Namespace
data class NamespaceCustomerManagedKeyArgs(val eventhubNamespaceId: Output<String>? = null, val infrastructureEncryptionEnabled: Output<Boolean>? = null, val keyVaultKeyIds: Output<List<String>>? = null) : ConvertibleToJava<NamespaceCustomerManagedKeyArgs>
Manages a Customer Managed Key for a EventHub Namespace. !>Note: In 2.x versions of the Azure Provider during deletion this resource will delete and recreate the parent EventHub Namespace which may involve data loss as it's not possible to remove the Customer Managed Key from the EventHub Namespace once it's been added. Version 3.0 of the Azure Provider will change this so that the Delete operation is a noop, requiring the parent EventHub Namespace is deleted/recreated to remove the Customer Managed Key.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.eventhub.Cluster;
import com.pulumi.azure.eventhub.ClusterArgs;
import com.pulumi.azure.eventhub.EventHubNamespace;
import com.pulumi.azure.eventhub.EventHubNamespaceArgs;
import com.pulumi.azure.eventhub.inputs.EventHubNamespaceIdentityArgs;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.eventhub.NamespaceCustomerManagedKey;
import com.pulumi.azure.eventhub.NamespaceCustomerManagedKeyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var exampleCluster = new Cluster("exampleCluster", ClusterArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.location(exampleResourceGroup.location())
.skuName("Dedicated_1")
.build());
var exampleEventHubNamespace = new EventHubNamespace("exampleEventHubNamespace", EventHubNamespaceArgs.builder()
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.sku("Standard")
.dedicatedClusterId(exampleCluster.id())
.identity(EventHubNamespaceIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
final var current = CoreFunctions.getClientConfig();
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("standard")
.purgeProtectionEnabled(true)
.build());
var exampleAccessPolicy = new AccessPolicy("exampleAccessPolicy", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(exampleEventHubNamespace.identity().applyValue(identity -> identity.tenantId()))
.objectId(exampleEventHubNamespace.identity().applyValue(identity -> identity.principalId()))
.keyPermissions(
"Get",
"UnwrapKey",
"WrapKey")
.build());
var example2 = new AccessPolicy("example2", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.keyPermissions(
"Create",
"Delete",
"Get",
"List",
"Purge",
"Recover",
"GetRotationPolicy")
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleAccessPolicy,
example2)
.build());
var exampleNamespaceCustomerManagedKey = new NamespaceCustomerManagedKey("exampleNamespaceCustomerManagedKey", NamespaceCustomerManagedKeyArgs.builder()
.eventhubNamespaceId(exampleEventHubNamespace.id())
.keyVaultKeyIds(exampleKey.id())
.build());
}
}Content copied to clipboard
Import
Customer Managed Keys for a EventHub Namespace can be imported using the resource id, e.g.
$ pulumi import azure:eventhub/namespaceCustomerManagedKey:NamespaceCustomerManagedKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.EventHub/namespaces/namespace1Content copied to clipboard
Constructors
Link copied to clipboard
fun NamespaceCustomerManagedKeyArgs(eventhubNamespaceId: Output<String>? = null, infrastructureEncryptionEnabled: Output<Boolean>? = null, keyVaultKeyIds: Output<List<String>>? = null)