Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.azure.keyvault.kotlin
import com.pulumi.azure.keyvault.KeyVaultArgs.builder
import com.pulumi.azure.keyvault.kotlin.inputs.KeyVaultAccessPolicyArgs
import com.pulumi.azure.keyvault.kotlin.inputs.KeyVaultAccessPolicyArgsBuilder
import com.pulumi.azure.keyvault.kotlin.inputs.KeyVaultContactArgs
import com.pulumi.azure.keyvault.kotlin.inputs.KeyVaultContactArgsBuilder
import com.pulumi.azure.keyvault.kotlin.inputs.KeyVaultNetworkAclsArgs
import com.pulumi.azure.keyvault.kotlin.inputs.KeyVaultNetworkAclsArgsBuilder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Deprecated
import kotlin.Int
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* Manages a Key Vault.
* ## Disclaimers
* > **Note:** It's possible to define Key Vault Access Policies both within the `azure.keyvault.KeyVault` resource via the `access_policy` block and by using the `azure.keyvault.AccessPolicy` resource. However it's not possible to use both methods to manage Access Policies within a KeyVault, since there'll be conflicts.
* > **Note:** It's possible to define Key Vault Certificate Contacts both within the `azure.keyvault.KeyVault` resource via the `contact` block and by using the `azure.keyvault.CertificateContacts` resource. However it's not possible to use both methods to manage Certificate Contacts within a KeyVault, since there'll be conflicts.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const current = azure.core.getClientConfig({});
* const example = new azure.core.ResourceGroup("example", {
* name: "example-resources",
* location: "West Europe",
* });
* const exampleKeyVault = new azure.keyvault.KeyVault("example", {
* name: "examplekeyvault",
* location: example.location,
* resourceGroupName: example.name,
* enabledForDiskEncryption: true,
* tenantId: current.then(current => current.tenantId),
* softDeleteRetentionDays: 7,
* purgeProtectionEnabled: false,
* skuName: "standard",
* accessPolicies: [{
* tenantId: current.then(current => current.tenantId),
* objectId: current.then(current => current.objectId),
* keyPermissions: ["Get"],
* secretPermissions: ["Get"],
* storagePermissions: ["Get"],
* }],
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* current = azure.core.get_client_config()
* example = azure.core.ResourceGroup("example",
* name="example-resources",
* location="West Europe")
* example_key_vault = azure.keyvault.KeyVault("example",
* name="examplekeyvault",
* location=example.location,
* resource_group_name=example.name,
* enabled_for_disk_encryption=True,
* tenant_id=current.tenant_id,
* soft_delete_retention_days=7,
* purge_protection_enabled=False,
* sku_name="standard",
* access_policies=[{
* "tenant_id": current.tenant_id,
* "object_id": current.object_id,
* "key_permissions": ["Get"],
* "secret_permissions": ["Get"],
* "storage_permissions": ["Get"],
* }])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var current = Azure.Core.GetClientConfig.Invoke();
* var example = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "example-resources",
* Location = "West Europe",
* });
* var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
* {
* Name = "examplekeyvault",
* Location = example.Location,
* ResourceGroupName = example.Name,
* EnabledForDiskEncryption = true,
* TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
* SoftDeleteRetentionDays = 7,
* PurgeProtectionEnabled = false,
* SkuName = "standard",
* AccessPolicies = new[]
* {
* new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
* {
* TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
* ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
* KeyPermissions = new[]
* {
* "Get",
* },
* SecretPermissions = new[]
* {
* "Get",
* },
* StoragePermissions = new[]
* {
* "Get",
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* current, err := core.GetClientConfig(ctx, nil, nil)
* if err != nil {
* return err
* }
* example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("example-resources"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* _, err = keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
* Name: pulumi.String("examplekeyvault"),
* Location: example.Location,
* ResourceGroupName: example.Name,
* EnabledForDiskEncryption: pulumi.Bool(true),
* TenantId: pulumi.String(current.TenantId),
* SoftDeleteRetentionDays: pulumi.Int(7),
* PurgeProtectionEnabled: pulumi.Bool(false),
* SkuName: pulumi.String("standard"),
* AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
* &keyvault.KeyVaultAccessPolicyArgs{
* TenantId: pulumi.String(current.TenantId),
* ObjectId: pulumi.String(current.ObjectId),
* KeyPermissions: pulumi.StringArray{
* pulumi.String("Get"),
* },
* SecretPermissions: pulumi.StringArray{
* pulumi.String("Get"),
* },
* StoragePermissions: pulumi.StringArray{
* pulumi.String("Get"),
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.CoreFunctions;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.keyvault.KeyVault;
* import com.pulumi.azure.keyvault.KeyVaultArgs;
* import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var current = CoreFunctions.getClientConfig();
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example-resources")
* .location("West Europe")
* .build());
* var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
* .name("examplekeyvault")
* .location(example.location())
* .resourceGroupName(example.name())
* .enabledForDiskEncryption(true)
* .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
* .softDeleteRetentionDays(7)
* .purgeProtectionEnabled(false)
* .skuName("standard")
* .accessPolicies(KeyVaultAccessPolicyArgs.builder()
* .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
* .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
* .keyPermissions("Get")
* .secretPermissions("Get")
* .storagePermissions("Get")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: azure:core:ResourceGroup
* properties:
* name: example-resources
* location: West Europe
* exampleKeyVault:
* type: azure:keyvault:KeyVault
* name: example
* properties:
* name: examplekeyvault
* location: ${example.location}
* resourceGroupName: ${example.name}
* enabledForDiskEncryption: true
* tenantId: ${current.tenantId}
* softDeleteRetentionDays: 7
* purgeProtectionEnabled: false
* skuName: standard
* accessPolicies:
* - tenantId: ${current.tenantId}
* objectId: ${current.objectId}
* keyPermissions:
* - Get
* secretPermissions:
* - Get
* storagePermissions:
* - Get
* variables:
* current:
* fn::invoke:
* Function: azure:core:getClientConfig
* Arguments: {}
* ```
*
* ## Import
* Key Vault's can be imported using the `resource id`, e.g.
* ```sh
* $ pulumi import azure:keyvault/keyVault:KeyVault example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.KeyVault/vaults/vault1
* ```
* @property accessPolicies A list of up to 1024 objects describing access policies, as described below.
* > **NOTE** Since `access_policy` can be configured both inline and via the separate `azure.keyvault.AccessPolicy` resource, we have to explicitly set it to empty slice (`[]`) to remove it.
* @property contacts One or more `contact` block as defined below.
* > **Note:** This field can only be set once user has `managecontacts` certificate permission.
* > **Note:** This field can only be set when `public_network_access_enabled` is set to `true`. To manage the `contact` with `public_network_access_enabled` set to `false`, please use the `azure.keyvault.CertificateContacts` resource instead of this property, and remove this property from the configuration. Especially for existing `azure.keyvault.KeyVault`, this means you'll need to import the `azure.keyvault.CertificateContacts` manually.
* @property enableRbacAuthorization Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions.
* @property enabledForDeployment Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
* @property enabledForDiskEncryption Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
* @property enabledForTemplateDeployment Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
* @property location Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
* @property name Specifies the name of the Key Vault. Changing this forces a new resource to be created. The name must be globally unique. If the vault is in a recoverable state then the vault will need to be purged before reusing the name.
* @property networkAcls A `network_acls` block as defined below.
* @property publicNetworkAccessEnabled Whether public network access is allowed for this Key Vault. Defaults to `true`.
* @property purgeProtectionEnabled Is Purge Protection enabled for this Key Vault?
* !> **Note:** Once Purge Protection has been Enabled it's not possible to Disable it. Support for [disabling purge protection is being tracked in this Azure API issue](https://github.com/Azure/azure-rest-api-specs/issues/8075). Deleting the Key Vault with Purge Protection Enabled will schedule the Key Vault to be deleted (which will happen by Azure in the configured number of days, currently 90 days).
* @property resourceGroupName The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created.
* @property skuName The Name of the SKU used for this Key Vault. Possible values are `standard` and `premium`.
* @property softDeleteRetentionDays The number of days that items should be retained for once soft-deleted. This value can be between `7` and `90` (the default) days.
* > **Note:** This field can only be configured one time and cannot be updated.
*
* @property tags A mapping of tags to assign to the resource.
* @property tenantId The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
*/
public data class KeyVaultArgs(
public val accessPolicies: Output>? = null,
@Deprecated(
message = """
As the `contact` property requires reaching out to the dataplane, to better support private
endpoints and keyvaults with public network access disabled, new key vaults with the `contact`
field defined in the configuration file will now be required to use the
`azure.keyvault.CertificateContacts` resource instead of the exposed `contact` field in the
key vault resource itself.
""",
)
public val contacts: Output>? = null,
public val enableRbacAuthorization: Output? = null,
public val enabledForDeployment: Output? = null,
public val enabledForDiskEncryption: Output? = null,
public val enabledForTemplateDeployment: Output? = null,
public val location: Output? = null,
public val name: Output? = null,
public val networkAcls: Output? = null,
public val publicNetworkAccessEnabled: Output? = null,
public val purgeProtectionEnabled: Output? = null,
public val resourceGroupName: Output? = null,
public val skuName: Output? = null,
public val softDeleteRetentionDays: Output? = null,
public val tags: Output>? = null,
public val tenantId: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.azure.keyvault.KeyVaultArgs =
com.pulumi.azure.keyvault.KeyVaultArgs.builder()
.accessPolicies(
accessPolicies?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.contacts(
contacts?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.enableRbacAuthorization(enableRbacAuthorization?.applyValue({ args0 -> args0 }))
.enabledForDeployment(enabledForDeployment?.applyValue({ args0 -> args0 }))
.enabledForDiskEncryption(enabledForDiskEncryption?.applyValue({ args0 -> args0 }))
.enabledForTemplateDeployment(enabledForTemplateDeployment?.applyValue({ args0 -> args0 }))
.location(location?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.networkAcls(networkAcls?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.publicNetworkAccessEnabled(publicNetworkAccessEnabled?.applyValue({ args0 -> args0 }))
.purgeProtectionEnabled(purgeProtectionEnabled?.applyValue({ args0 -> args0 }))
.resourceGroupName(resourceGroupName?.applyValue({ args0 -> args0 }))
.skuName(skuName?.applyValue({ args0 -> args0 }))
.softDeleteRetentionDays(softDeleteRetentionDays?.applyValue({ args0 -> args0 }))
.tags(tags?.applyValue({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }))
.tenantId(tenantId?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [KeyVaultArgs].
*/
@PulumiTagMarker
public class KeyVaultArgsBuilder internal constructor() {
private var accessPolicies: Output>? = null
private var contacts: Output>? = null
private var enableRbacAuthorization: Output? = null
private var enabledForDeployment: Output? = null
private var enabledForDiskEncryption: Output? = null
private var enabledForTemplateDeployment: Output? = null
private var location: Output? = null
private var name: Output? = null
private var networkAcls: Output? = null
private var publicNetworkAccessEnabled: Output? = null
private var purgeProtectionEnabled: Output? = null
private var resourceGroupName: Output? = null
private var skuName: Output? = null
private var softDeleteRetentionDays: Output? = null
private var tags: Output>? = null
private var tenantId: Output? = null
/**
* @param value A list of up to 1024 objects describing access policies, as described below.
* > **NOTE** Since `access_policy` can be configured both inline and via the separate `azure.keyvault.AccessPolicy` resource, we have to explicitly set it to empty slice (`[]`) to remove it.
*/
@JvmName("tuxfmiskpnmckutd")
public suspend fun accessPolicies(`value`: Output>) {
this.accessPolicies = value
}
@JvmName("lrpuacltgputkpeh")
public suspend fun accessPolicies(vararg values: Output) {
this.accessPolicies = Output.all(values.asList())
}
/**
* @param values A list of up to 1024 objects describing access policies, as described below.
* > **NOTE** Since `access_policy` can be configured both inline and via the separate `azure.keyvault.AccessPolicy` resource, we have to explicitly set it to empty slice (`[]`) to remove it.
*/
@JvmName("torgqkgumqtvscee")
public suspend fun accessPolicies(values: List>) {
this.accessPolicies = Output.all(values)
}
/**
* @param value One or more `contact` block as defined below.
* > **Note:** This field can only be set once user has `managecontacts` certificate permission.
* > **Note:** This field can only be set when `public_network_access_enabled` is set to `true`. To manage the `contact` with `public_network_access_enabled` set to `false`, please use the `azure.keyvault.CertificateContacts` resource instead of this property, and remove this property from the configuration. Especially for existing `azure.keyvault.KeyVault`, this means you'll need to import the `azure.keyvault.CertificateContacts` manually.
*/
@Deprecated(
message = """
As the `contact` property requires reaching out to the dataplane, to better support private
endpoints and keyvaults with public network access disabled, new key vaults with the `contact`
field defined in the configuration file will now be required to use the
`azure.keyvault.CertificateContacts` resource instead of the exposed `contact` field in the
key vault resource itself.
""",
)
@JvmName("ghhyoetnmjapdymc")
public suspend fun contacts(`value`: Output>) {
this.contacts = value
}
@JvmName("qhttjgxpyijqknnu")
public suspend fun contacts(vararg values: Output) {
this.contacts = Output.all(values.asList())
}
/**
* @param values One or more `contact` block as defined below.
* > **Note:** This field can only be set once user has `managecontacts` certificate permission.
* > **Note:** This field can only be set when `public_network_access_enabled` is set to `true`. To manage the `contact` with `public_network_access_enabled` set to `false`, please use the `azure.keyvault.CertificateContacts` resource instead of this property, and remove this property from the configuration. Especially for existing `azure.keyvault.KeyVault`, this means you'll need to import the `azure.keyvault.CertificateContacts` manually.
*/
@Deprecated(
message = """
As the `contact` property requires reaching out to the dataplane, to better support private
endpoints and keyvaults with public network access disabled, new key vaults with the `contact`
field defined in the configuration file will now be required to use the
`azure.keyvault.CertificateContacts` resource instead of the exposed `contact` field in the
key vault resource itself.
""",
)
@JvmName("vfbgnwtejdepwbve")
public suspend fun contacts(values: List>) {
this.contacts = Output.all(values)
}
/**
* @param value Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions.
*/
@JvmName("ldqqftipbvoayuky")
public suspend fun enableRbacAuthorization(`value`: Output) {
this.enableRbacAuthorization = value
}
/**
* @param value Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
*/
@JvmName("uwrlsuadwkcspjig")
public suspend fun enabledForDeployment(`value`: Output) {
this.enabledForDeployment = value
}
/**
* @param value Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
*/
@JvmName("blroxcodtwcjdajg")
public suspend fun enabledForDiskEncryption(`value`: Output) {
this.enabledForDiskEncryption = value
}
/**
* @param value Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
*/
@JvmName("swbumuhjarxbimdo")
public suspend fun enabledForTemplateDeployment(`value`: Output) {
this.enabledForTemplateDeployment = value
}
/**
* @param value Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
*/
@JvmName("dkocaftdhrocxweg")
public suspend fun location(`value`: Output) {
this.location = value
}
/**
* @param value Specifies the name of the Key Vault. Changing this forces a new resource to be created. The name must be globally unique. If the vault is in a recoverable state then the vault will need to be purged before reusing the name.
*/
@JvmName("qcqdwuwlvpjcqerv")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value A `network_acls` block as defined below.
*/
@JvmName("ojjclypmrhytkdxn")
public suspend fun networkAcls(`value`: Output) {
this.networkAcls = value
}
/**
* @param value Whether public network access is allowed for this Key Vault. Defaults to `true`.
*/
@JvmName("fxwensunjlfxwgok")
public suspend fun publicNetworkAccessEnabled(`value`: Output) {
this.publicNetworkAccessEnabled = value
}
/**
* @param value Is Purge Protection enabled for this Key Vault?
* !> **Note:** Once Purge Protection has been Enabled it's not possible to Disable it. Support for [disabling purge protection is being tracked in this Azure API issue](https://github.com/Azure/azure-rest-api-specs/issues/8075). Deleting the Key Vault with Purge Protection Enabled will schedule the Key Vault to be deleted (which will happen by Azure in the configured number of days, currently 90 days).
*/
@JvmName("mjjmcybmfgimskbg")
public suspend fun purgeProtectionEnabled(`value`: Output) {
this.purgeProtectionEnabled = value
}
/**
* @param value The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created.
*/
@JvmName("ttplkhufirgbsmii")
public suspend fun resourceGroupName(`value`: Output) {
this.resourceGroupName = value
}
/**
* @param value The Name of the SKU used for this Key Vault. Possible values are `standard` and `premium`.
*/
@JvmName("xkjexomcgvfmhoju")
public suspend fun skuName(`value`: Output) {
this.skuName = value
}
/**
* @param value The number of days that items should be retained for once soft-deleted. This value can be between `7` and `90` (the default) days.
* > **Note:** This field can only be configured one time and cannot be updated.
*
*/
@JvmName("uuphagnwhsnnjvjh")
public suspend fun softDeleteRetentionDays(`value`: Output) {
this.softDeleteRetentionDays = value
}
/**
* @param value A mapping of tags to assign to the resource.
*/
@JvmName("mqngtlrmnoucfcem")
public suspend fun tags(`value`: Output>) {
this.tags = value
}
/**
* @param value The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
*/
@JvmName("mloayesgpywfcenc")
public suspend fun tenantId(`value`: Output) {
this.tenantId = value
}
/**
* @param value A list of up to 1024 objects describing access policies, as described below.
* > **NOTE** Since `access_policy` can be configured both inline and via the separate `azure.keyvault.AccessPolicy` resource, we have to explicitly set it to empty slice (`[]`) to remove it.
*/
@JvmName("iygjcsvkiqdmxgte")
public suspend fun accessPolicies(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.accessPolicies = mapped
}
/**
* @param argument A list of up to 1024 objects describing access policies, as described below.
* > **NOTE** Since `access_policy` can be configured both inline and via the separate `azure.keyvault.AccessPolicy` resource, we have to explicitly set it to empty slice (`[]`) to remove it.
*/
@JvmName("dfqxyjwqlbnbcxgc")
public suspend fun accessPolicies(argument: List Unit>) {
val toBeMapped = argument.toList().map {
KeyVaultAccessPolicyArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.accessPolicies = mapped
}
/**
* @param argument A list of up to 1024 objects describing access policies, as described below.
* > **NOTE** Since `access_policy` can be configured both inline and via the separate `azure.keyvault.AccessPolicy` resource, we have to explicitly set it to empty slice (`[]`) to remove it.
*/
@JvmName("pqdfstmjuvrxgkwh")
public suspend fun accessPolicies(vararg argument: suspend KeyVaultAccessPolicyArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
KeyVaultAccessPolicyArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.accessPolicies = mapped
}
/**
* @param argument A list of up to 1024 objects describing access policies, as described below.
* > **NOTE** Since `access_policy` can be configured both inline and via the separate `azure.keyvault.AccessPolicy` resource, we have to explicitly set it to empty slice (`[]`) to remove it.
*/
@JvmName("wefgirmajjcosalp")
public suspend fun accessPolicies(argument: suspend KeyVaultAccessPolicyArgsBuilder.() -> Unit) {
val toBeMapped = listOf(KeyVaultAccessPolicyArgsBuilder().applySuspend { argument() }.build())
val mapped = of(toBeMapped)
this.accessPolicies = mapped
}
/**
* @param values A list of up to 1024 objects describing access policies, as described below.
* > **NOTE** Since `access_policy` can be configured both inline and via the separate `azure.keyvault.AccessPolicy` resource, we have to explicitly set it to empty slice (`[]`) to remove it.
*/
@JvmName("joncycjubliiscdf")
public suspend fun accessPolicies(vararg values: KeyVaultAccessPolicyArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.accessPolicies = mapped
}
/**
* @param value One or more `contact` block as defined below.
* > **Note:** This field can only be set once user has `managecontacts` certificate permission.
* > **Note:** This field can only be set when `public_network_access_enabled` is set to `true`. To manage the `contact` with `public_network_access_enabled` set to `false`, please use the `azure.keyvault.CertificateContacts` resource instead of this property, and remove this property from the configuration. Especially for existing `azure.keyvault.KeyVault`, this means you'll need to import the `azure.keyvault.CertificateContacts` manually.
*/
@Deprecated(
message = """
As the `contact` property requires reaching out to the dataplane, to better support private
endpoints and keyvaults with public network access disabled, new key vaults with the `contact`
field defined in the configuration file will now be required to use the
`azure.keyvault.CertificateContacts` resource instead of the exposed `contact` field in the
key vault resource itself.
""",
)
@JvmName("vbiyfcdgvwvaxudg")
public suspend fun contacts(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.contacts = mapped
}
/**
* @param argument One or more `contact` block as defined below.
* > **Note:** This field can only be set once user has `managecontacts` certificate permission.
* > **Note:** This field can only be set when `public_network_access_enabled` is set to `true`. To manage the `contact` with `public_network_access_enabled` set to `false`, please use the `azure.keyvault.CertificateContacts` resource instead of this property, and remove this property from the configuration. Especially for existing `azure.keyvault.KeyVault`, this means you'll need to import the `azure.keyvault.CertificateContacts` manually.
*/
@Deprecated(
message = """
As the `contact` property requires reaching out to the dataplane, to better support private
endpoints and keyvaults with public network access disabled, new key vaults with the `contact`
field defined in the configuration file will now be required to use the
`azure.keyvault.CertificateContacts` resource instead of the exposed `contact` field in the
key vault resource itself.
""",
)
@JvmName("ragdtdoymjqcldff")
public suspend fun contacts(argument: List Unit>) {
val toBeMapped = argument.toList().map {
KeyVaultContactArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.contacts = mapped
}
/**
* @param argument One or more `contact` block as defined below.
* > **Note:** This field can only be set once user has `managecontacts` certificate permission.
* > **Note:** This field can only be set when `public_network_access_enabled` is set to `true`. To manage the `contact` with `public_network_access_enabled` set to `false`, please use the `azure.keyvault.CertificateContacts` resource instead of this property, and remove this property from the configuration. Especially for existing `azure.keyvault.KeyVault`, this means you'll need to import the `azure.keyvault.CertificateContacts` manually.
*/
@Deprecated(
message = """
As the `contact` property requires reaching out to the dataplane, to better support private
endpoints and keyvaults with public network access disabled, new key vaults with the `contact`
field defined in the configuration file will now be required to use the
`azure.keyvault.CertificateContacts` resource instead of the exposed `contact` field in the
key vault resource itself.
""",
)
@JvmName("qpistgfhwpcbmsck")
public suspend fun contacts(vararg argument: suspend KeyVaultContactArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
KeyVaultContactArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.contacts = mapped
}
/**
* @param argument One or more `contact` block as defined below.
* > **Note:** This field can only be set once user has `managecontacts` certificate permission.
* > **Note:** This field can only be set when `public_network_access_enabled` is set to `true`. To manage the `contact` with `public_network_access_enabled` set to `false`, please use the `azure.keyvault.CertificateContacts` resource instead of this property, and remove this property from the configuration. Especially for existing `azure.keyvault.KeyVault`, this means you'll need to import the `azure.keyvault.CertificateContacts` manually.
*/
@Deprecated(
message = """
As the `contact` property requires reaching out to the dataplane, to better support private
endpoints and keyvaults with public network access disabled, new key vaults with the `contact`
field defined in the configuration file will now be required to use the
`azure.keyvault.CertificateContacts` resource instead of the exposed `contact` field in the
key vault resource itself.
""",
)
@JvmName("xjqqlrcykngcakqi")
public suspend fun contacts(argument: suspend KeyVaultContactArgsBuilder.() -> Unit) {
val toBeMapped = listOf(KeyVaultContactArgsBuilder().applySuspend { argument() }.build())
val mapped = of(toBeMapped)
this.contacts = mapped
}
/**
* @param values One or more `contact` block as defined below.
* > **Note:** This field can only be set once user has `managecontacts` certificate permission.
* > **Note:** This field can only be set when `public_network_access_enabled` is set to `true`. To manage the `contact` with `public_network_access_enabled` set to `false`, please use the `azure.keyvault.CertificateContacts` resource instead of this property, and remove this property from the configuration. Especially for existing `azure.keyvault.KeyVault`, this means you'll need to import the `azure.keyvault.CertificateContacts` manually.
*/
@Deprecated(
message = """
As the `contact` property requires reaching out to the dataplane, to better support private
endpoints and keyvaults with public network access disabled, new key vaults with the `contact`
field defined in the configuration file will now be required to use the
`azure.keyvault.CertificateContacts` resource instead of the exposed `contact` field in the
key vault resource itself.
""",
)
@JvmName("oujdarbvfticbcjr")
public suspend fun contacts(vararg values: KeyVaultContactArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.contacts = mapped
}
/**
* @param value Boolean flag to specify whether Azure Key Vault uses Role Based Access Control (RBAC) for authorization of data actions.
*/
@JvmName("jyldbsioageluulw")
public suspend fun enableRbacAuthorization(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.enableRbacAuthorization = mapped
}
/**
* @param value Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
*/
@JvmName("nhuwnravsebkjcmf")
public suspend fun enabledForDeployment(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.enabledForDeployment = mapped
}
/**
* @param value Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
*/
@JvmName("utkgxtyjfvkuqjdo")
public suspend fun enabledForDiskEncryption(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.enabledForDiskEncryption = mapped
}
/**
* @param value Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
*/
@JvmName("pcjoeyfymtrjsvbg")
public suspend fun enabledForTemplateDeployment(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.enabledForTemplateDeployment = mapped
}
/**
* @param value Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
*/
@JvmName("kaqouluarhgnkxqx")
public suspend fun location(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.location = mapped
}
/**
* @param value Specifies the name of the Key Vault. Changing this forces a new resource to be created. The name must be globally unique. If the vault is in a recoverable state then the vault will need to be purged before reusing the name.
*/
@JvmName("exyqcpvhhestyejp")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value A `network_acls` block as defined below.
*/
@JvmName("uwsxessplwcwoobc")
public suspend fun networkAcls(`value`: KeyVaultNetworkAclsArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.networkAcls = mapped
}
/**
* @param argument A `network_acls` block as defined below.
*/
@JvmName("losscuevotsyuvgy")
public suspend fun networkAcls(argument: suspend KeyVaultNetworkAclsArgsBuilder.() -> Unit) {
val toBeMapped = KeyVaultNetworkAclsArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.networkAcls = mapped
}
/**
* @param value Whether public network access is allowed for this Key Vault. Defaults to `true`.
*/
@JvmName("dedsqpdgbajehmct")
public suspend fun publicNetworkAccessEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.publicNetworkAccessEnabled = mapped
}
/**
* @param value Is Purge Protection enabled for this Key Vault?
* !> **Note:** Once Purge Protection has been Enabled it's not possible to Disable it. Support for [disabling purge protection is being tracked in this Azure API issue](https://github.com/Azure/azure-rest-api-specs/issues/8075). Deleting the Key Vault with Purge Protection Enabled will schedule the Key Vault to be deleted (which will happen by Azure in the configured number of days, currently 90 days).
*/
@JvmName("qshpeebhydctuohm")
public suspend fun purgeProtectionEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.purgeProtectionEnabled = mapped
}
/**
* @param value The name of the resource group in which to create the Key Vault. Changing this forces a new resource to be created.
*/
@JvmName("xgpvjgkuqsjnlajl")
public suspend fun resourceGroupName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.resourceGroupName = mapped
}
/**
* @param value The Name of the SKU used for this Key Vault. Possible values are `standard` and `premium`.
*/
@JvmName("ojilklixqsabwvyy")
public suspend fun skuName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.skuName = mapped
}
/**
* @param value The number of days that items should be retained for once soft-deleted. This value can be between `7` and `90` (the default) days.
* > **Note:** This field can only be configured one time and cannot be updated.
*
*/
@JvmName("cournfhqcmnucysc")
public suspend fun softDeleteRetentionDays(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.softDeleteRetentionDays = mapped
}
/**
* @param value A mapping of tags to assign to the resource.
*/
@JvmName("hlsrbbkswjyywdyc")
public suspend fun tags(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tags = mapped
}
/**
* @param values A mapping of tags to assign to the resource.
*/
@JvmName("rnigjudcigbwwwwh")
public fun tags(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.tags = mapped
}
/**
* @param value The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
*/
@JvmName("eiyvnssxuowofxsm")
public suspend fun tenantId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tenantId = mapped
}
internal fun build(): KeyVaultArgs = KeyVaultArgs(
accessPolicies = accessPolicies,
contacts = contacts,
enableRbacAuthorization = enableRbacAuthorization,
enabledForDeployment = enabledForDeployment,
enabledForDiskEncryption = enabledForDiskEncryption,
enabledForTemplateDeployment = enabledForTemplateDeployment,
location = location,
name = name,
networkAcls = networkAcls,
publicNetworkAccessEnabled = publicNetworkAccessEnabled,
purgeProtectionEnabled = purgeProtectionEnabled,
resourceGroupName = resourceGroupName,
skuName = skuName,
softDeleteRetentionDays = softDeleteRetentionDays,
tags = tags,
tenantId = tenantId,
)
}
