following: 

AuditLogConfigLogTypeLogTypeUnspecified
AuditLogConfigLogTypeAdminRead
AuditLogConfigLogTypeDataWrite
AuditLogConfigLogTypeDataRead

type AuditLogConfigLogTypeOutput added in v0.6.0 

type AuditLogConfigLogTypeOutput struct{ *pulumi.OutputState }

func (AuditLogConfigLogTypeOutput) ElementType added in v0.6.0 

func (AuditLogConfigLogTypeOutput) ElementType() reflect.Type

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutput() AuditLogConfigLogTypeOutput

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypeOutputWithContext(ctx context.Context) AuditLogConfigLogTypeOutput

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypeOutput) ToStringOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringOutput() pulumi.StringOutput

func (AuditLogConfigLogTypeOutput) ToStringOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (AuditLogConfigLogTypeOutput) ToStringPtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (AuditLogConfigLogTypeOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type AuditLogConfigLogTypePtrInput added in v0.6.0 

type AuditLogConfigLogTypePtrInput interface {
	pulumi.Input

	ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput
	ToAuditLogConfigLogTypePtrOutputWithContext(context.Context) AuditLogConfigLogTypePtrOutput
}

func AuditLogConfigLogTypePtr added in v0.6.0 

func AuditLogConfigLogTypePtr(v string) AuditLogConfigLogTypePtrInput

type AuditLogConfigLogTypePtrOutput added in v0.6.0 

type AuditLogConfigLogTypePtrOutput struct{ *pulumi.OutputState }

func (AuditLogConfigLogTypePtrOutput) Elem added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) Elem() AuditLogConfigLogTypeOutput

func (AuditLogConfigLogTypePtrOutput) ElementType added in v0.6.0 

func (AuditLogConfigLogTypePtrOutput) ElementType() reflect.Type

func (AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutput() AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToAuditLogConfigLogTypePtrOutputWithContext(ctx context.Context) AuditLogConfigLogTypePtrOutput

func (AuditLogConfigLogTypePtrOutput) ToStringPtrOutput added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (AuditLogConfigLogTypePtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o AuditLogConfigLogTypePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type AuditLogConfigOutput 

type AuditLogConfigOutput struct{ *pulumi.OutputState }

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (AuditLogConfigOutput) ElementType 

func (AuditLogConfigOutput) ElementType() reflect.Type

func (AuditLogConfigOutput) ExemptedMembers 

func (o AuditLogConfigOutput) ExemptedMembers() pulumi.StringArrayOutput

Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.

func (AuditLogConfigOutput) LogType 

func (o AuditLogConfigOutput) LogType() AuditLogConfigLogTypePtrOutput

The log type that this config enables.

func (AuditLogConfigOutput) ToAuditLogConfigOutput 

func (o AuditLogConfigOutput) ToAuditLogConfigOutput() AuditLogConfigOutput

func (AuditLogConfigOutput) ToAuditLogConfigOutputWithContext 

func (o AuditLogConfigOutput) ToAuditLogConfigOutputWithContext(ctx context.Context) AuditLogConfigOutput

type AuditLogConfigResponse 

type AuditLogConfigResponse struct {
	// Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
	ExemptedMembers []string `pulumi:"exemptedMembers"`
	// The log type that this config enables.
	LogType string `pulumi:"logType"`
}

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

type AuditLogConfigResponseArrayOutput 

type AuditLogConfigResponseArrayOutput struct{ *pulumi.OutputState }

func (AuditLogConfigResponseArrayOutput) ElementType 

func (AuditLogConfigResponseArrayOutput) ElementType() reflect.Type

func (AuditLogConfigResponseArrayOutput) Index 

func (o AuditLogConfigResponseArrayOutput) Index(i pulumi.IntInput) AuditLogConfigResponseOutput

func (AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutput 

func (o AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutput() AuditLogConfigResponseArrayOutput

func (AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutputWithContext 

func (o AuditLogConfigResponseArrayOutput) ToAuditLogConfigResponseArrayOutputWithContext(ctx context.Context) AuditLogConfigResponseArrayOutput

type AuditLogConfigResponseOutput 

type AuditLogConfigResponseOutput struct{ *pulumi.OutputState }

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

func (AuditLogConfigResponseOutput) ElementType 

func (AuditLogConfigResponseOutput) ElementType() reflect.Type

func (AuditLogConfigResponseOutput) ExemptedMembers 

func (o AuditLogConfigResponseOutput) ExemptedMembers() pulumi.StringArrayOutput

Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.

func (AuditLogConfigResponseOutput) LogType 

func (o AuditLogConfigResponseOutput) LogType() pulumi.StringOutput

The log type that this config enables.

func (AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutput 

func (o AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutput() AuditLogConfigResponseOutput

func (AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutputWithContext 

func (o AuditLogConfigResponseOutput) ToAuditLogConfigResponseOutputWithContext(ctx context.Context) AuditLogConfigResponseOutput

type Binding 

type Binding struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition *Expr `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members []string `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role *string `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

type BindingArgs 

type BindingArgs struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition ExprPtrInput `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayInput `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringPtrInput `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

func (BindingArgs) ElementType 

func (BindingArgs) ElementType() reflect.Type

func (BindingArgs) ToBindingOutput 

func (i BindingArgs) ToBindingOutput() BindingOutput

func (BindingArgs) ToBindingOutputWithContext 

func (i BindingArgs) ToBindingOutputWithContext(ctx context.Context) BindingOutput

type BindingArray 

type BindingArray []BindingInput

func (BindingArray) ElementType 

func (BindingArray) ElementType() reflect.Type

func (BindingArray) ToBindingArrayOutput 

func (i BindingArray) ToBindingArrayOutput() BindingArrayOutput

func (BindingArray) ToBindingArrayOutputWithContext 

func (i BindingArray) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput

type BindingArrayInput 

type BindingArrayInput interface {
	pulumi.Input

	ToBindingArrayOutput() BindingArrayOutput
	ToBindingArrayOutputWithContext(context.Context) BindingArrayOutput
}

BindingArrayInput is an input type that accepts BindingArray and BindingArrayOutput values. You can construct a concrete instance of `BindingArrayInput` via: 

BindingArray{ BindingArgs{...} }

type BindingArrayOutput 

type BindingArrayOutput struct{ *pulumi.OutputState }

func (BindingArrayOutput) ElementType 

func (BindingArrayOutput) ElementType() reflect.Type

func (BindingArrayOutput) Index 

func (o BindingArrayOutput) Index(i pulumi.IntInput) BindingOutput

func (BindingArrayOutput) ToBindingArrayOutput 

func (o BindingArrayOutput) ToBindingArrayOutput() BindingArrayOutput

func (BindingArrayOutput) ToBindingArrayOutputWithContext 

func (o BindingArrayOutput) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput

type BindingInput 

type BindingInput interface {
	pulumi.Input

	ToBindingOutput() BindingOutput
	ToBindingOutputWithContext(context.Context) BindingOutput
}

BindingInput is an input type that accepts BindingArgs and BindingOutput values. You can construct a concrete instance of `BindingInput` via: 

BindingArgs{...}

type BindingOutput 

type BindingOutput struct{ *pulumi.OutputState }

Associates `members`, or principals, with a `role`.

func (BindingOutput) Condition 

func (o BindingOutput) Condition() ExprPtrOutput

The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (BindingOutput) ElementType 

func (BindingOutput) ElementType() reflect.Type

func (BindingOutput) Members 

func (o BindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (BindingOutput) Role 

func (o BindingOutput) Role() pulumi.StringPtrOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (BindingOutput) ToBindingOutput 

func (o BindingOutput) ToBindingOutput() BindingOutput

func (BindingOutput) ToBindingOutputWithContext 

func (o BindingOutput) ToBindingOutputWithContext(ctx context.Context) BindingOutput

type BindingResponse 

type BindingResponse struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition ExprResponse `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members []string `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role string `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

type BindingResponseArrayOutput 

type BindingResponseArrayOutput struct{ *pulumi.OutputState }

func (BindingResponseArrayOutput) ElementType 

func (BindingResponseArrayOutput) ElementType() reflect.Type

func (BindingResponseArrayOutput) Index 

func (o BindingResponseArrayOutput) Index(i pulumi.IntInput) BindingResponseOutput

func (BindingResponseArrayOutput) ToBindingResponseArrayOutput 

func (o BindingResponseArrayOutput) ToBindingResponseArrayOutput() BindingResponseArrayOutput

func (BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext 

func (o BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext(ctx context.Context) BindingResponseArrayOutput

type BindingResponseOutput 

type BindingResponseOutput struct{ *pulumi.OutputState }

Associates `members`, or principals, with a `role`.

func (BindingResponseOutput) Condition 

func (o BindingResponseOutput) Condition() ExprResponseOutput

The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (BindingResponseOutput) ElementType 

func (BindingResponseOutput) ElementType() reflect.Type

func (BindingResponseOutput) Members 

func (o BindingResponseOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (BindingResponseOutput) Role 

func (o BindingResponseOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (BindingResponseOutput) ToBindingResponseOutput 

func (o BindingResponseOutput) ToBindingResponseOutput() BindingResponseOutput

func (BindingResponseOutput) ToBindingResponseOutputWithContext 

func (o BindingResponseOutput) ToBindingResponseOutputWithContext(ctx context.Context) BindingResponseOutput

type Certificate added in v0.13.0 

type Certificate struct {
	// The raw certificate bytes in DER format.
	RawDer string `pulumi:"rawDer"`
}

A Certificate represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas.

type CertificateArgs added in v0.13.0 

type CertificateArgs struct {
	// The raw certificate bytes in DER format.
	RawDer pulumi.StringInput `pulumi:"rawDer"`
}

A Certificate represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas.

func (CertificateArgs) ElementType added in v0.13.0 

func (CertificateArgs) ElementType() reflect.Type

func (CertificateArgs) ToCertificateOutput added in v0.13.0 

func (i CertificateArgs) ToCertificateOutput() CertificateOutput

func (CertificateArgs) ToCertificateOutputWithContext added in v0.13.0 

func (i CertificateArgs) ToCertificateOutputWithContext(ctx context.Context) CertificateOutput

type CertificateArray added in v0.13.0 

type CertificateArray []CertificateInput

func (CertificateArray) ElementType added in v0.13.0 

func (CertificateArray) ElementType() reflect.Type

func (CertificateArray) ToCertificateArrayOutput added in v0.13.0 

func (i CertificateArray) ToCertificateArrayOutput() CertificateArrayOutput

func (CertificateArray) ToCertificateArrayOutputWithContext added in v0.13.0 

func (i CertificateArray) ToCertificateArrayOutputWithContext(ctx context.Context) CertificateArrayOutput

type CertificateArrayInput added in v0.13.0 

type CertificateArrayInput interface {
	pulumi.Input

	ToCertificateArrayOutput() CertificateArrayOutput
	ToCertificateArrayOutputWithContext(context.Context) CertificateArrayOutput
}

CertificateArrayInput is an input type that accepts CertificateArray and CertificateArrayOutput values. You can construct a concrete instance of `CertificateArrayInput` via: 

CertificateArray{ CertificateArgs{...} }

type CertificateArrayOutput added in v0.13.0 

type CertificateArrayOutput struct{ *pulumi.OutputState }

func (CertificateArrayOutput) ElementType added in v0.13.0 

func (CertificateArrayOutput) ElementType() reflect.Type

func (CertificateArrayOutput) Index added in v0.13.0 

func (o CertificateArrayOutput) Index(i pulumi.IntInput) CertificateOutput

func (CertificateArrayOutput) ToCertificateArrayOutput added in v0.13.0 

func (o CertificateArrayOutput) ToCertificateArrayOutput() CertificateArrayOutput

func (CertificateArrayOutput) ToCertificateArrayOutputWithContext added in v0.13.0 

func (o CertificateArrayOutput) ToCertificateArrayOutputWithContext(ctx context.Context) CertificateArrayOutput

type CertificateChainsResponse 

type CertificateChainsResponse struct {
	// Cavium certificate chain corresponding to the attestation.
	CaviumCerts []string `pulumi:"caviumCerts"`
	// Google card certificate chain corresponding to the attestation.
	GoogleCardCerts []string `pulumi:"googleCardCerts"`
	// Google partition certificate chain corresponding to the attestation.
	GooglePartitionCerts []string `pulumi:"googlePartitionCerts"`
}

Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2.

type CertificateChainsResponseOutput 

type CertificateChainsResponseOutput struct{ *pulumi.OutputState }

Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2.

func (CertificateChainsResponseOutput) CaviumCerts 

func (o CertificateChainsResponseOutput) CaviumCerts() pulumi.StringArrayOutput

Cavium certificate chain corresponding to the attestation.

func (CertificateChainsResponseOutput) ElementType 

func (CertificateChainsResponseOutput) ElementType() reflect.Type

func (CertificateChainsResponseOutput) GoogleCardCerts 

func (o CertificateChainsResponseOutput) GoogleCardCerts() pulumi.StringArrayOutput

Google card certificate chain corresponding to the attestation.

func (CertificateChainsResponseOutput) GooglePartitionCerts 

func (o CertificateChainsResponseOutput) GooglePartitionCerts() pulumi.StringArrayOutput

Google partition certificate chain corresponding to the attestation.

func (CertificateChainsResponseOutput) ToCertificateChainsResponseOutput 

func (o CertificateChainsResponseOutput) ToCertificateChainsResponseOutput() CertificateChainsResponseOutput

func (CertificateChainsResponseOutput) ToCertificateChainsResponseOutputWithContext 

func (o CertificateChainsResponseOutput) ToCertificateChainsResponseOutputWithContext(ctx context.Context) CertificateChainsResponseOutput

type CertificateInput added in v0.13.0 

type CertificateInput interface {
	pulumi.Input

	ToCertificateOutput() CertificateOutput
	ToCertificateOutputWithContext(context.Context) CertificateOutput
}

CertificateInput is an input type that accepts CertificateArgs and CertificateOutput values. You can construct a concrete instance of `CertificateInput` via: 

CertificateArgs{...}

type CertificateOutput added in v0.13.0 

type CertificateOutput struct{ *pulumi.OutputState }

A Certificate represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas.

func (CertificateOutput) ElementType added in v0.13.0 

func (CertificateOutput) ElementType() reflect.Type

func (CertificateOutput) RawDer added in v0.13.0 

func (o CertificateOutput) RawDer() pulumi.StringOutput

The raw certificate bytes in DER format.

func (CertificateOutput) ToCertificateOutput added in v0.13.0 

func (o CertificateOutput) ToCertificateOutput() CertificateOutput

func (CertificateOutput) ToCertificateOutputWithContext added in v0.13.0 

func (o CertificateOutput) ToCertificateOutputWithContext(ctx context.Context) CertificateOutput

type CertificateResponse added in v0.13.0 

type CertificateResponse struct {
	// The issuer distinguished name in RFC 2253 format. Only present if parsed is true.
	Issuer string `pulumi:"issuer"`
	// The certificate is not valid after this time. Only present if parsed is true.
	NotAfterTime string `pulumi:"notAfterTime"`
	// The certificate is not valid before this time. Only present if parsed is true.
	NotBeforeTime string `pulumi:"notBeforeTime"`
	// True if the certificate was parsed successfully.
	Parsed bool `pulumi:"parsed"`
	// The raw certificate bytes in DER format.
	RawDer string `pulumi:"rawDer"`
	// The certificate serial number as a hex string. Only present if parsed is true.
	SerialNumber string `pulumi:"serialNumber"`
	// The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true.
	Sha256Fingerprint string `pulumi:"sha256Fingerprint"`
	// The subject distinguished name in RFC 2253 format. Only present if parsed is true.
	Subject string `pulumi:"subject"`
	// The subject Alternative DNS names. Only present if parsed is true.
	SubjectAlternativeDnsNames []string `pulumi:"subjectAlternativeDnsNames"`
}

A Certificate represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas.

type CertificateResponseArrayOutput added in v0.13.0 

type CertificateResponseArrayOutput struct{ *pulumi.OutputState }

func (CertificateResponseArrayOutput) ElementType added in v0.13.0 

func (CertificateResponseArrayOutput) ElementType() reflect.Type

func (CertificateResponseArrayOutput) Index added in v0.13.0 

func (o CertificateResponseArrayOutput) Index(i pulumi.IntInput) CertificateResponseOutput

func (CertificateResponseArrayOutput) ToCertificateResponseArrayOutput added in v0.13.0 

func (o CertificateResponseArrayOutput) ToCertificateResponseArrayOutput() CertificateResponseArrayOutput

func (CertificateResponseArrayOutput) ToCertificateResponseArrayOutputWithContext added in v0.13.0 

func (o CertificateResponseArrayOutput) ToCertificateResponseArrayOutputWithContext(ctx context.Context) CertificateResponseArrayOutput

type CertificateResponseOutput added in v0.13.0 

type CertificateResponseOutput struct{ *pulumi.OutputState }

A Certificate represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas.

func (CertificateResponseOutput) ElementType added in v0.13.0 

func (CertificateResponseOutput) ElementType() reflect.Type

func (CertificateResponseOutput) Issuer added in v0.13.0 

func (o CertificateResponseOutput) Issuer() pulumi.StringOutput

The issuer distinguished name in RFC 2253 format. Only present if parsed is true.

func (CertificateResponseOutput) NotAfterTime added in v0.13.0 

func (o CertificateResponseOutput) NotAfterTime() pulumi.StringOutput

The certificate is not valid after this time. Only present if parsed is true.

func (CertificateResponseOutput) NotBeforeTime added in v0.13.0 

func (o CertificateResponseOutput) NotBeforeTime() pulumi.StringOutput

The certificate is not valid before this time. Only present if parsed is true.

func (CertificateResponseOutput) Parsed added in v0.13.0 

func (o CertificateResponseOutput) Parsed() pulumi.BoolOutput

True if the certificate was parsed successfully.

func (CertificateResponseOutput) RawDer added in v0.13.0 

func (o CertificateResponseOutput) RawDer() pulumi.StringOutput

The raw certificate bytes in DER format.

func (CertificateResponseOutput) SerialNumber added in v0.13.0 

func (o CertificateResponseOutput) SerialNumber() pulumi.StringOutput

The certificate serial number as a hex string. Only present if parsed is true.

func (CertificateResponseOutput) Sha256Fingerprint added in v0.13.0 

func (o CertificateResponseOutput) Sha256Fingerprint() pulumi.StringOutput

The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true.

func (CertificateResponseOutput) Subject added in v0.13.0 

func (o CertificateResponseOutput) Subject() pulumi.StringOutput

The subject distinguished name in RFC 2253 format. Only present if parsed is true.

func (CertificateResponseOutput) SubjectAlternativeDnsNames added in v0.13.0 

func (o CertificateResponseOutput) SubjectAlternativeDnsNames() pulumi.StringArrayOutput

The subject Alternative DNS names. Only present if parsed is true.

func (CertificateResponseOutput) ToCertificateResponseOutput added in v0.13.0 

func (o CertificateResponseOutput) ToCertificateResponseOutput() CertificateResponseOutput

func (CertificateResponseOutput) ToCertificateResponseOutputWithContext added in v0.13.0 

func (o CertificateResponseOutput) ToCertificateResponseOutputWithContext(ctx context.Context) CertificateResponseOutput

type CryptoKey added in v0.3.0 

type CryptoKey struct {
	pulumi.CustomResourceState

	// The time at which this CryptoKey was created.
	CreateTime pulumi.StringOutput `pulumi:"createTime"`
	// Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format `projects/*/locations/*/ekmConnections/*`. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
	CryptoKeyBackend pulumi.StringOutput `pulumi:"cryptoKeyBackend"`
	// Required. It must be unique within a KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"`
	// Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
	DestroyScheduledDuration pulumi.StringOutput `pulumi:"destroyScheduledDuration"`
	// Immutable. Whether this key may contain imported versions only.
	ImportOnly pulumi.BoolOutput   `pulumi:"importOnly"`
	KeyRingId  pulumi.StringOutput `pulumi:"keyRingId"`
	// Labels with user-defined metadata. For more information, see [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
	Labels   pulumi.StringMapOutput `pulumi:"labels"`
	Location pulumi.StringOutput    `pulumi:"location"`
	// The resource name for this CryptoKey in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	Name pulumi.StringOutput `pulumi:"name"`
	// At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
	NextRotationTime pulumi.StringOutput `pulumi:"nextRotationTime"`
	// A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
	Primary CryptoKeyVersionResponseOutput `pulumi:"primary"`
	Project pulumi.StringOutput            `pulumi:"project"`
	// Immutable. The immutable purpose of this CryptoKey.
	Purpose pulumi.StringOutput `pulumi:"purpose"`
	// next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
	RotationPeriod pulumi.StringOutput `pulumi:"rotationPeriod"`
	// If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
	SkipInitialVersionCreation pulumi.BoolPtrOutput `pulumi:"skipInitialVersionCreation"`
	// A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
	VersionTemplate CryptoKeyVersionTemplateResponseOutput `pulumi:"versionTemplate"`
}

Create a new CryptoKey within a KeyRing. CryptoKey.purpose and CryptoKey.version_template.algorithm are required. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetCryptoKey added in v0.3.0 

func GetCryptoKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CryptoKeyState, opts ...pulumi.ResourceOption) (*CryptoKey, error)

GetCryptoKey gets an existing CryptoKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCryptoKey added in v0.3.0 

func NewCryptoKey(ctx *pulumi.Context,
	name string, args *CryptoKeyArgs, opts ...pulumi.ResourceOption) (*CryptoKey, error)

NewCryptoKey registers a new resource with the given unique name, arguments, and options.

func (*CryptoKey) ElementType added in v0.3.0 

func (*CryptoKey) ElementType() reflect.Type

func (*CryptoKey) ToCryptoKeyOutput added in v0.3.0 

func (i *CryptoKey) ToCryptoKeyOutput() CryptoKeyOutput

func (*CryptoKey) ToCryptoKeyOutputWithContext added in v0.3.0 

func (i *CryptoKey) ToCryptoKeyOutputWithContext(ctx context.Context) CryptoKeyOutput

type CryptoKeyArgs added in v0.3.0 

type CryptoKeyArgs struct {
	// Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format `projects/*/locations/*/ekmConnections/*`. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
	CryptoKeyBackend pulumi.StringPtrInput
	// Required. It must be unique within a KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	CryptoKeyId pulumi.StringPtrInput
	// Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
	DestroyScheduledDuration pulumi.StringPtrInput
	// Immutable. Whether this key may contain imported versions only.
	ImportOnly pulumi.BoolPtrInput
	KeyRingId  pulumi.StringInput
	// Labels with user-defined metadata. For more information, see [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
	Labels   pulumi.StringMapInput
	Location pulumi.StringPtrInput
	// At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
	NextRotationTime pulumi.StringPtrInput
	Project          pulumi.StringPtrInput
	// Immutable. The immutable purpose of this CryptoKey.
	Purpose CryptoKeyPurposePtrInput
	// next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
	RotationPeriod pulumi.StringPtrInput
	// If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
	SkipInitialVersionCreation pulumi.BoolPtrInput
	// A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
	VersionTemplate CryptoKeyVersionTemplatePtrInput
}

The set of arguments for constructing a CryptoKey resource.

func (CryptoKeyArgs) ElementType added in v0.3.0 

func (CryptoKeyArgs) ElementType() reflect.Type

type CryptoKeyInput added in v0.3.0 

type CryptoKeyInput interface {
	pulumi.Input

	ToCryptoKeyOutput() CryptoKeyOutput
	ToCryptoKeyOutputWithContext(ctx context.Context) CryptoKeyOutput
}

type CryptoKeyOutput added in v0.3.0 

type CryptoKeyOutput struct{ *pulumi.OutputState }

func (CryptoKeyOutput) CreateTime added in v0.19.0 

func (o CryptoKeyOutput) CreateTime() pulumi.StringOutput

The time at which this CryptoKey was created.

func (CryptoKeyOutput) CryptoKeyBackend added in v0.19.0 

func (o CryptoKeyOutput) CryptoKeyBackend() pulumi.StringOutput

Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format `projects/*/locations/*/ekmConnections/*`. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

func (CryptoKeyOutput) CryptoKeyId added in v0.21.0 

func (o CryptoKeyOutput) CryptoKeyId() pulumi.StringOutput

Required. It must be unique within a KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`

func (CryptoKeyOutput) DestroyScheduledDuration added in v0.19.0 

func (o CryptoKeyOutput) DestroyScheduledDuration() pulumi.StringOutput

Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

func (CryptoKeyOutput) ElementType added in v0.3.0 

func (CryptoKeyOutput) ElementType() reflect.Type

func (CryptoKeyOutput) ImportOnly added in v0.19.0 

func (o CryptoKeyOutput) ImportOnly() pulumi.BoolOutput

Immutable. Whether this key may contain imported versions only.

func (CryptoKeyOutput) KeyRingId added in v0.21.0 

func (o CryptoKeyOutput) KeyRingId() pulumi.StringOutput

func (CryptoKeyOutput) Labels added in v0.19.0 

func (o CryptoKeyOutput) Labels() pulumi.StringMapOutput

Labels with user-defined metadata. For more information, see [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).

func (CryptoKeyOutput) Location added in v0.21.0 

func (o CryptoKeyOutput) Location() pulumi.StringOutput

func (CryptoKeyOutput) Name added in v0.19.0 

func (o CryptoKeyOutput) Name() pulumi.StringOutput

The resource name for this CryptoKey in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*`.

func (CryptoKeyOutput) NextRotationTime added in v0.19.0 

func (o CryptoKeyOutput) NextRotationTime() pulumi.StringOutput

At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

func (CryptoKeyOutput) Primary added in v0.19.0 

func (o CryptoKeyOutput) Primary() CryptoKeyVersionResponseOutput

A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

func (CryptoKeyOutput) Project added in v0.21.0 

func (o CryptoKeyOutput) Project() pulumi.StringOutput

func (CryptoKeyOutput) Purpose added in v0.19.0 

func (o CryptoKeyOutput) Purpose() pulumi.StringOutput

Immutable. The immutable purpose of this CryptoKey.

func (CryptoKeyOutput) RotationPeriod added in v0.19.0 

func (o CryptoKeyOutput) RotationPeriod() pulumi.StringOutput

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

func (CryptoKeyOutput) SkipInitialVersionCreation added in v0.21.0 

func (o CryptoKeyOutput) SkipInitialVersionCreation() pulumi.BoolPtrOutput

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

func (CryptoKeyOutput) ToCryptoKeyOutput added in v0.3.0 

func (o CryptoKeyOutput) ToCryptoKeyOutput() CryptoKeyOutput

func (CryptoKeyOutput) ToCryptoKeyOutputWithContext added in v0.3.0 

func (o CryptoKeyOutput) ToCryptoKeyOutputWithContext(ctx context.Context) CryptoKeyOutput

func (CryptoKeyOutput) VersionTemplate added in v0.19.0 

func (o CryptoKeyOutput) VersionTemplate() CryptoKeyVersionTemplateResponseOutput

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

type CryptoKeyPurpose added in v0.4.0 

type CryptoKeyPurpose string

Immutable. The immutable purpose of this CryptoKey.

func (CryptoKeyPurpose) ElementType added in v0.4.0 

func (CryptoKeyPurpose) ElementType() reflect.Type

func (CryptoKeyPurpose) ToCryptoKeyPurposeOutput added in v0.6.0 

func (e CryptoKeyPurpose) ToCryptoKeyPurposeOutput() CryptoKeyPurposeOutput

func (CryptoKeyPurpose) ToCryptoKeyPurposeOutputWithContext added in v0.6.0 

func (e CryptoKeyPurpose) ToCryptoKeyPurposeOutputWithContext(ctx context.Context) CryptoKeyPurposeOutput

func (CryptoKeyPurpose) ToCryptoKeyPurposePtrOutput added in v0.6.0 

func (e CryptoKeyPurpose) ToCryptoKeyPurposePtrOutput() CryptoKeyPurposePtrOutput

func (CryptoKeyPurpose) ToCryptoKeyPurposePtrOutputWithContext added in v0.6.0 

func (e CryptoKeyPurpose) ToCryptoKeyPurposePtrOutputWithContext(ctx context.Context) CryptoKeyPurposePtrOutput

func (CryptoKeyPurpose) ToStringOutput added in v0.4.0 

func (e CryptoKeyPurpose) ToStringOutput() pulumi.StringOutput

func (CryptoKeyPurpose) ToStringOutputWithContext added in v0.4.0 

func (e CryptoKeyPurpose) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (CryptoKeyPurpose) ToStringPtrOutput added in v0.4.0 

func (e CryptoKeyPurpose) ToStringPtrOutput() pulumi.StringPtrOutput

func (CryptoKeyPurpose) ToStringPtrOutputWithContext added in v0.4.0 

func (e CryptoKeyPurpose) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type CryptoKeyPurposeInput added in v0.6.0 

type CryptoKeyPurposeInput interface {
	pulumi.Input

	ToCryptoKeyPurposeOutput() CryptoKeyPurposeOutput
	ToCryptoKeyPurposeOutputWithContext(context.Context) CryptoKeyPurposeOutput
}

CryptoKeyPurposeInput is an input type that accepts values of the CryptoKeyPurpose enum A concrete instance of `CryptoKeyPurposeInput` can be one of the following: 

CryptoKeyPurposeCryptoKeyPurposeUnspecified
CryptoKeyPurposeEncryptDecrypt
CryptoKeyPurposeAsymmetricSign
CryptoKeyPurposeAsymmetricDecrypt
CryptoKeyPurposeRawEncryptDecrypt
CryptoKeyPurposeMac

type CryptoKeyPurposeOutput added in v0.6.0 

type CryptoKeyPurposeOutput struct{ *pulumi.OutputState }

func (CryptoKeyPurposeOutput) ElementType added in v0.6.0 

func (CryptoKeyPurposeOutput) ElementType() reflect.Type

func (CryptoKeyPurposeOutput) ToCryptoKeyPurposeOutput added in v0.6.0 

func (o CryptoKeyPurposeOutput) ToCryptoKeyPurposeOutput() CryptoKeyPurposeOutput

func (CryptoKeyPurposeOutput) ToCryptoKeyPurposeOutputWithContext added in v0.6.0 

func (o CryptoKeyPurposeOutput) ToCryptoKeyPurposeOutputWithContext(ctx context.Context) CryptoKeyPurposeOutput

func (CryptoKeyPurposeOutput) ToCryptoKeyPurposePtrOutput added in v0.6.0 

func (o CryptoKeyPurposeOutput) ToCryptoKeyPurposePtrOutput() CryptoKeyPurposePtrOutput

func (CryptoKeyPurposeOutput) ToCryptoKeyPurposePtrOutputWithContext added in v0.6.0 

func (o CryptoKeyPurposeOutput) ToCryptoKeyPurposePtrOutputWithContext(ctx context.Context) CryptoKeyPurposePtrOutput

func (CryptoKeyPurposeOutput) ToStringOutput added in v0.6.0 

func (o CryptoKeyPurposeOutput) ToStringOutput() pulumi.StringOutput

func (CryptoKeyPurposeOutput) ToStringOutputWithContext added in v0.6.0 

func (o CryptoKeyPurposeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (CryptoKeyPurposeOutput) ToStringPtrOutput added in v0.6.0 

func (o CryptoKeyPurposeOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (CryptoKeyPurposeOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyPurposeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type CryptoKeyPurposePtrInput added in v0.6.0 

type CryptoKeyPurposePtrInput interface {
	pulumi.Input

	ToCryptoKeyPurposePtrOutput() CryptoKeyPurposePtrOutput
	ToCryptoKeyPurposePtrOutputWithContext(context.Context) CryptoKeyPurposePtrOutput
}

func CryptoKeyPurposePtr added in v0.6.0 

func CryptoKeyPurposePtr(v string) CryptoKeyPurposePtrInput

type CryptoKeyPurposePtrOutput added in v0.6.0 

type CryptoKeyPurposePtrOutput struct{ *pulumi.OutputState }

func (CryptoKeyPurposePtrOutput) Elem added in v0.6.0 

func (o CryptoKeyPurposePtrOutput) Elem() CryptoKeyPurposeOutput

func (CryptoKeyPurposePtrOutput) ElementType added in v0.6.0 

func (CryptoKeyPurposePtrOutput) ElementType() reflect.Type

func (CryptoKeyPurposePtrOutput) ToCryptoKeyPurposePtrOutput added in v0.6.0 

func (o CryptoKeyPurposePtrOutput) ToCryptoKeyPurposePtrOutput() CryptoKeyPurposePtrOutput

func (CryptoKeyPurposePtrOutput) ToCryptoKeyPurposePtrOutputWithContext added in v0.6.0 

func (o CryptoKeyPurposePtrOutput) ToCryptoKeyPurposePtrOutputWithContext(ctx context.Context) CryptoKeyPurposePtrOutput

func (CryptoKeyPurposePtrOutput) ToStringPtrOutput added in v0.6.0 

func (o CryptoKeyPurposePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (CryptoKeyPurposePtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyPurposePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type CryptoKeyState added in v0.3.0 

type CryptoKeyState struct {
}

func (CryptoKeyState) ElementType added in v0.3.0 

func (CryptoKeyState) ElementType() reflect.Type

type CryptoKeyVersion added in v0.3.0 

type CryptoKeyVersion struct {
	pulumi.CustomResourceState

	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm pulumi.StringOutput `pulumi:"algorithm"`
	// Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
	Attestation KeyOperationAttestationResponseOutput `pulumi:"attestation"`
	// The time at which this CryptoKeyVersion was created.
	CreateTime  pulumi.StringOutput `pulumi:"createTime"`
	CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"`
	// The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
	DestroyEventTime pulumi.StringOutput `pulumi:"destroyEventTime"`
	// The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
	DestroyTime pulumi.StringOutput `pulumi:"destroyTime"`
	// The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
	ExternalDestructionFailureReason pulumi.StringOutput `pulumi:"externalDestructionFailureReason"`
	// ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
	ExternalProtectionLevelOptions ExternalProtectionLevelOptionsResponseOutput `pulumi:"externalProtectionLevelOptions"`
	// The time this CryptoKeyVersion's key material was generated.
	GenerateTime pulumi.StringOutput `pulumi:"generateTime"`
	// The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
	GenerationFailureReason pulumi.StringOutput `pulumi:"generationFailureReason"`
	// The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
	ImportFailureReason pulumi.StringOutput `pulumi:"importFailureReason"`
	// The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
	ImportJob pulumi.StringOutput `pulumi:"importJob"`
	// The time at which this CryptoKeyVersion's key material was most recently imported.
	ImportTime pulumi.StringOutput `pulumi:"importTime"`
	KeyRingId  pulumi.StringOutput `pulumi:"keyRingId"`
	Location   pulumi.StringOutput `pulumi:"location"`
	// The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
	// The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
	ProtectionLevel pulumi.StringOutput `pulumi:"protectionLevel"`
	// Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
	ReimportEligible pulumi.BoolOutput `pulumi:"reimportEligible"`
	// The current state of the CryptoKeyVersion.
	State pulumi.StringOutput `pulumi:"state"`
}

Create a new CryptoKeyVersion in a CryptoKey. The server will assign the next sequential id. If unset, state will be set to ENABLED. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetCryptoKeyVersion added in v0.3.0 

func GetCryptoKeyVersion(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CryptoKeyVersionState, opts ...pulumi.ResourceOption) (*CryptoKeyVersion, error)

GetCryptoKeyVersion gets an existing CryptoKeyVersion resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCryptoKeyVersion added in v0.3.0 

func NewCryptoKeyVersion(ctx *pulumi.Context,
	name string, args *CryptoKeyVersionArgs, opts ...pulumi.ResourceOption) (*CryptoKeyVersion, error)

NewCryptoKeyVersion registers a new resource with the given unique name, arguments, and options.

func (*CryptoKeyVersion) ElementType added in v0.3.0 

func (*CryptoKeyVersion) ElementType() reflect.Type

func (*CryptoKeyVersion) ToCryptoKeyVersionOutput added in v0.3.0 

func (i *CryptoKeyVersion) ToCryptoKeyVersionOutput() CryptoKeyVersionOutput

func (*CryptoKeyVersion) ToCryptoKeyVersionOutputWithContext added in v0.3.0 

func (i *CryptoKeyVersion) ToCryptoKeyVersionOutputWithContext(ctx context.Context) CryptoKeyVersionOutput

type CryptoKeyVersionArgs added in v0.3.0 

type CryptoKeyVersionArgs struct {
	CryptoKeyId pulumi.StringPtrInput
	// ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
	ExternalProtectionLevelOptions ExternalProtectionLevelOptionsPtrInput
	KeyRingId                      pulumi.StringInput
	Location                       pulumi.StringPtrInput
	Project                        pulumi.StringPtrInput
	// The current state of the CryptoKeyVersion.
	State CryptoKeyVersionStateEnumPtrInput
}

The set of arguments for constructing a CryptoKeyVersion resource.

func (CryptoKeyVersionArgs) ElementType added in v0.3.0 

func (CryptoKeyVersionArgs) ElementType() reflect.Type

type CryptoKeyVersionInput added in v0.3.0 

type CryptoKeyVersionInput interface {
	pulumi.Input

	ToCryptoKeyVersionOutput() CryptoKeyVersionOutput
	ToCryptoKeyVersionOutputWithContext(ctx context.Context) CryptoKeyVersionOutput
}

type CryptoKeyVersionOutput added in v0.3.0 

type CryptoKeyVersionOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionOutput) Algorithm added in v0.19.0 

func (o CryptoKeyVersionOutput) Algorithm() pulumi.StringOutput

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

func (CryptoKeyVersionOutput) Attestation added in v0.19.0 

func (o CryptoKeyVersionOutput) Attestation() KeyOperationAttestationResponseOutput

Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

func (CryptoKeyVersionOutput) CreateTime added in v0.19.0 

func (o CryptoKeyVersionOutput) CreateTime() pulumi.StringOutput

The time at which this CryptoKeyVersion was created.

func (CryptoKeyVersionOutput) CryptoKeyId added in v0.21.0 

func (o CryptoKeyVersionOutput) CryptoKeyId() pulumi.StringOutput

func (CryptoKeyVersionOutput) DestroyEventTime added in v0.19.0 

func (o CryptoKeyVersionOutput) DestroyEventTime() pulumi.StringOutput

The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

func (CryptoKeyVersionOutput) DestroyTime added in v0.19.0 

func (o CryptoKeyVersionOutput) DestroyTime() pulumi.StringOutput

The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

func (CryptoKeyVersionOutput) ElementType added in v0.3.0 

func (CryptoKeyVersionOutput) ElementType() reflect.Type

func (CryptoKeyVersionOutput) ExternalDestructionFailureReason added in v0.29.0 

func (o CryptoKeyVersionOutput) ExternalDestructionFailureReason() pulumi.StringOutput

The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.

func (CryptoKeyVersionOutput) ExternalProtectionLevelOptions added in v0.19.0 

func (o CryptoKeyVersionOutput) ExternalProtectionLevelOptions() ExternalProtectionLevelOptionsResponseOutput

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

func (CryptoKeyVersionOutput) GenerateTime added in v0.19.0 

func (o CryptoKeyVersionOutput) GenerateTime() pulumi.StringOutput

The time this CryptoKeyVersion's key material was generated.

func (CryptoKeyVersionOutput) GenerationFailureReason added in v0.29.0 

func (o CryptoKeyVersionOutput) GenerationFailureReason() pulumi.StringOutput

The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.

func (CryptoKeyVersionOutput) ImportFailureReason added in v0.19.0 

func (o CryptoKeyVersionOutput) ImportFailureReason() pulumi.StringOutput

The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

func (CryptoKeyVersionOutput) ImportJob added in v0.19.0 

func (o CryptoKeyVersionOutput) ImportJob() pulumi.StringOutput

The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

func (CryptoKeyVersionOutput) ImportTime added in v0.19.0 

func (o CryptoKeyVersionOutput) ImportTime() pulumi.StringOutput

The time at which this CryptoKeyVersion's key material was most recently imported.

func (CryptoKeyVersionOutput) KeyRingId added in v0.21.0 

func (o CryptoKeyVersionOutput) KeyRingId() pulumi.StringOutput

func (CryptoKeyVersionOutput) Location added in v0.21.0 

func (o CryptoKeyVersionOutput) Location() pulumi.StringOutput

func (CryptoKeyVersionOutput) Name added in v0.19.0 

func (o CryptoKeyVersionOutput) Name() pulumi.StringOutput

The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.

func (CryptoKeyVersionOutput) Project added in v0.21.0 

func (o CryptoKeyVersionOutput) Project() pulumi.StringOutput

func (CryptoKeyVersionOutput) ProtectionLevel added in v0.19.0 

func (o CryptoKeyVersionOutput) ProtectionLevel() pulumi.StringOutput

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

func (CryptoKeyVersionOutput) ReimportEligible added in v0.19.0 

func (o CryptoKeyVersionOutput) ReimportEligible() pulumi.BoolOutput

Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

func (CryptoKeyVersionOutput) State added in v0.19.0 

func (o CryptoKeyVersionOutput) State() pulumi.StringOutput

The current state of the CryptoKeyVersion.

func (CryptoKeyVersionOutput) ToCryptoKeyVersionOutput added in v0.3.0 

func (o CryptoKeyVersionOutput) ToCryptoKeyVersionOutput() CryptoKeyVersionOutput

func (CryptoKeyVersionOutput) ToCryptoKeyVersionOutputWithContext added in v0.3.0 

func (o CryptoKeyVersionOutput) ToCryptoKeyVersionOutputWithContext(ctx context.Context) CryptoKeyVersionOutput

type CryptoKeyVersionResponse 

type CryptoKeyVersionResponse struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm string `pulumi:"algorithm"`
	// Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
	Attestation KeyOperationAttestationResponse `pulumi:"attestation"`
	// The time at which this CryptoKeyVersion was created.
	CreateTime string `pulumi:"createTime"`
	// The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
	DestroyEventTime string `pulumi:"destroyEventTime"`
	// The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
	DestroyTime string `pulumi:"destroyTime"`
	// The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
	ExternalDestructionFailureReason string `pulumi:"externalDestructionFailureReason"`
	// ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
	ExternalProtectionLevelOptions ExternalProtectionLevelOptionsResponse `pulumi:"externalProtectionLevelOptions"`
	// The time this CryptoKeyVersion's key material was generated.
	GenerateTime string `pulumi:"generateTime"`
	// The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
	GenerationFailureReason string `pulumi:"generationFailureReason"`
	// The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
	ImportFailureReason string `pulumi:"importFailureReason"`
	// The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
	ImportJob string `pulumi:"importJob"`
	// The time at which this CryptoKeyVersion's key material was most recently imported.
	ImportTime string `pulumi:"importTime"`
	// The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
	Name string `pulumi:"name"`
	// The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
	ProtectionLevel string `pulumi:"protectionLevel"`
	// Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
	ReimportEligible bool `pulumi:"reimportEligible"`
	// The current state of the CryptoKeyVersion.
	State string `pulumi:"state"`
}

A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.

type CryptoKeyVersionResponseOutput 

type CryptoKeyVersionResponseOutput struct{ *pulumi.OutputState }

A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.

func (CryptoKeyVersionResponseOutput) Algorithm 

func (o CryptoKeyVersionResponseOutput) Algorithm() pulumi.StringOutput

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

func (CryptoKeyVersionResponseOutput) Attestation 

func (o CryptoKeyVersionResponseOutput) Attestation() KeyOperationAttestationResponseOutput

Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

func (CryptoKeyVersionResponseOutput) CreateTime 

func (o CryptoKeyVersionResponseOutput) CreateTime() pulumi.StringOutput

The time at which this CryptoKeyVersion was created.

func (CryptoKeyVersionResponseOutput) DestroyEventTime 

func (o CryptoKeyVersionResponseOutput) DestroyEventTime() pulumi.StringOutput

The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

func (CryptoKeyVersionResponseOutput) DestroyTime 

func (o CryptoKeyVersionResponseOutput) DestroyTime() pulumi.StringOutput

The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

func (CryptoKeyVersionResponseOutput) ElementType 

func (CryptoKeyVersionResponseOutput) ElementType() reflect.Type

func (CryptoKeyVersionResponseOutput) ExternalDestructionFailureReason added in v0.29.0 

func (o CryptoKeyVersionResponseOutput) ExternalDestructionFailureReason() pulumi.StringOutput

The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.

func (CryptoKeyVersionResponseOutput) ExternalProtectionLevelOptions 

func (o CryptoKeyVersionResponseOutput) ExternalProtectionLevelOptions() ExternalProtectionLevelOptionsResponseOutput

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

func (CryptoKeyVersionResponseOutput) GenerateTime 

func (o CryptoKeyVersionResponseOutput) GenerateTime() pulumi.StringOutput

The time this CryptoKeyVersion's key material was generated.

func (CryptoKeyVersionResponseOutput) GenerationFailureReason added in v0.29.0 

func (o CryptoKeyVersionResponseOutput) GenerationFailureReason() pulumi.StringOutput

The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.

func (CryptoKeyVersionResponseOutput) ImportFailureReason 

func (o CryptoKeyVersionResponseOutput) ImportFailureReason() pulumi.StringOutput

The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

func (CryptoKeyVersionResponseOutput) ImportJob 

func (o CryptoKeyVersionResponseOutput) ImportJob() pulumi.StringOutput

The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

func (CryptoKeyVersionResponseOutput) ImportTime 

func (o CryptoKeyVersionResponseOutput) ImportTime() pulumi.StringOutput

The time at which this CryptoKeyVersion's key material was most recently imported.

func (CryptoKeyVersionResponseOutput) Name 

func (o CryptoKeyVersionResponseOutput) Name() pulumi.StringOutput

The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.

func (CryptoKeyVersionResponseOutput) ProtectionLevel 

func (o CryptoKeyVersionResponseOutput) ProtectionLevel() pulumi.StringOutput

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

func (CryptoKeyVersionResponseOutput) ReimportEligible added in v0.8.0 

func (o CryptoKeyVersionResponseOutput) ReimportEligible() pulumi.BoolOutput

Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

func (CryptoKeyVersionResponseOutput) State 

func (o CryptoKeyVersionResponseOutput) State() pulumi.StringOutput

The current state of the CryptoKeyVersion.

func (CryptoKeyVersionResponseOutput) ToCryptoKeyVersionResponseOutput 

func (o CryptoKeyVersionResponseOutput) ToCryptoKeyVersionResponseOutput() CryptoKeyVersionResponseOutput

func (CryptoKeyVersionResponseOutput) ToCryptoKeyVersionResponseOutputWithContext 

func (o CryptoKeyVersionResponseOutput) ToCryptoKeyVersionResponseOutputWithContext(ctx context.Context) CryptoKeyVersionResponseOutput

type CryptoKeyVersionState added in v0.3.0 

type CryptoKeyVersionState struct {
}

func (CryptoKeyVersionState) ElementType added in v0.3.0 

func (CryptoKeyVersionState) ElementType() reflect.Type

type CryptoKeyVersionStateEnum added in v0.4.0 

type CryptoKeyVersionStateEnum string

The current state of the CryptoKeyVersion.

func (CryptoKeyVersionStateEnum) ElementType added in v0.4.0 

func (CryptoKeyVersionStateEnum) ElementType() reflect.Type

func (CryptoKeyVersionStateEnum) ToCryptoKeyVersionStateEnumOutput added in v0.6.0 

func (e CryptoKeyVersionStateEnum) ToCryptoKeyVersionStateEnumOutput() CryptoKeyVersionStateEnumOutput

func (CryptoKeyVersionStateEnum) ToCryptoKeyVersionStateEnumOutputWithContext added in v0.6.0 

func (e CryptoKeyVersionStateEnum) ToCryptoKeyVersionStateEnumOutputWithContext(ctx context.Context) CryptoKeyVersionStateEnumOutput

func (CryptoKeyVersionStateEnum) ToCryptoKeyVersionStateEnumPtrOutput added in v0.6.0 

func (e CryptoKeyVersionStateEnum) ToCryptoKeyVersionStateEnumPtrOutput() CryptoKeyVersionStateEnumPtrOutput

func (CryptoKeyVersionStateEnum) ToCryptoKeyVersionStateEnumPtrOutputWithContext added in v0.6.0 

func (e CryptoKeyVersionStateEnum) ToCryptoKeyVersionStateEnumPtrOutputWithContext(ctx context.Context) CryptoKeyVersionStateEnumPtrOutput

func (CryptoKeyVersionStateEnum) ToStringOutput added in v0.4.0 

func (e CryptoKeyVersionStateEnum) ToStringOutput() pulumi.StringOutput

func (CryptoKeyVersionStateEnum) ToStringOutputWithContext added in v0.4.0 

func (e CryptoKeyVersionStateEnum) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (CryptoKeyVersionStateEnum) ToStringPtrOutput added in v0.4.0 

func (e CryptoKeyVersionStateEnum) ToStringPtrOutput() pulumi.StringPtrOutput

func (CryptoKeyVersionStateEnum) ToStringPtrOutputWithContext added in v0.4.0 

func (e CryptoKeyVersionStateEnum) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type CryptoKeyVersionStateEnumInput added in v0.6.0 

type CryptoKeyVersionStateEnumInput interface {
	pulumi.Input

	ToCryptoKeyVersionStateEnumOutput() CryptoKeyVersionStateEnumOutput
	ToCryptoKeyVersionStateEnumOutputWithContext(context.Context) CryptoKeyVersionStateEnumOutput
}

CryptoKeyVersionStateEnumInput is an input type that accepts values of the CryptoKeyVersionStateEnum enum A concrete instance of `CryptoKeyVersionStateEnumInput` can be one of the following: 

CryptoKeyVersionStateEnumCryptoKeyVersionStateUnspecified
CryptoKeyVersionStateEnumPendingGeneration
CryptoKeyVersionStateEnumEnabled
CryptoKeyVersionStateEnumDisabled
CryptoKeyVersionStateEnumDestroyed
CryptoKeyVersionStateEnumDestroyScheduled
CryptoKeyVersionStateEnumPendingImport
CryptoKeyVersionStateEnumImportFailed
CryptoKeyVersionStateEnumGenerationFailed
CryptoKeyVersionStateEnumPendingExternalDestruction
CryptoKeyVersionStateEnumExternalDestructionFailed

type CryptoKeyVersionStateEnumOutput added in v0.6.0 

type CryptoKeyVersionStateEnumOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionStateEnumOutput) ElementType added in v0.6.0 

func (CryptoKeyVersionStateEnumOutput) ElementType() reflect.Type

func (CryptoKeyVersionStateEnumOutput) ToCryptoKeyVersionStateEnumOutput added in v0.6.0 

func (o CryptoKeyVersionStateEnumOutput) ToCryptoKeyVersionStateEnumOutput() CryptoKeyVersionStateEnumOutput

func (CryptoKeyVersionStateEnumOutput) ToCryptoKeyVersionStateEnumOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionStateEnumOutput) ToCryptoKeyVersionStateEnumOutputWithContext(ctx context.Context) CryptoKeyVersionStateEnumOutput

func (CryptoKeyVersionStateEnumOutput) ToCryptoKeyVersionStateEnumPtrOutput added in v0.6.0 

func (o CryptoKeyVersionStateEnumOutput) ToCryptoKeyVersionStateEnumPtrOutput() CryptoKeyVersionStateEnumPtrOutput

func (CryptoKeyVersionStateEnumOutput) ToCryptoKeyVersionStateEnumPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionStateEnumOutput) ToCryptoKeyVersionStateEnumPtrOutputWithContext(ctx context.Context) CryptoKeyVersionStateEnumPtrOutput

func (CryptoKeyVersionStateEnumOutput) ToStringOutput added in v0.6.0 

func (o CryptoKeyVersionStateEnumOutput) ToStringOutput() pulumi.StringOutput

func (CryptoKeyVersionStateEnumOutput) ToStringOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionStateEnumOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (CryptoKeyVersionStateEnumOutput) ToStringPtrOutput added in v0.6.0 

func (o CryptoKeyVersionStateEnumOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (CryptoKeyVersionStateEnumOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionStateEnumOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type CryptoKeyVersionStateEnumPtrInput added in v0.6.0 

type CryptoKeyVersionStateEnumPtrInput interface {
	pulumi.Input

	ToCryptoKeyVersionStateEnumPtrOutput() CryptoKeyVersionStateEnumPtrOutput
	ToCryptoKeyVersionStateEnumPtrOutputWithContext(context.Context) CryptoKeyVersionStateEnumPtrOutput
}

func CryptoKeyVersionStateEnumPtr added in v0.6.0 

func CryptoKeyVersionStateEnumPtr(v string) CryptoKeyVersionStateEnumPtrInput

type CryptoKeyVersionStateEnumPtrOutput added in v0.6.0 

type CryptoKeyVersionStateEnumPtrOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionStateEnumPtrOutput) Elem added in v0.6.0 

func (o CryptoKeyVersionStateEnumPtrOutput) Elem() CryptoKeyVersionStateEnumOutput

func (CryptoKeyVersionStateEnumPtrOutput) ElementType added in v0.6.0 

func (CryptoKeyVersionStateEnumPtrOutput) ElementType() reflect.Type

func (CryptoKeyVersionStateEnumPtrOutput) ToCryptoKeyVersionStateEnumPtrOutput added in v0.6.0 

func (o CryptoKeyVersionStateEnumPtrOutput) ToCryptoKeyVersionStateEnumPtrOutput() CryptoKeyVersionStateEnumPtrOutput

func (CryptoKeyVersionStateEnumPtrOutput) ToCryptoKeyVersionStateEnumPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionStateEnumPtrOutput) ToCryptoKeyVersionStateEnumPtrOutputWithContext(ctx context.Context) CryptoKeyVersionStateEnumPtrOutput

func (CryptoKeyVersionStateEnumPtrOutput) ToStringPtrOutput added in v0.6.0 

func (o CryptoKeyVersionStateEnumPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (CryptoKeyVersionStateEnumPtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionStateEnumPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type CryptoKeyVersionTemplate 

type CryptoKeyVersionTemplate struct {
	// Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
	Algorithm CryptoKeyVersionTemplateAlgorithm `pulumi:"algorithm"`
	// ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
	ProtectionLevel *CryptoKeyVersionTemplateProtectionLevel `pulumi:"protectionLevel"`
}

A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or automatically as a result of auto-rotation.

type CryptoKeyVersionTemplateAlgorithm added in v0.4.0 

type CryptoKeyVersionTemplateAlgorithm string

Required. Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

func (CryptoKeyVersionTemplateAlgorithm) ElementType added in v0.4.0 

func (CryptoKeyVersionTemplateAlgorithm) ElementType() reflect.Type

func (CryptoKeyVersionTemplateAlgorithm) ToCryptoKeyVersionTemplateAlgorithmOutput added in v0.6.0 

func (e CryptoKeyVersionTemplateAlgorithm) ToCryptoKeyVersionTemplateAlgorithmOutput() CryptoKeyVersionTemplateAlgorithmOutput

func (CryptoKeyVersionTemplateAlgorithm) ToCryptoKeyVersionTemplateAlgorithmOutputWithContext added in v0.6.0 

func (e CryptoKeyVersionTemplateAlgorithm) ToCryptoKeyVersionTemplateAlgorithmOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateAlgorithmOutput

func (CryptoKeyVersionTemplateAlgorithm) ToCryptoKeyVersionTemplateAlgorithmPtrOutput added in v0.6.0 

func (e CryptoKeyVersionTemplateAlgorithm) ToCryptoKeyVersionTemplateAlgorithmPtrOutput() CryptoKeyVersionTemplateAlgorithmPtrOutput

func (CryptoKeyVersionTemplateAlgorithm) ToCryptoKeyVersionTemplateAlgorithmPtrOutputWithContext added in v0.6.0 

func (e CryptoKeyVersionTemplateAlgorithm) ToCryptoKeyVersionTemplateAlgorithmPtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateAlgorithmPtrOutput

func (CryptoKeyVersionTemplateAlgorithm) ToStringOutput added in v0.4.0 

func (e CryptoKeyVersionTemplateAlgorithm) ToStringOutput() pulumi.StringOutput

func (CryptoKeyVersionTemplateAlgorithm) ToStringOutputWithContext added in v0.4.0 

func (e CryptoKeyVersionTemplateAlgorithm) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (CryptoKeyVersionTemplateAlgorithm) ToStringPtrOutput added in v0.4.0 

func (e CryptoKeyVersionTemplateAlgorithm) ToStringPtrOutput() pulumi.StringPtrOutput

func (CryptoKeyVersionTemplateAlgorithm) ToStringPtrOutputWithContext added in v0.4.0 

func (e CryptoKeyVersionTemplateAlgorithm) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type CryptoKeyVersionTemplateAlgorithmInput added in v0.6.0 

type CryptoKeyVersionTemplateAlgorithmInput interface {
	pulumi.Input

	ToCryptoKeyVersionTemplateAlgorithmOutput() CryptoKeyVersionTemplateAlgorithmOutput
	ToCryptoKeyVersionTemplateAlgorithmOutputWithContext(context.Context) CryptoKeyVersionTemplateAlgorithmOutput
}

CryptoKeyVersionTemplateAlgorithmInput is an input type that accepts values of the CryptoKeyVersionTemplateAlgorithm enum A concrete instance of `CryptoKeyVersionTemplateAlgorithmInput` can be one of the following: 

CryptoKeyVersionTemplateAlgorithmCryptoKeyVersionAlgorithmUnspecified
CryptoKeyVersionTemplateAlgorithmGoogleSymmetricEncryption
CryptoKeyVersionTemplateAlgorithmAes128Gcm
CryptoKeyVersionTemplateAlgorithmAes256Gcm
CryptoKeyVersionTemplateAlgorithmAes128Cbc
CryptoKeyVersionTemplateAlgorithmAes256Cbc
CryptoKeyVersionTemplateAlgorithmAes128Ctr
CryptoKeyVersionTemplateAlgorithmAes256Ctr
CryptoKeyVersionTemplateAlgorithmRsaSignPss2048Sha256
CryptoKeyVersionTemplateAlgorithmRsaSignPss3072Sha256
CryptoKeyVersionTemplateAlgorithmRsaSignPss4096Sha256
CryptoKeyVersionTemplateAlgorithmRsaSignPss4096Sha512
CryptoKeyVersionTemplateAlgorithmRsaSignPkcs12048Sha256
CryptoKeyVersionTemplateAlgorithmRsaSignPkcs13072Sha256
CryptoKeyVersionTemplateAlgorithmRsaSignPkcs14096Sha256
CryptoKeyVersionTemplateAlgorithmRsaSignPkcs14096Sha512
CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs12048
CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs13072
CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs14096
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep2048Sha256
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep3072Sha256
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha256
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha512
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep2048Sha1
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep3072Sha1
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha1
CryptoKeyVersionTemplateAlgorithmEcSignP256Sha256
CryptoKeyVersionTemplateAlgorithmEcSignP384Sha384
CryptoKeyVersionTemplateAlgorithmEcSignSecp256k1Sha256
CryptoKeyVersionTemplateAlgorithmHmacSha256
CryptoKeyVersionTemplateAlgorithmHmacSha1
CryptoKeyVersionTemplateAlgorithmHmacSha384
CryptoKeyVersionTemplateAlgorithmHmacSha512
CryptoKeyVersionTemplateAlgorithmHmacSha224
CryptoKeyVersionTemplateAlgorithmExternalSymmetricEncryption

type CryptoKeyVersionTemplateAlgorithmOutput added in v0.6.0 

type CryptoKeyVersionTemplateAlgorithmOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionTemplateAlgorithmOutput) ElementType added in v0.6.0 

func (CryptoKeyVersionTemplateAlgorithmOutput) ElementType() reflect.Type

func (CryptoKeyVersionTemplateAlgorithmOutput) ToCryptoKeyVersionTemplateAlgorithmOutput added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmOutput) ToCryptoKeyVersionTemplateAlgorithmOutput() CryptoKeyVersionTemplateAlgorithmOutput

func (CryptoKeyVersionTemplateAlgorithmOutput) ToCryptoKeyVersionTemplateAlgorithmOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmOutput) ToCryptoKeyVersionTemplateAlgorithmOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateAlgorithmOutput

func (CryptoKeyVersionTemplateAlgorithmOutput) ToCryptoKeyVersionTemplateAlgorithmPtrOutput added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmOutput) ToCryptoKeyVersionTemplateAlgorithmPtrOutput() CryptoKeyVersionTemplateAlgorithmPtrOutput

func (CryptoKeyVersionTemplateAlgorithmOutput) ToCryptoKeyVersionTemplateAlgorithmPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmOutput) ToCryptoKeyVersionTemplateAlgorithmPtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateAlgorithmPtrOutput

func (CryptoKeyVersionTemplateAlgorithmOutput) ToStringOutput added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmOutput) ToStringOutput() pulumi.StringOutput

func (CryptoKeyVersionTemplateAlgorithmOutput) ToStringOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (CryptoKeyVersionTemplateAlgorithmOutput) ToStringPtrOutput added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (CryptoKeyVersionTemplateAlgorithmOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type CryptoKeyVersionTemplateAlgorithmPtrInput added in v0.6.0 

type CryptoKeyVersionTemplateAlgorithmPtrInput interface {
	pulumi.Input

	ToCryptoKeyVersionTemplateAlgorithmPtrOutput() CryptoKeyVersionTemplateAlgorithmPtrOutput
	ToCryptoKeyVersionTemplateAlgorithmPtrOutputWithContext(context.Context) CryptoKeyVersionTemplateAlgorithmPtrOutput
}

func CryptoKeyVersionTemplateAlgorithmPtr added in v0.6.0 

func CryptoKeyVersionTemplateAlgorithmPtr(v string) CryptoKeyVersionTemplateAlgorithmPtrInput

type CryptoKeyVersionTemplateAlgorithmPtrOutput added in v0.6.0 

type CryptoKeyVersionTemplateAlgorithmPtrOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionTemplateAlgorithmPtrOutput) Elem added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmPtrOutput) Elem() CryptoKeyVersionTemplateAlgorithmOutput

func (CryptoKeyVersionTemplateAlgorithmPtrOutput) ElementType added in v0.6.0 

func (CryptoKeyVersionTemplateAlgorithmPtrOutput) ElementType() reflect.Type

func (CryptoKeyVersionTemplateAlgorithmPtrOutput) ToCryptoKeyVersionTemplateAlgorithmPtrOutput added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmPtrOutput) ToCryptoKeyVersionTemplateAlgorithmPtrOutput() CryptoKeyVersionTemplateAlgorithmPtrOutput

func (CryptoKeyVersionTemplateAlgorithmPtrOutput) ToCryptoKeyVersionTemplateAlgorithmPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmPtrOutput) ToCryptoKeyVersionTemplateAlgorithmPtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateAlgorithmPtrOutput

func (CryptoKeyVersionTemplateAlgorithmPtrOutput) ToStringPtrOutput added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (CryptoKeyVersionTemplateAlgorithmPtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionTemplateAlgorithmPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type CryptoKeyVersionTemplateArgs 

type CryptoKeyVersionTemplateArgs struct {
	// Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
	Algorithm CryptoKeyVersionTemplateAlgorithmInput `pulumi:"algorithm"`
	// ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
	ProtectionLevel CryptoKeyVersionTemplateProtectionLevelPtrInput `pulumi:"protectionLevel"`
}

A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or automatically as a result of auto-rotation.

func (CryptoKeyVersionTemplateArgs) ElementType 

func (CryptoKeyVersionTemplateArgs) ElementType() reflect.Type

func (CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutput 

func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutput() CryptoKeyVersionTemplateOutput

func (CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutputWithContext 

func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateOutput

func (CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutput 

func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput

func (CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutputWithContext 

func (i CryptoKeyVersionTemplateArgs) ToCryptoKeyVersionTemplatePtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplatePtrOutput

type CryptoKeyVersionTemplateInput 

type CryptoKeyVersionTemplateInput interface {
	pulumi.Input

	ToCryptoKeyVersionTemplateOutput() CryptoKeyVersionTemplateOutput
	ToCryptoKeyVersionTemplateOutputWithContext(context.Context) CryptoKeyVersionTemplateOutput
}

CryptoKeyVersionTemplateInput is an input type that accepts CryptoKeyVersionTemplateArgs and CryptoKeyVersionTemplateOutput values. You can construct a concrete instance of `CryptoKeyVersionTemplateInput` via: 

CryptoKeyVersionTemplateArgs{...}

type CryptoKeyVersionTemplateOutput 

type CryptoKeyVersionTemplateOutput struct{ *pulumi.OutputState }

A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or automatically as a result of auto-rotation.

func (CryptoKeyVersionTemplateOutput) Algorithm 

func (o CryptoKeyVersionTemplateOutput) Algorithm() CryptoKeyVersionTemplateAlgorithmOutput

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

func (CryptoKeyVersionTemplateOutput) ElementType 

func (CryptoKeyVersionTemplateOutput) ElementType() reflect.Type

func (CryptoKeyVersionTemplateOutput) ProtectionLevel 

func (o CryptoKeyVersionTemplateOutput) ProtectionLevel() CryptoKeyVersionTemplateProtectionLevelPtrOutput

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

func (CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutput 

func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutput() CryptoKeyVersionTemplateOutput

func (CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutputWithContext 

func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplateOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateOutput

func (CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutput 

func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput

func (CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext 

func (o CryptoKeyVersionTemplateOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplatePtrOutput

type CryptoKeyVersionTemplateProtectionLevel added in v0.4.0 

type CryptoKeyVersionTemplateProtectionLevel string

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

func (CryptoKeyVersionTemplateProtectionLevel) ElementType added in v0.4.0 

func (CryptoKeyVersionTemplateProtectionLevel) ElementType() reflect.Type

func (CryptoKeyVersionTemplateProtectionLevel) ToCryptoKeyVersionTemplateProtectionLevelOutput added in v0.6.0 

func (e CryptoKeyVersionTemplateProtectionLevel) ToCryptoKeyVersionTemplateProtectionLevelOutput() CryptoKeyVersionTemplateProtectionLevelOutput

func (CryptoKeyVersionTemplateProtectionLevel) ToCryptoKeyVersionTemplateProtectionLevelOutputWithContext added in v0.6.0 

func (e CryptoKeyVersionTemplateProtectionLevel) ToCryptoKeyVersionTemplateProtectionLevelOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateProtectionLevelOutput

func (CryptoKeyVersionTemplateProtectionLevel) ToCryptoKeyVersionTemplateProtectionLevelPtrOutput added in v0.6.0 

func (e CryptoKeyVersionTemplateProtectionLevel) ToCryptoKeyVersionTemplateProtectionLevelPtrOutput() CryptoKeyVersionTemplateProtectionLevelPtrOutput

func (CryptoKeyVersionTemplateProtectionLevel) ToCryptoKeyVersionTemplateProtectionLevelPtrOutputWithContext added in v0.6.0 

func (e CryptoKeyVersionTemplateProtectionLevel) ToCryptoKeyVersionTemplateProtectionLevelPtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateProtectionLevelPtrOutput

func (CryptoKeyVersionTemplateProtectionLevel) ToStringOutput added in v0.4.0 

func (e CryptoKeyVersionTemplateProtectionLevel) ToStringOutput() pulumi.StringOutput

func (CryptoKeyVersionTemplateProtectionLevel) ToStringOutputWithContext added in v0.4.0 

func (e CryptoKeyVersionTemplateProtectionLevel) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (CryptoKeyVersionTemplateProtectionLevel) ToStringPtrOutput added in v0.4.0 

func (e CryptoKeyVersionTemplateProtectionLevel) ToStringPtrOutput() pulumi.StringPtrOutput

func (CryptoKeyVersionTemplateProtectionLevel) ToStringPtrOutputWithContext added in v0.4.0 

func (e CryptoKeyVersionTemplateProtectionLevel) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type CryptoKeyVersionTemplateProtectionLevelInput added in v0.6.0 

type CryptoKeyVersionTemplateProtectionLevelInput interface {
	pulumi.Input

	ToCryptoKeyVersionTemplateProtectionLevelOutput() CryptoKeyVersionTemplateProtectionLevelOutput
	ToCryptoKeyVersionTemplateProtectionLevelOutputWithContext(context.Context) CryptoKeyVersionTemplateProtectionLevelOutput
}

CryptoKeyVersionTemplateProtectionLevelInput is an input type that accepts values of the CryptoKeyVersionTemplateProtectionLevel enum A concrete instance of `CryptoKeyVersionTemplateProtectionLevelInput` can be one of the following: 

CryptoKeyVersionTemplateProtectionLevelProtectionLevelUnspecified
CryptoKeyVersionTemplateProtectionLevelSoftware
CryptoKeyVersionTemplateProtectionLevelHsm
CryptoKeyVersionTemplateProtectionLevelExternal
CryptoKeyVersionTemplateProtectionLevelExternalVpc

type CryptoKeyVersionTemplateProtectionLevelOutput added in v0.6.0 

type CryptoKeyVersionTemplateProtectionLevelOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionTemplateProtectionLevelOutput) ElementType added in v0.6.0 

func (CryptoKeyVersionTemplateProtectionLevelOutput) ElementType() reflect.Type

func (CryptoKeyVersionTemplateProtectionLevelOutput) ToCryptoKeyVersionTemplateProtectionLevelOutput added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelOutput) ToCryptoKeyVersionTemplateProtectionLevelOutput() CryptoKeyVersionTemplateProtectionLevelOutput

func (CryptoKeyVersionTemplateProtectionLevelOutput) ToCryptoKeyVersionTemplateProtectionLevelOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelOutput) ToCryptoKeyVersionTemplateProtectionLevelOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateProtectionLevelOutput

func (CryptoKeyVersionTemplateProtectionLevelOutput) ToCryptoKeyVersionTemplateProtectionLevelPtrOutput added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelOutput) ToCryptoKeyVersionTemplateProtectionLevelPtrOutput() CryptoKeyVersionTemplateProtectionLevelPtrOutput

func (CryptoKeyVersionTemplateProtectionLevelOutput) ToCryptoKeyVersionTemplateProtectionLevelPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelOutput) ToCryptoKeyVersionTemplateProtectionLevelPtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateProtectionLevelPtrOutput

func (CryptoKeyVersionTemplateProtectionLevelOutput) ToStringOutput added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelOutput) ToStringOutput() pulumi.StringOutput

func (CryptoKeyVersionTemplateProtectionLevelOutput) ToStringOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (CryptoKeyVersionTemplateProtectionLevelOutput) ToStringPtrOutput added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (CryptoKeyVersionTemplateProtectionLevelOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type CryptoKeyVersionTemplateProtectionLevelPtrInput added in v0.6.0 

type CryptoKeyVersionTemplateProtectionLevelPtrInput interface {
	pulumi.Input

	ToCryptoKeyVersionTemplateProtectionLevelPtrOutput() CryptoKeyVersionTemplateProtectionLevelPtrOutput
	ToCryptoKeyVersionTemplateProtectionLevelPtrOutputWithContext(context.Context) CryptoKeyVersionTemplateProtectionLevelPtrOutput
}

func CryptoKeyVersionTemplateProtectionLevelPtr added in v0.6.0 

func CryptoKeyVersionTemplateProtectionLevelPtr(v string) CryptoKeyVersionTemplateProtectionLevelPtrInput

type CryptoKeyVersionTemplateProtectionLevelPtrOutput added in v0.6.0 

type CryptoKeyVersionTemplateProtectionLevelPtrOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionTemplateProtectionLevelPtrOutput) Elem added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelPtrOutput) Elem() CryptoKeyVersionTemplateProtectionLevelOutput

func (CryptoKeyVersionTemplateProtectionLevelPtrOutput) ElementType added in v0.6.0 

func (CryptoKeyVersionTemplateProtectionLevelPtrOutput) ElementType() reflect.Type

func (CryptoKeyVersionTemplateProtectionLevelPtrOutput) ToCryptoKeyVersionTemplateProtectionLevelPtrOutput added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelPtrOutput) ToCryptoKeyVersionTemplateProtectionLevelPtrOutput() CryptoKeyVersionTemplateProtectionLevelPtrOutput

func (CryptoKeyVersionTemplateProtectionLevelPtrOutput) ToCryptoKeyVersionTemplateProtectionLevelPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelPtrOutput) ToCryptoKeyVersionTemplateProtectionLevelPtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateProtectionLevelPtrOutput

func (CryptoKeyVersionTemplateProtectionLevelPtrOutput) ToStringPtrOutput added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (CryptoKeyVersionTemplateProtectionLevelPtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o CryptoKeyVersionTemplateProtectionLevelPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type CryptoKeyVersionTemplatePtrInput 

type CryptoKeyVersionTemplatePtrInput interface {
	pulumi.Input

	ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput
	ToCryptoKeyVersionTemplatePtrOutputWithContext(context.Context) CryptoKeyVersionTemplatePtrOutput
}

CryptoKeyVersionTemplatePtrInput is an input type that accepts CryptoKeyVersionTemplateArgs, CryptoKeyVersionTemplatePtr and CryptoKeyVersionTemplatePtrOutput values. You can construct a concrete instance of `CryptoKeyVersionTemplatePtrInput` via: 

        CryptoKeyVersionTemplateArgs{...}

or:

        nil

func CryptoKeyVersionTemplatePtr 

func CryptoKeyVersionTemplatePtr(v *CryptoKeyVersionTemplateArgs) CryptoKeyVersionTemplatePtrInput

type CryptoKeyVersionTemplatePtrOutput 

type CryptoKeyVersionTemplatePtrOutput struct{ *pulumi.OutputState }

func (CryptoKeyVersionTemplatePtrOutput) Algorithm 

func (o CryptoKeyVersionTemplatePtrOutput) Algorithm() CryptoKeyVersionTemplateAlgorithmPtrOutput

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

func (CryptoKeyVersionTemplatePtrOutput) Elem 

func (o CryptoKeyVersionTemplatePtrOutput) Elem() CryptoKeyVersionTemplateOutput

func (CryptoKeyVersionTemplatePtrOutput) ElementType 

func (CryptoKeyVersionTemplatePtrOutput) ElementType() reflect.Type

func (CryptoKeyVersionTemplatePtrOutput) ProtectionLevel 

func (o CryptoKeyVersionTemplatePtrOutput) ProtectionLevel() CryptoKeyVersionTemplateProtectionLevelPtrOutput

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

func (CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutput 

func (o CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutput() CryptoKeyVersionTemplatePtrOutput

func (CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext 

func (o CryptoKeyVersionTemplatePtrOutput) ToCryptoKeyVersionTemplatePtrOutputWithContext(ctx context.Context) CryptoKeyVersionTemplatePtrOutput

type CryptoKeyVersionTemplateResponse 

type CryptoKeyVersionTemplateResponse struct {
	// Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
	Algorithm string `pulumi:"algorithm"`
	// ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
	ProtectionLevel string `pulumi:"protectionLevel"`
}

A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or automatically as a result of auto-rotation.

type CryptoKeyVersionTemplateResponseOutput 

type CryptoKeyVersionTemplateResponseOutput struct{ *pulumi.OutputState }

A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or automatically as a result of auto-rotation.

func (CryptoKeyVersionTemplateResponseOutput) Algorithm 

func (o CryptoKeyVersionTemplateResponseOutput) Algorithm() pulumi.StringOutput

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

func (CryptoKeyVersionTemplateResponseOutput) ElementType 

func (CryptoKeyVersionTemplateResponseOutput) ElementType() reflect.Type

func (CryptoKeyVersionTemplateResponseOutput) ProtectionLevel 

func (o CryptoKeyVersionTemplateResponseOutput) ProtectionLevel() pulumi.StringOutput

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

func (CryptoKeyVersionTemplateResponseOutput) ToCryptoKeyVersionTemplateResponseOutput 

func (o CryptoKeyVersionTemplateResponseOutput) ToCryptoKeyVersionTemplateResponseOutput() CryptoKeyVersionTemplateResponseOutput

func (CryptoKeyVersionTemplateResponseOutput) ToCryptoKeyVersionTemplateResponseOutputWithContext 

func (o CryptoKeyVersionTemplateResponseOutput) ToCryptoKeyVersionTemplateResponseOutputWithContext(ctx context.Context) CryptoKeyVersionTemplateResponseOutput

type EkmConfigIamBinding added in v0.26.1 

type EkmConfigIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetEkmConfigIamBinding added in v0.26.1 

func GetEkmConfigIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EkmConfigIamBindingState, opts ...pulumi.ResourceOption) (*EkmConfigIamBinding, error)

GetEkmConfigIamBinding gets an existing EkmConfigIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEkmConfigIamBinding added in v0.26.1 

func NewEkmConfigIamBinding(ctx *pulumi.Context,
	name string, args *EkmConfigIamBindingArgs, opts ...pulumi.ResourceOption) (*EkmConfigIamBinding, error)

NewEkmConfigIamBinding registers a new resource with the given unique name, arguments, and options.

func (*EkmConfigIamBinding) ElementType added in v0.26.1 

func (*EkmConfigIamBinding) ElementType() reflect.Type

func (*EkmConfigIamBinding) ToEkmConfigIamBindingOutput added in v0.26.1 

func (i *EkmConfigIamBinding) ToEkmConfigIamBindingOutput() EkmConfigIamBindingOutput

func (*EkmConfigIamBinding) ToEkmConfigIamBindingOutputWithContext added in v0.26.1 

func (i *EkmConfigIamBinding) ToEkmConfigIamBindingOutputWithContext(ctx context.Context) EkmConfigIamBindingOutput

type EkmConfigIamBindingArgs added in v0.26.1 

type EkmConfigIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a EkmConfigIamBinding resource.

func (EkmConfigIamBindingArgs) ElementType added in v0.26.1 

func (EkmConfigIamBindingArgs) ElementType() reflect.Type

type EkmConfigIamBindingInput added in v0.26.1 

type EkmConfigIamBindingInput interface {
	pulumi.Input

	ToEkmConfigIamBindingOutput() EkmConfigIamBindingOutput
	ToEkmConfigIamBindingOutputWithContext(ctx context.Context) EkmConfigIamBindingOutput
}

type EkmConfigIamBindingOutput added in v0.26.1 

type EkmConfigIamBindingOutput struct{ *pulumi.OutputState }

func (EkmConfigIamBindingOutput) Condition added in v0.26.1 

func (o EkmConfigIamBindingOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (EkmConfigIamBindingOutput) ElementType added in v0.26.1 

func (EkmConfigIamBindingOutput) ElementType() reflect.Type

func (EkmConfigIamBindingOutput) Etag added in v0.26.1 

func (o EkmConfigIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (EkmConfigIamBindingOutput) Members added in v0.26.1 

func (o EkmConfigIamBindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (EkmConfigIamBindingOutput) Name added in v0.26.1 

func (o EkmConfigIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (EkmConfigIamBindingOutput) Project added in v0.26.1 

func (o EkmConfigIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (EkmConfigIamBindingOutput) Role added in v0.26.1 

func (o EkmConfigIamBindingOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (EkmConfigIamBindingOutput) ToEkmConfigIamBindingOutput added in v0.26.1 

func (o EkmConfigIamBindingOutput) ToEkmConfigIamBindingOutput() EkmConfigIamBindingOutput

func (EkmConfigIamBindingOutput) ToEkmConfigIamBindingOutputWithContext added in v0.26.1 

func (o EkmConfigIamBindingOutput) ToEkmConfigIamBindingOutputWithContext(ctx context.Context) EkmConfigIamBindingOutput

type EkmConfigIamBindingState added in v0.26.1 

type EkmConfigIamBindingState struct {
}

func (EkmConfigIamBindingState) ElementType added in v0.26.1 

func (EkmConfigIamBindingState) ElementType() reflect.Type

type EkmConfigIamMember added in v0.26.1 

type EkmConfigIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetEkmConfigIamMember added in v0.26.1 

func GetEkmConfigIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EkmConfigIamMemberState, opts ...pulumi.ResourceOption) (*EkmConfigIamMember, error)

GetEkmConfigIamMember gets an existing EkmConfigIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEkmConfigIamMember added in v0.26.1 

func NewEkmConfigIamMember(ctx *pulumi.Context,
	name string, args *EkmConfigIamMemberArgs, opts ...pulumi.ResourceOption) (*EkmConfigIamMember, error)

NewEkmConfigIamMember registers a new resource with the given unique name, arguments, and options.

func (*EkmConfigIamMember) ElementType added in v0.26.1 

func (*EkmConfigIamMember) ElementType() reflect.Type

func (*EkmConfigIamMember) ToEkmConfigIamMemberOutput added in v0.26.1 

func (i *EkmConfigIamMember) ToEkmConfigIamMemberOutput() EkmConfigIamMemberOutput

func (*EkmConfigIamMember) ToEkmConfigIamMemberOutputWithContext added in v0.26.1 

func (i *EkmConfigIamMember) ToEkmConfigIamMemberOutputWithContext(ctx context.Context) EkmConfigIamMemberOutput

type EkmConfigIamMemberArgs added in v0.26.1 

type EkmConfigIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a EkmConfigIamMember resource.

func (EkmConfigIamMemberArgs) ElementType added in v0.26.1 

func (EkmConfigIamMemberArgs) ElementType() reflect.Type

type EkmConfigIamMemberInput added in v0.26.1 

type EkmConfigIamMemberInput interface {
	pulumi.Input

	ToEkmConfigIamMemberOutput() EkmConfigIamMemberOutput
	ToEkmConfigIamMemberOutputWithContext(ctx context.Context) EkmConfigIamMemberOutput
}

type EkmConfigIamMemberOutput added in v0.26.1 

type EkmConfigIamMemberOutput struct{ *pulumi.OutputState }

func (EkmConfigIamMemberOutput) Condition added in v0.26.1 

func (o EkmConfigIamMemberOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (EkmConfigIamMemberOutput) ElementType added in v0.26.1 

func (EkmConfigIamMemberOutput) ElementType() reflect.Type

func (EkmConfigIamMemberOutput) Etag added in v0.26.1 

func (o EkmConfigIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (EkmConfigIamMemberOutput) Member added in v0.26.1 

func (o EkmConfigIamMemberOutput) Member() pulumi.StringOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (EkmConfigIamMemberOutput) Name added in v0.26.1 

func (o EkmConfigIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (EkmConfigIamMemberOutput) Project added in v0.26.1 

func (o EkmConfigIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (EkmConfigIamMemberOutput) Role added in v0.26.1 

func (o EkmConfigIamMemberOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (EkmConfigIamMemberOutput) ToEkmConfigIamMemberOutput added in v0.26.1 

func (o EkmConfigIamMemberOutput) ToEkmConfigIamMemberOutput() EkmConfigIamMemberOutput

func (EkmConfigIamMemberOutput) ToEkmConfigIamMemberOutputWithContext added in v0.26.1 

func (o EkmConfigIamMemberOutput) ToEkmConfigIamMemberOutputWithContext(ctx context.Context) EkmConfigIamMemberOutput

type EkmConfigIamMemberState added in v0.26.1 

type EkmConfigIamMemberState struct {
}

func (EkmConfigIamMemberState) ElementType added in v0.26.1 

func (EkmConfigIamMemberState) ElementType() reflect.Type

type EkmConfigIamPolicy added in v0.26.1 

type EkmConfigIamPolicy struct {
	pulumi.CustomResourceState

	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingResponseArrayOutput `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag     pulumi.StringOutput `pulumi:"etag"`
	Location pulumi.StringOutput `pulumi:"location"`
	Project  pulumi.StringOutput `pulumi:"project"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntOutput `pulumi:"version"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetEkmConfigIamPolicy added in v0.26.1 

func GetEkmConfigIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EkmConfigIamPolicyState, opts ...pulumi.ResourceOption) (*EkmConfigIamPolicy, error)

GetEkmConfigIamPolicy gets an existing EkmConfigIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEkmConfigIamPolicy added in v0.26.1 

func NewEkmConfigIamPolicy(ctx *pulumi.Context,
	name string, args *EkmConfigIamPolicyArgs, opts ...pulumi.ResourceOption) (*EkmConfigIamPolicy, error)

NewEkmConfigIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*EkmConfigIamPolicy) ElementType added in v0.26.1 

func (*EkmConfigIamPolicy) ElementType() reflect.Type

func (*EkmConfigIamPolicy) ToEkmConfigIamPolicyOutput added in v0.26.1 

func (i *EkmConfigIamPolicy) ToEkmConfigIamPolicyOutput() EkmConfigIamPolicyOutput

func (*EkmConfigIamPolicy) ToEkmConfigIamPolicyOutputWithContext added in v0.26.1 

func (i *EkmConfigIamPolicy) ToEkmConfigIamPolicyOutputWithContext(ctx context.Context) EkmConfigIamPolicyOutput

type EkmConfigIamPolicyArgs added in v0.26.1 

type EkmConfigIamPolicyArgs struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigArrayInput
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingArrayInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag     pulumi.StringPtrInput
	Location pulumi.StringPtrInput
	Project  pulumi.StringPtrInput
	// OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"`
	UpdateMask pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a EkmConfigIamPolicy resource.

func (EkmConfigIamPolicyArgs) ElementType added in v0.26.1 

func (EkmConfigIamPolicyArgs) ElementType() reflect.Type

type EkmConfigIamPolicyInput added in v0.26.1 

type EkmConfigIamPolicyInput interface {
	pulumi.Input

	ToEkmConfigIamPolicyOutput() EkmConfigIamPolicyOutput
	ToEkmConfigIamPolicyOutputWithContext(ctx context.Context) EkmConfigIamPolicyOutput
}

type EkmConfigIamPolicyOutput added in v0.26.1 

type EkmConfigIamPolicyOutput struct{ *pulumi.OutputState }

func (EkmConfigIamPolicyOutput) AuditConfigs added in v0.26.1 

func (o EkmConfigIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (EkmConfigIamPolicyOutput) Bindings added in v0.26.1 

func (o EkmConfigIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (EkmConfigIamPolicyOutput) ElementType added in v0.26.1 

func (EkmConfigIamPolicyOutput) ElementType() reflect.Type

func (EkmConfigIamPolicyOutput) Etag added in v0.26.1 

func (o EkmConfigIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (EkmConfigIamPolicyOutput) Location added in v0.26.1 

func (o EkmConfigIamPolicyOutput) Location() pulumi.StringOutput

func (EkmConfigIamPolicyOutput) Project added in v0.26.1 

func (o EkmConfigIamPolicyOutput) Project() pulumi.StringOutput

func (EkmConfigIamPolicyOutput) ToEkmConfigIamPolicyOutput added in v0.26.1 

func (o EkmConfigIamPolicyOutput) ToEkmConfigIamPolicyOutput() EkmConfigIamPolicyOutput

func (EkmConfigIamPolicyOutput) ToEkmConfigIamPolicyOutputWithContext added in v0.26.1 

func (o EkmConfigIamPolicyOutput) ToEkmConfigIamPolicyOutputWithContext(ctx context.Context) EkmConfigIamPolicyOutput

func (EkmConfigIamPolicyOutput) Version added in v0.26.1 

func (o EkmConfigIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type EkmConfigIamPolicyState added in v0.26.1 

type EkmConfigIamPolicyState struct {
}

func (EkmConfigIamPolicyState) ElementType added in v0.26.1 

func (EkmConfigIamPolicyState) ElementType() reflect.Type

type EkmConnection added in v0.13.0 

type EkmConnection struct {
	pulumi.CustomResourceState

	// The time at which the EkmConnection was created.
	CreateTime pulumi.StringOutput `pulumi:"createTime"`
	// Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.
	CryptoSpacePath pulumi.StringOutput `pulumi:"cryptoSpacePath"`
	// Required. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`.
	EkmConnectionId pulumi.StringOutput `pulumi:"ekmConnectionId"`
	// Optional. Etag of the currently stored EkmConnection.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.
	KeyManagementMode pulumi.StringOutput `pulumi:"keyManagementMode"`
	Location          pulumi.StringOutput `pulumi:"location"`
	// The resource name for the EkmConnection in the format `projects/*/locations/*/ekmConnections/*`.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
	// A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.
	ServiceResolvers ServiceResolverResponseArrayOutput `pulumi:"serviceResolvers"`
}

Creates a new EkmConnection in a given Project and Location. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetEkmConnection added in v0.13.0 

func GetEkmConnection(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EkmConnectionState, opts ...pulumi.ResourceOption) (*EkmConnection, error)

GetEkmConnection gets an existing EkmConnection resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEkmConnection added in v0.13.0 

func NewEkmConnection(ctx *pulumi.Context,
	name string, args *EkmConnectionArgs, opts ...pulumi.ResourceOption) (*EkmConnection, error)

NewEkmConnection registers a new resource with the given unique name, arguments, and options.

func (*EkmConnection) ElementType added in v0.13.0 

func (*EkmConnection) ElementType() reflect.Type

func (*EkmConnection) ToEkmConnectionOutput added in v0.13.0 

func (i *EkmConnection) ToEkmConnectionOutput() EkmConnectionOutput

func (*EkmConnection) ToEkmConnectionOutputWithContext added in v0.13.0 

func (i *EkmConnection) ToEkmConnectionOutputWithContext(ctx context.Context) EkmConnectionOutput

type EkmConnectionArgs added in v0.13.0 

type EkmConnectionArgs struct {
	// Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.
	CryptoSpacePath pulumi.StringPtrInput
	// Required. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`.
	EkmConnectionId pulumi.StringPtrInput
	// Optional. Etag of the currently stored EkmConnection.
	Etag pulumi.StringPtrInput
	// Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.
	KeyManagementMode EkmConnectionKeyManagementModePtrInput
	Location          pulumi.StringPtrInput
	Project           pulumi.StringPtrInput
	// A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.
	ServiceResolvers ServiceResolverArrayInput
}

The set of arguments for constructing a EkmConnection resource.

func (EkmConnectionArgs) ElementType added in v0.13.0 

func (EkmConnectionArgs) ElementType() reflect.Type

type EkmConnectionIamBinding added in v0.26.0 

type EkmConnectionIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetEkmConnectionIamBinding added in v0.26.0 

func GetEkmConnectionIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EkmConnectionIamBindingState, opts ...pulumi.ResourceOption) (*EkmConnectionIamBinding, error)

GetEkmConnectionIamBinding gets an existing EkmConnectionIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEkmConnectionIamBinding added in v0.26.0 

func NewEkmConnectionIamBinding(ctx *pulumi.Context,
	name string, args *EkmConnectionIamBindingArgs, opts ...pulumi.ResourceOption) (*EkmConnectionIamBinding, error)

NewEkmConnectionIamBinding registers a new resource with the given unique name, arguments, and options.

func (*EkmConnectionIamBinding) ElementType added in v0.26.0 

func (*EkmConnectionIamBinding) ElementType() reflect.Type

func (*EkmConnectionIamBinding) ToEkmConnectionIamBindingOutput added in v0.26.0 

func (i *EkmConnectionIamBinding) ToEkmConnectionIamBindingOutput() EkmConnectionIamBindingOutput

func (*EkmConnectionIamBinding) ToEkmConnectionIamBindingOutputWithContext added in v0.26.0 

func (i *EkmConnectionIamBinding) ToEkmConnectionIamBindingOutputWithContext(ctx context.Context) EkmConnectionIamBindingOutput

type EkmConnectionIamBindingArgs added in v0.26.0 

type EkmConnectionIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a EkmConnectionIamBinding resource.

func (EkmConnectionIamBindingArgs) ElementType added in v0.26.0 

func (EkmConnectionIamBindingArgs) ElementType() reflect.Type

type EkmConnectionIamBindingInput added in v0.26.0 

type EkmConnectionIamBindingInput interface {
	pulumi.Input

	ToEkmConnectionIamBindingOutput() EkmConnectionIamBindingOutput
	ToEkmConnectionIamBindingOutputWithContext(ctx context.Context) EkmConnectionIamBindingOutput
}

type EkmConnectionIamBindingOutput added in v0.26.0 

type EkmConnectionIamBindingOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamBindingOutput) Condition added in v0.26.0 

func (o EkmConnectionIamBindingOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (EkmConnectionIamBindingOutput) ElementType added in v0.26.0 

func (EkmConnectionIamBindingOutput) ElementType() reflect.Type

func (EkmConnectionIamBindingOutput) Etag added in v0.26.0 

func (o EkmConnectionIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (EkmConnectionIamBindingOutput) Members added in v0.26.0 

func (o EkmConnectionIamBindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (EkmConnectionIamBindingOutput) Name added in v0.26.0 

func (o EkmConnectionIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (EkmConnectionIamBindingOutput) Project added in v0.26.0 

func (o EkmConnectionIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (EkmConnectionIamBindingOutput) Role added in v0.26.0 

func (o EkmConnectionIamBindingOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutput added in v0.26.0 

func (o EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutput() EkmConnectionIamBindingOutput

func (EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutputWithContext added in v0.26.0 

func (o EkmConnectionIamBindingOutput) ToEkmConnectionIamBindingOutputWithContext(ctx context.Context) EkmConnectionIamBindingOutput

type EkmConnectionIamBindingState added in v0.26.0 

type EkmConnectionIamBindingState struct {
}

func (EkmConnectionIamBindingState) ElementType added in v0.26.0 

func (EkmConnectionIamBindingState) ElementType() reflect.Type

type EkmConnectionIamMember added in v0.26.0 

type EkmConnectionIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetEkmConnectionIamMember added in v0.26.0 

func GetEkmConnectionIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EkmConnectionIamMemberState, opts ...pulumi.ResourceOption) (*EkmConnectionIamMember, error)

GetEkmConnectionIamMember gets an existing EkmConnectionIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEkmConnectionIamMember added in v0.26.0 

func NewEkmConnectionIamMember(ctx *pulumi.Context,
	name string, args *EkmConnectionIamMemberArgs, opts ...pulumi.ResourceOption) (*EkmConnectionIamMember, error)

NewEkmConnectionIamMember registers a new resource with the given unique name, arguments, and options.

func (*EkmConnectionIamMember) ElementType added in v0.26.0 

func (*EkmConnectionIamMember) ElementType() reflect.Type

func (*EkmConnectionIamMember) ToEkmConnectionIamMemberOutput added in v0.26.0 

func (i *EkmConnectionIamMember) ToEkmConnectionIamMemberOutput() EkmConnectionIamMemberOutput

func (*EkmConnectionIamMember) ToEkmConnectionIamMemberOutputWithContext added in v0.26.0 

func (i *EkmConnectionIamMember) ToEkmConnectionIamMemberOutputWithContext(ctx context.Context) EkmConnectionIamMemberOutput

type EkmConnectionIamMemberArgs added in v0.26.0 

type EkmConnectionIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a EkmConnectionIamMember resource.

func (EkmConnectionIamMemberArgs) ElementType added in v0.26.0 

func (EkmConnectionIamMemberArgs) ElementType() reflect.Type

type EkmConnectionIamMemberInput added in v0.26.0 

type EkmConnectionIamMemberInput interface {
	pulumi.Input

	ToEkmConnectionIamMemberOutput() EkmConnectionIamMemberOutput
	ToEkmConnectionIamMemberOutputWithContext(ctx context.Context) EkmConnectionIamMemberOutput
}

type EkmConnectionIamMemberOutput added in v0.26.0 

type EkmConnectionIamMemberOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamMemberOutput) Condition added in v0.26.0 

func (o EkmConnectionIamMemberOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (EkmConnectionIamMemberOutput) ElementType added in v0.26.0 

func (EkmConnectionIamMemberOutput) ElementType() reflect.Type

func (EkmConnectionIamMemberOutput) Etag added in v0.26.0 

func (o EkmConnectionIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (EkmConnectionIamMemberOutput) Member added in v0.26.0 

func (o EkmConnectionIamMemberOutput) Member() pulumi.StringOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (EkmConnectionIamMemberOutput) Name added in v0.26.0 

func (o EkmConnectionIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (EkmConnectionIamMemberOutput) Project added in v0.26.0 

func (o EkmConnectionIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (EkmConnectionIamMemberOutput) Role added in v0.26.0 

func (o EkmConnectionIamMemberOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutput added in v0.26.0 

func (o EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutput() EkmConnectionIamMemberOutput

func (EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutputWithContext added in v0.26.0 

func (o EkmConnectionIamMemberOutput) ToEkmConnectionIamMemberOutputWithContext(ctx context.Context) EkmConnectionIamMemberOutput

type EkmConnectionIamMemberState added in v0.26.0 

type EkmConnectionIamMemberState struct {
}

func (EkmConnectionIamMemberState) ElementType added in v0.26.0 

func (EkmConnectionIamMemberState) ElementType() reflect.Type

type EkmConnectionIamPolicy added in v0.11.0 

type EkmConnectionIamPolicy struct {
	pulumi.CustomResourceState

	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings        BindingResponseArrayOutput `pulumi:"bindings"`
	EkmConnectionId pulumi.StringOutput        `pulumi:"ekmConnectionId"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag     pulumi.StringOutput `pulumi:"etag"`
	Location pulumi.StringOutput `pulumi:"location"`
	Project  pulumi.StringOutput `pulumi:"project"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntOutput `pulumi:"version"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetEkmConnectionIamPolicy added in v0.11.0 

func GetEkmConnectionIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *EkmConnectionIamPolicyState, opts ...pulumi.ResourceOption) (*EkmConnectionIamPolicy, error)

GetEkmConnectionIamPolicy gets an existing EkmConnectionIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewEkmConnectionIamPolicy added in v0.11.0 

func NewEkmConnectionIamPolicy(ctx *pulumi.Context,
	name string, args *EkmConnectionIamPolicyArgs, opts ...pulumi.ResourceOption) (*EkmConnectionIamPolicy, error)

NewEkmConnectionIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*EkmConnectionIamPolicy) ElementType added in v0.11.0 

func (*EkmConnectionIamPolicy) ElementType() reflect.Type

func (*EkmConnectionIamPolicy) ToEkmConnectionIamPolicyOutput added in v0.11.0 

func (i *EkmConnectionIamPolicy) ToEkmConnectionIamPolicyOutput() EkmConnectionIamPolicyOutput

func (*EkmConnectionIamPolicy) ToEkmConnectionIamPolicyOutputWithContext added in v0.11.0 

func (i *EkmConnectionIamPolicy) ToEkmConnectionIamPolicyOutputWithContext(ctx context.Context) EkmConnectionIamPolicyOutput

type EkmConnectionIamPolicyArgs added in v0.11.0 

type EkmConnectionIamPolicyArgs struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigArrayInput
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings        BindingArrayInput
	EkmConnectionId pulumi.StringInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag     pulumi.StringPtrInput
	Location pulumi.StringPtrInput
	Project  pulumi.StringPtrInput
	// OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"`
	UpdateMask pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a EkmConnectionIamPolicy resource.

func (EkmConnectionIamPolicyArgs) ElementType added in v0.11.0 

func (EkmConnectionIamPolicyArgs) ElementType() reflect.Type

type EkmConnectionIamPolicyInput added in v0.11.0 

type EkmConnectionIamPolicyInput interface {
	pulumi.Input

	ToEkmConnectionIamPolicyOutput() EkmConnectionIamPolicyOutput
	ToEkmConnectionIamPolicyOutputWithContext(ctx context.Context) EkmConnectionIamPolicyOutput
}

type EkmConnectionIamPolicyOutput added in v0.11.0 

type EkmConnectionIamPolicyOutput struct{ *pulumi.OutputState }

func (EkmConnectionIamPolicyOutput) AuditConfigs added in v0.19.0 

func (o EkmConnectionIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (EkmConnectionIamPolicyOutput) Bindings added in v0.19.0 

func (o EkmConnectionIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (EkmConnectionIamPolicyOutput) EkmConnectionId added in v0.21.0 

func (o EkmConnectionIamPolicyOutput) EkmConnectionId() pulumi.StringOutput

func (EkmConnectionIamPolicyOutput) ElementType added in v0.11.0 

func (EkmConnectionIamPolicyOutput) ElementType() reflect.Type

func (EkmConnectionIamPolicyOutput) Etag added in v0.19.0 

func (o EkmConnectionIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (EkmConnectionIamPolicyOutput) Location added in v0.21.0 

func (o EkmConnectionIamPolicyOutput) Location() pulumi.StringOutput

func (EkmConnectionIamPolicyOutput) Project added in v0.21.0 

func (o EkmConnectionIamPolicyOutput) Project() pulumi.StringOutput

func (EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutput added in v0.11.0 

func (o EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutput() EkmConnectionIamPolicyOutput

func (EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutputWithContext added in v0.11.0 

func (o EkmConnectionIamPolicyOutput) ToEkmConnectionIamPolicyOutputWithContext(ctx context.Context) EkmConnectionIamPolicyOutput

func (EkmConnectionIamPolicyOutput) Version added in v0.19.0 

func (o EkmConnectionIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type EkmConnectionIamPolicyState added in v0.11.0 

type EkmConnectionIamPolicyState struct {
}

func (EkmConnectionIamPolicyState) ElementType added in v0.11.0 

func (EkmConnectionIamPolicyState) ElementType() reflect.Type

type EkmConnectionInput added in v0.13.0 

type EkmConnectionInput interface {
	pulumi.Input

	ToEkmConnectionOutput() EkmConnectionOutput
	ToEkmConnectionOutputWithContext(ctx context.Context) EkmConnectionOutput
}

type EkmConnectionKeyManagementMode added in v0.29.0 

type EkmConnectionKeyManagementMode string

Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.

func (EkmConnectionKeyManagementMode) ElementType added in v0.29.0 

func (EkmConnectionKeyManagementMode) ElementType() reflect.Type

func (EkmConnectionKeyManagementMode) ToEkmConnectionKeyManagementModeOutput added in v0.29.0 

func (e EkmConnectionKeyManagementMode) ToEkmConnectionKeyManagementModeOutput() EkmConnectionKeyManagementModeOutput

func (EkmConnectionKeyManagementMode) ToEkmConnectionKeyManagementModeOutputWithContext added in v0.29.0 

func (e EkmConnectionKeyManagementMode) ToEkmConnectionKeyManagementModeOutputWithContext(ctx context.Context) EkmConnectionKeyManagementModeOutput

func (EkmConnectionKeyManagementMode) ToEkmConnectionKeyManagementModePtrOutput added in v0.29.0 

func (e EkmConnectionKeyManagementMode) ToEkmConnectionKeyManagementModePtrOutput() EkmConnectionKeyManagementModePtrOutput

func (EkmConnectionKeyManagementMode) ToEkmConnectionKeyManagementModePtrOutputWithContext added in v0.29.0 

func (e EkmConnectionKeyManagementMode) ToEkmConnectionKeyManagementModePtrOutputWithContext(ctx context.Context) EkmConnectionKeyManagementModePtrOutput

func (EkmConnectionKeyManagementMode) ToStringOutput added in v0.29.0 

func (e EkmConnectionKeyManagementMode) ToStringOutput() pulumi.StringOutput

func (EkmConnectionKeyManagementMode) ToStringOutputWithContext added in v0.29.0 

func (e EkmConnectionKeyManagementMode) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (EkmConnectionKeyManagementMode) ToStringPtrOutput added in v0.29.0 

func (e EkmConnectionKeyManagementMode) ToStringPtrOutput() pulumi.StringPtrOutput

func (EkmConnectionKeyManagementMode) ToStringPtrOutputWithContext added in v0.29.0 

func (e EkmConnectionKeyManagementMode) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type EkmConnectionKeyManagementModeInput added in v0.29.0 

type EkmConnectionKeyManagementModeInput interface {
	pulumi.Input

	ToEkmConnectionKeyManagementModeOutput() EkmConnectionKeyManagementModeOutput
	ToEkmConnectionKeyManagementModeOutputWithContext(context.Context) EkmConnectionKeyManagementModeOutput
}

EkmConnectionKeyManagementModeInput is an input type that accepts values of the EkmConnectionKeyManagementMode enum A concrete instance of `EkmConnectionKeyManagementModeInput` can be one of the following: 

EkmConnectionKeyManagementModeKeyManagementModeUnspecified
EkmConnectionKeyManagementModeManual
EkmConnectionKeyManagementModeCloudKms

type EkmConnectionKeyManagementModeOutput added in v0.29.0 

type EkmConnectionKeyManagementModeOutput struct{ *pulumi.OutputState }

func (EkmConnectionKeyManagementModeOutput) ElementType added in v0.29.0 

func (EkmConnectionKeyManagementModeOutput) ElementType() reflect.Type

func (EkmConnectionKeyManagementModeOutput) ToEkmConnectionKeyManagementModeOutput added in v0.29.0 

func (o EkmConnectionKeyManagementModeOutput) ToEkmConnectionKeyManagementModeOutput() EkmConnectionKeyManagementModeOutput

func (EkmConnectionKeyManagementModeOutput) ToEkmConnectionKeyManagementModeOutputWithContext added in v0.29.0 

func (o EkmConnectionKeyManagementModeOutput) ToEkmConnectionKeyManagementModeOutputWithContext(ctx context.Context) EkmConnectionKeyManagementModeOutput

func (EkmConnectionKeyManagementModeOutput) ToEkmConnectionKeyManagementModePtrOutput added in v0.29.0 

func (o EkmConnectionKeyManagementModeOutput) ToEkmConnectionKeyManagementModePtrOutput() EkmConnectionKeyManagementModePtrOutput

func (EkmConnectionKeyManagementModeOutput) ToEkmConnectionKeyManagementModePtrOutputWithContext added in v0.29.0 

func (o EkmConnectionKeyManagementModeOutput) ToEkmConnectionKeyManagementModePtrOutputWithContext(ctx context.Context) EkmConnectionKeyManagementModePtrOutput

func (EkmConnectionKeyManagementModeOutput) ToStringOutput added in v0.29.0 

func (o EkmConnectionKeyManagementModeOutput) ToStringOutput() pulumi.StringOutput

func (EkmConnectionKeyManagementModeOutput) ToStringOutputWithContext added in v0.29.0 

func (o EkmConnectionKeyManagementModeOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (EkmConnectionKeyManagementModeOutput) ToStringPtrOutput added in v0.29.0 

func (o EkmConnectionKeyManagementModeOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (EkmConnectionKeyManagementModeOutput) ToStringPtrOutputWithContext added in v0.29.0 

func (o EkmConnectionKeyManagementModeOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type EkmConnectionKeyManagementModePtrInput added in v0.29.0 

type EkmConnectionKeyManagementModePtrInput interface {
	pulumi.Input

	ToEkmConnectionKeyManagementModePtrOutput() EkmConnectionKeyManagementModePtrOutput
	ToEkmConnectionKeyManagementModePtrOutputWithContext(context.Context) EkmConnectionKeyManagementModePtrOutput
}

func EkmConnectionKeyManagementModePtr added in v0.29.0 

func EkmConnectionKeyManagementModePtr(v string) EkmConnectionKeyManagementModePtrInput

type EkmConnectionKeyManagementModePtrOutput added in v0.29.0 

type EkmConnectionKeyManagementModePtrOutput struct{ *pulumi.OutputState }

func (EkmConnectionKeyManagementModePtrOutput) Elem added in v0.29.0 

func (o EkmConnectionKeyManagementModePtrOutput) Elem() EkmConnectionKeyManagementModeOutput

func (EkmConnectionKeyManagementModePtrOutput) ElementType added in v0.29.0 

func (EkmConnectionKeyManagementModePtrOutput) ElementType() reflect.Type

func (EkmConnectionKeyManagementModePtrOutput) ToEkmConnectionKeyManagementModePtrOutput added in v0.29.0 

func (o EkmConnectionKeyManagementModePtrOutput) ToEkmConnectionKeyManagementModePtrOutput() EkmConnectionKeyManagementModePtrOutput

func (EkmConnectionKeyManagementModePtrOutput) ToEkmConnectionKeyManagementModePtrOutputWithContext added in v0.29.0 

func (o EkmConnectionKeyManagementModePtrOutput) ToEkmConnectionKeyManagementModePtrOutputWithContext(ctx context.Context) EkmConnectionKeyManagementModePtrOutput

func (EkmConnectionKeyManagementModePtrOutput) ToStringPtrOutput added in v0.29.0 

func (o EkmConnectionKeyManagementModePtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (EkmConnectionKeyManagementModePtrOutput) ToStringPtrOutputWithContext added in v0.29.0 

func (o EkmConnectionKeyManagementModePtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type EkmConnectionOutput added in v0.13.0 

type EkmConnectionOutput struct{ *pulumi.OutputState }

func (EkmConnectionOutput) CreateTime added in v0.19.0 

func (o EkmConnectionOutput) CreateTime() pulumi.StringOutput

The time at which the EkmConnection was created.

func (EkmConnectionOutput) CryptoSpacePath added in v0.29.0 

func (o EkmConnectionOutput) CryptoSpacePath() pulumi.StringOutput

Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.

func (EkmConnectionOutput) EkmConnectionId added in v0.21.0 

func (o EkmConnectionOutput) EkmConnectionId() pulumi.StringOutput

Required. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`.

func (EkmConnectionOutput) ElementType added in v0.13.0 

func (EkmConnectionOutput) ElementType() reflect.Type

func (EkmConnectionOutput) Etag added in v0.19.0 

func (o EkmConnectionOutput) Etag() pulumi.StringOutput

Optional. Etag of the currently stored EkmConnection.

func (EkmConnectionOutput) KeyManagementMode added in v0.29.0 

func (o EkmConnectionOutput) KeyManagementMode() pulumi.StringOutput

Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.

func (EkmConnectionOutput) Location added in v0.21.0 

func (o EkmConnectionOutput) Location() pulumi.StringOutput

func (EkmConnectionOutput) Name added in v0.19.0 

func (o EkmConnectionOutput) Name() pulumi.StringOutput

The resource name for the EkmConnection in the format `projects/*/locations/*/ekmConnections/*`.

func (EkmConnectionOutput) Project added in v0.21.0 

func (o EkmConnectionOutput) Project() pulumi.StringOutput

func (EkmConnectionOutput) ServiceResolvers added in v0.19.0 

func (o EkmConnectionOutput) ServiceResolvers() ServiceResolverResponseArrayOutput

A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.

func (EkmConnectionOutput) ToEkmConnectionOutput added in v0.13.0 

func (o EkmConnectionOutput) ToEkmConnectionOutput() EkmConnectionOutput

func (EkmConnectionOutput) ToEkmConnectionOutputWithContext added in v0.13.0 

func (o EkmConnectionOutput) ToEkmConnectionOutputWithContext(ctx context.Context) EkmConnectionOutput

type EkmConnectionState added in v0.13.0 

type EkmConnectionState struct {
}

func (EkmConnectionState) ElementType added in v0.13.0 

func (EkmConnectionState) ElementType() reflect.Type

type Expr 

type Expr struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

type ExprArgs 

type ExprArgs struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprArgs) ElementType 

func (ExprArgs) ElementType() reflect.Type

func (ExprArgs) ToExprOutput 

func (i ExprArgs) ToExprOutput() ExprOutput

func (ExprArgs) ToExprOutputWithContext 

func (i ExprArgs) ToExprOutputWithContext(ctx context.Context) ExprOutput

func (ExprArgs) ToExprPtrOutput 

func (i ExprArgs) ToExprPtrOutput() ExprPtrOutput

func (ExprArgs) ToExprPtrOutputWithContext 

func (i ExprArgs) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprInput 

type ExprInput interface {
	pulumi.Input

	ToExprOutput() ExprOutput
	ToExprOutputWithContext(context.Context) ExprOutput
}

ExprInput is an input type that accepts ExprArgs and ExprOutput values. You can construct a concrete instance of `ExprInput` via: 

ExprArgs{...}

type ExprOutput 

type ExprOutput struct{ *pulumi.OutputState }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprOutput) Description 

func (o ExprOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprOutput) ElementType 

func (ExprOutput) ElementType() reflect.Type

func (ExprOutput) Expression 

func (o ExprOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprOutput) Location 

func (o ExprOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprOutput) Title 

func (o ExprOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprOutput) ToExprOutput 

func (o ExprOutput) ToExprOutput() ExprOutput

func (ExprOutput) ToExprOutputWithContext 

func (o ExprOutput) ToExprOutputWithContext(ctx context.Context) ExprOutput

func (ExprOutput) ToExprPtrOutput 

func (o ExprOutput) ToExprPtrOutput() ExprPtrOutput

func (ExprOutput) ToExprPtrOutputWithContext 

func (o ExprOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprPtrInput 

type ExprPtrInput interface {
	pulumi.Input

	ToExprPtrOutput() ExprPtrOutput
	ToExprPtrOutputWithContext(context.Context) ExprPtrOutput
}

ExprPtrInput is an input type that accepts ExprArgs, ExprPtr and ExprPtrOutput values. You can construct a concrete instance of `ExprPtrInput` via: 

        ExprArgs{...}

or:

        nil

func ExprPtr 

func ExprPtr(v *ExprArgs) ExprPtrInput

type ExprPtrOutput 

type ExprPtrOutput struct{ *pulumi.OutputState }

func (ExprPtrOutput) Description 

func (o ExprPtrOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprPtrOutput) Elem 

func (o ExprPtrOutput) Elem() ExprOutput

func (ExprPtrOutput) ElementType 

func (ExprPtrOutput) ElementType() reflect.Type

func (ExprPtrOutput) Expression 

func (o ExprPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprPtrOutput) Location 

func (o ExprPtrOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprPtrOutput) Title 

func (o ExprPtrOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprPtrOutput) ToExprPtrOutput 

func (o ExprPtrOutput) ToExprPtrOutput() ExprPtrOutput

func (ExprPtrOutput) ToExprPtrOutputWithContext 

func (o ExprPtrOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprResponse 

type ExprResponse struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title string `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

type ExprResponseOutput 

type ExprResponseOutput struct{ *pulumi.OutputState }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprResponseOutput) Description 

func (o ExprResponseOutput) Description() pulumi.StringOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprResponseOutput) ElementType 

func (ExprResponseOutput) ElementType() reflect.Type

func (ExprResponseOutput) Expression 

func (o ExprResponseOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprResponseOutput) Location 

func (o ExprResponseOutput) Location() pulumi.StringOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprResponseOutput) Title 

func (o ExprResponseOutput) Title() pulumi.StringOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprResponseOutput) ToExprResponseOutput 

func (o ExprResponseOutput) ToExprResponseOutput() ExprResponseOutput

func (ExprResponseOutput) ToExprResponseOutputWithContext 

func (o ExprResponseOutput) ToExprResponseOutputWithContext(ctx context.Context) ExprResponseOutput

type ExternalProtectionLevelOptions 

type ExternalProtectionLevelOptions struct {
	// The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
	EkmConnectionKeyPath *string `pulumi:"ekmConnectionKeyPath"`
	// The URI for an external resource that this CryptoKeyVersion represents.
	ExternalKeyUri *string `pulumi:"externalKeyUri"`
}

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

type ExternalProtectionLevelOptionsArgs 

type ExternalProtectionLevelOptionsArgs struct {
	// The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
	EkmConnectionKeyPath pulumi.StringPtrInput `pulumi:"ekmConnectionKeyPath"`
	// The URI for an external resource that this CryptoKeyVersion represents.
	ExternalKeyUri pulumi.StringPtrInput `pulumi:"externalKeyUri"`
}

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

func (ExternalProtectionLevelOptionsArgs) ElementType 

func (ExternalProtectionLevelOptionsArgs) ElementType() reflect.Type

func (ExternalProtectionLevelOptionsArgs) ToExternalProtectionLevelOptionsOutput 

func (i ExternalProtectionLevelOptionsArgs) ToExternalProtectionLevelOptionsOutput() ExternalProtectionLevelOptionsOutput

func (ExternalProtectionLevelOptionsArgs) ToExternalProtectionLevelOptionsOutputWithContext 

func (i ExternalProtectionLevelOptionsArgs) ToExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) ExternalProtectionLevelOptionsOutput

func (ExternalProtectionLevelOptionsArgs) ToExternalProtectionLevelOptionsPtrOutput 

func (i ExternalProtectionLevelOptionsArgs) ToExternalProtectionLevelOptionsPtrOutput() ExternalProtectionLevelOptionsPtrOutput

func (ExternalProtectionLevelOptionsArgs) ToExternalProtectionLevelOptionsPtrOutputWithContext 

func (i ExternalProtectionLevelOptionsArgs) ToExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) ExternalProtectionLevelOptionsPtrOutput

type ExternalProtectionLevelOptionsInput 

type ExternalProtectionLevelOptionsInput interface {
	pulumi.Input

	ToExternalProtectionLevelOptionsOutput() ExternalProtectionLevelOptionsOutput
	ToExternalProtectionLevelOptionsOutputWithContext(context.Context) ExternalProtectionLevelOptionsOutput
}

ExternalProtectionLevelOptionsInput is an input type that accepts ExternalProtectionLevelOptionsArgs and ExternalProtectionLevelOptionsOutput values. You can construct a concrete instance of `ExternalProtectionLevelOptionsInput` via: 

ExternalProtectionLevelOptionsArgs{...}

type ExternalProtectionLevelOptionsOutput 

type ExternalProtectionLevelOptionsOutput struct{ *pulumi.OutputState }

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

func (ExternalProtectionLevelOptionsOutput) EkmConnectionKeyPath added in v0.13.0 

func (o ExternalProtectionLevelOptionsOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

func (ExternalProtectionLevelOptionsOutput) ElementType 

func (ExternalProtectionLevelOptionsOutput) ElementType() reflect.Type

func (ExternalProtectionLevelOptionsOutput) ExternalKeyUri 

func (o ExternalProtectionLevelOptionsOutput) ExternalKeyUri() pulumi.StringPtrOutput

The URI for an external resource that this CryptoKeyVersion represents.

func (ExternalProtectionLevelOptionsOutput) ToExternalProtectionLevelOptionsOutput 

func (o ExternalProtectionLevelOptionsOutput) ToExternalProtectionLevelOptionsOutput() ExternalProtectionLevelOptionsOutput

func (ExternalProtectionLevelOptionsOutput) ToExternalProtectionLevelOptionsOutputWithContext 

func (o ExternalProtectionLevelOptionsOutput) ToExternalProtectionLevelOptionsOutputWithContext(ctx context.Context) ExternalProtectionLevelOptionsOutput

func (ExternalProtectionLevelOptionsOutput) ToExternalProtectionLevelOptionsPtrOutput 

func (o ExternalProtectionLevelOptionsOutput) ToExternalProtectionLevelOptionsPtrOutput() ExternalProtectionLevelOptionsPtrOutput

func (ExternalProtectionLevelOptionsOutput) ToExternalProtectionLevelOptionsPtrOutputWithContext 

func (o ExternalProtectionLevelOptionsOutput) ToExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) ExternalProtectionLevelOptionsPtrOutput

type ExternalProtectionLevelOptionsPtrInput 

type ExternalProtectionLevelOptionsPtrInput interface {
	pulumi.Input

	ToExternalProtectionLevelOptionsPtrOutput() ExternalProtectionLevelOptionsPtrOutput
	ToExternalProtectionLevelOptionsPtrOutputWithContext(context.Context) ExternalProtectionLevelOptionsPtrOutput
}

ExternalProtectionLevelOptionsPtrInput is an input type that accepts ExternalProtectionLevelOptionsArgs, ExternalProtectionLevelOptionsPtr and ExternalProtectionLevelOptionsPtrOutput values. You can construct a concrete instance of `ExternalProtectionLevelOptionsPtrInput` via: 

        ExternalProtectionLevelOptionsArgs{...}

or:

        nil

func ExternalProtectionLevelOptionsPtr 

func ExternalProtectionLevelOptionsPtr(v *ExternalProtectionLevelOptionsArgs) ExternalProtectionLevelOptionsPtrInput

type ExternalProtectionLevelOptionsPtrOutput 

type ExternalProtectionLevelOptionsPtrOutput struct{ *pulumi.OutputState }

func (ExternalProtectionLevelOptionsPtrOutput) EkmConnectionKeyPath added in v0.13.0 

func (o ExternalProtectionLevelOptionsPtrOutput) EkmConnectionKeyPath() pulumi.StringPtrOutput

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

func (ExternalProtectionLevelOptionsPtrOutput) Elem 

func (o ExternalProtectionLevelOptionsPtrOutput) Elem() ExternalProtectionLevelOptionsOutput

func (ExternalProtectionLevelOptionsPtrOutput) ElementType 

func (ExternalProtectionLevelOptionsPtrOutput) ElementType() reflect.Type

func (ExternalProtectionLevelOptionsPtrOutput) ExternalKeyUri 

func (o ExternalProtectionLevelOptionsPtrOutput) ExternalKeyUri() pulumi.StringPtrOutput

The URI for an external resource that this CryptoKeyVersion represents.

func (ExternalProtectionLevelOptionsPtrOutput) ToExternalProtectionLevelOptionsPtrOutput 

func (o ExternalProtectionLevelOptionsPtrOutput) ToExternalProtectionLevelOptionsPtrOutput() ExternalProtectionLevelOptionsPtrOutput

func (ExternalProtectionLevelOptionsPtrOutput) ToExternalProtectionLevelOptionsPtrOutputWithContext 

func (o ExternalProtectionLevelOptionsPtrOutput) ToExternalProtectionLevelOptionsPtrOutputWithContext(ctx context.Context) ExternalProtectionLevelOptionsPtrOutput

type ExternalProtectionLevelOptionsResponse 

type ExternalProtectionLevelOptionsResponse struct {
	// The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
	EkmConnectionKeyPath string `pulumi:"ekmConnectionKeyPath"`
	// The URI for an external resource that this CryptoKeyVersion represents.
	ExternalKeyUri string `pulumi:"externalKeyUri"`
}

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

type ExternalProtectionLevelOptionsResponseOutput 

type ExternalProtectionLevelOptionsResponseOutput struct{ *pulumi.OutputState }

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

func (ExternalProtectionLevelOptionsResponseOutput) EkmConnectionKeyPath added in v0.13.0 

func (o ExternalProtectionLevelOptionsResponseOutput) EkmConnectionKeyPath() pulumi.StringOutput

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

func (ExternalProtectionLevelOptionsResponseOutput) ElementType 

func (ExternalProtectionLevelOptionsResponseOutput) ElementType() reflect.Type

func (ExternalProtectionLevelOptionsResponseOutput) ExternalKeyUri 

func (o ExternalProtectionLevelOptionsResponseOutput) ExternalKeyUri() pulumi.StringOutput

The URI for an external resource that this CryptoKeyVersion represents.

func (ExternalProtectionLevelOptionsResponseOutput) ToExternalProtectionLevelOptionsResponseOutput 

func (o ExternalProtectionLevelOptionsResponseOutput) ToExternalProtectionLevelOptionsResponseOutput() ExternalProtectionLevelOptionsResponseOutput

func (ExternalProtectionLevelOptionsResponseOutput) ToExternalProtectionLevelOptionsResponseOutputWithContext 

func (o ExternalProtectionLevelOptionsResponseOutput) ToExternalProtectionLevelOptionsResponseOutputWithContext(ctx context.Context) ExternalProtectionLevelOptionsResponseOutput

type ImportJob added in v0.3.0 

type ImportJob struct {
	pulumi.CustomResourceState

	// Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM.
	Attestation KeyOperationAttestationResponseOutput `pulumi:"attestation"`
	// The time at which this ImportJob was created.
	CreateTime pulumi.StringOutput `pulumi:"createTime"`
	// The time this ImportJob expired. Only present if state is EXPIRED.
	ExpireEventTime pulumi.StringOutput `pulumi:"expireEventTime"`
	// The time at which this ImportJob is scheduled for expiration and can no longer be used to import key material.
	ExpireTime pulumi.StringOutput `pulumi:"expireTime"`
	// The time this ImportJob's key material was generated.
	GenerateTime pulumi.StringOutput `pulumi:"generateTime"`
	// Required. It must be unique within a KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	ImportJobId pulumi.StringOutput `pulumi:"importJobId"`
	// Immutable. The wrapping method to be used for incoming key material.
	ImportMethod pulumi.StringOutput `pulumi:"importMethod"`
	KeyRingId    pulumi.StringOutput `pulumi:"keyRingId"`
	Location     pulumi.StringOutput `pulumi:"location"`
	// The resource name for this ImportJob in the format `projects/*/locations/*/keyRings/*/importJobs/*`.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
	// Immutable. The protection level of the ImportJob. This must match the protection_level of the version_template on the CryptoKey you attempt to import into.
	ProtectionLevel pulumi.StringOutput `pulumi:"protectionLevel"`
	// The public key with which to wrap key material prior to import. Only returned if state is ACTIVE.
	PublicKey WrappingPublicKeyResponseOutput `pulumi:"publicKey"`
	// The current state of the ImportJob, indicating if it can be used.
	State pulumi.StringOutput `pulumi:"state"`
}

Create a new ImportJob within a KeyRing. ImportJob.import_method is required. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetImportJob added in v0.3.0 

func GetImportJob(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ImportJobState, opts ...pulumi.ResourceOption) (*ImportJob, error)

GetImportJob gets an existing ImportJob resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewImportJob added in v0.3.0 

func NewImportJob(ctx *pulumi.Context,
	name string, args *ImportJobArgs, opts ...pulumi.ResourceOption) (*ImportJob, error)

NewImportJob registers a new resource with the given unique name, arguments, and options.

func (*ImportJob) ElementType added in v0.3.0 

func (*ImportJob) ElementType() reflect.Type

func (*ImportJob) ToImportJobOutput added in v0.3.0 

func (i *ImportJob) ToImportJobOutput() ImportJobOutput

func (*ImportJob) ToImportJobOutputWithContext added in v0.3.0 

func (i *ImportJob) ToImportJobOutputWithContext(ctx context.Context) ImportJobOutput

type ImportJobArgs added in v0.3.0 

type ImportJobArgs struct {
	// Required. It must be unique within a KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	ImportJobId pulumi.StringPtrInput
	// Immutable. The wrapping method to be used for incoming key material.
	ImportMethod ImportJobImportMethodInput
	KeyRingId    pulumi.StringInput
	Location     pulumi.StringPtrInput
	Project      pulumi.StringPtrInput
	// Immutable. The protection level of the ImportJob. This must match the protection_level of the version_template on the CryptoKey you attempt to import into.
	ProtectionLevel ImportJobProtectionLevelInput
}

The set of arguments for constructing a ImportJob resource.

func (ImportJobArgs) ElementType added in v0.3.0 

func (ImportJobArgs) ElementType() reflect.Type

type ImportJobImportMethod added in v0.4.0 

type ImportJobImportMethod string

Required. Immutable. The wrapping method to be used for incoming key material.

func (ImportJobImportMethod) ElementType added in v0.4.0 

func (ImportJobImportMethod) ElementType() reflect.Type

func (ImportJobImportMethod) ToImportJobImportMethodOutput added in v0.6.0 

func (e ImportJobImportMethod) ToImportJobImportMethodOutput() ImportJobImportMethodOutput

func (ImportJobImportMethod) ToImportJobImportMethodOutputWithContext added in v0.6.0 

func (e ImportJobImportMethod) ToImportJobImportMethodOutputWithContext(ctx context.Context) ImportJobImportMethodOutput

func (ImportJobImportMethod) ToImportJobImportMethodPtrOutput added in v0.6.0 

func (e ImportJobImportMethod) ToImportJobImportMethodPtrOutput() ImportJobImportMethodPtrOutput

func (ImportJobImportMethod) ToImportJobImportMethodPtrOutputWithContext added in v0.6.0 

func (e ImportJobImportMethod) ToImportJobImportMethodPtrOutputWithContext(ctx context.Context) ImportJobImportMethodPtrOutput

func (ImportJobImportMethod) ToStringOutput added in v0.4.0 

func (e ImportJobImportMethod) ToStringOutput() pulumi.StringOutput

func (ImportJobImportMethod) ToStringOutputWithContext added in v0.4.0 

func (e ImportJobImportMethod) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (ImportJobImportMethod) ToStringPtrOutput added in v0.4.0 

func (e ImportJobImportMethod) ToStringPtrOutput() pulumi.StringPtrOutput

func (ImportJobImportMethod) ToStringPtrOutputWithContext added in v0.4.0 

func (e ImportJobImportMethod) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type ImportJobImportMethodInput added in v0.6.0 

type ImportJobImportMethodInput interface {
	pulumi.Input

	ToImportJobImportMethodOutput() ImportJobImportMethodOutput
	ToImportJobImportMethodOutputWithContext(context.Context) ImportJobImportMethodOutput
}

ImportJobImportMethodInput is an input type that accepts values of the ImportJobImportMethod enum A concrete instance of `ImportJobImportMethodInput` can be one of the following: 

ImportJobImportMethodImportMethodUnspecified
ImportJobImportMethodRsaOaep3072Sha1Aes256
ImportJobImportMethodRsaOaep4096Sha1Aes256
ImportJobImportMethodRsaOaep3072Sha256Aes256
ImportJobImportMethodRsaOaep4096Sha256Aes256
ImportJobImportMethodRsaOaep3072Sha256
ImportJobImportMethodRsaOaep4096Sha256

type ImportJobImportMethodOutput added in v0.6.0 

type ImportJobImportMethodOutput struct{ *pulumi.OutputState }

func (ImportJobImportMethodOutput) ElementType added in v0.6.0 

func (ImportJobImportMethodOutput) ElementType() reflect.Type

func (ImportJobImportMethodOutput) ToImportJobImportMethodOutput added in v0.6.0 

func (o ImportJobImportMethodOutput) ToImportJobImportMethodOutput() ImportJobImportMethodOutput

func (ImportJobImportMethodOutput) ToImportJobImportMethodOutputWithContext added in v0.6.0 

func (o ImportJobImportMethodOutput) ToImportJobImportMethodOutputWithContext(ctx context.Context) ImportJobImportMethodOutput

func (ImportJobImportMethodOutput) ToImportJobImportMethodPtrOutput added in v0.6.0 

func (o ImportJobImportMethodOutput) ToImportJobImportMethodPtrOutput() ImportJobImportMethodPtrOutput

func (ImportJobImportMethodOutput) ToImportJobImportMethodPtrOutputWithContext added in v0.6.0 

func (o ImportJobImportMethodOutput) ToImportJobImportMethodPtrOutputWithContext(ctx context.Context) ImportJobImportMethodPtrOutput

func (ImportJobImportMethodOutput) ToStringOutput added in v0.6.0 

func (o ImportJobImportMethodOutput) ToStringOutput() pulumi.StringOutput

func (ImportJobImportMethodOutput) ToStringOutputWithContext added in v0.6.0 

func (o ImportJobImportMethodOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (ImportJobImportMethodOutput) ToStringPtrOutput added in v0.6.0 

func (o ImportJobImportMethodOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (ImportJobImportMethodOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o ImportJobImportMethodOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type ImportJobImportMethodPtrInput added in v0.6.0 

type ImportJobImportMethodPtrInput interface {
	pulumi.Input

	ToImportJobImportMethodPtrOutput() ImportJobImportMethodPtrOutput
	ToImportJobImportMethodPtrOutputWithContext(context.Context) ImportJobImportMethodPtrOutput
}

func ImportJobImportMethodPtr added in v0.6.0 

func ImportJobImportMethodPtr(v string) ImportJobImportMethodPtrInput

type ImportJobImportMethodPtrOutput added in v0.6.0 

type ImportJobImportMethodPtrOutput struct{ *pulumi.OutputState }

func (ImportJobImportMethodPtrOutput) Elem added in v0.6.0 

func (o ImportJobImportMethodPtrOutput) Elem() ImportJobImportMethodOutput

func (ImportJobImportMethodPtrOutput) ElementType added in v0.6.0 

func (ImportJobImportMethodPtrOutput) ElementType() reflect.Type

func (ImportJobImportMethodPtrOutput) ToImportJobImportMethodPtrOutput added in v0.6.0 

func (o ImportJobImportMethodPtrOutput) ToImportJobImportMethodPtrOutput() ImportJobImportMethodPtrOutput

func (ImportJobImportMethodPtrOutput) ToImportJobImportMethodPtrOutputWithContext added in v0.6.0 

func (o ImportJobImportMethodPtrOutput) ToImportJobImportMethodPtrOutputWithContext(ctx context.Context) ImportJobImportMethodPtrOutput

func (ImportJobImportMethodPtrOutput) ToStringPtrOutput added in v0.6.0 

func (o ImportJobImportMethodPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (ImportJobImportMethodPtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o ImportJobImportMethodPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type ImportJobInput added in v0.3.0 

type ImportJobInput interface {
	pulumi.Input

	ToImportJobOutput() ImportJobOutput
	ToImportJobOutputWithContext(ctx context.Context) ImportJobOutput
}

type ImportJobOutput added in v0.3.0 

type ImportJobOutput struct{ *pulumi.OutputState }

func (ImportJobOutput) Attestation added in v0.19.0 

func (o ImportJobOutput) Attestation() KeyOperationAttestationResponseOutput

Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM.

func (ImportJobOutput) CreateTime added in v0.19.0 

func (o ImportJobOutput) CreateTime() pulumi.StringOutput

The time at which this ImportJob was created.

func (ImportJobOutput) ElementType added in v0.3.0 

func (ImportJobOutput) ElementType() reflect.Type

func (ImportJobOutput) ExpireEventTime added in v0.19.0 

func (o ImportJobOutput) ExpireEventTime() pulumi.StringOutput

The time this ImportJob expired. Only present if state is EXPIRED.

func (ImportJobOutput) ExpireTime added in v0.19.0 

func (o ImportJobOutput) ExpireTime() pulumi.StringOutput

The time at which this ImportJob is scheduled for expiration and can no longer be used to import key material.

func (ImportJobOutput) GenerateTime added in v0.19.0 

func (o ImportJobOutput) GenerateTime() pulumi.StringOutput

The time this ImportJob's key material was generated.

func (ImportJobOutput) ImportJobId added in v0.21.0 

func (o ImportJobOutput) ImportJobId() pulumi.StringOutput

Required. It must be unique within a KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`

func (ImportJobOutput) ImportMethod added in v0.19.0 

func (o ImportJobOutput) ImportMethod() pulumi.StringOutput

Immutable. The wrapping method to be used for incoming key material.

func (ImportJobOutput) KeyRingId added in v0.21.0 

func (o ImportJobOutput) KeyRingId() pulumi.StringOutput

func (ImportJobOutput) Location added in v0.21.0 

func (o ImportJobOutput) Location() pulumi.StringOutput

func (ImportJobOutput) Name added in v0.19.0 

func (o ImportJobOutput) Name() pulumi.StringOutput

The resource name for this ImportJob in the format `projects/*/locations/*/keyRings/*/importJobs/*`.

func (ImportJobOutput) Project added in v0.21.0 

func (o ImportJobOutput) Project() pulumi.StringOutput

func (ImportJobOutput) ProtectionLevel added in v0.19.0 

func (o ImportJobOutput) ProtectionLevel() pulumi.StringOutput

Immutable. The protection level of the ImportJob. This must match the protection_level of the version_template on the CryptoKey you attempt to import into.

func (ImportJobOutput) PublicKey added in v0.19.0 

func (o ImportJobOutput) PublicKey() WrappingPublicKeyResponseOutput

The public key with which to wrap key material prior to import. Only returned if state is ACTIVE.

func (ImportJobOutput) State added in v0.19.0 

func (o ImportJobOutput) State() pulumi.StringOutput

The current state of the ImportJob, indicating if it can be used.

func (ImportJobOutput) ToImportJobOutput added in v0.3.0 

func (o ImportJobOutput) ToImportJobOutput() ImportJobOutput

func (ImportJobOutput) ToImportJobOutputWithContext added in v0.3.0 

func (o ImportJobOutput) ToImportJobOutputWithContext(ctx context.Context) ImportJobOutput

type ImportJobProtectionLevel added in v0.4.0 

type ImportJobProtectionLevel string

Required. Immutable. The protection level of the ImportJob. This must match the protection_level of the version_template on the CryptoKey you attempt to import into.

func (ImportJobProtectionLevel) ElementType added in v0.4.0 

func (ImportJobProtectionLevel) ElementType() reflect.Type

func (ImportJobProtectionLevel) ToImportJobProtectionLevelOutput added in v0.6.0 

func (e ImportJobProtectionLevel) ToImportJobProtectionLevelOutput() ImportJobProtectionLevelOutput

func (ImportJobProtectionLevel) ToImportJobProtectionLevelOutputWithContext added in v0.6.0 

func (e ImportJobProtectionLevel) ToImportJobProtectionLevelOutputWithContext(ctx context.Context) ImportJobProtectionLevelOutput

func (ImportJobProtectionLevel) ToImportJobProtectionLevelPtrOutput added in v0.6.0 

func (e ImportJobProtectionLevel) ToImportJobProtectionLevelPtrOutput() ImportJobProtectionLevelPtrOutput

func (ImportJobProtectionLevel) ToImportJobProtectionLevelPtrOutputWithContext added in v0.6.0 

func (e ImportJobProtectionLevel) ToImportJobProtectionLevelPtrOutputWithContext(ctx context.Context) ImportJobProtectionLevelPtrOutput

func (ImportJobProtectionLevel) ToStringOutput added in v0.4.0 

func (e ImportJobProtectionLevel) ToStringOutput() pulumi.StringOutput

func (ImportJobProtectionLevel) ToStringOutputWithContext added in v0.4.0 

func (e ImportJobProtectionLevel) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (ImportJobProtectionLevel) ToStringPtrOutput added in v0.4.0 

func (e ImportJobProtectionLevel) ToStringPtrOutput() pulumi.StringPtrOutput

func (ImportJobProtectionLevel) ToStringPtrOutputWithContext added in v0.4.0 

func (e ImportJobProtectionLevel) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type ImportJobProtectionLevelInput added in v0.6.0 

type ImportJobProtectionLevelInput interface {
	pulumi.Input

	ToImportJobProtectionLevelOutput() ImportJobProtectionLevelOutput
	ToImportJobProtectionLevelOutputWithContext(context.Context) ImportJobProtectionLevelOutput
}

ImportJobProtectionLevelInput is an input type that accepts values of the ImportJobProtectionLevel enum A concrete instance of `ImportJobProtectionLevelInput` can be one of the following: 

ImportJobProtectionLevelProtectionLevelUnspecified
ImportJobProtectionLevelSoftware
ImportJobProtectionLevelHsm
ImportJobProtectionLevelExternal
ImportJobProtectionLevelExternalVpc

type ImportJobProtectionLevelOutput added in v0.6.0 

type ImportJobProtectionLevelOutput struct{ *pulumi.OutputState }

func (ImportJobProtectionLevelOutput) ElementType added in v0.6.0 

func (ImportJobProtectionLevelOutput) ElementType() reflect.Type

func (ImportJobProtectionLevelOutput) ToImportJobProtectionLevelOutput added in v0.6.0 

func (o ImportJobProtectionLevelOutput) ToImportJobProtectionLevelOutput() ImportJobProtectionLevelOutput

func (ImportJobProtectionLevelOutput) ToImportJobProtectionLevelOutputWithContext added in v0.6.0 

func (o ImportJobProtectionLevelOutput) ToImportJobProtectionLevelOutputWithContext(ctx context.Context) ImportJobProtectionLevelOutput

func (ImportJobProtectionLevelOutput) ToImportJobProtectionLevelPtrOutput added in v0.6.0 

func (o ImportJobProtectionLevelOutput) ToImportJobProtectionLevelPtrOutput() ImportJobProtectionLevelPtrOutput

func (ImportJobProtectionLevelOutput) ToImportJobProtectionLevelPtrOutputWithContext added in v0.6.0 

func (o ImportJobProtectionLevelOutput) ToImportJobProtectionLevelPtrOutputWithContext(ctx context.Context) ImportJobProtectionLevelPtrOutput

func (ImportJobProtectionLevelOutput) ToStringOutput added in v0.6.0 

func (o ImportJobProtectionLevelOutput) ToStringOutput() pulumi.StringOutput

func (ImportJobProtectionLevelOutput) ToStringOutputWithContext added in v0.6.0 

func (o ImportJobProtectionLevelOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (ImportJobProtectionLevelOutput) ToStringPtrOutput added in v0.6.0 

func (o ImportJobProtectionLevelOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (ImportJobProtectionLevelOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o ImportJobProtectionLevelOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type ImportJobProtectionLevelPtrInput added in v0.6.0 

type ImportJobProtectionLevelPtrInput interface {
	pulumi.Input

	ToImportJobProtectionLevelPtrOutput() ImportJobProtectionLevelPtrOutput
	ToImportJobProtectionLevelPtrOutputWithContext(context.Context) ImportJobProtectionLevelPtrOutput
}

func ImportJobProtectionLevelPtr added in v0.6.0 

func ImportJobProtectionLevelPtr(v string) ImportJobProtectionLevelPtrInput

type ImportJobProtectionLevelPtrOutput added in v0.6.0 

type ImportJobProtectionLevelPtrOutput struct{ *pulumi.OutputState }

func (ImportJobProtectionLevelPtrOutput) Elem added in v0.6.0 

func (o ImportJobProtectionLevelPtrOutput) Elem() ImportJobProtectionLevelOutput

func (ImportJobProtectionLevelPtrOutput) ElementType added in v0.6.0 

func (ImportJobProtectionLevelPtrOutput) ElementType() reflect.Type

func (ImportJobProtectionLevelPtrOutput) ToImportJobProtectionLevelPtrOutput added in v0.6.0 

func (o ImportJobProtectionLevelPtrOutput) ToImportJobProtectionLevelPtrOutput() ImportJobProtectionLevelPtrOutput

func (ImportJobProtectionLevelPtrOutput) ToImportJobProtectionLevelPtrOutputWithContext added in v0.6.0 

func (o ImportJobProtectionLevelPtrOutput) ToImportJobProtectionLevelPtrOutputWithContext(ctx context.Context) ImportJobProtectionLevelPtrOutput

func (ImportJobProtectionLevelPtrOutput) ToStringPtrOutput added in v0.6.0 

func (o ImportJobProtectionLevelPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (ImportJobProtectionLevelPtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o ImportJobProtectionLevelPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type ImportJobState added in v0.3.0 

type ImportJobState struct {
}

func (ImportJobState) ElementType added in v0.3.0 

func (ImportJobState) ElementType() reflect.Type

type KeyOperationAttestationResponse 

type KeyOperationAttestationResponse struct {
	// The certificate chains needed to validate the attestation
	CertChains CertificateChainsResponse `pulumi:"certChains"`
	// The attestation data provided by the HSM when the key operation was performed.
	Content string `pulumi:"content"`
	// The format of the attestation data.
	Format string `pulumi:"format"`
}

Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key).

type KeyOperationAttestationResponseOutput 

type KeyOperationAttestationResponseOutput struct{ *pulumi.OutputState }

Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key).

func (KeyOperationAttestationResponseOutput) CertChains 

func (o KeyOperationAttestationResponseOutput) CertChains() CertificateChainsResponseOutput

The certificate chains needed to validate the attestation

func (KeyOperationAttestationResponseOutput) Content 

func (o KeyOperationAttestationResponseOutput) Content() pulumi.StringOutput

The attestation data provided by the HSM when the key operation was performed.

func (KeyOperationAttestationResponseOutput) ElementType 

func (KeyOperationAttestationResponseOutput) ElementType() reflect.Type

func (KeyOperationAttestationResponseOutput) Format 

func (o KeyOperationAttestationResponseOutput) Format() pulumi.StringOutput

The format of the attestation data.

func (KeyOperationAttestationResponseOutput) ToKeyOperationAttestationResponseOutput 

func (o KeyOperationAttestationResponseOutput) ToKeyOperationAttestationResponseOutput() KeyOperationAttestationResponseOutput

func (KeyOperationAttestationResponseOutput) ToKeyOperationAttestationResponseOutputWithContext 

func (o KeyOperationAttestationResponseOutput) ToKeyOperationAttestationResponseOutputWithContext(ctx context.Context) KeyOperationAttestationResponseOutput

type KeyRing 

type KeyRing struct {
	pulumi.CustomResourceState

	// The time at which this KeyRing was created.
	CreateTime pulumi.StringOutput `pulumi:"createTime"`
	// Required. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	KeyRingId pulumi.StringOutput `pulumi:"keyRingId"`
	Location  pulumi.StringOutput `pulumi:"location"`
	// The resource name for the KeyRing in the format `projects/*/locations/*/keyRings/*`.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
}

Create a new KeyRing in a given Project and Location. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetKeyRing 

func GetKeyRing(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingState, opts ...pulumi.ResourceOption) (*KeyRing, error)

GetKeyRing gets an existing KeyRing resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRing 

func NewKeyRing(ctx *pulumi.Context,
	name string, args *KeyRingArgs, opts ...pulumi.ResourceOption) (*KeyRing, error)

NewKeyRing registers a new resource with the given unique name, arguments, and options.

func (*KeyRing) ElementType 

func (*KeyRing) ElementType() reflect.Type

func (*KeyRing) ToKeyRingOutput 

func (i *KeyRing) ToKeyRingOutput() KeyRingOutput

func (*KeyRing) ToKeyRingOutputWithContext 

func (i *KeyRing) ToKeyRingOutputWithContext(ctx context.Context) KeyRingOutput

type KeyRingArgs 

type KeyRingArgs struct {
	// Required. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
	KeyRingId pulumi.StringPtrInput
	Location  pulumi.StringPtrInput
	Project   pulumi.StringPtrInput
}

The set of arguments for constructing a KeyRing resource.

func (KeyRingArgs) ElementType 

func (KeyRingArgs) ElementType() reflect.Type

type KeyRingCryptoKeyIamBinding added in v0.26.0 

type KeyRingCryptoKeyIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetKeyRingCryptoKeyIamBinding added in v0.26.0 

func GetKeyRingCryptoKeyIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingCryptoKeyIamBindingState, opts ...pulumi.ResourceOption) (*KeyRingCryptoKeyIamBinding, error)

GetKeyRingCryptoKeyIamBinding gets an existing KeyRingCryptoKeyIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingCryptoKeyIamBinding added in v0.26.0 

func NewKeyRingCryptoKeyIamBinding(ctx *pulumi.Context,
	name string, args *KeyRingCryptoKeyIamBindingArgs, opts ...pulumi.ResourceOption) (*KeyRingCryptoKeyIamBinding, error)

NewKeyRingCryptoKeyIamBinding registers a new resource with the given unique name, arguments, and options.

func (*KeyRingCryptoKeyIamBinding) ElementType added in v0.26.0 

func (*KeyRingCryptoKeyIamBinding) ElementType() reflect.Type

func (*KeyRingCryptoKeyIamBinding) ToKeyRingCryptoKeyIamBindingOutput added in v0.26.0 

func (i *KeyRingCryptoKeyIamBinding) ToKeyRingCryptoKeyIamBindingOutput() KeyRingCryptoKeyIamBindingOutput

func (*KeyRingCryptoKeyIamBinding) ToKeyRingCryptoKeyIamBindingOutputWithContext added in v0.26.0 

func (i *KeyRingCryptoKeyIamBinding) ToKeyRingCryptoKeyIamBindingOutputWithContext(ctx context.Context) KeyRingCryptoKeyIamBindingOutput

type KeyRingCryptoKeyIamBindingArgs added in v0.26.0 

type KeyRingCryptoKeyIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a KeyRingCryptoKeyIamBinding resource.

func (KeyRingCryptoKeyIamBindingArgs) ElementType added in v0.26.0 

func (KeyRingCryptoKeyIamBindingArgs) ElementType() reflect.Type

type KeyRingCryptoKeyIamBindingInput added in v0.26.0 

type KeyRingCryptoKeyIamBindingInput interface {
	pulumi.Input

	ToKeyRingCryptoKeyIamBindingOutput() KeyRingCryptoKeyIamBindingOutput
	ToKeyRingCryptoKeyIamBindingOutputWithContext(ctx context.Context) KeyRingCryptoKeyIamBindingOutput
}

type KeyRingCryptoKeyIamBindingOutput added in v0.26.0 

type KeyRingCryptoKeyIamBindingOutput struct{ *pulumi.OutputState }

func (KeyRingCryptoKeyIamBindingOutput) Condition added in v0.26.0 

func (o KeyRingCryptoKeyIamBindingOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (KeyRingCryptoKeyIamBindingOutput) ElementType added in v0.26.0 

func (KeyRingCryptoKeyIamBindingOutput) ElementType() reflect.Type

func (KeyRingCryptoKeyIamBindingOutput) Etag added in v0.26.0 

func (o KeyRingCryptoKeyIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (KeyRingCryptoKeyIamBindingOutput) Members added in v0.26.0 

func (o KeyRingCryptoKeyIamBindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (KeyRingCryptoKeyIamBindingOutput) Name added in v0.26.0 

func (o KeyRingCryptoKeyIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (KeyRingCryptoKeyIamBindingOutput) Project added in v0.26.0 

func (o KeyRingCryptoKeyIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (KeyRingCryptoKeyIamBindingOutput) Role added in v0.26.0 

func (o KeyRingCryptoKeyIamBindingOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (KeyRingCryptoKeyIamBindingOutput) ToKeyRingCryptoKeyIamBindingOutput added in v0.26.0 

func (o KeyRingCryptoKeyIamBindingOutput) ToKeyRingCryptoKeyIamBindingOutput() KeyRingCryptoKeyIamBindingOutput

func (KeyRingCryptoKeyIamBindingOutput) ToKeyRingCryptoKeyIamBindingOutputWithContext added in v0.26.0 

func (o KeyRingCryptoKeyIamBindingOutput) ToKeyRingCryptoKeyIamBindingOutputWithContext(ctx context.Context) KeyRingCryptoKeyIamBindingOutput

type KeyRingCryptoKeyIamBindingState added in v0.26.0 

type KeyRingCryptoKeyIamBindingState struct {
}

func (KeyRingCryptoKeyIamBindingState) ElementType added in v0.26.0 

func (KeyRingCryptoKeyIamBindingState) ElementType() reflect.Type

type KeyRingCryptoKeyIamMember added in v0.26.0 

type KeyRingCryptoKeyIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetKeyRingCryptoKeyIamMember added in v0.26.0 

func GetKeyRingCryptoKeyIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingCryptoKeyIamMemberState, opts ...pulumi.ResourceOption) (*KeyRingCryptoKeyIamMember, error)

GetKeyRingCryptoKeyIamMember gets an existing KeyRingCryptoKeyIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingCryptoKeyIamMember added in v0.26.0 

func NewKeyRingCryptoKeyIamMember(ctx *pulumi.Context,
	name string, args *KeyRingCryptoKeyIamMemberArgs, opts ...pulumi.ResourceOption) (*KeyRingCryptoKeyIamMember, error)

NewKeyRingCryptoKeyIamMember registers a new resource with the given unique name, arguments, and options.

func (*KeyRingCryptoKeyIamMember) ElementType added in v0.26.0 

func (*KeyRingCryptoKeyIamMember) ElementType() reflect.Type

func (*KeyRingCryptoKeyIamMember) ToKeyRingCryptoKeyIamMemberOutput added in v0.26.0 

func (i *KeyRingCryptoKeyIamMember) ToKeyRingCryptoKeyIamMemberOutput() KeyRingCryptoKeyIamMemberOutput

func (*KeyRingCryptoKeyIamMember) ToKeyRingCryptoKeyIamMemberOutputWithContext added in v0.26.0 

func (i *KeyRingCryptoKeyIamMember) ToKeyRingCryptoKeyIamMemberOutputWithContext(ctx context.Context) KeyRingCryptoKeyIamMemberOutput

type KeyRingCryptoKeyIamMemberArgs added in v0.26.0 

type KeyRingCryptoKeyIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a KeyRingCryptoKeyIamMember resource.

func (KeyRingCryptoKeyIamMemberArgs) ElementType added in v0.26.0 

func (KeyRingCryptoKeyIamMemberArgs) ElementType() reflect.Type

type KeyRingCryptoKeyIamMemberInput added in v0.26.0 

type KeyRingCryptoKeyIamMemberInput interface {
	pulumi.Input

	ToKeyRingCryptoKeyIamMemberOutput() KeyRingCryptoKeyIamMemberOutput
	ToKeyRingCryptoKeyIamMemberOutputWithContext(ctx context.Context) KeyRingCryptoKeyIamMemberOutput
}

type KeyRingCryptoKeyIamMemberOutput added in v0.26.0 

type KeyRingCryptoKeyIamMemberOutput struct{ *pulumi.OutputState }

func (KeyRingCryptoKeyIamMemberOutput) Condition added in v0.26.0 

func (o KeyRingCryptoKeyIamMemberOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (KeyRingCryptoKeyIamMemberOutput) ElementType added in v0.26.0 

func (KeyRingCryptoKeyIamMemberOutput) ElementType() reflect.Type

func (KeyRingCryptoKeyIamMemberOutput) Etag added in v0.26.0 

func (o KeyRingCryptoKeyIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (KeyRingCryptoKeyIamMemberOutput) Member added in v0.26.0 

func (o KeyRingCryptoKeyIamMemberOutput) Member() pulumi.StringOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (KeyRingCryptoKeyIamMemberOutput) Name added in v0.26.0 

func (o KeyRingCryptoKeyIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (KeyRingCryptoKeyIamMemberOutput) Project added in v0.26.0 

func (o KeyRingCryptoKeyIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (KeyRingCryptoKeyIamMemberOutput) Role added in v0.26.0 

func (o KeyRingCryptoKeyIamMemberOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (KeyRingCryptoKeyIamMemberOutput) ToKeyRingCryptoKeyIamMemberOutput added in v0.26.0 

func (o KeyRingCryptoKeyIamMemberOutput) ToKeyRingCryptoKeyIamMemberOutput() KeyRingCryptoKeyIamMemberOutput

func (KeyRingCryptoKeyIamMemberOutput) ToKeyRingCryptoKeyIamMemberOutputWithContext added in v0.26.0 

func (o KeyRingCryptoKeyIamMemberOutput) ToKeyRingCryptoKeyIamMemberOutputWithContext(ctx context.Context) KeyRingCryptoKeyIamMemberOutput

type KeyRingCryptoKeyIamMemberState added in v0.26.0 

type KeyRingCryptoKeyIamMemberState struct {
}

func (KeyRingCryptoKeyIamMemberState) ElementType added in v0.26.0 

func (KeyRingCryptoKeyIamMemberState) ElementType() reflect.Type

type KeyRingCryptoKeyIamPolicy 

type KeyRingCryptoKeyIamPolicy struct {
	pulumi.CustomResourceState

	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings    BindingResponseArrayOutput `pulumi:"bindings"`
	CryptoKeyId pulumi.StringOutput        `pulumi:"cryptoKeyId"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag      pulumi.StringOutput `pulumi:"etag"`
	KeyRingId pulumi.StringOutput `pulumi:"keyRingId"`
	Location  pulumi.StringOutput `pulumi:"location"`
	Project   pulumi.StringOutput `pulumi:"project"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntOutput `pulumi:"version"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetKeyRingCryptoKeyIamPolicy 

func GetKeyRingCryptoKeyIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingCryptoKeyIamPolicyState, opts ...pulumi.ResourceOption) (*KeyRingCryptoKeyIamPolicy, error)

GetKeyRingCryptoKeyIamPolicy gets an existing KeyRingCryptoKeyIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingCryptoKeyIamPolicy 

func NewKeyRingCryptoKeyIamPolicy(ctx *pulumi.Context,
	name string, args *KeyRingCryptoKeyIamPolicyArgs, opts ...pulumi.ResourceOption) (*KeyRingCryptoKeyIamPolicy, error)

NewKeyRingCryptoKeyIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*KeyRingCryptoKeyIamPolicy) ElementType 

func (*KeyRingCryptoKeyIamPolicy) ElementType() reflect.Type

func (*KeyRingCryptoKeyIamPolicy) ToKeyRingCryptoKeyIamPolicyOutput 

func (i *KeyRingCryptoKeyIamPolicy) ToKeyRingCryptoKeyIamPolicyOutput() KeyRingCryptoKeyIamPolicyOutput

func (*KeyRingCryptoKeyIamPolicy) ToKeyRingCryptoKeyIamPolicyOutputWithContext 

func (i *KeyRingCryptoKeyIamPolicy) ToKeyRingCryptoKeyIamPolicyOutputWithContext(ctx context.Context) KeyRingCryptoKeyIamPolicyOutput

type KeyRingCryptoKeyIamPolicyArgs 

type KeyRingCryptoKeyIamPolicyArgs struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigArrayInput
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings    BindingArrayInput
	CryptoKeyId pulumi.StringInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag      pulumi.StringPtrInput
	KeyRingId pulumi.StringInput
	Location  pulumi.StringPtrInput
	Project   pulumi.StringPtrInput
	// OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"`
	UpdateMask pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a KeyRingCryptoKeyIamPolicy resource.

func (KeyRingCryptoKeyIamPolicyArgs) ElementType 

func (KeyRingCryptoKeyIamPolicyArgs) ElementType() reflect.Type

type KeyRingCryptoKeyIamPolicyInput 

type KeyRingCryptoKeyIamPolicyInput interface {
	pulumi.Input

	ToKeyRingCryptoKeyIamPolicyOutput() KeyRingCryptoKeyIamPolicyOutput
	ToKeyRingCryptoKeyIamPolicyOutputWithContext(ctx context.Context) KeyRingCryptoKeyIamPolicyOutput
}

type KeyRingCryptoKeyIamPolicyOutput 

type KeyRingCryptoKeyIamPolicyOutput struct{ *pulumi.OutputState }

func (KeyRingCryptoKeyIamPolicyOutput) AuditConfigs added in v0.19.0 

func (o KeyRingCryptoKeyIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (KeyRingCryptoKeyIamPolicyOutput) Bindings added in v0.19.0 

func (o KeyRingCryptoKeyIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (KeyRingCryptoKeyIamPolicyOutput) CryptoKeyId added in v0.21.0 

func (o KeyRingCryptoKeyIamPolicyOutput) CryptoKeyId() pulumi.StringOutput

func (KeyRingCryptoKeyIamPolicyOutput) ElementType 

func (KeyRingCryptoKeyIamPolicyOutput) ElementType() reflect.Type

func (KeyRingCryptoKeyIamPolicyOutput) Etag added in v0.19.0 

func (o KeyRingCryptoKeyIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (KeyRingCryptoKeyIamPolicyOutput) KeyRingId added in v0.21.0 

func (o KeyRingCryptoKeyIamPolicyOutput) KeyRingId() pulumi.StringOutput

func (KeyRingCryptoKeyIamPolicyOutput) Location added in v0.21.0 

func (o KeyRingCryptoKeyIamPolicyOutput) Location() pulumi.StringOutput

func (KeyRingCryptoKeyIamPolicyOutput) Project added in v0.21.0 

func (o KeyRingCryptoKeyIamPolicyOutput) Project() pulumi.StringOutput

func (KeyRingCryptoKeyIamPolicyOutput) ToKeyRingCryptoKeyIamPolicyOutput 

func (o KeyRingCryptoKeyIamPolicyOutput) ToKeyRingCryptoKeyIamPolicyOutput() KeyRingCryptoKeyIamPolicyOutput

func (KeyRingCryptoKeyIamPolicyOutput) ToKeyRingCryptoKeyIamPolicyOutputWithContext 

func (o KeyRingCryptoKeyIamPolicyOutput) ToKeyRingCryptoKeyIamPolicyOutputWithContext(ctx context.Context) KeyRingCryptoKeyIamPolicyOutput

func (KeyRingCryptoKeyIamPolicyOutput) Version added in v0.19.0 

func (o KeyRingCryptoKeyIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type KeyRingCryptoKeyIamPolicyState 

type KeyRingCryptoKeyIamPolicyState struct {
}

func (KeyRingCryptoKeyIamPolicyState) ElementType 

func (KeyRingCryptoKeyIamPolicyState) ElementType() reflect.Type

type KeyRingIamBinding added in v0.26.0 

type KeyRingIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetKeyRingIamBinding added in v0.26.0 

func GetKeyRingIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingIamBindingState, opts ...pulumi.ResourceOption) (*KeyRingIamBinding, error)

GetKeyRingIamBinding gets an existing KeyRingIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingIamBinding added in v0.26.0 

func NewKeyRingIamBinding(ctx *pulumi.Context,
	name string, args *KeyRingIamBindingArgs, opts ...pulumi.ResourceOption) (*KeyRingIamBinding, error)

NewKeyRingIamBinding registers a new resource with the given unique name, arguments, and options.

func (*KeyRingIamBinding) ElementType added in v0.26.0 

func (*KeyRingIamBinding) ElementType() reflect.Type

func (*KeyRingIamBinding) ToKeyRingIamBindingOutput added in v0.26.0 

func (i *KeyRingIamBinding) ToKeyRingIamBindingOutput() KeyRingIamBindingOutput

func (*KeyRingIamBinding) ToKeyRingIamBindingOutputWithContext added in v0.26.0 

func (i *KeyRingIamBinding) ToKeyRingIamBindingOutputWithContext(ctx context.Context) KeyRingIamBindingOutput

type KeyRingIamBindingArgs added in v0.26.0 

type KeyRingIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a KeyRingIamBinding resource.

func (KeyRingIamBindingArgs) ElementType added in v0.26.0 

func (KeyRingIamBindingArgs) ElementType() reflect.Type

type KeyRingIamBindingInput added in v0.26.0 

type KeyRingIamBindingInput interface {
	pulumi.Input

	ToKeyRingIamBindingOutput() KeyRingIamBindingOutput
	ToKeyRingIamBindingOutputWithContext(ctx context.Context) KeyRingIamBindingOutput
}

type KeyRingIamBindingOutput added in v0.26.0 

type KeyRingIamBindingOutput struct{ *pulumi.OutputState }

func (KeyRingIamBindingOutput) Condition added in v0.26.0 

func (o KeyRingIamBindingOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (KeyRingIamBindingOutput) ElementType added in v0.26.0 

func (KeyRingIamBindingOutput) ElementType() reflect.Type

func (KeyRingIamBindingOutput) Etag added in v0.26.0 

func (o KeyRingIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (KeyRingIamBindingOutput) Members added in v0.26.0 

func (o KeyRingIamBindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (KeyRingIamBindingOutput) Name added in v0.26.0 

func (o KeyRingIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (KeyRingIamBindingOutput) Project added in v0.26.0 

func (o KeyRingIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (KeyRingIamBindingOutput) Role added in v0.26.0 

func (o KeyRingIamBindingOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (KeyRingIamBindingOutput) ToKeyRingIamBindingOutput added in v0.26.0 

func (o KeyRingIamBindingOutput) ToKeyRingIamBindingOutput() KeyRingIamBindingOutput

func (KeyRingIamBindingOutput) ToKeyRingIamBindingOutputWithContext added in v0.26.0 

func (o KeyRingIamBindingOutput) ToKeyRingIamBindingOutputWithContext(ctx context.Context) KeyRingIamBindingOutput

type KeyRingIamBindingState added in v0.26.0 

type KeyRingIamBindingState struct {
}

func (KeyRingIamBindingState) ElementType added in v0.26.0 

func (KeyRingIamBindingState) ElementType() reflect.Type

type KeyRingIamMember added in v0.26.0 

type KeyRingIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetKeyRingIamMember added in v0.26.0 

func GetKeyRingIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingIamMemberState, opts ...pulumi.ResourceOption) (*KeyRingIamMember, error)

GetKeyRingIamMember gets an existing KeyRingIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingIamMember added in v0.26.0 

func NewKeyRingIamMember(ctx *pulumi.Context,
	name string, args *KeyRingIamMemberArgs, opts ...pulumi.ResourceOption) (*KeyRingIamMember, error)

NewKeyRingIamMember registers a new resource with the given unique name, arguments, and options.

func (*KeyRingIamMember) ElementType added in v0.26.0 

func (*KeyRingIamMember) ElementType() reflect.Type

func (*KeyRingIamMember) ToKeyRingIamMemberOutput added in v0.26.0 

func (i *KeyRingIamMember) ToKeyRingIamMemberOutput() KeyRingIamMemberOutput

func (*KeyRingIamMember) ToKeyRingIamMemberOutputWithContext added in v0.26.0 

func (i *KeyRingIamMember) ToKeyRingIamMemberOutputWithContext(ctx context.Context) KeyRingIamMemberOutput

type KeyRingIamMemberArgs added in v0.26.0 

type KeyRingIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a KeyRingIamMember resource.

func (KeyRingIamMemberArgs) ElementType added in v0.26.0 

func (KeyRingIamMemberArgs) ElementType() reflect.Type

type KeyRingIamMemberInput added in v0.26.0 

type KeyRingIamMemberInput interface {
	pulumi.Input

	ToKeyRingIamMemberOutput() KeyRingIamMemberOutput
	ToKeyRingIamMemberOutputWithContext(ctx context.Context) KeyRingIamMemberOutput
}

type KeyRingIamMemberOutput added in v0.26.0 

type KeyRingIamMemberOutput struct{ *pulumi.OutputState }

func (KeyRingIamMemberOutput) Condition added in v0.26.0 

func (o KeyRingIamMemberOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (KeyRingIamMemberOutput) ElementType added in v0.26.0 

func (KeyRingIamMemberOutput) ElementType() reflect.Type

func (KeyRingIamMemberOutput) Etag added in v0.26.0 

func (o KeyRingIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (KeyRingIamMemberOutput) Member added in v0.26.0 

func (o KeyRingIamMemberOutput) Member() pulumi.StringOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (KeyRingIamMemberOutput) Name added in v0.26.0 

func (o KeyRingIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (KeyRingIamMemberOutput) Project added in v0.26.0 

func (o KeyRingIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (KeyRingIamMemberOutput) Role added in v0.26.0 

func (o KeyRingIamMemberOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (KeyRingIamMemberOutput) ToKeyRingIamMemberOutput added in v0.26.0 

func (o KeyRingIamMemberOutput) ToKeyRingIamMemberOutput() KeyRingIamMemberOutput

func (KeyRingIamMemberOutput) ToKeyRingIamMemberOutputWithContext added in v0.26.0 

func (o KeyRingIamMemberOutput) ToKeyRingIamMemberOutputWithContext(ctx context.Context) KeyRingIamMemberOutput

type KeyRingIamMemberState added in v0.26.0 

type KeyRingIamMemberState struct {
}

func (KeyRingIamMemberState) ElementType added in v0.26.0 

func (KeyRingIamMemberState) ElementType() reflect.Type

type KeyRingIamPolicy 

type KeyRingIamPolicy struct {
	pulumi.CustomResourceState

	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingResponseArrayOutput `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag      pulumi.StringOutput `pulumi:"etag"`
	KeyRingId pulumi.StringOutput `pulumi:"keyRingId"`
	Location  pulumi.StringOutput `pulumi:"location"`
	Project   pulumi.StringOutput `pulumi:"project"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntOutput `pulumi:"version"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetKeyRingIamPolicy 

func GetKeyRingIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingIamPolicyState, opts ...pulumi.ResourceOption) (*KeyRingIamPolicy, error)

GetKeyRingIamPolicy gets an existing KeyRingIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingIamPolicy 

func NewKeyRingIamPolicy(ctx *pulumi.Context,
	name string, args *KeyRingIamPolicyArgs, opts ...pulumi.ResourceOption) (*KeyRingIamPolicy, error)

NewKeyRingIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*KeyRingIamPolicy) ElementType 

func (*KeyRingIamPolicy) ElementType() reflect.Type

func (*KeyRingIamPolicy) ToKeyRingIamPolicyOutput 

func (i *KeyRingIamPolicy) ToKeyRingIamPolicyOutput() KeyRingIamPolicyOutput

func (*KeyRingIamPolicy) ToKeyRingIamPolicyOutputWithContext 

func (i *KeyRingIamPolicy) ToKeyRingIamPolicyOutputWithContext(ctx context.Context) KeyRingIamPolicyOutput

type KeyRingIamPolicyArgs 

type KeyRingIamPolicyArgs struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigArrayInput
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingArrayInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag      pulumi.StringPtrInput
	KeyRingId pulumi.StringInput
	Location  pulumi.StringPtrInput
	Project   pulumi.StringPtrInput
	// OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"`
	UpdateMask pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a KeyRingIamPolicy resource.

func (KeyRingIamPolicyArgs) ElementType 

func (KeyRingIamPolicyArgs) ElementType() reflect.Type

type KeyRingIamPolicyInput 

type KeyRingIamPolicyInput interface {
	pulumi.Input

	ToKeyRingIamPolicyOutput() KeyRingIamPolicyOutput
	ToKeyRingIamPolicyOutputWithContext(ctx context.Context) KeyRingIamPolicyOutput
}

type KeyRingIamPolicyOutput 

type KeyRingIamPolicyOutput struct{ *pulumi.OutputState }

func (KeyRingIamPolicyOutput) AuditConfigs added in v0.19.0 

func (o KeyRingIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (KeyRingIamPolicyOutput) Bindings added in v0.19.0 

func (o KeyRingIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (KeyRingIamPolicyOutput) ElementType 

func (KeyRingIamPolicyOutput) ElementType() reflect.Type

func (KeyRingIamPolicyOutput) Etag added in v0.19.0 

func (o KeyRingIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (KeyRingIamPolicyOutput) KeyRingId added in v0.21.0 

func (o KeyRingIamPolicyOutput) KeyRingId() pulumi.StringOutput

func (KeyRingIamPolicyOutput) Location added in v0.21.0 

func (o KeyRingIamPolicyOutput) Location() pulumi.StringOutput

func (KeyRingIamPolicyOutput) Project added in v0.21.0 

func (o KeyRingIamPolicyOutput) Project() pulumi.StringOutput

func (KeyRingIamPolicyOutput) ToKeyRingIamPolicyOutput 

func (o KeyRingIamPolicyOutput) ToKeyRingIamPolicyOutput() KeyRingIamPolicyOutput

func (KeyRingIamPolicyOutput) ToKeyRingIamPolicyOutputWithContext 

func (o KeyRingIamPolicyOutput) ToKeyRingIamPolicyOutputWithContext(ctx context.Context) KeyRingIamPolicyOutput

func (KeyRingIamPolicyOutput) Version added in v0.19.0 

func (o KeyRingIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type KeyRingIamPolicyState 

type KeyRingIamPolicyState struct {
}

func (KeyRingIamPolicyState) ElementType 

func (KeyRingIamPolicyState) ElementType() reflect.Type

type KeyRingImportJobIamBinding added in v0.26.0 

type KeyRingImportJobIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetKeyRingImportJobIamBinding added in v0.26.0 

func GetKeyRingImportJobIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingImportJobIamBindingState, opts ...pulumi.ResourceOption) (*KeyRingImportJobIamBinding, error)

GetKeyRingImportJobIamBinding gets an existing KeyRingImportJobIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingImportJobIamBinding added in v0.26.0 

func NewKeyRingImportJobIamBinding(ctx *pulumi.Context,
	name string, args *KeyRingImportJobIamBindingArgs, opts ...pulumi.ResourceOption) (*KeyRingImportJobIamBinding, error)

NewKeyRingImportJobIamBinding registers a new resource with the given unique name, arguments, and options.

func (*KeyRingImportJobIamBinding) ElementType added in v0.26.0 

func (*KeyRingImportJobIamBinding) ElementType() reflect.Type

func (*KeyRingImportJobIamBinding) ToKeyRingImportJobIamBindingOutput added in v0.26.0 

func (i *KeyRingImportJobIamBinding) ToKeyRingImportJobIamBindingOutput() KeyRingImportJobIamBindingOutput

func (*KeyRingImportJobIamBinding) ToKeyRingImportJobIamBindingOutputWithContext added in v0.26.0 

func (i *KeyRingImportJobIamBinding) ToKeyRingImportJobIamBindingOutputWithContext(ctx context.Context) KeyRingImportJobIamBindingOutput

type KeyRingImportJobIamBindingArgs added in v0.26.0 

type KeyRingImportJobIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a KeyRingImportJobIamBinding resource.

func (KeyRingImportJobIamBindingArgs) ElementType added in v0.26.0 

func (KeyRingImportJobIamBindingArgs) ElementType() reflect.Type

type KeyRingImportJobIamBindingInput added in v0.26.0 

type KeyRingImportJobIamBindingInput interface {
	pulumi.Input

	ToKeyRingImportJobIamBindingOutput() KeyRingImportJobIamBindingOutput
	ToKeyRingImportJobIamBindingOutputWithContext(ctx context.Context) KeyRingImportJobIamBindingOutput
}

type KeyRingImportJobIamBindingOutput added in v0.26.0 

type KeyRingImportJobIamBindingOutput struct{ *pulumi.OutputState }

func (KeyRingImportJobIamBindingOutput) Condition added in v0.26.0 

func (o KeyRingImportJobIamBindingOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (KeyRingImportJobIamBindingOutput) ElementType added in v0.26.0 

func (KeyRingImportJobIamBindingOutput) ElementType() reflect.Type

func (KeyRingImportJobIamBindingOutput) Etag added in v0.26.0 

func (o KeyRingImportJobIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (KeyRingImportJobIamBindingOutput) Members added in v0.26.0 

func (o KeyRingImportJobIamBindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (KeyRingImportJobIamBindingOutput) Name added in v0.26.0 

func (o KeyRingImportJobIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (KeyRingImportJobIamBindingOutput) Project added in v0.26.0 

func (o KeyRingImportJobIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (KeyRingImportJobIamBindingOutput) Role added in v0.26.0 

func (o KeyRingImportJobIamBindingOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (KeyRingImportJobIamBindingOutput) ToKeyRingImportJobIamBindingOutput added in v0.26.0 

func (o KeyRingImportJobIamBindingOutput) ToKeyRingImportJobIamBindingOutput() KeyRingImportJobIamBindingOutput

func (KeyRingImportJobIamBindingOutput) ToKeyRingImportJobIamBindingOutputWithContext added in v0.26.0 

func (o KeyRingImportJobIamBindingOutput) ToKeyRingImportJobIamBindingOutputWithContext(ctx context.Context) KeyRingImportJobIamBindingOutput

type KeyRingImportJobIamBindingState added in v0.26.0 

type KeyRingImportJobIamBindingState struct {
}

func (KeyRingImportJobIamBindingState) ElementType added in v0.26.0 

func (KeyRingImportJobIamBindingState) ElementType() reflect.Type

type KeyRingImportJobIamMember added in v0.26.0 

type KeyRingImportJobIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetKeyRingImportJobIamMember added in v0.26.0 

func GetKeyRingImportJobIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingImportJobIamMemberState, opts ...pulumi.ResourceOption) (*KeyRingImportJobIamMember, error)

GetKeyRingImportJobIamMember gets an existing KeyRingImportJobIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingImportJobIamMember added in v0.26.0 

func NewKeyRingImportJobIamMember(ctx *pulumi.Context,
	name string, args *KeyRingImportJobIamMemberArgs, opts ...pulumi.ResourceOption) (*KeyRingImportJobIamMember, error)

NewKeyRingImportJobIamMember registers a new resource with the given unique name, arguments, and options.

func (*KeyRingImportJobIamMember) ElementType added in v0.26.0 

func (*KeyRingImportJobIamMember) ElementType() reflect.Type

func (*KeyRingImportJobIamMember) ToKeyRingImportJobIamMemberOutput added in v0.26.0 

func (i *KeyRingImportJobIamMember) ToKeyRingImportJobIamMemberOutput() KeyRingImportJobIamMemberOutput

func (*KeyRingImportJobIamMember) ToKeyRingImportJobIamMemberOutputWithContext added in v0.26.0 

func (i *KeyRingImportJobIamMember) ToKeyRingImportJobIamMemberOutputWithContext(ctx context.Context) KeyRingImportJobIamMemberOutput

type KeyRingImportJobIamMemberArgs added in v0.26.0 

type KeyRingImportJobIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a KeyRingImportJobIamMember resource.

func (KeyRingImportJobIamMemberArgs) ElementType added in v0.26.0 

func (KeyRingImportJobIamMemberArgs) ElementType() reflect.Type

type KeyRingImportJobIamMemberInput added in v0.26.0 

type KeyRingImportJobIamMemberInput interface {
	pulumi.Input

	ToKeyRingImportJobIamMemberOutput() KeyRingImportJobIamMemberOutput
	ToKeyRingImportJobIamMemberOutputWithContext(ctx context.Context) KeyRingImportJobIamMemberOutput
}

type KeyRingImportJobIamMemberOutput added in v0.26.0 

type KeyRingImportJobIamMemberOutput struct{ *pulumi.OutputState }

func (KeyRingImportJobIamMemberOutput) Condition added in v0.26.0 

func (o KeyRingImportJobIamMemberOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (KeyRingImportJobIamMemberOutput) ElementType added in v0.26.0 

func (KeyRingImportJobIamMemberOutput) ElementType() reflect.Type

func (KeyRingImportJobIamMemberOutput) Etag added in v0.26.0 

func (o KeyRingImportJobIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (KeyRingImportJobIamMemberOutput) Member added in v0.26.0 

func (o KeyRingImportJobIamMemberOutput) Member() pulumi.StringOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (KeyRingImportJobIamMemberOutput) Name added in v0.26.0 

func (o KeyRingImportJobIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (KeyRingImportJobIamMemberOutput) Project added in v0.26.0 

func (o KeyRingImportJobIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (KeyRingImportJobIamMemberOutput) Role added in v0.26.0 

func (o KeyRingImportJobIamMemberOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (KeyRingImportJobIamMemberOutput) ToKeyRingImportJobIamMemberOutput added in v0.26.0 

func (o KeyRingImportJobIamMemberOutput) ToKeyRingImportJobIamMemberOutput() KeyRingImportJobIamMemberOutput

func (KeyRingImportJobIamMemberOutput) ToKeyRingImportJobIamMemberOutputWithContext added in v0.26.0 

func (o KeyRingImportJobIamMemberOutput) ToKeyRingImportJobIamMemberOutputWithContext(ctx context.Context) KeyRingImportJobIamMemberOutput

type KeyRingImportJobIamMemberState added in v0.26.0 

type KeyRingImportJobIamMemberState struct {
}

func (KeyRingImportJobIamMemberState) ElementType added in v0.26.0 

func (KeyRingImportJobIamMemberState) ElementType() reflect.Type

type KeyRingImportJobIamPolicy 

type KeyRingImportJobIamPolicy struct {
	pulumi.CustomResourceState

	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigResponseArrayOutput `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingResponseArrayOutput `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag        pulumi.StringOutput `pulumi:"etag"`
	ImportJobId pulumi.StringOutput `pulumi:"importJobId"`
	KeyRingId   pulumi.StringOutput `pulumi:"keyRingId"`
	Location    pulumi.StringOutput `pulumi:"location"`
	Project     pulumi.StringOutput `pulumi:"project"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntOutput `pulumi:"version"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetKeyRingImportJobIamPolicy 

func GetKeyRingImportJobIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyRingImportJobIamPolicyState, opts ...pulumi.ResourceOption) (*KeyRingImportJobIamPolicy, error)

GetKeyRingImportJobIamPolicy gets an existing KeyRingImportJobIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKeyRingImportJobIamPolicy 

func NewKeyRingImportJobIamPolicy(ctx *pulumi.Context,
	name string, args *KeyRingImportJobIamPolicyArgs, opts ...pulumi.ResourceOption) (*KeyRingImportJobIamPolicy, error)

NewKeyRingImportJobIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*KeyRingImportJobIamPolicy) ElementType 

func (*KeyRingImportJobIamPolicy) ElementType() reflect.Type

func (*KeyRingImportJobIamPolicy) ToKeyRingImportJobIamPolicyOutput 

func (i *KeyRingImportJobIamPolicy) ToKeyRingImportJobIamPolicyOutput() KeyRingImportJobIamPolicyOutput

func (*KeyRingImportJobIamPolicy) ToKeyRingImportJobIamPolicyOutputWithContext 

func (i *KeyRingImportJobIamPolicy) ToKeyRingImportJobIamPolicyOutputWithContext(ctx context.Context) KeyRingImportJobIamPolicyOutput

type KeyRingImportJobIamPolicyArgs 

type KeyRingImportJobIamPolicyArgs struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs AuditConfigArrayInput
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingArrayInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag        pulumi.StringPtrInput
	ImportJobId pulumi.StringInput
	KeyRingId   pulumi.StringInput
	Location    pulumi.StringPtrInput
	Project     pulumi.StringPtrInput
	// OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"`
	UpdateMask pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a KeyRingImportJobIamPolicy resource.

func (KeyRingImportJobIamPolicyArgs) ElementType 

func (KeyRingImportJobIamPolicyArgs) ElementType() reflect.Type

type KeyRingImportJobIamPolicyInput 

type KeyRingImportJobIamPolicyInput interface {
	pulumi.Input

	ToKeyRingImportJobIamPolicyOutput() KeyRingImportJobIamPolicyOutput
	ToKeyRingImportJobIamPolicyOutputWithContext(ctx context.Context) KeyRingImportJobIamPolicyOutput
}

type KeyRingImportJobIamPolicyOutput 

type KeyRingImportJobIamPolicyOutput struct{ *pulumi.OutputState }

func (KeyRingImportJobIamPolicyOutput) AuditConfigs added in v0.19.0 

func (o KeyRingImportJobIamPolicyOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (KeyRingImportJobIamPolicyOutput) Bindings added in v0.19.0 

func (o KeyRingImportJobIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (KeyRingImportJobIamPolicyOutput) ElementType 

func (KeyRingImportJobIamPolicyOutput) ElementType() reflect.Type

func (KeyRingImportJobIamPolicyOutput) Etag added in v0.19.0 

func (o KeyRingImportJobIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (KeyRingImportJobIamPolicyOutput) ImportJobId added in v0.21.0 

func (o KeyRingImportJobIamPolicyOutput) ImportJobId() pulumi.StringOutput

func (KeyRingImportJobIamPolicyOutput) KeyRingId added in v0.21.0 

func (o KeyRingImportJobIamPolicyOutput) KeyRingId() pulumi.StringOutput

func (KeyRingImportJobIamPolicyOutput) Location added in v0.21.0 

func (o KeyRingImportJobIamPolicyOutput) Location() pulumi.StringOutput

func (KeyRingImportJobIamPolicyOutput) Project added in v0.21.0 

func (o KeyRingImportJobIamPolicyOutput) Project() pulumi.StringOutput

func (KeyRingImportJobIamPolicyOutput) ToKeyRingImportJobIamPolicyOutput 

func (o KeyRingImportJobIamPolicyOutput) ToKeyRingImportJobIamPolicyOutput() KeyRingImportJobIamPolicyOutput

func (KeyRingImportJobIamPolicyOutput) ToKeyRingImportJobIamPolicyOutputWithContext 

func (o KeyRingImportJobIamPolicyOutput) ToKeyRingImportJobIamPolicyOutputWithContext(ctx context.Context) KeyRingImportJobIamPolicyOutput

func (KeyRingImportJobIamPolicyOutput) Version added in v0.19.0 

func (o KeyRingImportJobIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type KeyRingImportJobIamPolicyState 

type KeyRingImportJobIamPolicyState struct {
}

func (KeyRingImportJobIamPolicyState) ElementType 

func (KeyRingImportJobIamPolicyState) ElementType() reflect.Type

type KeyRingInput 

type KeyRingInput interface {
	pulumi.Input

	ToKeyRingOutput() KeyRingOutput
	ToKeyRingOutputWithContext(ctx context.Context) KeyRingOutput
}

type KeyRingOutput 

type KeyRingOutput struct{ *pulumi.OutputState }

func (KeyRingOutput) CreateTime added in v0.19.0 

func (o KeyRingOutput) CreateTime() pulumi.StringOutput

The time at which this KeyRing was created.

func (KeyRingOutput) ElementType 

func (KeyRingOutput) ElementType() reflect.Type

func (KeyRingOutput) KeyRingId added in v0.21.0 

func (o KeyRingOutput) KeyRingId() pulumi.StringOutput

Required. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`

func (KeyRingOutput) Location added in v0.21.0 

func (o KeyRingOutput) Location() pulumi.StringOutput

func (KeyRingOutput) Name added in v0.19.0 

func (o KeyRingOutput) Name() pulumi.StringOutput

The resource name for the KeyRing in the format `projects/*/locations/*/keyRings/*`.

func (KeyRingOutput) Project added in v0.21.0 

func (o KeyRingOutput) Project() pulumi.StringOutput

func (KeyRingOutput) ToKeyRingOutput 

func (o KeyRingOutput) ToKeyRingOutput() KeyRingOutput

func (KeyRingOutput) ToKeyRingOutputWithContext 

func (o KeyRingOutput) ToKeyRingOutputWithContext(ctx context.Context) KeyRingOutput

type KeyRingState 

type KeyRingState struct {
}

func (KeyRingState) ElementType 

func (KeyRingState) ElementType() reflect.Type

type LookupCryptoKeyArgs added in v0.4.0 

type LookupCryptoKeyArgs struct {
	CryptoKeyId string  `pulumi:"cryptoKeyId"`
	KeyRingId   string  `pulumi:"keyRingId"`
	Location    string  `pulumi:"location"`
	Project     *string `pulumi:"project"`
}

type LookupCryptoKeyOutputArgs added in v0.8.0 

type LookupCryptoKeyOutputArgs struct {
	CryptoKeyId pulumi.StringInput    `pulumi:"cryptoKeyId"`
	KeyRingId   pulumi.StringInput    `pulumi:"keyRingId"`
	Location    pulumi.StringInput    `pulumi:"location"`
	Project     pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupCryptoKeyOutputArgs) ElementType added in v0.8.0 

func (LookupCryptoKeyOutputArgs) ElementType() reflect.Type

type LookupCryptoKeyResult added in v0.4.0 

type LookupCryptoKeyResult struct {
	// The time at which this CryptoKey was created.
	CreateTime string `pulumi:"createTime"`
	// Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format `projects/*/locations/*/ekmConnections/*`. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
	CryptoKeyBackend string `pulumi:"cryptoKeyBackend"`
	// Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
	DestroyScheduledDuration string `pulumi:"destroyScheduledDuration"`
	// Immutable. Whether this key may contain imported versions only.
	ImportOnly bool `pulumi:"importOnly"`
	// Labels with user-defined metadata. For more information, see [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
	Labels map[string]string `pulumi:"labels"`
	// The resource name for this CryptoKey in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	Name string `pulumi:"name"`
	// At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
	NextRotationTime string `pulumi:"nextRotationTime"`
	// A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
	Primary CryptoKeyVersionResponse `pulumi:"primary"`
	// Immutable. The immutable purpose of this CryptoKey.
	Purpose string `pulumi:"purpose"`
	// next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
	RotationPeriod string `pulumi:"rotationPeriod"`
	// A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
	VersionTemplate CryptoKeyVersionTemplateResponse `pulumi:"versionTemplate"`
}

func LookupCryptoKey added in v0.4.0 

func LookupCryptoKey(ctx *pulumi.Context, args *LookupCryptoKeyArgs, opts ...pulumi.InvokeOption) (*LookupCryptoKeyResult, error)

Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

type LookupCryptoKeyResultOutput added in v0.8.0 

type LookupCryptoKeyResultOutput struct{ *pulumi.OutputState }

func LookupCryptoKeyOutput added in v0.8.0 

func LookupCryptoKeyOutput(ctx *pulumi.Context, args LookupCryptoKeyOutputArgs, opts ...pulumi.InvokeOption) LookupCryptoKeyResultOutput

func (LookupCryptoKeyResultOutput) CreateTime added in v0.8.0 

func (o LookupCryptoKeyResultOutput) CreateTime() pulumi.StringOutput

The time at which this CryptoKey was created.

func (LookupCryptoKeyResultOutput) CryptoKeyBackend added in v0.13.0 

func (o LookupCryptoKeyResultOutput) CryptoKeyBackend() pulumi.StringOutput

Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format `projects/*/locations/*/ekmConnections/*`. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

func (LookupCryptoKeyResultOutput) DestroyScheduledDuration added in v0.8.0 

func (o LookupCryptoKeyResultOutput) DestroyScheduledDuration() pulumi.StringOutput

Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

func (LookupCryptoKeyResultOutput) ElementType added in v0.8.0 

func (LookupCryptoKeyResultOutput) ElementType() reflect.Type

func (LookupCryptoKeyResultOutput) ImportOnly added in v0.8.0 

func (o LookupCryptoKeyResultOutput) ImportOnly() pulumi.BoolOutput

Immutable. Whether this key may contain imported versions only.

func (LookupCryptoKeyResultOutput) Labels added in v0.8.0 

func (o LookupCryptoKeyResultOutput) Labels() pulumi.StringMapOutput

Labels with user-defined metadata. For more information, see [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).

func (LookupCryptoKeyResultOutput) Name added in v0.8.0 

func (o LookupCryptoKeyResultOutput) Name() pulumi.StringOutput

The resource name for this CryptoKey in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*`.

func (LookupCryptoKeyResultOutput) NextRotationTime added in v0.8.0 

func (o LookupCryptoKeyResultOutput) NextRotationTime() pulumi.StringOutput

At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

func (LookupCryptoKeyResultOutput) Primary added in v0.8.0 

func (o LookupCryptoKeyResultOutput) Primary() CryptoKeyVersionResponseOutput

A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

func (LookupCryptoKeyResultOutput) Purpose added in v0.8.0 

func (o LookupCryptoKeyResultOutput) Purpose() pulumi.StringOutput

Immutable. The immutable purpose of this CryptoKey.

func (LookupCryptoKeyResultOutput) RotationPeriod added in v0.8.0 

func (o LookupCryptoKeyResultOutput) RotationPeriod() pulumi.StringOutput

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

func (LookupCryptoKeyResultOutput) ToLookupCryptoKeyResultOutput added in v0.8.0 

func (o LookupCryptoKeyResultOutput) ToLookupCryptoKeyResultOutput() LookupCryptoKeyResultOutput

func (LookupCryptoKeyResultOutput) ToLookupCryptoKeyResultOutputWithContext added in v0.8.0 

func (o LookupCryptoKeyResultOutput) ToLookupCryptoKeyResultOutputWithContext(ctx context.Context) LookupCryptoKeyResultOutput

func (LookupCryptoKeyResultOutput) VersionTemplate added in v0.8.0 

func (o LookupCryptoKeyResultOutput) VersionTemplate() CryptoKeyVersionTemplateResponseOutput

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

type LookupCryptoKeyVersionArgs added in v0.4.0 

type LookupCryptoKeyVersionArgs struct {
	CryptoKeyId        string  `pulumi:"cryptoKeyId"`
	CryptoKeyVersionId string  `pulumi:"cryptoKeyVersionId"`
	KeyRingId          string  `pulumi:"keyRingId"`
	Location           string  `pulumi:"location"`
	Project            *string `pulumi:"project"`
}

type LookupCryptoKeyVersionOutputArgs added in v0.8.0 

type LookupCryptoKeyVersionOutputArgs struct {
	CryptoKeyId        pulumi.StringInput    `pulumi:"cryptoKeyId"`
	CryptoKeyVersionId pulumi.StringInput    `pulumi:"cryptoKeyVersionId"`
	KeyRingId          pulumi.StringInput    `pulumi:"keyRingId"`
	Location           pulumi.StringInput    `pulumi:"location"`
	Project            pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupCryptoKeyVersionOutputArgs) ElementType added in v0.8.0 

func (LookupCryptoKeyVersionOutputArgs) ElementType() reflect.Type

type LookupCryptoKeyVersionResult added in v0.4.0 

type LookupCryptoKeyVersionResult struct {
	// The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
	Algorithm string `pulumi:"algorithm"`
	// Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
	Attestation KeyOperationAttestationResponse `pulumi:"attestation"`
	// The time at which this CryptoKeyVersion was created.
	CreateTime string `pulumi:"createTime"`
	// The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
	DestroyEventTime string `pulumi:"destroyEventTime"`
	// The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
	DestroyTime string `pulumi:"destroyTime"`
	// The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
	ExternalDestructionFailureReason string `pulumi:"externalDestructionFailureReason"`
	// ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
	ExternalProtectionLevelOptions ExternalProtectionLevelOptionsResponse `pulumi:"externalProtectionLevelOptions"`
	// The time this CryptoKeyVersion's key material was generated.
	GenerateTime string `pulumi:"generateTime"`
	// The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
	GenerationFailureReason string `pulumi:"generationFailureReason"`
	// The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
	ImportFailureReason string `pulumi:"importFailureReason"`
	// The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
	ImportJob string `pulumi:"importJob"`
	// The time at which this CryptoKeyVersion's key material was most recently imported.
	ImportTime string `pulumi:"importTime"`
	// The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
	Name string `pulumi:"name"`
	// The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
	ProtectionLevel string `pulumi:"protectionLevel"`
	// Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
	ReimportEligible bool `pulumi:"reimportEligible"`
	// The current state of the CryptoKeyVersion.
	State string `pulumi:"state"`
}

func LookupCryptoKeyVersion added in v0.4.0 

func LookupCryptoKeyVersion(ctx *pulumi.Context, args *LookupCryptoKeyVersionArgs, opts ...pulumi.InvokeOption) (*LookupCryptoKeyVersionResult, error)

Returns metadata for a given CryptoKeyVersion.

type LookupCryptoKeyVersionResultOutput added in v0.8.0 

type LookupCryptoKeyVersionResultOutput struct{ *pulumi.OutputState }

func LookupCryptoKeyVersionOutput added in v0.8.0 

func LookupCryptoKeyVersionOutput(ctx *pulumi.Context, args LookupCryptoKeyVersionOutputArgs, opts ...pulumi.InvokeOption) LookupCryptoKeyVersionResultOutput

func (LookupCryptoKeyVersionResultOutput) Algorithm added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) Algorithm() pulumi.StringOutput

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

func (LookupCryptoKeyVersionResultOutput) Attestation added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) Attestation() KeyOperationAttestationResponseOutput

Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

func (LookupCryptoKeyVersionResultOutput) CreateTime added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) CreateTime() pulumi.StringOutput

The time at which this CryptoKeyVersion was created.

func (LookupCryptoKeyVersionResultOutput) DestroyEventTime added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) DestroyEventTime() pulumi.StringOutput

The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

func (LookupCryptoKeyVersionResultOutput) DestroyTime added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) DestroyTime() pulumi.StringOutput

The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

func (LookupCryptoKeyVersionResultOutput) ElementType added in v0.8.0 

func (LookupCryptoKeyVersionResultOutput) ElementType() reflect.Type

func (LookupCryptoKeyVersionResultOutput) ExternalDestructionFailureReason added in v0.29.0 

func (o LookupCryptoKeyVersionResultOutput) ExternalDestructionFailureReason() pulumi.StringOutput

The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.

func (LookupCryptoKeyVersionResultOutput) ExternalProtectionLevelOptions added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) ExternalProtectionLevelOptions() ExternalProtectionLevelOptionsResponseOutput

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

func (LookupCryptoKeyVersionResultOutput) GenerateTime added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) GenerateTime() pulumi.StringOutput

The time this CryptoKeyVersion's key material was generated.

func (LookupCryptoKeyVersionResultOutput) GenerationFailureReason added in v0.29.0 

func (o LookupCryptoKeyVersionResultOutput) GenerationFailureReason() pulumi.StringOutput

The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.

func (LookupCryptoKeyVersionResultOutput) ImportFailureReason added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) ImportFailureReason() pulumi.StringOutput

The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

func (LookupCryptoKeyVersionResultOutput) ImportJob added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) ImportJob() pulumi.StringOutput

The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

func (LookupCryptoKeyVersionResultOutput) ImportTime added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) ImportTime() pulumi.StringOutput

The time at which this CryptoKeyVersion's key material was most recently imported.

func (LookupCryptoKeyVersionResultOutput) Name added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) Name() pulumi.StringOutput

The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.

func (LookupCryptoKeyVersionResultOutput) ProtectionLevel added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) ProtectionLevel() pulumi.StringOutput

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

func (LookupCryptoKeyVersionResultOutput) ReimportEligible added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) ReimportEligible() pulumi.BoolOutput

Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

func (LookupCryptoKeyVersionResultOutput) State added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) State() pulumi.StringOutput

The current state of the CryptoKeyVersion.

func (LookupCryptoKeyVersionResultOutput) ToLookupCryptoKeyVersionResultOutput added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) ToLookupCryptoKeyVersionResultOutput() LookupCryptoKeyVersionResultOutput

func (LookupCryptoKeyVersionResultOutput) ToLookupCryptoKeyVersionResultOutputWithContext added in v0.8.0 

func (o LookupCryptoKeyVersionResultOutput) ToLookupCryptoKeyVersionResultOutputWithContext(ctx context.Context) LookupCryptoKeyVersionResultOutput

type LookupEkmConfigIamPolicyArgs added in v0.26.1 

type LookupEkmConfigIamPolicyArgs struct {
	Location                      string  `pulumi:"location"`
	OptionsRequestedPolicyVersion *int    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       *string `pulumi:"project"`
}

type LookupEkmConfigIamPolicyOutputArgs added in v0.26.1 

type LookupEkmConfigIamPolicyOutputArgs struct {
	Location                      pulumi.StringInput    `pulumi:"location"`
	OptionsRequestedPolicyVersion pulumi.IntPtrInput    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupEkmConfigIamPolicyOutputArgs) ElementType added in v0.26.1 

func (LookupEkmConfigIamPolicyOutputArgs) ElementType() reflect.Type

type LookupEkmConfigIamPolicyResult added in v0.26.1 

type LookupEkmConfigIamPolicyResult struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupEkmConfigIamPolicy added in v0.26.1 

func LookupEkmConfigIamPolicy(ctx *pulumi.Context, args *LookupEkmConfigIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupEkmConfigIamPolicyResult, error)

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

type LookupEkmConfigIamPolicyResultOutput added in v0.26.1 

type LookupEkmConfigIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupEkmConfigIamPolicyOutput added in v0.26.1 

func LookupEkmConfigIamPolicyOutput(ctx *pulumi.Context, args LookupEkmConfigIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupEkmConfigIamPolicyResultOutput

func (LookupEkmConfigIamPolicyResultOutput) AuditConfigs added in v0.26.1 

func (o LookupEkmConfigIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (LookupEkmConfigIamPolicyResultOutput) Bindings added in v0.26.1 

func (o LookupEkmConfigIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupEkmConfigIamPolicyResultOutput) ElementType added in v0.26.1 

func (LookupEkmConfigIamPolicyResultOutput) ElementType() reflect.Type

func (LookupEkmConfigIamPolicyResultOutput) Etag added in v0.26.1 

func (o LookupEkmConfigIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupEkmConfigIamPolicyResultOutput) ToLookupEkmConfigIamPolicyResultOutput added in v0.26.1 

func (o LookupEkmConfigIamPolicyResultOutput) ToLookupEkmConfigIamPolicyResultOutput() LookupEkmConfigIamPolicyResultOutput

func (LookupEkmConfigIamPolicyResultOutput) ToLookupEkmConfigIamPolicyResultOutputWithContext added in v0.26.1 

func (o LookupEkmConfigIamPolicyResultOutput) ToLookupEkmConfigIamPolicyResultOutputWithContext(ctx context.Context) LookupEkmConfigIamPolicyResultOutput

func (LookupEkmConfigIamPolicyResultOutput) Version added in v0.26.1 

func (o LookupEkmConfigIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type LookupEkmConnectionArgs added in v0.13.0 

type LookupEkmConnectionArgs struct {
	EkmConnectionId string  `pulumi:"ekmConnectionId"`
	Location        string  `pulumi:"location"`
	Project         *string `pulumi:"project"`
}

type LookupEkmConnectionIamPolicyArgs added in v0.11.0 

type LookupEkmConnectionIamPolicyArgs struct {
	EkmConnectionId               string  `pulumi:"ekmConnectionId"`
	Location                      string  `pulumi:"location"`
	OptionsRequestedPolicyVersion *int    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       *string `pulumi:"project"`
}

type LookupEkmConnectionIamPolicyOutputArgs added in v0.11.0 

type LookupEkmConnectionIamPolicyOutputArgs struct {
	EkmConnectionId               pulumi.StringInput    `pulumi:"ekmConnectionId"`
	Location                      pulumi.StringInput    `pulumi:"location"`
	OptionsRequestedPolicyVersion pulumi.IntPtrInput    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupEkmConnectionIamPolicyOutputArgs) ElementType added in v0.11.0 

func (LookupEkmConnectionIamPolicyOutputArgs) ElementType() reflect.Type

type LookupEkmConnectionIamPolicyResult added in v0.11.0 

type LookupEkmConnectionIamPolicyResult struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupEkmConnectionIamPolicy added in v0.11.0 

func LookupEkmConnectionIamPolicy(ctx *pulumi.Context, args *LookupEkmConnectionIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupEkmConnectionIamPolicyResult, error)

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

type LookupEkmConnectionIamPolicyResultOutput added in v0.11.0 

type LookupEkmConnectionIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupEkmConnectionIamPolicyOutput added in v0.11.0 

func LookupEkmConnectionIamPolicyOutput(ctx *pulumi.Context, args LookupEkmConnectionIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupEkmConnectionIamPolicyResultOutput

func (LookupEkmConnectionIamPolicyResultOutput) AuditConfigs added in v0.11.0 

func (o LookupEkmConnectionIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (LookupEkmConnectionIamPolicyResultOutput) Bindings added in v0.11.0 

func (o LookupEkmConnectionIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupEkmConnectionIamPolicyResultOutput) ElementType added in v0.11.0 

func (LookupEkmConnectionIamPolicyResultOutput) ElementType() reflect.Type

func (LookupEkmConnectionIamPolicyResultOutput) Etag added in v0.11.0 

func (o LookupEkmConnectionIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutput added in v0.11.0 

func (o LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutput() LookupEkmConnectionIamPolicyResultOutput

func (LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutputWithContext added in v0.11.0 

func (o LookupEkmConnectionIamPolicyResultOutput) ToLookupEkmConnectionIamPolicyResultOutputWithContext(ctx context.Context) LookupEkmConnectionIamPolicyResultOutput

func (LookupEkmConnectionIamPolicyResultOutput) Version added in v0.11.0 

func (o LookupEkmConnectionIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type LookupEkmConnectionOutputArgs added in v0.13.0 

type LookupEkmConnectionOutputArgs struct {
	EkmConnectionId pulumi.StringInput    `pulumi:"ekmConnectionId"`
	Location        pulumi.StringInput    `pulumi:"location"`
	Project         pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupEkmConnectionOutputArgs) ElementType added in v0.13.0 

func (LookupEkmConnectionOutputArgs) ElementType() reflect.Type

type LookupEkmConnectionResult added in v0.13.0 

type LookupEkmConnectionResult struct {
	// The time at which the EkmConnection was created.
	CreateTime string `pulumi:"createTime"`
	// Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.
	CryptoSpacePath string `pulumi:"cryptoSpacePath"`
	// Optional. Etag of the currently stored EkmConnection.
	Etag string `pulumi:"etag"`
	// Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.
	KeyManagementMode string `pulumi:"keyManagementMode"`
	// The resource name for the EkmConnection in the format `projects/*/locations/*/ekmConnections/*`.
	Name string `pulumi:"name"`
	// A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.
	ServiceResolvers []ServiceResolverResponse `pulumi:"serviceResolvers"`
}

func LookupEkmConnection added in v0.13.0 

func LookupEkmConnection(ctx *pulumi.Context, args *LookupEkmConnectionArgs, opts ...pulumi.InvokeOption) (*LookupEkmConnectionResult, error)

Returns metadata for a given EkmConnection.

type LookupEkmConnectionResultOutput added in v0.13.0 

type LookupEkmConnectionResultOutput struct{ *pulumi.OutputState }

func LookupEkmConnectionOutput added in v0.13.0 

func LookupEkmConnectionOutput(ctx *pulumi.Context, args LookupEkmConnectionOutputArgs, opts ...pulumi.InvokeOption) LookupEkmConnectionResultOutput

func (LookupEkmConnectionResultOutput) CreateTime added in v0.13.0 

func (o LookupEkmConnectionResultOutput) CreateTime() pulumi.StringOutput

The time at which the EkmConnection was created.

func (LookupEkmConnectionResultOutput) CryptoSpacePath added in v0.29.0 

func (o LookupEkmConnectionResultOutput) CryptoSpacePath() pulumi.StringOutput

Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.

func (LookupEkmConnectionResultOutput) ElementType added in v0.13.0 

func (LookupEkmConnectionResultOutput) ElementType() reflect.Type

func (LookupEkmConnectionResultOutput) Etag added in v0.13.0 

func (o LookupEkmConnectionResultOutput) Etag() pulumi.StringOutput

Optional. Etag of the currently stored EkmConnection.

func (LookupEkmConnectionResultOutput) KeyManagementMode added in v0.29.0 

func (o LookupEkmConnectionResultOutput) KeyManagementMode() pulumi.StringOutput

Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.

func (LookupEkmConnectionResultOutput) Name added in v0.13.0 

func (o LookupEkmConnectionResultOutput) Name() pulumi.StringOutput

The resource name for the EkmConnection in the format `projects/*/locations/*/ekmConnections/*`.

func (LookupEkmConnectionResultOutput) ServiceResolvers added in v0.13.0 

func (o LookupEkmConnectionResultOutput) ServiceResolvers() ServiceResolverResponseArrayOutput

A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.

func (LookupEkmConnectionResultOutput) ToLookupEkmConnectionResultOutput added in v0.13.0 

func (o LookupEkmConnectionResultOutput) ToLookupEkmConnectionResultOutput() LookupEkmConnectionResultOutput

func (LookupEkmConnectionResultOutput) ToLookupEkmConnectionResultOutputWithContext added in v0.13.0 

func (o LookupEkmConnectionResultOutput) ToLookupEkmConnectionResultOutputWithContext(ctx context.Context) LookupEkmConnectionResultOutput

type LookupImportJobArgs added in v0.4.0 

type LookupImportJobArgs struct {
	ImportJobId string  `pulumi:"importJobId"`
	KeyRingId   string  `pulumi:"keyRingId"`
	Location    string  `pulumi:"location"`
	Project     *string `pulumi:"project"`
}

type LookupImportJobOutputArgs added in v0.8.0 

type LookupImportJobOutputArgs struct {
	ImportJobId pulumi.StringInput    `pulumi:"importJobId"`
	KeyRingId   pulumi.StringInput    `pulumi:"keyRingId"`
	Location    pulumi.StringInput    `pulumi:"location"`
	Project     pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupImportJobOutputArgs) ElementType added in v0.8.0 

func (LookupImportJobOutputArgs) ElementType() reflect.Type

type LookupImportJobResult added in v0.4.0 

type LookupImportJobResult struct {
	// Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM.
	Attestation KeyOperationAttestationResponse `pulumi:"attestation"`
	// The time at which this ImportJob was created.
	CreateTime string `pulumi:"createTime"`
	// The time this ImportJob expired. Only present if state is EXPIRED.
	ExpireEventTime string `pulumi:"expireEventTime"`
	// The time at which this ImportJob is scheduled for expiration and can no longer be used to import key material.
	ExpireTime string `pulumi:"expireTime"`
	// The time this ImportJob's key material was generated.
	GenerateTime string `pulumi:"generateTime"`
	// Immutable. The wrapping method to be used for incoming key material.
	ImportMethod string `pulumi:"importMethod"`
	// The resource name for this ImportJob in the format `projects/*/locations/*/keyRings/*/importJobs/*`.
	Name string `pulumi:"name"`
	// Immutable. The protection level of the ImportJob. This must match the protection_level of the version_template on the CryptoKey you attempt to import into.
	ProtectionLevel string `pulumi:"protectionLevel"`
	// The public key with which to wrap key material prior to import. Only returned if state is ACTIVE.
	PublicKey WrappingPublicKeyResponse `pulumi:"publicKey"`
	// The current state of the ImportJob, indicating if it can be used.
	State string `pulumi:"state"`
}

func LookupImportJob added in v0.4.0 

func LookupImportJob(ctx *pulumi.Context, args *LookupImportJobArgs, opts ...pulumi.InvokeOption) (*LookupImportJobResult, error)

Returns metadata for a given ImportJob.

type LookupImportJobResultOutput added in v0.8.0 

type LookupImportJobResultOutput struct{ *pulumi.OutputState }

func LookupImportJobOutput added in v0.8.0 

func LookupImportJobOutput(ctx *pulumi.Context, args LookupImportJobOutputArgs, opts ...pulumi.InvokeOption) LookupImportJobResultOutput

func (LookupImportJobResultOutput) Attestation added in v0.8.0 

func (o LookupImportJobResultOutput) Attestation() KeyOperationAttestationResponseOutput

Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM.

func (LookupImportJobResultOutput) CreateTime added in v0.8.0 

func (o LookupImportJobResultOutput) CreateTime() pulumi.StringOutput

The time at which this ImportJob was created.

func (LookupImportJobResultOutput) ElementType added in v0.8.0 

func (LookupImportJobResultOutput) ElementType() reflect.Type

func (LookupImportJobResultOutput) ExpireEventTime added in v0.8.0 

func (o LookupImportJobResultOutput) ExpireEventTime() pulumi.StringOutput

The time this ImportJob expired. Only present if state is EXPIRED.

func (LookupImportJobResultOutput) ExpireTime added in v0.8.0 

func (o LookupImportJobResultOutput) ExpireTime() pulumi.StringOutput

The time at which this ImportJob is scheduled for expiration and can no longer be used to import key material.

func (LookupImportJobResultOutput) GenerateTime added in v0.8.0 

func (o LookupImportJobResultOutput) GenerateTime() pulumi.StringOutput

The time this ImportJob's key material was generated.

func (LookupImportJobResultOutput) ImportMethod added in v0.8.0 

func (o LookupImportJobResultOutput) ImportMethod() pulumi.StringOutput

Immutable. The wrapping method to be used for incoming key material.

func (LookupImportJobResultOutput) Name added in v0.8.0 

func (o LookupImportJobResultOutput) Name() pulumi.StringOutput

The resource name for this ImportJob in the format `projects/*/locations/*/keyRings/*/importJobs/*`.

func (LookupImportJobResultOutput) ProtectionLevel added in v0.8.0 

func (o LookupImportJobResultOutput) ProtectionLevel() pulumi.StringOutput

Immutable. The protection level of the ImportJob. This must match the protection_level of the version_template on the CryptoKey you attempt to import into.

func (LookupImportJobResultOutput) PublicKey added in v0.8.0 

func (o LookupImportJobResultOutput) PublicKey() WrappingPublicKeyResponseOutput

The public key with which to wrap key material prior to import. Only returned if state is ACTIVE.

func (LookupImportJobResultOutput) State added in v0.8.0 

func (o LookupImportJobResultOutput) State() pulumi.StringOutput

The current state of the ImportJob, indicating if it can be used.

func (LookupImportJobResultOutput) ToLookupImportJobResultOutput added in v0.8.0 

func (o LookupImportJobResultOutput) ToLookupImportJobResultOutput() LookupImportJobResultOutput

func (LookupImportJobResultOutput) ToLookupImportJobResultOutputWithContext added in v0.8.0 

func (o LookupImportJobResultOutput) ToLookupImportJobResultOutputWithContext(ctx context.Context) LookupImportJobResultOutput

type LookupKeyRingArgs added in v0.4.0 

type LookupKeyRingArgs struct {
	KeyRingId string  `pulumi:"keyRingId"`
	Location  string  `pulumi:"location"`
	Project   *string `pulumi:"project"`
}

type LookupKeyRingCryptoKeyIamPolicyArgs added in v0.4.0 

type LookupKeyRingCryptoKeyIamPolicyArgs struct {
	CryptoKeyId                   string  `pulumi:"cryptoKeyId"`
	KeyRingId                     string  `pulumi:"keyRingId"`
	Location                      string  `pulumi:"location"`
	OptionsRequestedPolicyVersion *int    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       *string `pulumi:"project"`
}

type LookupKeyRingCryptoKeyIamPolicyOutputArgs added in v0.8.0 

type LookupKeyRingCryptoKeyIamPolicyOutputArgs struct {
	CryptoKeyId                   pulumi.StringInput    `pulumi:"cryptoKeyId"`
	KeyRingId                     pulumi.StringInput    `pulumi:"keyRingId"`
	Location                      pulumi.StringInput    `pulumi:"location"`
	OptionsRequestedPolicyVersion pulumi.IntPtrInput    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupKeyRingCryptoKeyIamPolicyOutputArgs) ElementType added in v0.8.0 

func (LookupKeyRingCryptoKeyIamPolicyOutputArgs) ElementType() reflect.Type

type LookupKeyRingCryptoKeyIamPolicyResult added in v0.4.0 

type LookupKeyRingCryptoKeyIamPolicyResult struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupKeyRingCryptoKeyIamPolicy added in v0.4.0 

func LookupKeyRingCryptoKeyIamPolicy(ctx *pulumi.Context, args *LookupKeyRingCryptoKeyIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupKeyRingCryptoKeyIamPolicyResult, error)

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

type LookupKeyRingCryptoKeyIamPolicyResultOutput added in v0.8.0 

type LookupKeyRingCryptoKeyIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupKeyRingCryptoKeyIamPolicyOutput added in v0.8.0 

func LookupKeyRingCryptoKeyIamPolicyOutput(ctx *pulumi.Context, args LookupKeyRingCryptoKeyIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupKeyRingCryptoKeyIamPolicyResultOutput

func (LookupKeyRingCryptoKeyIamPolicyResultOutput) AuditConfigs added in v0.8.0 

func (o LookupKeyRingCryptoKeyIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (LookupKeyRingCryptoKeyIamPolicyResultOutput) Bindings added in v0.8.0 

func (o LookupKeyRingCryptoKeyIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupKeyRingCryptoKeyIamPolicyResultOutput) ElementType added in v0.8.0 

func (LookupKeyRingCryptoKeyIamPolicyResultOutput) ElementType() reflect.Type

func (LookupKeyRingCryptoKeyIamPolicyResultOutput) Etag added in v0.8.0 

func (o LookupKeyRingCryptoKeyIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupKeyRingCryptoKeyIamPolicyResultOutput) ToLookupKeyRingCryptoKeyIamPolicyResultOutput added in v0.8.0 

func (o LookupKeyRingCryptoKeyIamPolicyResultOutput) ToLookupKeyRingCryptoKeyIamPolicyResultOutput() LookupKeyRingCryptoKeyIamPolicyResultOutput

func (LookupKeyRingCryptoKeyIamPolicyResultOutput) ToLookupKeyRingCryptoKeyIamPolicyResultOutputWithContext added in v0.8.0 

func (o LookupKeyRingCryptoKeyIamPolicyResultOutput) ToLookupKeyRingCryptoKeyIamPolicyResultOutputWithContext(ctx context.Context) LookupKeyRingCryptoKeyIamPolicyResultOutput

func (LookupKeyRingCryptoKeyIamPolicyResultOutput) Version added in v0.8.0 

func (o LookupKeyRingCryptoKeyIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type LookupKeyRingIamPolicyArgs added in v0.4.0 

type LookupKeyRingIamPolicyArgs struct {
	KeyRingId                     string  `pulumi:"keyRingId"`
	Location                      string  `pulumi:"location"`
	OptionsRequestedPolicyVersion *int    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       *string `pulumi:"project"`
}

type LookupKeyRingIamPolicyOutputArgs added in v0.8.0 

type LookupKeyRingIamPolicyOutputArgs struct {
	KeyRingId                     pulumi.StringInput    `pulumi:"keyRingId"`
	Location                      pulumi.StringInput    `pulumi:"location"`
	OptionsRequestedPolicyVersion pulumi.IntPtrInput    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupKeyRingIamPolicyOutputArgs) ElementType added in v0.8.0 

func (LookupKeyRingIamPolicyOutputArgs) ElementType() reflect.Type

type LookupKeyRingIamPolicyResult added in v0.4.0 

type LookupKeyRingIamPolicyResult struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupKeyRingIamPolicy added in v0.4.0 

func LookupKeyRingIamPolicy(ctx *pulumi.Context, args *LookupKeyRingIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupKeyRingIamPolicyResult, error)

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

type LookupKeyRingIamPolicyResultOutput added in v0.8.0 

type LookupKeyRingIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupKeyRingIamPolicyOutput added in v0.8.0 

func LookupKeyRingIamPolicyOutput(ctx *pulumi.Context, args LookupKeyRingIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupKeyRingIamPolicyResultOutput

func (LookupKeyRingIamPolicyResultOutput) AuditConfigs added in v0.8.0 

func (o LookupKeyRingIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (LookupKeyRingIamPolicyResultOutput) Bindings added in v0.8.0 

func (o LookupKeyRingIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupKeyRingIamPolicyResultOutput) ElementType added in v0.8.0 

func (LookupKeyRingIamPolicyResultOutput) ElementType() reflect.Type

func (LookupKeyRingIamPolicyResultOutput) Etag added in v0.8.0 

func (o LookupKeyRingIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupKeyRingIamPolicyResultOutput) ToLookupKeyRingIamPolicyResultOutput added in v0.8.0 

func (o LookupKeyRingIamPolicyResultOutput) ToLookupKeyRingIamPolicyResultOutput() LookupKeyRingIamPolicyResultOutput

func (LookupKeyRingIamPolicyResultOutput) ToLookupKeyRingIamPolicyResultOutputWithContext added in v0.8.0 

func (o LookupKeyRingIamPolicyResultOutput) ToLookupKeyRingIamPolicyResultOutputWithContext(ctx context.Context) LookupKeyRingIamPolicyResultOutput

func (LookupKeyRingIamPolicyResultOutput) Version added in v0.8.0 

func (o LookupKeyRingIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type LookupKeyRingImportJobIamPolicyArgs added in v0.4.0 

type LookupKeyRingImportJobIamPolicyArgs struct {
	ImportJobId                   string  `pulumi:"importJobId"`
	KeyRingId                     string  `pulumi:"keyRingId"`
	Location                      string  `pulumi:"location"`
	OptionsRequestedPolicyVersion *int    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       *string `pulumi:"project"`
}

type LookupKeyRingImportJobIamPolicyOutputArgs added in v0.8.0 

type LookupKeyRingImportJobIamPolicyOutputArgs struct {
	ImportJobId                   pulumi.StringInput    `pulumi:"importJobId"`
	KeyRingId                     pulumi.StringInput    `pulumi:"keyRingId"`
	Location                      pulumi.StringInput    `pulumi:"location"`
	OptionsRequestedPolicyVersion pulumi.IntPtrInput    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupKeyRingImportJobIamPolicyOutputArgs) ElementType added in v0.8.0 

func (LookupKeyRingImportJobIamPolicyOutputArgs) ElementType() reflect.Type

type LookupKeyRingImportJobIamPolicyResult added in v0.4.0 

type LookupKeyRingImportJobIamPolicyResult struct {
	// Specifies cloud audit logging configuration for this policy.
	AuditConfigs []AuditConfigResponse `pulumi:"auditConfigs"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupKeyRingImportJobIamPolicy added in v0.4.0 

func LookupKeyRingImportJobIamPolicy(ctx *pulumi.Context, args *LookupKeyRingImportJobIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupKeyRingImportJobIamPolicyResult, error)

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

type LookupKeyRingImportJobIamPolicyResultOutput added in v0.8.0 

type LookupKeyRingImportJobIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupKeyRingImportJobIamPolicyOutput added in v0.8.0 

func LookupKeyRingImportJobIamPolicyOutput(ctx *pulumi.Context, args LookupKeyRingImportJobIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupKeyRingImportJobIamPolicyResultOutput

func (LookupKeyRingImportJobIamPolicyResultOutput) AuditConfigs added in v0.8.0 

func (o LookupKeyRingImportJobIamPolicyResultOutput) AuditConfigs() AuditConfigResponseArrayOutput

Specifies cloud audit logging configuration for this policy.

func (LookupKeyRingImportJobIamPolicyResultOutput) Bindings added in v0.8.0 

func (o LookupKeyRingImportJobIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupKeyRingImportJobIamPolicyResultOutput) ElementType added in v0.8.0 

func (LookupKeyRingImportJobIamPolicyResultOutput) ElementType() reflect.Type

func (LookupKeyRingImportJobIamPolicyResultOutput) Etag added in v0.8.0 

func (o LookupKeyRingImportJobIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupKeyRingImportJobIamPolicyResultOutput) ToLookupKeyRingImportJobIamPolicyResultOutput added in v0.8.0 

func (o LookupKeyRingImportJobIamPolicyResultOutput) ToLookupKeyRingImportJobIamPolicyResultOutput() LookupKeyRingImportJobIamPolicyResultOutput

func (LookupKeyRingImportJobIamPolicyResultOutput) ToLookupKeyRingImportJobIamPolicyResultOutputWithContext added in v0.8.0 

func (o LookupKeyRingImportJobIamPolicyResultOutput) ToLookupKeyRingImportJobIamPolicyResultOutputWithContext(ctx context.Context) LookupKeyRingImportJobIamPolicyResultOutput

func (LookupKeyRingImportJobIamPolicyResultOutput) Version added in v0.8.0 

func (o LookupKeyRingImportJobIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type LookupKeyRingOutputArgs added in v0.8.0 

type LookupKeyRingOutputArgs struct {
	KeyRingId pulumi.StringInput    `pulumi:"keyRingId"`
	Location  pulumi.StringInput    `pulumi:"location"`
	Project   pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupKeyRingOutputArgs) ElementType added in v0.8.0 

func (LookupKeyRingOutputArgs) ElementType() reflect.Type

type LookupKeyRingResult added in v0.4.0 

type LookupKeyRingResult struct {
	// The time at which this KeyRing was created.
	CreateTime string `pulumi:"createTime"`
	// The resource name for the KeyRing in the format `projects/*/locations/*/keyRings/*`.
	Name string `pulumi:"name"`
}

func LookupKeyRing added in v0.4.0 

func LookupKeyRing(ctx *pulumi.Context, args *LookupKeyRingArgs, opts ...pulumi.InvokeOption) (*LookupKeyRingResult, error)

Returns metadata for a given KeyRing.

type LookupKeyRingResultOutput added in v0.8.0 

type LookupKeyRingResultOutput struct{ *pulumi.OutputState }

func LookupKeyRingOutput added in v0.8.0 

func LookupKeyRingOutput(ctx *pulumi.Context, args LookupKeyRingOutputArgs, opts ...pulumi.InvokeOption) LookupKeyRingResultOutput

func (LookupKeyRingResultOutput) CreateTime added in v0.8.0 

func (o LookupKeyRingResultOutput) CreateTime() pulumi.StringOutput

The time at which this KeyRing was created.

func (LookupKeyRingResultOutput) ElementType added in v0.8.0 

func (LookupKeyRingResultOutput) ElementType() reflect.Type

func (LookupKeyRingResultOutput) Name added in v0.8.0 

func (o LookupKeyRingResultOutput) Name() pulumi.StringOutput

The resource name for the KeyRing in the format `projects/*/locations/*/keyRings/*`.

func (LookupKeyRingResultOutput) ToLookupKeyRingResultOutput added in v0.8.0 

func (o LookupKeyRingResultOutput) ToLookupKeyRingResultOutput() LookupKeyRingResultOutput

func (LookupKeyRingResultOutput) ToLookupKeyRingResultOutputWithContext added in v0.8.0 

func (o LookupKeyRingResultOutput) ToLookupKeyRingResultOutputWithContext(ctx context.Context) LookupKeyRingResultOutput

type ServiceResolver added in v0.13.0 

type ServiceResolver struct {
	// Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
	EndpointFilter *string `pulumi:"endpointFilter"`
	// The hostname of the EKM replica used at TLS and HTTP layers.
	Hostname string `pulumi:"hostname"`
	// A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported.
	ServerCertificates []Certificate `pulumi:"serverCertificates"`
	// The resource name of the Service Directory service pointing to an EKM replica, in the format `projects/*/locations/*/namespaces/*/services/*`.
	ServiceDirectoryService string `pulumi:"serviceDirectoryService"`
}

A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.

type ServiceResolverArgs added in v0.13.0 

type ServiceResolverArgs struct {
	// Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
	EndpointFilter pulumi.StringPtrInput `pulumi:"endpointFilter"`
	// The hostname of the EKM replica used at TLS and HTTP layers.
	Hostname pulumi.StringInput `pulumi:"hostname"`
	// A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported.
	ServerCertificates CertificateArrayInput `pulumi:"serverCertificates"`
	// The resource name of the Service Directory service pointing to an EKM replica, in the format `projects/*/locations/*/namespaces/*/services/*`.
	ServiceDirectoryService pulumi.StringInput `pulumi:"serviceDirectoryService"`
}

A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.

func (ServiceResolverArgs) ElementType added in v0.13.0 

func (ServiceResolverArgs) ElementType() reflect.Type

func (ServiceResolverArgs) ToServiceResolverOutput added in v0.13.0 

func (i ServiceResolverArgs) ToServiceResolverOutput() ServiceResolverOutput

func (ServiceResolverArgs) ToServiceResolverOutputWithContext added in v0.13.0 

func (i ServiceResolverArgs) ToServiceResolverOutputWithContext(ctx context.Context) ServiceResolverOutput

type ServiceResolverArray added in v0.13.0 

type ServiceResolverArray []ServiceResolverInput

func (ServiceResolverArray) ElementType added in v0.13.0 

func (ServiceResolverArray) ElementType() reflect.Type

func (ServiceResolverArray) ToServiceResolverArrayOutput added in v0.13.0 

func (i ServiceResolverArray) ToServiceResolverArrayOutput() ServiceResolverArrayOutput

func (ServiceResolverArray) ToServiceResolverArrayOutputWithContext added in v0.13.0 

func (i ServiceResolverArray) ToServiceResolverArrayOutputWithContext(ctx context.Context) ServiceResolverArrayOutput

type ServiceResolverArrayInput added in v0.13.0 

type ServiceResolverArrayInput interface {
	pulumi.Input

	ToServiceResolverArrayOutput() ServiceResolverArrayOutput
	ToServiceResolverArrayOutputWithContext(context.Context) ServiceResolverArrayOutput
}

ServiceResolverArrayInput is an input type that accepts ServiceResolverArray and ServiceResolverArrayOutput values. You can construct a concrete instance of `ServiceResolverArrayInput` via: 

ServiceResolverArray{ ServiceResolverArgs{...} }

type ServiceResolverArrayOutput added in v0.13.0 

type ServiceResolverArrayOutput struct{ *pulumi.OutputState }

func (ServiceResolverArrayOutput) ElementType added in v0.13.0 

func (ServiceResolverArrayOutput) ElementType() reflect.Type

func (ServiceResolverArrayOutput) Index added in v0.13.0 

func (o ServiceResolverArrayOutput) Index(i pulumi.IntInput) ServiceResolverOutput

func (ServiceResolverArrayOutput) ToServiceResolverArrayOutput added in v0.13.0 

func (o ServiceResolverArrayOutput) ToServiceResolverArrayOutput() ServiceResolverArrayOutput

func (ServiceResolverArrayOutput) ToServiceResolverArrayOutputWithContext added in v0.13.0 

func (o ServiceResolverArrayOutput) ToServiceResolverArrayOutputWithContext(ctx context.Context) ServiceResolverArrayOutput

type ServiceResolverInput added in v0.13.0 

type ServiceResolverInput interface {
	pulumi.Input

	ToServiceResolverOutput() ServiceResolverOutput
	ToServiceResolverOutputWithContext(context.Context) ServiceResolverOutput
}

ServiceResolverInput is an input type that accepts ServiceResolverArgs and ServiceResolverOutput values. You can construct a concrete instance of `ServiceResolverInput` via: 

ServiceResolverArgs{...}

type ServiceResolverOutput added in v0.13.0 

type ServiceResolverOutput struct{ *pulumi.OutputState }

A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.

func (ServiceResolverOutput) ElementType added in v0.13.0 

func (ServiceResolverOutput) ElementType() reflect.Type

func (ServiceResolverOutput) EndpointFilter added in v0.13.0 

func (o ServiceResolverOutput) EndpointFilter() pulumi.StringPtrOutput

Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.

func (ServiceResolverOutput) Hostname added in v0.13.0 

func (o ServiceResolverOutput) Hostname() pulumi.StringOutput

The hostname of the EKM replica used at TLS and HTTP layers.

func (ServiceResolverOutput) ServerCertificates added in v0.13.0 

func (o ServiceResolverOutput) ServerCertificates() CertificateArrayOutput

A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported.

func (ServiceResolverOutput) ServiceDirectoryService added in v0.13.0 

func (o ServiceResolverOutput) ServiceDirectoryService() pulumi.StringOutput

The resource name of the Service Directory service pointing to an EKM replica, in the format `projects/*/locations/*/namespaces/*/services/*`.

func (ServiceResolverOutput) ToServiceResolverOutput added in v0.13.0 

func (o ServiceResolverOutput) ToServiceResolverOutput() ServiceResolverOutput

func (ServiceResolverOutput) ToServiceResolverOutputWithContext added in v0.13.0 

func (o ServiceResolverOutput) ToServiceResolverOutputWithContext(ctx context.Context) ServiceResolverOutput

type ServiceResolverResponse added in v0.13.0 

type ServiceResolverResponse struct {
	// Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
	EndpointFilter string `pulumi:"endpointFilter"`
	// The hostname of the EKM replica used at TLS and HTTP layers.
	Hostname string `pulumi:"hostname"`
	// A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported.
	ServerCertificates []CertificateResponse `pulumi:"serverCertificates"`
	// The resource name of the Service Directory service pointing to an EKM replica, in the format `projects/*/locations/*/namespaces/*/services/*`.
	ServiceDirectoryService string `pulumi:"serviceDirectoryService"`
}

A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.

type ServiceResolverResponseArrayOutput added in v0.13.0 

type ServiceResolverResponseArrayOutput struct{ *pulumi.OutputState }

func (ServiceResolverResponseArrayOutput) ElementType added in v0.13.0 

func (ServiceResolverResponseArrayOutput) ElementType() reflect.Type

func (ServiceResolverResponseArrayOutput) Index added in v0.13.0 

func (o ServiceResolverResponseArrayOutput) Index(i pulumi.IntInput) ServiceResolverResponseOutput

func (ServiceResolverResponseArrayOutput) ToServiceResolverResponseArrayOutput added in v0.13.0 

func (o ServiceResolverResponseArrayOutput) ToServiceResolverResponseArrayOutput() ServiceResolverResponseArrayOutput

func (ServiceResolverResponseArrayOutput) ToServiceResolverResponseArrayOutputWithContext added in v0.13.0 

func (o ServiceResolverResponseArrayOutput) ToServiceResolverResponseArrayOutputWithContext(ctx context.Context) ServiceResolverResponseArrayOutput

type ServiceResolverResponseOutput added in v0.13.0 

type ServiceResolverResponseOutput struct{ *pulumi.OutputState }

A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.

func (ServiceResolverResponseOutput) ElementType added in v0.13.0 

func (ServiceResolverResponseOutput) ElementType() reflect.Type

func (ServiceResolverResponseOutput) EndpointFilter added in v0.13.0 

func (o ServiceResolverResponseOutput) EndpointFilter() pulumi.StringOutput

Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.

func (ServiceResolverResponseOutput) Hostname added in v0.13.0 

func (o ServiceResolverResponseOutput) Hostname() pulumi.StringOutput

The hostname of the EKM replica used at TLS and HTTP layers.

func (ServiceResolverResponseOutput) ServerCertificates added in v0.13.0 

func (o ServiceResolverResponseOutput) ServerCertificates() CertificateResponseArrayOutput

A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported.

func (ServiceResolverResponseOutput) ServiceDirectoryService added in v0.13.0 

func (o ServiceResolverResponseOutput) ServiceDirectoryService() pulumi.StringOutput

The resource name of the Service Directory service pointing to an EKM replica, in the format `projects/*/locations/*/namespaces/*/services/*`.

func (ServiceResolverResponseOutput) ToServiceResolverResponseOutput added in v0.13.0 

func (o ServiceResolverResponseOutput) ToServiceResolverResponseOutput() ServiceResolverResponseOutput

func (ServiceResolverResponseOutput) ToServiceResolverResponseOutputWithContext added in v0.13.0 

func (o ServiceResolverResponseOutput) ToServiceResolverResponseOutputWithContext(ctx context.Context) ServiceResolverResponseOutput

type WrappingPublicKeyResponse 

type WrappingPublicKeyResponse struct {
	// The public key, encoded in PEM format. For more information, see the [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13).
	Pem string `pulumi:"pem"`
}

The public key component of the wrapping key. For details of the type of key this public key corresponds to, see the ImportMethod.

type WrappingPublicKeyResponseOutput 

type WrappingPublicKeyResponseOutput struct{ *pulumi.OutputState }

The public key component of the wrapping key. For details of the type of key this public key corresponds to, see the ImportMethod.

func (WrappingPublicKeyResponseOutput) ElementType 

func (WrappingPublicKeyResponseOutput) ElementType() reflect.Type

func (WrappingPublicKeyResponseOutput) Pem 

func (o WrappingPublicKeyResponseOutput) Pem() pulumi.StringOutput

The public key, encoded in PEM format. For more information, see the [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13).

func (WrappingPublicKeyResponseOutput) ToWrappingPublicKeyResponseOutput 

func (o WrappingPublicKeyResponseOutput) ToWrappingPublicKeyResponseOutput() WrappingPublicKeyResponseOutput

func (WrappingPublicKeyResponseOutput) ToWrappingPublicKeyResponseOutputWithContext 

func (o WrappingPublicKeyResponseOutput) ToWrappingPublicKeyResponseOutputWithContext(ctx context.Context) WrappingPublicKeyResponseOutput

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.