com.pulumi.gcp.kms.kotlin.CryptoKeyIAMMember.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.kms.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.kms.kotlin.outputs.CryptoKeyIAMMemberCondition
import com.pulumi.gcp.kms.kotlin.outputs.CryptoKeyIAMMemberCondition.Companion.toKotlin
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
/**
* Builder for [CryptoKeyIAMMember].
*/
@PulumiTagMarker
public class CryptoKeyIAMMemberResourceBuilder internal constructor() {
public var name: String? = null
public var args: CryptoKeyIAMMemberArgs = CryptoKeyIAMMemberArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend CryptoKeyIAMMemberArgsBuilder.() -> Unit) {
val builder = CryptoKeyIAMMemberArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): CryptoKeyIAMMember {
val builtJavaResource = com.pulumi.gcp.kms.CryptoKeyIAMMember(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return CryptoKeyIAMMember(builtJavaResource)
}
}
/**
* Three different resources help you manage your IAM policy for KMS crypto key. Each of these resources serves a different use case:
* * `gcp.kms.CryptoKeyIAMPolicy`: Authoritative. Sets the IAM policy for the crypto key and replaces any existing policy already attached.
* * `gcp.kms.CryptoKeyIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the crypto key are preserved.
* * `gcp.kms.CryptoKeyIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the crypto key are preserved.
* > **Note:** `gcp.kms.CryptoKeyIAMPolicy` **cannot** be used in conjunction with `gcp.kms.CryptoKeyIAMBinding` and `gcp.kms.CryptoKeyIAMMember` or they will fight over what your policy should be.
* > **Note:** `gcp.kms.CryptoKeyIAMBinding` resources **can be** used in conjunction with `gcp.kms.CryptoKeyIAMMember` resources **only if** they do not grant privilege to the same role.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const keyring = new gcp.kms.KeyRing("keyring", {
* name: "keyring-example",
* location: "global",
* });
* const key = new gcp.kms.CryptoKey("key", {
* name: "crypto-key-example",
* keyRing: keyring.id,
* rotationPeriod: "7776000s",
* });
* const admin = gcp.organizations.getIAMPolicy({
* bindings: [{
* role: "roles/cloudkms.cryptoKeyEncrypter",
* members: ["user:jane@example.com"],
* }],
* });
* const cryptoKey = new gcp.kms.CryptoKeyIAMPolicy("crypto_key", {
* cryptoKeyId: key.id,
* policyData: admin.then(admin => admin.policyData),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* keyring = gcp.kms.KeyRing("keyring",
* name="keyring-example",
* location="global")
* key = gcp.kms.CryptoKey("key",
* name="crypto-key-example",
* key_ring=keyring.id,
* rotation_period="7776000s")
* admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
* role="roles/cloudkms.cryptoKeyEncrypter",
* members=["user:jane@example.com"],
* )])
* crypto_key = gcp.kms.CryptoKeyIAMPolicy("crypto_key",
* crypto_key_id=key.id,
* policy_data=admin.policy_data)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var keyring = new Gcp.Kms.KeyRing("keyring", new()
* {
* Name = "keyring-example",
* Location = "global",
* });
* var key = new Gcp.Kms.CryptoKey("key", new()
* {
* Name = "crypto-key-example",
* KeyRing = keyring.Id,
* RotationPeriod = "7776000s",
* });
* var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
* {
* Bindings = new[]
* {
* new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
* {
* Role = "roles/cloudkms.cryptoKeyEncrypter",
* Members = new[]
* {
* "user:[email protected]",
* },
* },
* },
* });
* var cryptoKey = new Gcp.Kms.CryptoKeyIAMPolicy("crypto_key", new()
* {
* CryptoKeyId = key.Id,
* PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
* Name: pulumi.String("keyring-example"),
* Location: pulumi.String("global"),
* })
* if err != nil {
* return err
* }
* key, err := kms.NewCryptoKey(ctx, "key", &kms.CryptoKeyArgs{
* Name: pulumi.String("crypto-key-example"),
* KeyRing: keyring.ID(),
* RotationPeriod: pulumi.String("7776000s"),
* })
* if err != nil {
* return err
* }
* admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
* Bindings: []organizations.GetIAMPolicyBinding{
* {
* Role: "roles/cloudkms.cryptoKeyEncrypter",
* Members: []string{
* "user:[email protected]",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* _, err = kms.NewCryptoKeyIAMPolicy(ctx, "crypto_key", &kms.CryptoKeyIAMPolicyArgs{
* CryptoKeyId: key.ID(),
* PolicyData: pulumi.String(admin.PolicyData),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KeyRing;
* import com.pulumi.gcp.kms.KeyRingArgs;
* import com.pulumi.gcp.kms.CryptoKey;
* import com.pulumi.gcp.kms.CryptoKeyArgs;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
* import com.pulumi.gcp.kms.CryptoKeyIAMPolicy;
* import com.pulumi.gcp.kms.CryptoKeyIAMPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var keyring = new KeyRing("keyring", KeyRingArgs.builder()
* .name("keyring-example")
* .location("global")
* .build());
* var key = new CryptoKey("key", CryptoKeyArgs.builder()
* .name("crypto-key-example")
* .keyRing(keyring.id())
* .rotationPeriod("7776000s")
* .build());
* final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
* .bindings(GetIAMPolicyBindingArgs.builder()
* .role("roles/cloudkms.cryptoKeyEncrypter")
* .members("user:[email protected]")
* .build())
* .build());
* var cryptoKey = new CryptoKeyIAMPolicy("cryptoKey", CryptoKeyIAMPolicyArgs.builder()
* .cryptoKeyId(key.id())
* .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* keyring:
* type: gcp:kms:KeyRing
* properties:
* name: keyring-example
* location: global
* key:
* type: gcp:kms:CryptoKey
* properties:
* name: crypto-key-example
* keyRing: ${keyring.id}
* rotationPeriod: 7776000s
* cryptoKey:
* type: gcp:kms:CryptoKeyIAMPolicy
* name: crypto_key
* properties:
* cryptoKeyId: ${key.id}
* policyData: ${admin.policyData}
* variables:
* admin:
* fn::invoke:
* Function: gcp:organizations:getIAMPolicy
* Arguments:
* bindings:
* - role: roles/cloudkms.cryptoKeyEncrypter
* members:
* - user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const admin = gcp.organizations.getIAMPolicy({
* bindings: [{
* role: "roles/cloudkms.cryptoKeyEncrypter",
* members: ["user:jane@example.com"],
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* }],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
* role="roles/cloudkms.cryptoKeyEncrypter",
* members=["user:jane@example.com"],
* condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(
* title="expires_after_2019_12_31",
* description="Expiring at midnight of 2019-12-31",
* expression="request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* ),
* )])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()
* {
* Bindings = new[]
* {
* new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs
* {
* Role = "roles/cloudkms.cryptoKeyEncrypter",
* Members = new[]
* {
* "user:[email protected]",
* },
* Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
* Bindings: []organizations.GetIAMPolicyBinding{
* {
* Role: "roles/cloudkms.cryptoKeyEncrypter",
* Members: []string{
* "user:[email protected]",
* },
* Condition: {
* Title: "expires_after_2019_12_31",
* Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"),
* Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.organizations.OrganizationsFunctions;
* import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()
* .bindings(GetIAMPolicyBindingArgs.builder()
* .role("roles/cloudkms.cryptoKeyEncrypter")
* .members("user:[email protected]")
* .condition(GetIAMPolicyBindingConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* variables:
* admin:
* fn::invoke:
* Function: gcp:organizations:getIAMPolicy
* Arguments:
* bindings:
* - role: roles/cloudkms.cryptoKeyEncrypter
* members:
* - user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const cryptoKey = new gcp.kms.CryptoKeyIAMBinding("crypto_key", {
* cryptoKeyId: key.id,
* role: "roles/cloudkms.cryptoKeyEncrypter",
* members: ["user:jane@example.com"],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* crypto_key = gcp.kms.CryptoKeyIAMBinding("crypto_key",
* crypto_key_id=key["id"],
* role="roles/cloudkms.cryptoKeyEncrypter",
* members=["user:jane@example.com"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding("crypto_key", new()
* {
* CryptoKeyId = key.Id,
* Role = "roles/cloudkms.cryptoKeyEncrypter",
* Members = new[]
* {
* "user:[email protected]",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{
* CryptoKeyId: pulumi.Any(key.Id),
* Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
* Members: pulumi.StringArray{
* pulumi.String("user:[email protected]"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.CryptoKeyIAMBinding;
* import com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var cryptoKey = new CryptoKeyIAMBinding("cryptoKey", CryptoKeyIAMBindingArgs.builder()
* .cryptoKeyId(key.id())
* .role("roles/cloudkms.cryptoKeyEncrypter")
* .members("user:[email protected]")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* cryptoKey:
* type: gcp:kms:CryptoKeyIAMBinding
* name: crypto_key
* properties:
* cryptoKeyId: ${key.id}
* role: roles/cloudkms.cryptoKeyEncrypter
* members:
* - user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const cryptoKey = new gcp.kms.CryptoKeyIAMBinding("crypto_key", {
* cryptoKeyId: key.id,
* role: "roles/cloudkms.cryptoKeyEncrypter",
* members: ["user:jane@example.com"],
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* crypto_key = gcp.kms.CryptoKeyIAMBinding("crypto_key",
* crypto_key_id=key["id"],
* role="roles/cloudkms.cryptoKeyEncrypter",
* members=["user:jane@example.com"],
* condition=gcp.kms.CryptoKeyIAMBindingConditionArgs(
* title="expires_after_2019_12_31",
* description="Expiring at midnight of 2019-12-31",
* expression="request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var cryptoKey = new Gcp.Kms.CryptoKeyIAMBinding("crypto_key", new()
* {
* CryptoKeyId = key.Id,
* Role = "roles/cloudkms.cryptoKeyEncrypter",
* Members = new[]
* {
* "user:[email protected]",
* },
* Condition = new Gcp.Kms.Inputs.CryptoKeyIAMBindingConditionArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := kms.NewCryptoKeyIAMBinding(ctx, "crypto_key", &kms.CryptoKeyIAMBindingArgs{
* CryptoKeyId: pulumi.Any(key.Id),
* Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
* Members: pulumi.StringArray{
* pulumi.String("user:[email protected]"),
* },
* Condition: &kms.CryptoKeyIAMBindingConditionArgs{
* Title: pulumi.String("expires_after_2019_12_31"),
* Description: pulumi.String("Expiring at midnight of 2019-12-31"),
* Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.CryptoKeyIAMBinding;
* import com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;
* import com.pulumi.gcp.kms.inputs.CryptoKeyIAMBindingConditionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var cryptoKey = new CryptoKeyIAMBinding("cryptoKey", CryptoKeyIAMBindingArgs.builder()
* .cryptoKeyId(key.id())
* .role("roles/cloudkms.cryptoKeyEncrypter")
* .members("user:[email protected]")
* .condition(CryptoKeyIAMBindingConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* cryptoKey:
* type: gcp:kms:CryptoKeyIAMBinding
* name: crypto_key
* properties:
* cryptoKeyId: ${key.id}
* role: roles/cloudkms.cryptoKeyEncrypter
* members:
* - user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const cryptoKey = new gcp.kms.CryptoKeyIAMMember("crypto_key", {
* cryptoKeyId: key.id,
* role: "roles/cloudkms.cryptoKeyEncrypter",
* member: "user:[email protected]",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* crypto_key = gcp.kms.CryptoKeyIAMMember("crypto_key",
* crypto_key_id=key["id"],
* role="roles/cloudkms.cryptoKeyEncrypter",
* member="user:[email protected]")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember("crypto_key", new()
* {
* CryptoKeyId = key.Id,
* Role = "roles/cloudkms.cryptoKeyEncrypter",
* Member = "user:[email protected]",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{
* CryptoKeyId: pulumi.Any(key.Id),
* Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
* Member: pulumi.String("user:[email protected]"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.CryptoKeyIAMMember;
* import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var cryptoKey = new CryptoKeyIAMMember("cryptoKey", CryptoKeyIAMMemberArgs.builder()
* .cryptoKeyId(key.id())
* .role("roles/cloudkms.cryptoKeyEncrypter")
* .member("user:[email protected]")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* cryptoKey:
* type: gcp:kms:CryptoKeyIAMMember
* name: crypto_key
* properties:
* cryptoKeyId: ${key.id}
* role: roles/cloudkms.cryptoKeyEncrypter
* member: user:[email protected]
* ```
*
* With IAM Conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const cryptoKey = new gcp.kms.CryptoKeyIAMMember("crypto_key", {
* cryptoKeyId: key.id,
* role: "roles/cloudkms.cryptoKeyEncrypter",
* member: "user:[email protected]",
* condition: {
* title: "expires_after_2019_12_31",
* description: "Expiring at midnight of 2019-12-31",
* expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* crypto_key = gcp.kms.CryptoKeyIAMMember("crypto_key",
* crypto_key_id=key["id"],
* role="roles/cloudkms.cryptoKeyEncrypter",
* member="user:[email protected]",
* condition=gcp.kms.CryptoKeyIAMMemberConditionArgs(
* title="expires_after_2019_12_31",
* description="Expiring at midnight of 2019-12-31",
* expression="request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember("crypto_key", new()
* {
* CryptoKeyId = key.Id,
* Role = "roles/cloudkms.cryptoKeyEncrypter",
* Member = "user:[email protected]",
* Condition = new Gcp.Kms.Inputs.CryptoKeyIAMMemberConditionArgs
* {
* Title = "expires_after_2019_12_31",
* Description = "Expiring at midnight of 2019-12-31",
* Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{
* CryptoKeyId: pulumi.Any(key.Id),
* Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypter"),
* Member: pulumi.String("user:[email protected]"),
* Condition: &kms.CryptoKeyIAMMemberConditionArgs{
* Title: pulumi.String("expires_after_2019_12_31"),
* Description: pulumi.String("Expiring at midnight of 2019-12-31"),
* Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.CryptoKeyIAMMember;
* import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
* import com.pulumi.gcp.kms.inputs.CryptoKeyIAMMemberConditionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var cryptoKey = new CryptoKeyIAMMember("cryptoKey", CryptoKeyIAMMemberArgs.builder()
* .cryptoKeyId(key.id())
* .role("roles/cloudkms.cryptoKeyEncrypter")
* .member("user:[email protected]")
* .condition(CryptoKeyIAMMemberConditionArgs.builder()
* .title("expires_after_2019_12_31")
* .description("Expiring at midnight of 2019-12-31")
* .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* cryptoKey:
* type: gcp:kms:CryptoKeyIAMMember
* name: crypto_key
* properties:
* cryptoKeyId: ${key.id}
* role: roles/cloudkms.cryptoKeyEncrypter
* member: user:[email protected]
* condition:
* title: expires_after_2019_12_31
* description: Expiring at midnight of 2019-12-31
* expression: request.time < timestamp("2020-01-01T00:00:00Z")
* ```
*
* ## Import
* ### Importing IAM policies
* IAM policy imports use the identifier of the KMS crypto key only. For example:
* * `{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}`
* An `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:
* tf
* import {
* id = "{{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}"
* to = google_kms_crypto_key_iam_policy.default
* }
* The `pulumi import` command can also be used:
* ```sh
* $ pulumi import gcp:kms/cryptoKeyIAMMember:CryptoKeyIAMMember default {{project_id}}/{{location}}/{{key_ring_name}}/{{crypto_key_name}}
* ```
*/
public class CryptoKeyIAMMember internal constructor(
override val javaResource: com.pulumi.gcp.kms.CryptoKeyIAMMember,
) : KotlinCustomResource(javaResource, CryptoKeyIAMMemberMapper) {
/**
* An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
* Structure is documented below.
*/
public val condition: Output?
get() = javaResource.condition().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
toKotlin(args0)
})
}).orElse(null)
})
/**
* The crypto key ID, in the form
* `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or
* `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,
* the provider's project setting will be used as a fallback.
*/
public val cryptoKeyId: Output
get() = javaResource.cryptoKeyId().applyValue({ args0 -> args0 })
/**
* (Computed) The etag of the project's IAM policy.
*/
public val etag: Output
get() = javaResource.etag().applyValue({ args0 -> args0 })
/**
* Identities that will be granted the privilege in `role`.
* Each entry can have one of the following values:
* * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
* * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
* * **user:{emailid}**: An email address that represents a specific Google account. For example, [email protected] or [email protected].
* * **serviceAccount:{emailid}**: An email address that represents a service account. For example, [email protected].
* * **group:{emailid}**: An email address that represents a Google group. For example, [email protected].
* * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
*/
public val member: Output
get() = javaResource.member().applyValue({ args0 -> args0 })
/**
* The role that should be applied. Note that custom roles must be of the format
* `[projects|organizations]/{parent-name}/roles/{role-name}`.
*/
public val role: Output
get() = javaResource.role().applyValue({ args0 -> args0 })
}
public object CryptoKeyIAMMemberMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.gcp.kms.CryptoKeyIAMMember::class == javaResource::class
override fun map(javaResource: Resource): CryptoKeyIAMMember = CryptoKeyIAMMember(
javaResource as
com.pulumi.gcp.kms.CryptoKeyIAMMember,
)
}
/**
* @see [CryptoKeyIAMMember].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [CryptoKeyIAMMember].
*/
public suspend fun cryptoKeyIAMMember(
name: String,
block: suspend CryptoKeyIAMMemberResourceBuilder.() -> Unit,
): CryptoKeyIAMMember {
val builder = CryptoKeyIAMMemberResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [CryptoKeyIAMMember].
* @param name The _unique_ name of the resulting resource.
*/
public fun cryptoKeyIAMMember(name: String): CryptoKeyIAMMember {
val builder = CryptoKeyIAMMemberResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy