com.pulumi.azure.storage.CustomerManagedKey Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of azure Show documentation
Show all versions of azure Show documentation
A Pulumi package for creating and managing Microsoft Azure cloud resources, based on the Terraform azurerm provider. We recommend using the [Azure Native provider](https://github.com/pulumi/pulumi-azure-native) to provision Azure infrastructure. Azure Native provides complete coverage of Azure resources and same-day access to new resources and resource updates.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.azure.storage;
import com.pulumi.azure.Utilities;
import com.pulumi.azure.storage.CustomerManagedKeyArgs;
import com.pulumi.azure.storage.inputs.CustomerManagedKeyState;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Export;
import com.pulumi.core.annotations.ResourceType;
import com.pulumi.core.internal.Codegen;
import java.lang.String;
import java.util.Optional;
import javax.annotation.Nullable;
/**
* Manages a Customer Managed Key for a Storage Account.
*
* > **NOTE:** It's possible to define a Customer Managed Key both within the `azure.storage.Account` resource via the `customer_managed_key` block and by using the `azure.storage.CustomerManagedKey` resource. However it's not possible to use both methods to manage a Customer Managed Key for a Storage Account, since there'll be conflicts.
*
* ## Example Usage
*
* <!--Start PulumiCodeChooser -->
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.CoreFunctions;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.keyvault.KeyVault;
* import com.pulumi.azure.keyvault.KeyVaultArgs;
* import com.pulumi.azure.storage.Account;
* import com.pulumi.azure.storage.AccountArgs;
* import com.pulumi.azure.storage.inputs.AccountIdentityArgs;
* import com.pulumi.azure.keyvault.AccessPolicy;
* import com.pulumi.azure.keyvault.AccessPolicyArgs;
* import com.pulumi.azure.keyvault.Key;
* import com.pulumi.azure.keyvault.KeyArgs;
* import com.pulumi.azure.storage.CustomerManagedKey;
* import com.pulumi.azure.storage.CustomerManagedKeyArgs;
* import com.pulumi.resources.CustomResourceOptions;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* final var current = CoreFunctions.getClientConfig();
*
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example-resources")
* .location("West Europe")
* .build());
*
* var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
* .name("examplekv")
* .location(example.location())
* .resourceGroupName(example.name())
* .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
* .skuName("standard")
* .purgeProtectionEnabled(true)
* .build());
*
* var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
* .name("examplestor")
* .resourceGroupName(example.name())
* .location(example.location())
* .accountTier("Standard")
* .accountReplicationType("GRS")
* .identity(AccountIdentityArgs.builder()
* .type("SystemAssigned")
* .build())
* .build());
*
* var storage = new AccessPolicy("storage", AccessPolicyArgs.builder()
* .keyVaultId(exampleKeyVault.id())
* .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
* .objectId(exampleAccount.identity().applyValue(identity -> identity.principalId()))
* .secretPermissions("Get")
* .keyPermissions(
* "Get",
* "UnwrapKey",
* "WrapKey")
* .build());
*
* var client = new AccessPolicy("client", AccessPolicyArgs.builder()
* .keyVaultId(exampleKeyVault.id())
* .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
* .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
* .secretPermissions("Get")
* .keyPermissions(
* "Get",
* "Create",
* "Delete",
* "List",
* "Restore",
* "Recover",
* "UnwrapKey",
* "WrapKey",
* "Purge",
* "Encrypt",
* "Decrypt",
* "Sign",
* "Verify",
* "GetRotationPolicy",
* "SetRotationPolicy")
* .build());
*
* var exampleKey = new Key("exampleKey", KeyArgs.builder()
* .name("tfex-key")
* .keyVaultId(exampleKeyVault.id())
* .keyType("RSA")
* .keySize(2048)
* .keyOpts(
* "decrypt",
* "encrypt",
* "sign",
* "unwrapKey",
* "verify",
* "wrapKey")
* .build(), CustomResourceOptions.builder()
* .dependsOn(
* client,
* storage)
* .build());
*
* var exampleCustomerManagedKey = new CustomerManagedKey("exampleCustomerManagedKey", CustomerManagedKeyArgs.builder()
* .storageAccountId(exampleAccount.id())
* .keyVaultId(exampleKeyVault.id())
* .keyName(exampleKey.name())
* .build());
*
* }
* }
* }
*
* <!--End PulumiCodeChooser -->
*
* ## Import
*
* Customer Managed Keys for a Storage Account can be imported using the `resource id` of the Storage Account, e.g.
*
* ```sh
* $ pulumi import azure:storage/customerManagedKey:CustomerManagedKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/myaccount
* ```
*
*/
@ResourceType(type="azure:storage/customerManagedKey:CustomerManagedKey")
public class CustomerManagedKey extends com.pulumi.resources.CustomResource {
/**
* The Client ID of the multi-tenant application to be used in conjunction with the user-assigned identity for cross-tenant customer-managed-keys server-side encryption on the storage account.
*
*/
@Export(name="federatedIdentityClientId", refs={String.class}, tree="[0]")
private Output federatedIdentityClientId;
/**
* @return The Client ID of the multi-tenant application to be used in conjunction with the user-assigned identity for cross-tenant customer-managed-keys server-side encryption on the storage account.
*
*/
public Output> federatedIdentityClientId() {
return Codegen.optional(this.federatedIdentityClientId);
}
/**
* The name of Key Vault Key.
*
*/
@Export(name="keyName", refs={String.class}, tree="[0]")
private Output keyName;
/**
* @return The name of Key Vault Key.
*
*/
public Output keyName() {
return this.keyName;
}
@Export(name="keyVaultId", refs={String.class}, tree="[0]")
private Output keyVaultId;
public Output> keyVaultId() {
return Codegen.optional(this.keyVaultId);
}
/**
* URI pointing at the Key Vault. Required when using `federated_identity_client_id`. Exactly one of `managed_hsm_key_id`, `key_vault_id`, or `key_vault_uri` must be specified.
*
*/
@Export(name="keyVaultUri", refs={String.class}, tree="[0]")
private Output keyVaultUri;
/**
* @return URI pointing at the Key Vault. Required when using `federated_identity_client_id`. Exactly one of `managed_hsm_key_id`, `key_vault_id`, or `key_vault_uri` must be specified.
*
*/
public Output keyVaultUri() {
return this.keyVaultUri;
}
/**
* The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
*
*/
@Export(name="keyVersion", refs={String.class}, tree="[0]")
private Output keyVersion;
/**
* @return The version of Key Vault Key. Remove or omit this argument to enable Automatic Key Rotation.
*
*/
public Output> keyVersion() {
return Codegen.optional(this.keyVersion);
}
/**
* Key ID of a key in a managed HSM. Exactly one of `managed_hsm_key_id`, `key_vault_id`, or `key_vault_uri` must be specified.
*
*/
@Export(name="managedHsmKeyId", refs={String.class}, tree="[0]")
private Output managedHsmKeyId;
/**
* @return Key ID of a key in a managed HSM. Exactly one of `managed_hsm_key_id`, `key_vault_id`, or `key_vault_uri` must be specified.
*
*/
public Output> managedHsmKeyId() {
return Codegen.optional(this.managedHsmKeyId);
}
/**
* The ID of the Storage Account. Changing this forces a new resource to be created.
*
*/
@Export(name="storageAccountId", refs={String.class}, tree="[0]")
private Output storageAccountId;
/**
* @return The ID of the Storage Account. Changing this forces a new resource to be created.
*
*/
public Output storageAccountId() {
return this.storageAccountId;
}
/**
* The ID of a user assigned identity.
*
*/
@Export(name="userAssignedIdentityId", refs={String.class}, tree="[0]")
private Output userAssignedIdentityId;
/**
* @return The ID of a user assigned identity.
*
*/
public Output> userAssignedIdentityId() {
return Codegen.optional(this.userAssignedIdentityId);
}
/**
*
* @param name The _unique_ name of the resulting resource.
*/
public CustomerManagedKey(java.lang.String name) {
this(name, CustomerManagedKeyArgs.Empty);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
*/
public CustomerManagedKey(java.lang.String name, CustomerManagedKeyArgs args) {
this(name, args, null);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
* @param options A bag of options that control this resource's behavior.
*/
public CustomerManagedKey(java.lang.String name, CustomerManagedKeyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure:storage/customerManagedKey:CustomerManagedKey", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
}
private CustomerManagedKey(java.lang.String name, Output id, @Nullable CustomerManagedKeyState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure:storage/customerManagedKey:CustomerManagedKey", name, state, makeResourceOptions(options, id), false);
}
private static CustomerManagedKeyArgs makeArgs(CustomerManagedKeyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
if (options != null && options.getUrn().isPresent()) {
return null;
}
return args == null ? CustomerManagedKeyArgs.Empty : args;
}
private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
.version(Utilities.getVersion())
.build();
return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
}
/**
* Get an existing Host resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state
* @param options Optional settings to control the behavior of the CustomResource.
*/
public static CustomerManagedKey get(java.lang.String name, Output id, @Nullable CustomerManagedKeyState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
return new CustomerManagedKey(name, id, state, options);
}
}