Fork me on GitHub

Module kms

@pulumi/gcp > kms

Index

kms/cryptoKey.ts kms/cryptoKeyIAMBinding.ts kms/cryptoKeyIAMMember.ts kms/getKMSSecret.ts kms/keyRing.ts kms/keyRingIAMBinding.ts kms/keyRingIAMMember.ts kms/keyRingIAMPolicy.ts kms/registry.ts

class CryptoKey

Allows creation of a Google Cloud Platform KMS CryptoKey. For more information see the official documentation and API.

A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.

~> Note: CryptoKeys cannot be deleted from Google Cloud Platform. Destroying a Terraform-managed CryptoKey will remove it from state and delete all CryptoKeyVersions, rendering the key unusable, but will not delete the resource on the server. When Terraform destroys these keys, any data previously encrypted with these keys will be irrecoverable. For this reason, it is strongly recommended that you add lifecycle hooks to the resource to prevent accidental destruction.

constructor

new CryptoKey(name: string, args: CryptoKeyArgs, opts?: pulumi.CustomResourceOptions)

Create a CryptoKey resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CryptoKeyState): CryptoKey

Get an existing CryptoKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyRing

public keyRing: pulumi.Output<string>;

The id of the Google Cloud Platform KeyRing to which the key shall belong.

property name

public name: pulumi.Output<string>;

The CryptoKey’s name. A CryptoKey’s name must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

property rotationPeriod

public rotationPeriod: pulumi.Output<string | undefined>;

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400).

property selfLink

public selfLink: pulumi.Output<string>;

The self link of the created CryptoKey. Its format is projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class CryptoKeyIAMBinding

Allows creation and management of a single binding within IAM policy for an existing Google Cloud KMS crypto key.

constructor

new CryptoKeyIAMBinding(name: string, args: CryptoKeyIAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a CryptoKeyIAMBinding resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CryptoKeyIAMBindingState): CryptoKeyIAMBinding

Get an existing CryptoKeyIAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property cryptoKeyId

public cryptoKeyId: pulumi.Output<string>;

The crypto key ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider’s project setting will be used as a fallback.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the crypto key’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

A list of users that the role should apply to.

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one google_kms_crypto_key_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class CryptoKeyIAMMember

Allows creation and management of a single member for a single binding within the IAM policy for an existing Google Cloud KMS crypto key.

~> Note: This resource must not be used in conjunction with google_kms_crypto_key_iam_policy or they will fight over what your policy should be. Similarly, roles controlled by google_kms_crypto_key_iam_binding should not be assigned to using google_kms_crypto_key_iam_member.

constructor

new CryptoKeyIAMMember(name: string, args: CryptoKeyIAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a CryptoKeyIAMMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CryptoKeyIAMMemberState): CryptoKeyIAMMember

Get an existing CryptoKeyIAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property cryptoKeyId

public cryptoKeyId: pulumi.Output<string>;

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider’s project setting will be used as a fallback.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the project’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property member

public member: pulumi.Output<string>;

The user that the role should apply to.

property role

public role: pulumi.Output<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class KeyRing

Allows creation of a Google Cloud Platform KMS KeyRing. For more information see the official documentation and API.

A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project and resides in a specific location.

~> Note: KeyRings cannot be deleted from Google Cloud Platform. Destroying a Terraform-managed KeyRing will remove it from state but will not delete the resource on the server.

constructor

new KeyRing(name: string, args: KeyRingArgs, opts?: pulumi.CustomResourceOptions)

Create a KeyRing resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: KeyRingState): KeyRing

Get an existing KeyRing resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property location

public location: pulumi.Output<string>;

The Google Cloud Platform location for the KeyRing. A full list of valid locations can be found by running gcloud kms locations list.

property name

public name: pulumi.Output<string>;

The KeyRing’s name. A KeyRing’s name must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

property project

public project: pulumi.Output<string>;

The project in which the resource belongs. If it is not provided, the provider project is used.

property selfLink

public selfLink: pulumi.Output<string>;

The self link of the created KeyRing. Its format is projects/{projectId}/locations/{location}/keyRings/{keyRingName}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class KeyRingIAMBinding

Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:

  • google_kms_key_ring_iam_policy: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.
  • google_kms_key_ring_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.
  • google_kms_key_ring_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.

~> Note: google_kms_key_ring_iam_policy cannot be used in conjunction with google_kms_key_ring_iam_binding and google_kms_key_ring_iam_member or they will fight over what your policy should be.

~> Note: google_kms_key_ring_iam_binding resources can be used in conjunction with google_kms_key_ring_iam_member resources only if they do not grant privilege to the same role.

constructor

new KeyRingIAMBinding(name: string, args: KeyRingIAMBindingArgs, opts?: pulumi.CustomResourceOptions)

Create a KeyRingIAMBinding resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: KeyRingIAMBindingState): KeyRingIAMBinding

Get an existing KeyRingIAMBinding resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the key ring’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyRingId

public keyRingId: pulumi.Output<string>;

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

property members

public members: pulumi.Output<string[]>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one google_kms_key_ring_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class KeyRingIAMMember

Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:

  • google_kms_key_ring_iam_policy: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.
  • google_kms_key_ring_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.
  • google_kms_key_ring_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.

~> Note: google_kms_key_ring_iam_policy cannot be used in conjunction with google_kms_key_ring_iam_binding and google_kms_key_ring_iam_member or they will fight over what your policy should be.

~> Note: google_kms_key_ring_iam_binding resources can be used in conjunction with google_kms_key_ring_iam_member resources only if they do not grant privilege to the same role.

constructor

new KeyRingIAMMember(name: string, args: KeyRingIAMMemberArgs, opts?: pulumi.CustomResourceOptions)

Create a KeyRingIAMMember resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: KeyRingIAMMemberState): KeyRingIAMMember

Get an existing KeyRingIAMMember resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the key ring’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyRingId

public keyRingId: pulumi.Output<string>;

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

property member

public member: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

The role that should be applied. Only one google_kms_key_ring_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class KeyRingIAMPolicy

Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:

  • google_kms_key_ring_iam_policy: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.
  • google_kms_key_ring_iam_binding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.
  • google_kms_key_ring_iam_member: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.

~> Note: google_kms_key_ring_iam_policy cannot be used in conjunction with google_kms_key_ring_iam_binding and google_kms_key_ring_iam_member or they will fight over what your policy should be.

~> Note: google_kms_key_ring_iam_binding resources can be used in conjunction with google_kms_key_ring_iam_member resources only if they do not grant privilege to the same role.

constructor

new KeyRingIAMPolicy(name: string, args: KeyRingIAMPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a KeyRingIAMPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: KeyRingIAMPolicyState): KeyRingIAMPolicy

Get an existing KeyRingIAMPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property etag

public etag: pulumi.Output<string>;

(Computed) The etag of the key ring’s IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyRingId

public keyRingId: pulumi.Output<string>;

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

property policyData

public policyData: pulumi.Output<string>;

The policy data generated by a google_iam_policy data source.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Registry

Creates a device registry in Google’s Cloud IoT Core platform. For more information see the official documentation and API.

constructor

new Registry(name: string, args?: RegistryArgs, opts?: pulumi.CustomResourceOptions)

Create a Registry resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RegistryState): Registry

Get an existing Registry resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property credentials

public credentials: pulumi.Output<{ ... }[] | undefined>;

List of public key certificates to authenticate devices. Structure is documented below.

property eventNotificationConfig

public eventNotificationConfig: pulumi.Output<{ ... } | undefined>;

A PubSub topics to publish device events. Structure is documented below.

property httpConfig

public httpConfig: pulumi.Output<{ ... } | undefined>;

Activate or deactivate HTTP. Structure is documented below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property mqttConfig

public mqttConfig: pulumi.Output<{ ... } | undefined>;

Activate or deactivate MQTT. Structure is documented below.

property name

public name: pulumi.Output<string>;

A unique name for the resource, required by device registry. Changing this forces a new resource to be created.

property project

public project: pulumi.Output<string>;

The project in which the resource belongs. If it is not provided, the provider project is used.

property region

public region: pulumi.Output<string>;

The Region in which the created address should reside. If it is not provided, the provider region is used.

property stateNotificationConfig

public stateNotificationConfig: pulumi.Output<{ ... } | undefined>;

A PubSub topic to publish device state updates. Structure is documented below.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

function getKMSSecret

getKMSSecret(args: GetKMSSecretArgs, opts?: pulumi.InvokeOptions): Promise<GetKMSSecretResult>

This data source allows you to use data encrypted with Google Cloud KMS within your resource definitions.

For more information see the official documentation.

~> NOTE: Using this data provider will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.

interface CryptoKeyArgs

The set of arguments for constructing a CryptoKey resource.

property keyRing

keyRing: pulumi.Input<string>;

The id of the Google Cloud Platform KeyRing to which the key shall belong.

property name

name?: pulumi.Input<string>;

The CryptoKey’s name. A CryptoKey’s name must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

property rotationPeriod

rotationPeriod?: pulumi.Input<string>;

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400).

interface CryptoKeyIAMBindingArgs

The set of arguments for constructing a CryptoKeyIAMBinding resource.

property cryptoKeyId

cryptoKeyId: pulumi.Input<string>;

The crypto key ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider’s project setting will be used as a fallback.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

A list of users that the role should apply to.

property role

role: pulumi.Input<string>;

The role that should be applied. Only one google_kms_crypto_key_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface CryptoKeyIAMBindingState

Input properties used for looking up and filtering CryptoKeyIAMBinding resources.

property cryptoKeyId

cryptoKeyId?: pulumi.Input<string>;

The crypto key ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider’s project setting will be used as a fallback.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the crypto key’s IAM policy.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

A list of users that the role should apply to.

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one google_kms_crypto_key_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface CryptoKeyIAMMemberArgs

The set of arguments for constructing a CryptoKeyIAMMember resource.

property cryptoKeyId

cryptoKeyId: pulumi.Input<string>;

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider’s project setting will be used as a fallback.

property member

member: pulumi.Input<string>;

The user that the role should apply to.

property role

role: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface CryptoKeyIAMMemberState

Input properties used for looking up and filtering CryptoKeyIAMMember resources.

property cryptoKeyId

cryptoKeyId?: pulumi.Input<string>;

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider’s project setting will be used as a fallback.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the project’s IAM policy.

property member

member?: pulumi.Input<string>;

The user that the role should apply to.

property role

role?: pulumi.Input<string>;

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface CryptoKeyState

Input properties used for looking up and filtering CryptoKey resources.

property keyRing

keyRing?: pulumi.Input<string>;

The id of the Google Cloud Platform KeyRing to which the key shall belong.

property name

name?: pulumi.Input<string>;

The CryptoKey’s name. A CryptoKey’s name must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

property rotationPeriod

rotationPeriod?: pulumi.Input<string>;

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400).

property selfLink

selfLink?: pulumi.Input<string>;

The self link of the created CryptoKey. Its format is projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}.

interface GetKMSSecretArgs

A collection of arguments for invoking getKMSSecret.

property ciphertext

ciphertext: string;

The ciphertext to be decrypted, encoded in base64

property cryptoKey

cryptoKey: string;

The id of the CryptoKey that will be used to decrypt the provided ciphertext. This is represented by the format {projectId}/{location}/{keyRingName}/{cryptoKeyName}.

interface GetKMSSecretResult

A collection of values returned by getKMSSecret.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property plaintext

plaintext: string;

Contains the result of decrypting the provided ciphertext.

interface KeyRingArgs

The set of arguments for constructing a KeyRing resource.

property location

location: pulumi.Input<string>;

The Google Cloud Platform location for the KeyRing. A full list of valid locations can be found by running gcloud kms locations list.

property name

name?: pulumi.Input<string>;

The KeyRing’s name. A KeyRing’s name must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

property project

project?: pulumi.Input<string>;

The project in which the resource belongs. If it is not provided, the provider project is used.

interface KeyRingIAMBindingArgs

The set of arguments for constructing a KeyRingIAMBinding resource.

property keyRingId

keyRingId: pulumi.Input<string>;

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property role

role: pulumi.Input<string>;

The role that should be applied. Only one google_kms_key_ring_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface KeyRingIAMBindingState

Input properties used for looking up and filtering KeyRingIAMBinding resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the key ring’s IAM policy.

property keyRingId

keyRingId?: pulumi.Input<string>;

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one google_kms_key_ring_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface KeyRingIAMMemberArgs

The set of arguments for constructing a KeyRingIAMMember resource.

property keyRingId

keyRingId: pulumi.Input<string>;

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

property member

member: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

The role that should be applied. Only one google_kms_key_ring_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface KeyRingIAMMemberState

Input properties used for looking up and filtering KeyRingIAMMember resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the key ring’s IAM policy.

property keyRingId

keyRingId?: pulumi.Input<string>;

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

property member

member?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

The role that should be applied. Only one google_kms_key_ring_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

interface KeyRingIAMPolicyArgs

The set of arguments for constructing a KeyRingIAMPolicy resource.

property keyRingId

keyRingId: pulumi.Input<string>;

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

property policyData

policyData: pulumi.Input<string>;

The policy data generated by a google_iam_policy data source.

interface KeyRingIAMPolicyState

Input properties used for looking up and filtering KeyRingIAMPolicy resources.

property etag

etag?: pulumi.Input<string>;

(Computed) The etag of the key ring’s IAM policy.

property keyRingId

keyRingId?: pulumi.Input<string>;

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

property policyData

policyData?: pulumi.Input<string>;

The policy data generated by a google_iam_policy data source.

interface KeyRingState

Input properties used for looking up and filtering KeyRing resources.

property location

location?: pulumi.Input<string>;

The Google Cloud Platform location for the KeyRing. A full list of valid locations can be found by running gcloud kms locations list.

property name

name?: pulumi.Input<string>;

The KeyRing’s name. A KeyRing’s name must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

property project

project?: pulumi.Input<string>;

The project in which the resource belongs. If it is not provided, the provider project is used.

property selfLink

selfLink?: pulumi.Input<string>;

The self link of the created KeyRing. Its format is projects/{projectId}/locations/{location}/keyRings/{keyRingName}.

interface RegistryArgs

The set of arguments for constructing a Registry resource.

property credentials

credentials?: pulumi.Input<pulumi.Input<{ ... }>[]>;

List of public key certificates to authenticate devices. Structure is documented below.

property eventNotificationConfig

eventNotificationConfig?: pulumi.Input<{ ... }>;

A PubSub topics to publish device events. Structure is documented below.

property httpConfig

httpConfig?: pulumi.Input<{ ... }>;

Activate or deactivate HTTP. Structure is documented below.

property mqttConfig

mqttConfig?: pulumi.Input<{ ... }>;

Activate or deactivate MQTT. Structure is documented below.

property name

name?: pulumi.Input<string>;

A unique name for the resource, required by device registry. Changing this forces a new resource to be created.

property project

project?: pulumi.Input<string>;

The project in which the resource belongs. If it is not provided, the provider project is used.

property region

region?: pulumi.Input<string>;

The Region in which the created address should reside. If it is not provided, the provider region is used.

property stateNotificationConfig

stateNotificationConfig?: pulumi.Input<{ ... }>;

A PubSub topic to publish device state updates. Structure is documented below.

interface RegistryState

Input properties used for looking up and filtering Registry resources.

property credentials

credentials?: pulumi.Input<pulumi.Input<{ ... }>[]>;

List of public key certificates to authenticate devices. Structure is documented below.

property eventNotificationConfig

eventNotificationConfig?: pulumi.Input<{ ... }>;

A PubSub topics to publish device events. Structure is documented below.

property httpConfig

httpConfig?: pulumi.Input<{ ... }>;

Activate or deactivate HTTP. Structure is documented below.

property mqttConfig

mqttConfig?: pulumi.Input<{ ... }>;

Activate or deactivate MQTT. Structure is documented below.

property name

name?: pulumi.Input<string>;

A unique name for the resource, required by device registry. Changing this forces a new resource to be created.

property project

project?: pulumi.Input<string>;

The project in which the resource belongs. If it is not provided, the provider project is used.

property region

region?: pulumi.Input<string>;

The Region in which the created address should reside. If it is not provided, the provider region is used.

property stateNotificationConfig

stateNotificationConfig?: pulumi.Input<{ ... }>;

A PubSub topic to publish device state updates. Structure is documented below.