com.pulumi.azurenative.keyvault.inputs.VaultPropertiesArgs Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of azure-native Show documentation
Show all versions of azure-native Show documentation
A native Pulumi package for creating and managing Azure resources.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.azurenative.keyvault.inputs;
import com.pulumi.azurenative.keyvault.enums.CreateMode;
import com.pulumi.azurenative.keyvault.enums.VaultProvisioningState;
import com.pulumi.azurenative.keyvault.inputs.AccessPolicyEntryArgs;
import com.pulumi.azurenative.keyvault.inputs.NetworkRuleSetArgs;
import com.pulumi.azurenative.keyvault.inputs.SkuArgs;
import com.pulumi.core.Either;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import com.pulumi.core.internal.Codegen;
import com.pulumi.exceptions.MissingRequiredPropertyException;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
/**
* Properties of the vault
*
*/
public final class VaultPropertiesArgs extends com.pulumi.resources.ResourceArgs {
public static final VaultPropertiesArgs Empty = new VaultPropertiesArgs();
/**
* An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
* These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
*
*/
@Import(name="accessPolicies")
private @Nullable Output> accessPolicies;
/**
* @return An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
* These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
*
*/
public Optional>> accessPolicies() {
return Optional.ofNullable(this.accessPolicies);
}
/**
* The vault's create mode to indicate whether the vault need to be recovered or not.
*
*/
@Import(name="createMode")
private @Nullable Output createMode;
/**
* @return The vault's create mode to indicate whether the vault need to be recovered or not.
*
*/
public Optional> createMode() {
return Optional.ofNullable(this.createMode);
}
/**
* Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
*
*/
@Import(name="enablePurgeProtection")
private @Nullable Output enablePurgeProtection;
/**
* @return Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
*
*/
public Optional> enablePurgeProtection() {
return Optional.ofNullable(this.enablePurgeProtection);
}
/**
* Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
*
*/
@Import(name="enableRbacAuthorization")
private @Nullable Output enableRbacAuthorization;
/**
* @return Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
*
*/
public Optional> enableRbacAuthorization() {
return Optional.ofNullable(this.enableRbacAuthorization);
}
/**
* Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
*
*/
@Import(name="enableSoftDelete")
private @Nullable Output enableSoftDelete;
/**
* @return Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
*
*/
public Optional> enableSoftDelete() {
return Optional.ofNullable(this.enableSoftDelete);
}
/**
* Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
*
*/
@Import(name="enabledForDeployment")
private @Nullable Output enabledForDeployment;
/**
* @return Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
*
*/
public Optional> enabledForDeployment() {
return Optional.ofNullable(this.enabledForDeployment);
}
/**
* Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
*
*/
@Import(name="enabledForDiskEncryption")
private @Nullable Output enabledForDiskEncryption;
/**
* @return Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
*
*/
public Optional> enabledForDiskEncryption() {
return Optional.ofNullable(this.enabledForDiskEncryption);
}
/**
* Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
*
*/
@Import(name="enabledForTemplateDeployment")
private @Nullable Output enabledForTemplateDeployment;
/**
* @return Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
*
*/
public Optional> enabledForTemplateDeployment() {
return Optional.ofNullable(this.enabledForTemplateDeployment);
}
/**
* Rules governing the accessibility of the key vault from specific network locations.
*
*/
@Import(name="networkAcls")
private @Nullable Output networkAcls;
/**
* @return Rules governing the accessibility of the key vault from specific network locations.
*
*/
public Optional> networkAcls() {
return Optional.ofNullable(this.networkAcls);
}
/**
* Provisioning state of the vault.
*
*/
@Import(name="provisioningState")
private @Nullable Output> provisioningState;
/**
* @return Provisioning state of the vault.
*
*/
public Optional>> provisioningState() {
return Optional.ofNullable(this.provisioningState);
}
/**
* Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
*
*/
@Import(name="publicNetworkAccess")
private @Nullable Output publicNetworkAccess;
/**
* @return Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
*
*/
public Optional> publicNetworkAccess() {
return Optional.ofNullable(this.publicNetworkAccess);
}
/**
* SKU details
*
*/
@Import(name="sku", required=true)
private Output sku;
/**
* @return SKU details
*
*/
public Output sku() {
return this.sku;
}
/**
* softDelete data retention days. It accepts >=7 and <=90.
*
*/
@Import(name="softDeleteRetentionInDays")
private @Nullable Output softDeleteRetentionInDays;
/**
* @return softDelete data retention days. It accepts >=7 and <=90.
*
*/
public Optional> softDeleteRetentionInDays() {
return Optional.ofNullable(this.softDeleteRetentionInDays);
}
/**
* The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
*
*/
@Import(name="tenantId", required=true)
private Output tenantId;
/**
* @return The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
*
*/
public Output tenantId() {
return this.tenantId;
}
/**
* The URI of the vault for performing operations on keys and secrets.
*
*/
@Import(name="vaultUri")
private @Nullable Output vaultUri;
/**
* @return The URI of the vault for performing operations on keys and secrets.
*
*/
public Optional> vaultUri() {
return Optional.ofNullable(this.vaultUri);
}
private VaultPropertiesArgs() {}
private VaultPropertiesArgs(VaultPropertiesArgs $) {
this.accessPolicies = $.accessPolicies;
this.createMode = $.createMode;
this.enablePurgeProtection = $.enablePurgeProtection;
this.enableRbacAuthorization = $.enableRbacAuthorization;
this.enableSoftDelete = $.enableSoftDelete;
this.enabledForDeployment = $.enabledForDeployment;
this.enabledForDiskEncryption = $.enabledForDiskEncryption;
this.enabledForTemplateDeployment = $.enabledForTemplateDeployment;
this.networkAcls = $.networkAcls;
this.provisioningState = $.provisioningState;
this.publicNetworkAccess = $.publicNetworkAccess;
this.sku = $.sku;
this.softDeleteRetentionInDays = $.softDeleteRetentionInDays;
this.tenantId = $.tenantId;
this.vaultUri = $.vaultUri;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(VaultPropertiesArgs defaults) {
return new Builder(defaults);
}
public static final class Builder {
private VaultPropertiesArgs $;
public Builder() {
$ = new VaultPropertiesArgs();
}
public Builder(VaultPropertiesArgs defaults) {
$ = new VaultPropertiesArgs(Objects.requireNonNull(defaults));
}
/**
* @param accessPolicies An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
* These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
*
* @return builder
*
*/
public Builder accessPolicies(@Nullable Output> accessPolicies) {
$.accessPolicies = accessPolicies;
return this;
}
/**
* @param accessPolicies An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
* These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
*
* @return builder
*
*/
public Builder accessPolicies(List accessPolicies) {
return accessPolicies(Output.of(accessPolicies));
}
/**
* @param accessPolicies An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When `createMode` is set to `recover`, access policies are not required. Otherwise, access policies are required.
* These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion.
*
* @return builder
*
*/
public Builder accessPolicies(AccessPolicyEntryArgs... accessPolicies) {
return accessPolicies(List.of(accessPolicies));
}
/**
* @param createMode The vault's create mode to indicate whether the vault need to be recovered or not.
*
* @return builder
*
*/
public Builder createMode(@Nullable Output createMode) {
$.createMode = createMode;
return this;
}
/**
* @param createMode The vault's create mode to indicate whether the vault need to be recovered or not.
*
* @return builder
*
*/
public Builder createMode(CreateMode createMode) {
return createMode(Output.of(createMode));
}
/**
* @param enablePurgeProtection Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
*
* @return builder
*
*/
public Builder enablePurgeProtection(@Nullable Output enablePurgeProtection) {
$.enablePurgeProtection = enablePurgeProtection;
return this;
}
/**
* @param enablePurgeProtection Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
*
* @return builder
*
*/
public Builder enablePurgeProtection(Boolean enablePurgeProtection) {
return enablePurgeProtection(Output.of(enablePurgeProtection));
}
/**
* @param enableRbacAuthorization Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
*
* @return builder
*
*/
public Builder enableRbacAuthorization(@Nullable Output enableRbacAuthorization) {
$.enableRbacAuthorization = enableRbacAuthorization;
return this;
}
/**
* @param enableRbacAuthorization Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
*
* @return builder
*
*/
public Builder enableRbacAuthorization(Boolean enableRbacAuthorization) {
return enableRbacAuthorization(Output.of(enableRbacAuthorization));
}
/**
* @param enableSoftDelete Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
*
* @return builder
*
*/
public Builder enableSoftDelete(@Nullable Output enableSoftDelete) {
$.enableSoftDelete = enableSoftDelete;
return this;
}
/**
* @param enableSoftDelete Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
*
* @return builder
*
*/
public Builder enableSoftDelete(Boolean enableSoftDelete) {
return enableSoftDelete(Output.of(enableSoftDelete));
}
/**
* @param enabledForDeployment Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
*
* @return builder
*
*/
public Builder enabledForDeployment(@Nullable Output enabledForDeployment) {
$.enabledForDeployment = enabledForDeployment;
return this;
}
/**
* @param enabledForDeployment Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
*
* @return builder
*
*/
public Builder enabledForDeployment(Boolean enabledForDeployment) {
return enabledForDeployment(Output.of(enabledForDeployment));
}
/**
* @param enabledForDiskEncryption Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
*
* @return builder
*
*/
public Builder enabledForDiskEncryption(@Nullable Output enabledForDiskEncryption) {
$.enabledForDiskEncryption = enabledForDiskEncryption;
return this;
}
/**
* @param enabledForDiskEncryption Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
*
* @return builder
*
*/
public Builder enabledForDiskEncryption(Boolean enabledForDiskEncryption) {
return enabledForDiskEncryption(Output.of(enabledForDiskEncryption));
}
/**
* @param enabledForTemplateDeployment Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
*
* @return builder
*
*/
public Builder enabledForTemplateDeployment(@Nullable Output enabledForTemplateDeployment) {
$.enabledForTemplateDeployment = enabledForTemplateDeployment;
return this;
}
/**
* @param enabledForTemplateDeployment Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
*
* @return builder
*
*/
public Builder enabledForTemplateDeployment(Boolean enabledForTemplateDeployment) {
return enabledForTemplateDeployment(Output.of(enabledForTemplateDeployment));
}
/**
* @param networkAcls Rules governing the accessibility of the key vault from specific network locations.
*
* @return builder
*
*/
public Builder networkAcls(@Nullable Output networkAcls) {
$.networkAcls = networkAcls;
return this;
}
/**
* @param networkAcls Rules governing the accessibility of the key vault from specific network locations.
*
* @return builder
*
*/
public Builder networkAcls(NetworkRuleSetArgs networkAcls) {
return networkAcls(Output.of(networkAcls));
}
/**
* @param provisioningState Provisioning state of the vault.
*
* @return builder
*
*/
public Builder provisioningState(@Nullable Output> provisioningState) {
$.provisioningState = provisioningState;
return this;
}
/**
* @param provisioningState Provisioning state of the vault.
*
* @return builder
*
*/
public Builder provisioningState(Either provisioningState) {
return provisioningState(Output.of(provisioningState));
}
/**
* @param provisioningState Provisioning state of the vault.
*
* @return builder
*
*/
public Builder provisioningState(String provisioningState) {
return provisioningState(Either.ofLeft(provisioningState));
}
/**
* @param provisioningState Provisioning state of the vault.
*
* @return builder
*
*/
public Builder provisioningState(VaultProvisioningState provisioningState) {
return provisioningState(Either.ofRight(provisioningState));
}
/**
* @param publicNetworkAccess Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
*
* @return builder
*
*/
public Builder publicNetworkAccess(@Nullable Output publicNetworkAccess) {
$.publicNetworkAccess = publicNetworkAccess;
return this;
}
/**
* @param publicNetworkAccess Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
*
* @return builder
*
*/
public Builder publicNetworkAccess(String publicNetworkAccess) {
return publicNetworkAccess(Output.of(publicNetworkAccess));
}
/**
* @param sku SKU details
*
* @return builder
*
*/
public Builder sku(Output sku) {
$.sku = sku;
return this;
}
/**
* @param sku SKU details
*
* @return builder
*
*/
public Builder sku(SkuArgs sku) {
return sku(Output.of(sku));
}
/**
* @param softDeleteRetentionInDays softDelete data retention days. It accepts >=7 and <=90.
*
* @return builder
*
*/
public Builder softDeleteRetentionInDays(@Nullable Output softDeleteRetentionInDays) {
$.softDeleteRetentionInDays = softDeleteRetentionInDays;
return this;
}
/**
* @param softDeleteRetentionInDays softDelete data retention days. It accepts >=7 and <=90.
*
* @return builder
*
*/
public Builder softDeleteRetentionInDays(Integer softDeleteRetentionInDays) {
return softDeleteRetentionInDays(Output.of(softDeleteRetentionInDays));
}
/**
* @param tenantId The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
*
* @return builder
*
*/
public Builder tenantId(Output tenantId) {
$.tenantId = tenantId;
return this;
}
/**
* @param tenantId The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
*
* @return builder
*
*/
public Builder tenantId(String tenantId) {
return tenantId(Output.of(tenantId));
}
/**
* @param vaultUri The URI of the vault for performing operations on keys and secrets.
*
* @return builder
*
*/
public Builder vaultUri(@Nullable Output vaultUri) {
$.vaultUri = vaultUri;
return this;
}
/**
* @param vaultUri The URI of the vault for performing operations on keys and secrets.
*
* @return builder
*
*/
public Builder vaultUri(String vaultUri) {
return vaultUri(Output.of(vaultUri));
}
public VaultPropertiesArgs build() {
$.enableRbacAuthorization = Codegen.booleanProp("enableRbacAuthorization").output().arg($.enableRbacAuthorization).def(false).getNullable();
$.enableSoftDelete = Codegen.booleanProp("enableSoftDelete").output().arg($.enableSoftDelete).def(true).getNullable();
$.publicNetworkAccess = Codegen.stringProp("publicNetworkAccess").output().arg($.publicNetworkAccess).def("enabled").getNullable();
if ($.sku == null) {
throw new MissingRequiredPropertyException("VaultPropertiesArgs", "sku");
}
$.softDeleteRetentionInDays = Codegen.integerProp("softDeleteRetentionInDays").output().arg($.softDeleteRetentionInDays).def(90).getNullable();
if ($.tenantId == null) {
throw new MissingRequiredPropertyException("VaultPropertiesArgs", "tenantId");
}
return $;
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy