com.pulumi.azure.keyvault.kotlin.AccessPolicyArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-azure-kotlin Show documentation
Show all versions of pulumi-azure-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.azure.keyvault.kotlin
import com.pulumi.azure.keyvault.AccessPolicyArgs.builder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import kotlin.String
import kotlin.Suppress
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Manages a Key Vault Access Policy.
* > **NOTE:** It's possible to define Key Vault Access Policies both within the `azure.keyvault.KeyVault` resource via the `access_policy` block and by using the `azure.keyvault.AccessPolicy` resource. However it's not possible to use both methods to manage Access Policies within a KeyVault, since there'll be conflicts.
* > **NOTE:** Azure permits a maximum of 1024 Access Policies per Key Vault - [more information can be found in this document](https://docs.microsoft.com/azure/key-vault/key-vault-secure-your-key-vault#data-plane-access-control).
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* import * as azuread from "@pulumi/azuread";
* const current = azure.core.getClientConfig({});
* const exampleResourceGroup = new azure.core.ResourceGroup("example", {
* name: "example-resources",
* location: "West Europe",
* });
* const exampleKeyVault = new azure.keyvault.KeyVault("example", {
* name: "examplekeyvault",
* location: exampleResourceGroup.location,
* resourceGroupName: exampleResourceGroup.name,
* tenantId: current.then(current => current.tenantId),
* skuName: "premium",
* });
* const exampleAccessPolicy = new azure.keyvault.AccessPolicy("example", {
* keyVaultId: exampleKeyVault.id,
* tenantId: current.then(current => current.tenantId),
* objectId: current.then(current => current.objectId),
* keyPermissions: ["Get"],
* secretPermissions: ["Get"],
* });
* const example = azuread.getServicePrincipal({
* displayName: "example-app",
* });
* const example_principal = new azure.keyvault.AccessPolicy("example-principal", {
* keyVaultId: exampleKeyVault.id,
* tenantId: current.then(current => current.tenantId),
* objectId: example.then(example => example.objectId),
* keyPermissions: [
* "Get",
* "List",
* "Encrypt",
* "Decrypt",
* ],
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* import pulumi_azuread as azuread
* current = azure.core.get_client_config()
* example_resource_group = azure.core.ResourceGroup("example",
* name="example-resources",
* location="West Europe")
* example_key_vault = azure.keyvault.KeyVault("example",
* name="examplekeyvault",
* location=example_resource_group.location,
* resource_group_name=example_resource_group.name,
* tenant_id=current.tenant_id,
* sku_name="premium")
* example_access_policy = azure.keyvault.AccessPolicy("example",
* key_vault_id=example_key_vault.id,
* tenant_id=current.tenant_id,
* object_id=current.object_id,
* key_permissions=["Get"],
* secret_permissions=["Get"])
* example = azuread.get_service_principal(display_name="example-app")
* example_principal = azure.keyvault.AccessPolicy("example-principal",
* key_vault_id=example_key_vault.id,
* tenant_id=current.tenant_id,
* object_id=example.object_id,
* key_permissions=[
* "Get",
* "List",
* "Encrypt",
* "Decrypt",
* ])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* using AzureAD = Pulumi.AzureAD;
* return await Deployment.RunAsync(() =>
* {
* var current = Azure.Core.GetClientConfig.Invoke();
* var exampleResourceGroup = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "example-resources",
* Location = "West Europe",
* });
* var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
* {
* Name = "examplekeyvault",
* Location = exampleResourceGroup.Location,
* ResourceGroupName = exampleResourceGroup.Name,
* TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
* SkuName = "premium",
* });
* var exampleAccessPolicy = new Azure.KeyVault.AccessPolicy("example", new()
* {
* KeyVaultId = exampleKeyVault.Id,
* TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
* ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
* KeyPermissions = new[]
* {
* "Get",
* },
* SecretPermissions = new[]
* {
* "Get",
* },
* });
* var example = AzureAD.GetServicePrincipal.Invoke(new()
* {
* DisplayName = "example-app",
* });
* var example_principal = new Azure.KeyVault.AccessPolicy("example-principal", new()
* {
* KeyVaultId = exampleKeyVault.Id,
* TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
* ObjectId = example.Apply(getServicePrincipalResult => getServicePrincipalResult.ObjectId),
* KeyPermissions = new[]
* {
* "Get",
* "List",
* "Encrypt",
* "Decrypt",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
* "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* current, err := core.GetClientConfig(ctx, nil, nil)
* if err != nil {
* return err
* }
* exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("example-resources"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
* Name: pulumi.String("examplekeyvault"),
* Location: exampleResourceGroup.Location,
* ResourceGroupName: exampleResourceGroup.Name,
* TenantId: pulumi.String(current.TenantId),
* SkuName: pulumi.String("premium"),
* })
* if err != nil {
* return err
* }
* _, err = keyvault.NewAccessPolicy(ctx, "example", &keyvault.AccessPolicyArgs{
* KeyVaultId: exampleKeyVault.ID(),
* TenantId: pulumi.String(current.TenantId),
* ObjectId: pulumi.String(current.ObjectId),
* KeyPermissions: pulumi.StringArray{
* pulumi.String("Get"),
* },
* SecretPermissions: pulumi.StringArray{
* pulumi.String("Get"),
* },
* })
* if err != nil {
* return err
* }
* example, err := azuread.LookupServicePrincipal(ctx, &azuread.LookupServicePrincipalArgs{
* DisplayName: pulumi.StringRef("example-app"),
* }, nil)
* if err != nil {
* return err
* }
* _, err = keyvault.NewAccessPolicy(ctx, "example-principal", &keyvault.AccessPolicyArgs{
* KeyVaultId: exampleKeyVault.ID(),
* TenantId: pulumi.String(current.TenantId),
* ObjectId: pulumi.String(example.ObjectId),
* KeyPermissions: pulumi.StringArray{
* pulumi.String("Get"),
* pulumi.String("List"),
* pulumi.String("Encrypt"),
* pulumi.String("Decrypt"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.CoreFunctions;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.keyvault.KeyVault;
* import com.pulumi.azure.keyvault.KeyVaultArgs;
* import com.pulumi.azure.keyvault.AccessPolicy;
* import com.pulumi.azure.keyvault.AccessPolicyArgs;
* import com.pulumi.azuread.AzureadFunctions;
* import com.pulumi.azuread.inputs.GetServicePrincipalArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var current = CoreFunctions.getClientConfig();
* var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
* .name("example-resources")
* .location("West Europe")
* .build());
* var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
* .name("examplekeyvault")
* .location(exampleResourceGroup.location())
* .resourceGroupName(exampleResourceGroup.name())
* .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
* .skuName("premium")
* .build());
* var exampleAccessPolicy = new AccessPolicy("exampleAccessPolicy", AccessPolicyArgs.builder()
* .keyVaultId(exampleKeyVault.id())
* .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
* .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
* .keyPermissions("Get")
* .secretPermissions("Get")
* .build());
* final var example = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()
* .displayName("example-app")
* .build());
* var example_principal = new AccessPolicy("example-principal", AccessPolicyArgs.builder()
* .keyVaultId(exampleKeyVault.id())
* .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
* .objectId(example.applyValue(getServicePrincipalResult -> getServicePrincipalResult.objectId()))
* .keyPermissions(
* "Get",
* "List",
* "Encrypt",
* "Decrypt")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* exampleResourceGroup:
* type: azure:core:ResourceGroup
* name: example
* properties:
* name: example-resources
* location: West Europe
* exampleKeyVault:
* type: azure:keyvault:KeyVault
* name: example
* properties:
* name: examplekeyvault
* location: ${exampleResourceGroup.location}
* resourceGroupName: ${exampleResourceGroup.name}
* tenantId: ${current.tenantId}
* skuName: premium
* exampleAccessPolicy:
* type: azure:keyvault:AccessPolicy
* name: example
* properties:
* keyVaultId: ${exampleKeyVault.id}
* tenantId: ${current.tenantId}
* objectId: ${current.objectId}
* keyPermissions:
* - Get
* secretPermissions:
* - Get
* example-principal:
* type: azure:keyvault:AccessPolicy
* properties:
* keyVaultId: ${exampleKeyVault.id}
* tenantId: ${current.tenantId}
* objectId: ${example.objectId}
* keyPermissions:
* - Get
* - List
* - Encrypt
* - Decrypt
* variables:
* current:
* fn::invoke:
* Function: azure:core:getClientConfig
* Arguments: {}
* example:
* fn::invoke:
* Function: azuread:getServicePrincipal
* Arguments:
* displayName: example-app
* ```
*
* ## Import
* Key Vault Access Policies can be imported using the Resource ID of the Key Vault, plus some additional metadata.
* If both an `object_id` and `application_id` are specified, then the Access Policy can be imported using the following code:
* ```sh
* $ pulumi import azure:keyvault/accessPolicy:AccessPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.KeyVault/vaults/test-vault/objectId/11111111-1111-1111-1111-111111111111/applicationId/22222222-2222-2222-2222-222222222222
* ```
* where `11111111-1111-1111-1111-111111111111` is the `object_id` and `22222222-2222-2222-2222-222222222222` is the `application_id`.
* ---
* Access Policies with an `object_id` but no `application_id` can be imported using the following command:
* ```sh
* $ pulumi import azure:keyvault/accessPolicy:AccessPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.KeyVault/vaults/test-vault/objectId/11111111-1111-1111-1111-111111111111
* ```
* where `11111111-1111-1111-1111-111111111111` is the `object_id`.
* @property applicationId The object ID of an Application in Azure Active Directory. Changing this forces a new resource to be created.
* @property certificatePermissions List of certificate permissions, must be one or more from the following: `Backup`, `Create`, `Delete`, `DeleteIssuers`, `Get`, `GetIssuers`, `Import`, `List`, `ListIssuers`, `ManageContacts`, `ManageIssuers`, `Purge`, `Recover`, `Restore`, `SetIssuers` and `Update`.
* @property keyPermissions List of key permissions, must be one or more from the following: `Backup`, `Create`, `Decrypt`, `Delete`, `Encrypt`, `Get`, `Import`, `List`, `Purge`, `Recover`, `Restore`, `Sign`, `UnwrapKey`, `Update`, `Verify`, `WrapKey`, `Release`, `Rotate`, `GetRotationPolicy` and `SetRotationPolicy`.
* @property keyVaultId Specifies the id of the Key Vault resource. Changing this forces a new resource to be created.
* @property objectId The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID of a service principal can be fetched from `azuread_service_principal.object_id`. The object ID must be unique for the list of access policies. Changing this forces a new resource to be created.
* @property secretPermissions List of secret permissions, must be one or more from the following: `Backup`, `Delete`, `Get`, `List`, `Purge`, `Recover`, `Restore` and `Set`.
* @property storagePermissions List of storage permissions, must be one or more from the following: `Backup`, `Delete`, `DeleteSAS`, `Get`, `GetSAS`, `List`, `ListSAS`, `Purge`, `Recover`, `RegenerateKey`, `Restore`, `Set`, `SetSAS` and `Update`.
* @property tenantId The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Changing this forces a new resource to be created.
*/
public data class AccessPolicyArgs(
public val applicationId: Output? = null,
public val certificatePermissions: Output>? = null,
public val keyPermissions: Output>? = null,
public val keyVaultId: Output? = null,
public val objectId: Output? = null,
public val secretPermissions: Output>? = null,
public val storagePermissions: Output>? = null,
public val tenantId: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.azure.keyvault.AccessPolicyArgs =
com.pulumi.azure.keyvault.AccessPolicyArgs.builder()
.applicationId(applicationId?.applyValue({ args0 -> args0 }))
.certificatePermissions(
certificatePermissions?.applyValue({ args0 ->
args0.map({ args0 ->
args0
})
}),
)
.keyPermissions(keyPermissions?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.keyVaultId(keyVaultId?.applyValue({ args0 -> args0 }))
.objectId(objectId?.applyValue({ args0 -> args0 }))
.secretPermissions(secretPermissions?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.storagePermissions(storagePermissions?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.tenantId(tenantId?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [AccessPolicyArgs].
*/
@PulumiTagMarker
public class AccessPolicyArgsBuilder internal constructor() {
private var applicationId: Output? = null
private var certificatePermissions: Output>? = null
private var keyPermissions: Output>? = null
private var keyVaultId: Output? = null
private var objectId: Output? = null
private var secretPermissions: Output>? = null
private var storagePermissions: Output>? = null
private var tenantId: Output? = null
/**
* @param value The object ID of an Application in Azure Active Directory. Changing this forces a new resource to be created.
*/
@JvmName("qtfxqvwrgupsxuuy")
public suspend fun applicationId(`value`: Output) {
this.applicationId = value
}
/**
* @param value List of certificate permissions, must be one or more from the following: `Backup`, `Create`, `Delete`, `DeleteIssuers`, `Get`, `GetIssuers`, `Import`, `List`, `ListIssuers`, `ManageContacts`, `ManageIssuers`, `Purge`, `Recover`, `Restore`, `SetIssuers` and `Update`.
*/
@JvmName("iqqcytwjrpqxafdg")
public suspend fun certificatePermissions(`value`: Output>) {
this.certificatePermissions = value
}
@JvmName("gngvuqtjeumuebty")
public suspend fun certificatePermissions(vararg values: Output) {
this.certificatePermissions = Output.all(values.asList())
}
/**
* @param values List of certificate permissions, must be one or more from the following: `Backup`, `Create`, `Delete`, `DeleteIssuers`, `Get`, `GetIssuers`, `Import`, `List`, `ListIssuers`, `ManageContacts`, `ManageIssuers`, `Purge`, `Recover`, `Restore`, `SetIssuers` and `Update`.
*/
@JvmName("qjffxakkaorwjvyn")
public suspend fun certificatePermissions(values: List>) {
this.certificatePermissions = Output.all(values)
}
/**
* @param value List of key permissions, must be one or more from the following: `Backup`, `Create`, `Decrypt`, `Delete`, `Encrypt`, `Get`, `Import`, `List`, `Purge`, `Recover`, `Restore`, `Sign`, `UnwrapKey`, `Update`, `Verify`, `WrapKey`, `Release`, `Rotate`, `GetRotationPolicy` and `SetRotationPolicy`.
*/
@JvmName("njxdcbmbiubnggjr")
public suspend fun keyPermissions(`value`: Output>) {
this.keyPermissions = value
}
@JvmName("agjgyjibodedtmxp")
public suspend fun keyPermissions(vararg values: Output) {
this.keyPermissions = Output.all(values.asList())
}
/**
* @param values List of key permissions, must be one or more from the following: `Backup`, `Create`, `Decrypt`, `Delete`, `Encrypt`, `Get`, `Import`, `List`, `Purge`, `Recover`, `Restore`, `Sign`, `UnwrapKey`, `Update`, `Verify`, `WrapKey`, `Release`, `Rotate`, `GetRotationPolicy` and `SetRotationPolicy`.
*/
@JvmName("fvuyfwrwmgjosfms")
public suspend fun keyPermissions(values: List>) {
this.keyPermissions = Output.all(values)
}
/**
* @param value Specifies the id of the Key Vault resource. Changing this forces a new resource to be created.
*/
@JvmName("axdslvmkxkrwumnf")
public suspend fun keyVaultId(`value`: Output) {
this.keyVaultId = value
}
/**
* @param value The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID of a service principal can be fetched from `azuread_service_principal.object_id`. The object ID must be unique for the list of access policies. Changing this forces a new resource to be created.
*/
@JvmName("hluporxtjvdpvqnn")
public suspend fun objectId(`value`: Output) {
this.objectId = value
}
/**
* @param value List of secret permissions, must be one or more from the following: `Backup`, `Delete`, `Get`, `List`, `Purge`, `Recover`, `Restore` and `Set`.
*/
@JvmName("buywhgqduvkhxovc")
public suspend fun secretPermissions(`value`: Output>) {
this.secretPermissions = value
}
@JvmName("imxdlsiymsvcbhpe")
public suspend fun secretPermissions(vararg values: Output) {
this.secretPermissions = Output.all(values.asList())
}
/**
* @param values List of secret permissions, must be one or more from the following: `Backup`, `Delete`, `Get`, `List`, `Purge`, `Recover`, `Restore` and `Set`.
*/
@JvmName("oqmjmhesffyrxywy")
public suspend fun secretPermissions(values: List>) {
this.secretPermissions = Output.all(values)
}
/**
* @param value List of storage permissions, must be one or more from the following: `Backup`, `Delete`, `DeleteSAS`, `Get`, `GetSAS`, `List`, `ListSAS`, `Purge`, `Recover`, `RegenerateKey`, `Restore`, `Set`, `SetSAS` and `Update`.
*/
@JvmName("oyfaccilwjpowfpa")
public suspend fun storagePermissions(`value`: Output>) {
this.storagePermissions = value
}
@JvmName("liropftisvetgnxl")
public suspend fun storagePermissions(vararg values: Output) {
this.storagePermissions = Output.all(values.asList())
}
/**
* @param values List of storage permissions, must be one or more from the following: `Backup`, `Delete`, `DeleteSAS`, `Get`, `GetSAS`, `List`, `ListSAS`, `Purge`, `Recover`, `RegenerateKey`, `Restore`, `Set`, `SetSAS` and `Update`.
*/
@JvmName("jwrotcpmfppgrhlm")
public suspend fun storagePermissions(values: List>) {
this.storagePermissions = Output.all(values)
}
/**
* @param value The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Changing this forces a new resource to be created.
*/
@JvmName("itgcrscxdvimtlvp")
public suspend fun tenantId(`value`: Output) {
this.tenantId = value
}
/**
* @param value The object ID of an Application in Azure Active Directory. Changing this forces a new resource to be created.
*/
@JvmName("kkopjqukllamckwl")
public suspend fun applicationId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.applicationId = mapped
}
/**
* @param value List of certificate permissions, must be one or more from the following: `Backup`, `Create`, `Delete`, `DeleteIssuers`, `Get`, `GetIssuers`, `Import`, `List`, `ListIssuers`, `ManageContacts`, `ManageIssuers`, `Purge`, `Recover`, `Restore`, `SetIssuers` and `Update`.
*/
@JvmName("krawicnrpyurqatk")
public suspend fun certificatePermissions(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.certificatePermissions = mapped
}
/**
* @param values List of certificate permissions, must be one or more from the following: `Backup`, `Create`, `Delete`, `DeleteIssuers`, `Get`, `GetIssuers`, `Import`, `List`, `ListIssuers`, `ManageContacts`, `ManageIssuers`, `Purge`, `Recover`, `Restore`, `SetIssuers` and `Update`.
*/
@JvmName("ecjaubarjhwimbcq")
public suspend fun certificatePermissions(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.certificatePermissions = mapped
}
/**
* @param value List of key permissions, must be one or more from the following: `Backup`, `Create`, `Decrypt`, `Delete`, `Encrypt`, `Get`, `Import`, `List`, `Purge`, `Recover`, `Restore`, `Sign`, `UnwrapKey`, `Update`, `Verify`, `WrapKey`, `Release`, `Rotate`, `GetRotationPolicy` and `SetRotationPolicy`.
*/
@JvmName("xhnqruqhpavbeofm")
public suspend fun keyPermissions(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.keyPermissions = mapped
}
/**
* @param values List of key permissions, must be one or more from the following: `Backup`, `Create`, `Decrypt`, `Delete`, `Encrypt`, `Get`, `Import`, `List`, `Purge`, `Recover`, `Restore`, `Sign`, `UnwrapKey`, `Update`, `Verify`, `WrapKey`, `Release`, `Rotate`, `GetRotationPolicy` and `SetRotationPolicy`.
*/
@JvmName("mxacjilobbxwocsq")
public suspend fun keyPermissions(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.keyPermissions = mapped
}
/**
* @param value Specifies the id of the Key Vault resource. Changing this forces a new resource to be created.
*/
@JvmName("avxyxdrkbcxewlnn")
public suspend fun keyVaultId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.keyVaultId = mapped
}
/**
* @param value The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID of a service principal can be fetched from `azuread_service_principal.object_id`. The object ID must be unique for the list of access policies. Changing this forces a new resource to be created.
*/
@JvmName("jhgtlhsiaaagkulj")
public suspend fun objectId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.objectId = mapped
}
/**
* @param value List of secret permissions, must be one or more from the following: `Backup`, `Delete`, `Get`, `List`, `Purge`, `Recover`, `Restore` and `Set`.
*/
@JvmName("sfwycqvoubckscyo")
public suspend fun secretPermissions(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.secretPermissions = mapped
}
/**
* @param values List of secret permissions, must be one or more from the following: `Backup`, `Delete`, `Get`, `List`, `Purge`, `Recover`, `Restore` and `Set`.
*/
@JvmName("xxcuvdxroabrqpml")
public suspend fun secretPermissions(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.secretPermissions = mapped
}
/**
* @param value List of storage permissions, must be one or more from the following: `Backup`, `Delete`, `DeleteSAS`, `Get`, `GetSAS`, `List`, `ListSAS`, `Purge`, `Recover`, `RegenerateKey`, `Restore`, `Set`, `SetSAS` and `Update`.
*/
@JvmName("jimdjfgeefjqxnft")
public suspend fun storagePermissions(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.storagePermissions = mapped
}
/**
* @param values List of storage permissions, must be one or more from the following: `Backup`, `Delete`, `DeleteSAS`, `Get`, `GetSAS`, `List`, `ListSAS`, `Purge`, `Recover`, `RegenerateKey`, `Restore`, `Set`, `SetSAS` and `Update`.
*/
@JvmName("miykeacapyowktve")
public suspend fun storagePermissions(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.storagePermissions = mapped
}
/**
* @param value The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Changing this forces a new resource to be created.
*/
@JvmName("fitkhimtokhfhksg")
public suspend fun tenantId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tenantId = mapped
}
internal fun build(): AccessPolicyArgs = AccessPolicyArgs(
applicationId = applicationId,
certificatePermissions = certificatePermissions,
keyPermissions = keyPermissions,
keyVaultId = keyVaultId,
objectId = objectId,
secretPermissions = secretPermissions,
storagePermissions = storagePermissions,
tenantId = tenantId,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy