Cluster
data class ClusterCustomerManagedKeyArgs(val clusterId: Output<String>? = null, val keyName: Output<String>? = null, val keyVaultId: Output<String>? = null, val keyVersion: Output<String>? = null, val userIdentity: Output<String>? = null) : ConvertibleToJava<ClusterCustomerManagedKeyArgs>
Manages a Customer Managed Key for a Kusto Cluster.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "examplekv",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "standard",
purgeProtectionEnabled: true,
});
const exampleCluster = new azure.kusto.Cluster("example", {
name: "kustocluster",
location: example.location,
resourceGroupName: example.name,
sku: {
name: "Standard_D13_v2",
capacity: 2,
},
identity: {
type: "SystemAssigned",
},
});
const cluster = new azure.keyvault.AccessPolicy("cluster", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: exampleCluster.identity.apply(identity => identity?.principalId),
keyPermissions: [
"Get",
"UnwrapKey",
"WrapKey",
],
});
const client = new azure.keyvault.AccessPolicy("client", {
keyVaultId: exampleKeyVault.id,
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
keyPermissions: [
"Get",
"List",
"Create",
"Delete",
"Recover",
"GetRotationPolicy",
],
});
const exampleKey = new azure.keyvault.Key("example", {
name: "tfex-key",
keyVaultId: exampleKeyVault.id,
keyType: "RSA",
keySize: 2048,
keyOpts: [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
}, {
dependsOn: [
client,
cluster,
],
});
const exampleClusterCustomerManagedKey = new azure.kusto.ClusterCustomerManagedKey("example", {
clusterId: exampleCluster.id,
keyVaultId: exampleKeyVault.id,
keyName: exampleKey.name,
keyVersion: exampleKey.version,
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_key_vault = azure.keyvault.KeyVault("example",
name="examplekv",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="standard",
purge_protection_enabled=True)
example_cluster = azure.kusto.Cluster("example",
name="kustocluster",
location=example.location,
resource_group_name=example.name,
sku={
"name": "Standard_D13_v2",
"capacity": 2,
},
identity={
"type": "SystemAssigned",
})
cluster = azure.keyvault.AccessPolicy("cluster",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=example_cluster.identity.principal_id,
key_permissions=[
"Get",
"UnwrapKey",
"WrapKey",
])
client = azure.keyvault.AccessPolicy("client",
key_vault_id=example_key_vault.id,
tenant_id=current.tenant_id,
object_id=current.object_id,
key_permissions=[
"Get",
"List",
"Create",
"Delete",
"Recover",
"GetRotationPolicy",
])
example_key = azure.keyvault.Key("example",
name="tfex-key",
key_vault_id=example_key_vault.id,
key_type="RSA",
key_size=2048,
key_opts=[
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
opts = pulumi.ResourceOptions(depends_on=[
client,
cluster,
]))
example_cluster_customer_managed_key = azure.kusto.ClusterCustomerManagedKey("example",
cluster_id=example_cluster.id,
key_vault_id=example_key_vault.id,
key_name=example_key.name,
key_version=example_key.version)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "examplekv",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "standard",
PurgeProtectionEnabled = true,
});
var exampleCluster = new Azure.Kusto.Cluster("example", new()
{
Name = "kustocluster",
Location = example.Location,
ResourceGroupName = example.Name,
Sku = new Azure.Kusto.Inputs.ClusterSkuArgs
{
Name = "Standard_D13_v2",
Capacity = 2,
},
Identity = new Azure.Kusto.Inputs.ClusterIdentityArgs
{
Type = "SystemAssigned",
},
});
var cluster = new Azure.KeyVault.AccessPolicy("cluster", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = exampleCluster.Identity.Apply(identity => identity?.PrincipalId),
KeyPermissions = new[]
{
"Get",
"UnwrapKey",
"WrapKey",
},
});
var client = new Azure.KeyVault.AccessPolicy("client", new()
{
KeyVaultId = exampleKeyVault.Id,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
KeyPermissions = new[]
{
"Get",
"List",
"Create",
"Delete",
"Recover",
"GetRotationPolicy",
},
});
var exampleKey = new Azure.KeyVault.Key("example", new()
{
Name = "tfex-key",
KeyVaultId = exampleKeyVault.Id,
KeyType = "RSA",
KeySize = 2048,
KeyOpts = new[]
{
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
},
}, new CustomResourceOptions
{
DependsOn =
{
client,
cluster,
},
});
var exampleClusterCustomerManagedKey = new Azure.Kusto.ClusterCustomerManagedKey("example", new()
{
ClusterId = exampleCluster.Id,
KeyVaultId = exampleKeyVault.Id,
KeyName = exampleKey.Name,
KeyVersion = exampleKey.Version,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/kusto"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("examplekv"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("standard"),
PurgeProtectionEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
exampleCluster, err := kusto.NewCluster(ctx, "example", &kusto.ClusterArgs{
Name: pulumi.String("kustocluster"),
Location: example.Location,
ResourceGroupName: example.Name,
Sku: &kusto.ClusterSkuArgs{
Name: pulumi.String("Standard_D13_v2"),
Capacity: pulumi.Int(2),
},
Identity: &kusto.ClusterIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
})
if err != nil {
return err
}
cluster, err := keyvault.NewAccessPolicy(ctx, "cluster", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(exampleCluster.Identity.ApplyT(func(identity kusto.ClusterIdentity) (*string, error) {
return &identity.PrincipalId, nil
}).(pulumi.StringPtrOutput)),
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("UnwrapKey"),
pulumi.String("WrapKey"),
},
})
if err != nil {
return err
}
client, err := keyvault.NewAccessPolicy(ctx, "client", &keyvault.AccessPolicyArgs{
KeyVaultId: exampleKeyVault.ID(),
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("List"),
pulumi.String("Create"),
pulumi.String("Delete"),
pulumi.String("Recover"),
pulumi.String("GetRotationPolicy"),
},
})
if err != nil {
return err
}
exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
Name: pulumi.String("tfex-key"),
KeyVaultId: exampleKeyVault.ID(),
KeyType: pulumi.String("RSA"),
KeySize: pulumi.Int(2048),
KeyOpts: pulumi.StringArray{
pulumi.String("decrypt"),
pulumi.String("encrypt"),
pulumi.String("sign"),
pulumi.String("unwrapKey"),
pulumi.String("verify"),
pulumi.String("wrapKey"),
},
}, pulumi.DependsOn([]pulumi.Resource{
client,
cluster,
}))
if err != nil {
return err
}
_, err = kusto.NewClusterCustomerManagedKey(ctx, "example", &kusto.ClusterCustomerManagedKeyArgs{
ClusterId: exampleCluster.ID(),
KeyVaultId: exampleKeyVault.ID(),
KeyName: exampleKey.Name,
KeyVersion: exampleKey.Version,
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.kusto.Cluster;
import com.pulumi.azure.kusto.ClusterArgs;
import com.pulumi.azure.kusto.inputs.ClusterSkuArgs;
import com.pulumi.azure.kusto.inputs.ClusterIdentityArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.kusto.ClusterCustomerManagedKey;
import com.pulumi.azure.kusto.ClusterCustomerManagedKeyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("examplekv")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("standard")
.purgeProtectionEnabled(true)
.build());
var exampleCluster = new Cluster("exampleCluster", ClusterArgs.builder()
.name("kustocluster")
.location(example.location())
.resourceGroupName(example.name())
.sku(ClusterSkuArgs.builder()
.name("Standard_D13_v2")
.capacity(2)
.build())
.identity(ClusterIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
var cluster = new AccessPolicy("cluster", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(exampleCluster.identity().applyValue(identity -> identity.principalId()))
.keyPermissions(
"Get",
"UnwrapKey",
"WrapKey")
.build());
var client = new AccessPolicy("client", AccessPolicyArgs.builder()
.keyVaultId(exampleKeyVault.id())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.keyPermissions(
"Get",
"List",
"Create",
"Delete",
"Recover",
"GetRotationPolicy")
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.name("tfex-key")
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey")
.build(), CustomResourceOptions.builder()
.dependsOn(
client,
cluster)
.build());
var exampleClusterCustomerManagedKey = new ClusterCustomerManagedKey("exampleClusterCustomerManagedKey", ClusterCustomerManagedKeyArgs.builder()
.clusterId(exampleCluster.id())
.keyVaultId(exampleKeyVault.id())
.keyName(exampleKey.name())
.keyVersion(exampleKey.version())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: examplekv
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: standard
purgeProtectionEnabled: true
cluster:
type: azure:keyvault:AccessPolicy
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${exampleCluster.identity.principalId}
keyPermissions:
- Get
- UnwrapKey
- WrapKey
client:
type: azure:keyvault:AccessPolicy
properties:
keyVaultId: ${exampleKeyVault.id}
tenantId: ${current.tenantId}
objectId: ${current.objectId}
keyPermissions:
- Get
- List
- Create
- Delete
- Recover
- GetRotationPolicy
exampleKey:
type: azure:keyvault:Key
name: example
properties:
name: tfex-key
keyVaultId: ${exampleKeyVault.id}
keyType: RSA
keySize: 2048
keyOpts:
- decrypt
- encrypt
- sign
- unwrapKey
- verify
- wrapKey
options:
dependsOn:
- ${client}
- ${cluster}
exampleCluster:
type: azure:kusto:Cluster
name: example
properties:
name: kustocluster
location: ${example.location}
resourceGroupName: ${example.name}
sku:
name: Standard_D13_v2
capacity: 2
identity:
type: SystemAssigned
exampleClusterCustomerManagedKey:
type: azure:kusto:ClusterCustomerManagedKey
name: example
properties:
clusterId: ${exampleCluster.id}
keyVaultId: ${exampleKeyVault.id}
keyName: ${exampleKey.name}
keyVersion: ${exampleKey.version}
variables:
current:
fn::invoke:
function: azure:core:getClientConfig
arguments: {}Content copied to clipboard
Import
Customer Managed Keys for a Kusto Cluster can be imported using the resource id, e.g.
$ pulumi import azure:kusto/clusterCustomerManagedKey:ClusterCustomerManagedKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Kusto/clusters/cluster1Content copied to clipboard