NamespaceCustomerManagedKey

class NamespaceCustomerManagedKey : KotlinCustomResource

Manages a Customer Managed Key for a EventHub Namespace. !>Note: In 2.x versions of the Azure Provider during deletion this resource will delete and recreate the parent EventHub Namespace which may involve data loss as it's not possible to remove the Customer Managed Key from the EventHub Namespace once it's been added. Version 3.0 of the Azure Provider will change this so that the Delete operation is a noop, requiring the parent EventHub Namespace is deleted/recreated to remove the Customer Managed Key.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.eventhub.Cluster;
import com.pulumi.azure.eventhub.ClusterArgs;
import com.pulumi.azure.eventhub.EventHubNamespace;
import com.pulumi.azure.eventhub.EventHubNamespaceArgs;
import com.pulumi.azure.eventhub.inputs.EventHubNamespaceIdentityArgs;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.eventhub.NamespaceCustomerManagedKey;
import com.pulumi.azure.eventhub.NamespaceCustomerManagedKeyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var exampleCluster = new Cluster("exampleCluster", ClusterArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.location(exampleResourceGroup.location())
.skuName("Dedicated_1")
.build());
var exampleEventHubNamespace = new EventHubNamespace("exampleEventHubNamespace", EventHubNamespaceArgs.builder()
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.sku("Standard")
.dedicatedClusterId(exampleCluster.id())
.identity(EventHubNamespaceIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
final var current = CoreFunctions.getClientConfig();
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("standard")
.purgeProtectionEnabled(true)
.build());
var exampleAccessPolicy = new AccessPolicy("exampleAccessPolicy", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(exampleEventHubNamespace.identity().applyValue(identity -> identity.tenantId()))
.objectId(exampleEventHubNamespace.identity().applyValue(identity -> identity.principalId()))
.keyPermissions(
"Get",
"UnwrapKey",
"WrapKey")
.build());
var example2 = new AccessPolicy("example2", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.keyPermissions(
"Create",
"Delete",
"Get",
"List",
"Purge",
"Recover",
"GetRotationPolicy")
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleAccessPolicy,
example2)
.build());
var exampleNamespaceCustomerManagedKey = new NamespaceCustomerManagedKey("exampleNamespaceCustomerManagedKey", NamespaceCustomerManagedKeyArgs.builder()
.eventhubNamespaceId(exampleEventHubNamespace.id())
.keyVaultKeyIds(exampleKey.id())
.build());
}
}

Import

Customer Managed Keys for a EventHub Namespace can be imported using the resource id, e.g.

$ pulumi import azure:eventhub/namespaceCustomerManagedKey:NamespaceCustomerManagedKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.EventHub/namespaces/namespace1

Properties

Link copied to clipboard

The ID of the EventHub Namespace. Changing this forces a new resource to be created.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard

Whether to enable Infrastructure Encryption (Double Encryption). Changing this forces a new resource to be created.

Link copied to clipboard
val keyVaultKeyIds: Output<List<String>>

The list of keys of Key Vault.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val urn: Output<String>