pulumi-azure-kotlin/com.pulumi.azure.keyvault.kotlin/ManagedStorageAccount

ManagedStorageAccount

class ManagedStorageAccount : KotlinCustomResource

Manages a Key Vault Managed Storage Account.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.ManagedStorageAccount;
import com.pulumi.azure.keyvault.ManagedStorageAccountArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = CoreFunctions.getClientConfig();
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .build());
        var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .skuName("standard")
            .accessPolicies(KeyVaultAccessPolicyArgs.builder()
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                .secretPermissions(
                    "Get",
                    "Delete")
                .storagePermissions(
                    "Get",
                    "List",
                    "Set",
                    "SetSAS",
                    "GetSAS",
                    "DeleteSAS",
                    "Update",
                    "RegenerateKey")
                .build())
            .build());
        var exampleManagedStorageAccount = new ManagedStorageAccount("exampleManagedStorageAccount", ManagedStorageAccountArgs.builder()
            .keyVaultId(exampleKeyVault.id())
            .storageAccountId(exampleAccount.id())
            .storageAccountKey("key1")
            .regenerateKeyAutomatically(false)
            .regenerationPeriod("P1D")
            .build());
    }
}
Content copied to clipboard

Automatically Regenerate Storage Account Access Key)

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azuread.AzureadFunctions;
import com.pulumi.azuread.inputs.GetServicePrincipalArgs;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.authorization.Assignment;
import com.pulumi.azure.authorization.AssignmentArgs;
import com.pulumi.azure.keyvault.ManagedStorageAccount;
import com.pulumi.azure.keyvault.ManagedStorageAccountArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = CoreFunctions.getClientConfig();
        final var test = AzureadFunctions.getServicePrincipal(GetServicePrincipalArgs.builder()
            .applicationId("cfa8b339-82a2-471a-a3c9-0fc0be7a4093")
            .build());
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
            .resourceGroupName(exampleResourceGroup.name())
            .location(exampleResourceGroup.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .build());
        var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .skuName("standard")
            .accessPolicies(KeyVaultAccessPolicyArgs.builder()
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                .secretPermissions(
                    "Get",
                    "Delete")
                .storagePermissions(
                    "Get",
                    "List",
                    "Set",
                    "SetSAS",
                    "GetSAS",
                    "DeleteSAS",
                    "Update",
                    "RegenerateKey")
                .build())
            .build());
        var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
            .scope(exampleAccount.id())
            .roleDefinitionName("Storage Account Key Operator Service Role")
            .principalId(test.applyValue(getServicePrincipalResult -> getServicePrincipalResult.id()))
            .build());
        var exampleManagedStorageAccount = new ManagedStorageAccount("exampleManagedStorageAccount", ManagedStorageAccountArgs.builder()
            .keyVaultId(exampleKeyVault.id())
            .storageAccountId(exampleAccount.id())
            .storageAccountKey("key1")
            .regenerateKeyAutomatically(true)
            .regenerationPeriod("P1D")
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleAssignment)
                .build());
    }
}
Content copied to clipboard

Import

Key Vault Managed Storage Accounts can be imported using the resource id, e.g.

$ pulumi import azure:keyvault/managedStorageAccount:ManagedStorageAccount example https://example-keyvault.vault.azure.net/storage/exampleStorageAcc01
Content copied to clipboard

Properties

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val keyVaultId: Output<String>

The ID of the Key Vault where the Managed Storage Account should be created. Changing this forces a new resource to be created.

Link copied to clipboard
val name: Output<String>

The name which should be used for this Key Vault Managed Storage Account. Changing this forces a new Key Vault Managed Storage Account to be created.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val regenerateKeyAutomatically: Output<Boolean>?

Should Storage Account access key be regenerated periodically?

Link copied to clipboard
val regenerationPeriod: Output<String>?

How often Storage Account access key should be regenerated. Value needs to be in ISO 8601 duration format.

Link copied to clipboard
val storageAccountId: Output<String>

The ID of the Storage Account.

Link copied to clipboard
val storageAccountKey: Output<String>

Which Storage Account access key that is managed by Key Vault. Possible values are key1 and key2.

Link copied to clipboard
val tags: Output<Map<String, String>>?

A mapping of tags which should be assigned to the Key Vault Managed Storage Account. Changing this forces a new resource to be created.

Link copied to clipboard
val urn: Output<String>