com.pulumi.aws.kms.kotlin.GrantArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-aws-kotlin Show documentation
Show all versions of pulumi-aws-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.aws.kms.kotlin
import com.pulumi.aws.kms.GrantArgs.builder
import com.pulumi.aws.kms.kotlin.inputs.GrantConstraintArgs
import com.pulumi.aws.kms.kotlin.inputs.GrantConstraintArgsBuilder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Provides a resource-based access control mechanism for a KMS customer master key.
* > **Note:** All arguments including the grant token will be stored in the raw state as plain-text.
* ## Import
* Using `pulumi import`, import KMS Grants using the Key ID and Grant ID separated by a colon (`:`). For example:
* ```sh
* $ pulumi import aws:kms/grant:Grant test 1234abcd-12ab-34cd-56ef-1234567890ab:abcde1237f76e4ba7987489ac329fbfba6ad343d6f7075dbd1ef191f0120514
* ```
* @property constraints A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
* @property grantCreationTokens A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
* @property granteePrincipal The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
* @property keyId The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
* @property name A friendly name for identifying the grant.
* @property operations A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`.
* @property retireOnDelete If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
* See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
* @property retiringPrincipal The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
*/
public data class GrantArgs(
public val constraints: Output>? = null,
public val grantCreationTokens: Output>? = null,
public val granteePrincipal: Output? = null,
public val keyId: Output? = null,
public val name: Output? = null,
public val operations: Output>? = null,
public val retireOnDelete: Output? = null,
public val retiringPrincipal: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.aws.kms.GrantArgs = com.pulumi.aws.kms.GrantArgs.builder()
.constraints(
constraints?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.grantCreationTokens(grantCreationTokens?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.granteePrincipal(granteePrincipal?.applyValue({ args0 -> args0 }))
.keyId(keyId?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.operations(operations?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.retireOnDelete(retireOnDelete?.applyValue({ args0 -> args0 }))
.retiringPrincipal(retiringPrincipal?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [GrantArgs].
*/
@PulumiTagMarker
public class GrantArgsBuilder internal constructor() {
private var constraints: Output>? = null
private var grantCreationTokens: Output>? = null
private var granteePrincipal: Output? = null
private var keyId: Output? = null
private var name: Output? = null
private var operations: Output>? = null
private var retireOnDelete: Output? = null
private var retiringPrincipal: Output? = null
/**
* @param value A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
*/
@JvmName("mdaqwluefpmcumiv")
public suspend fun constraints(`value`: Output>) {
this.constraints = value
}
@JvmName("lnclvurwauldmdfx")
public suspend fun constraints(vararg values: Output) {
this.constraints = Output.all(values.asList())
}
/**
* @param values A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
*/
@JvmName("oubopybryatovygt")
public suspend fun constraints(values: List>) {
this.constraints = Output.all(values)
}
/**
* @param value A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
*/
@JvmName("ltpipxgmngftnfam")
public suspend fun grantCreationTokens(`value`: Output>) {
this.grantCreationTokens = value
}
@JvmName("bjsafswvqnkycesv")
public suspend fun grantCreationTokens(vararg values: Output) {
this.grantCreationTokens = Output.all(values.asList())
}
/**
* @param values A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
*/
@JvmName("vcufvhqnptcnaofs")
public suspend fun grantCreationTokens(values: List>) {
this.grantCreationTokens = Output.all(values)
}
/**
* @param value The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
*/
@JvmName("xoakoamgkkqcugvu")
public suspend fun granteePrincipal(`value`: Output) {
this.granteePrincipal = value
}
/**
* @param value The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
*/
@JvmName("ypaxtqufkqgxkerk")
public suspend fun keyId(`value`: Output) {
this.keyId = value
}
/**
* @param value A friendly name for identifying the grant.
*/
@JvmName("jpoepvmxhrkoeqws")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`.
*/
@JvmName("cxibvkuloieoytvj")
public suspend fun operations(`value`: Output>) {
this.operations = value
}
@JvmName("omxiobayrdwuankb")
public suspend fun operations(vararg values: Output) {
this.operations = Output.all(values.asList())
}
/**
* @param values A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`.
*/
@JvmName("hgvlhrfewykthvgs")
public suspend fun operations(values: List>) {
this.operations = Output.all(values)
}
/**
* @param value If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
* See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
*/
@JvmName("bmgsqjlyugejhjvm")
public suspend fun retireOnDelete(`value`: Output) {
this.retireOnDelete = value
}
/**
* @param value The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
*/
@JvmName("rvouvacqvbxeeasl")
public suspend fun retiringPrincipal(`value`: Output) {
this.retiringPrincipal = value
}
/**
* @param value A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
*/
@JvmName("myxakgumwwyrflrk")
public suspend fun constraints(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.constraints = mapped
}
/**
* @param argument A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
*/
@JvmName("swtjjmmwxnxenqyw")
public suspend fun constraints(argument: List Unit>) {
val toBeMapped = argument.toList().map {
GrantConstraintArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.constraints = mapped
}
/**
* @param argument A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
*/
@JvmName("euxhonsswnrvxogi")
public suspend fun constraints(vararg argument: suspend GrantConstraintArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
GrantConstraintArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.constraints = mapped
}
/**
* @param argument A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
*/
@JvmName("kjdbisemjhkxortf")
public suspend fun constraints(argument: suspend GrantConstraintArgsBuilder.() -> Unit) {
val toBeMapped = listOf(GrantConstraintArgsBuilder().applySuspend { argument() }.build())
val mapped = of(toBeMapped)
this.constraints = mapped
}
/**
* @param values A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
*/
@JvmName("mhrcnkcpgtiejpoa")
public suspend fun constraints(vararg values: GrantConstraintArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.constraints = mapped
}
/**
* @param value A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
*/
@JvmName("xamnabflbelnvgqr")
public suspend fun grantCreationTokens(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.grantCreationTokens = mapped
}
/**
* @param values A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
*/
@JvmName("oojcpitvjsredfct")
public suspend fun grantCreationTokens(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.grantCreationTokens = mapped
}
/**
* @param value The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
*/
@JvmName("hlbfstnkpjeaaati")
public suspend fun granteePrincipal(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.granteePrincipal = mapped
}
/**
* @param value The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
*/
@JvmName("ggnjhvmnvsfxsxre")
public suspend fun keyId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.keyId = mapped
}
/**
* @param value A friendly name for identifying the grant.
*/
@JvmName("whyvftirmqykocyj")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`.
*/
@JvmName("fjpeoqamjdiooyfh")
public suspend fun operations(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.operations = mapped
}
/**
* @param values A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`.
*/
@JvmName("dlbudgdkbgtyrtov")
public suspend fun operations(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.operations = mapped
}
/**
* @param value If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
* See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
*/
@JvmName("xddbeucfyutrecne")
public suspend fun retireOnDelete(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.retireOnDelete = mapped
}
/**
* @param value The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
*/
@JvmName("pslfwebvfnmkfnen")
public suspend fun retiringPrincipal(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.retiringPrincipal = mapped
}
internal fun build(): GrantArgs = GrantArgs(
constraints = constraints,
grantCreationTokens = grantCreationTokens,
granteePrincipal = granteePrincipal,
keyId = keyId,
name = name,
operations = operations,
retireOnDelete = retireOnDelete,
retiringPrincipal = retiringPrincipal,
)
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy