Database
data class DatabaseArgs(val appEngineIntegrationMode: Output<String>? = null, val cmekConfig: Output<DatabaseCmekConfigArgs>? = null, val concurrencyMode: Output<String>? = null, val deleteProtectionState: Output<String>? = null, val deletionPolicy: Output<String>? = null, val locationId: Output<String>? = null, val name: Output<String>? = null, val pointInTimeRecoveryEnablement: Output<String>? = null, val project: Output<String>? = null, val type: Output<String>? = null) : ConvertibleToJava<DatabaseArgs>
A Cloud Firestore Database. If you wish to use Firestore with App Engine, use the gcp.appengine.Application resource instead. If you were previously using the gcp.appengine.Application resource exclusively for managing a Firestore database and would like to use the gcp.firestore.Database resource instead, please follow the instructions here. To get more information about Database, see:
How-to Guides
Example Usage
Firestore Default Database
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const database = new gcp.firestore.Database("database", {
project: "my-project-name",
name: "(default)",
locationId: "nam5",
type: "FIRESTORE_NATIVE",
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
database = gcp.firestore.Database("database",
project="my-project-name",
name="(default)",
location_id="nam5",
type="FIRESTORE_NATIVE")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var database = new Gcp.Firestore.Database("database", new()
{
Project = "my-project-name",
Name = "(default)",
LocationId = "nam5",
Type = "FIRESTORE_NATIVE",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/firestore"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := firestore.NewDatabase(ctx, "database", &firestore.DatabaseArgs{
Project: pulumi.String("my-project-name"),
Name: pulumi.String("(default)"),
LocationId: pulumi.String("nam5"),
Type: pulumi.String("FIRESTORE_NATIVE"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.firestore.Database;
import com.pulumi.gcp.firestore.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var database = new Database("database", DatabaseArgs.builder()
.project("my-project-name")
.name("(default)")
.locationId("nam5")
.type("FIRESTORE_NATIVE")
.build());
}
}Content copied to clipboard
resources:
database:
type: gcp:firestore:Database
properties:
project: my-project-name
name: (default)
locationId: nam5
type: FIRESTORE_NATIVEContent copied to clipboard
Firestore Database
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const database = new gcp.firestore.Database("database", {
project: "my-project-name",
name: "database-id",
locationId: "nam5",
type: "FIRESTORE_NATIVE",
concurrencyMode: "OPTIMISTIC",
appEngineIntegrationMode: "DISABLED",
pointInTimeRecoveryEnablement: "POINT_IN_TIME_RECOVERY_ENABLED",
deleteProtectionState: "DELETE_PROTECTION_ENABLED",
deletionPolicy: "DELETE",
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
database = gcp.firestore.Database("database",
project="my-project-name",
name="database-id",
location_id="nam5",
type="FIRESTORE_NATIVE",
concurrency_mode="OPTIMISTIC",
app_engine_integration_mode="DISABLED",
point_in_time_recovery_enablement="POINT_IN_TIME_RECOVERY_ENABLED",
delete_protection_state="DELETE_PROTECTION_ENABLED",
deletion_policy="DELETE")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var database = new Gcp.Firestore.Database("database", new()
{
Project = "my-project-name",
Name = "database-id",
LocationId = "nam5",
Type = "FIRESTORE_NATIVE",
ConcurrencyMode = "OPTIMISTIC",
AppEngineIntegrationMode = "DISABLED",
PointInTimeRecoveryEnablement = "POINT_IN_TIME_RECOVERY_ENABLED",
DeleteProtectionState = "DELETE_PROTECTION_ENABLED",
DeletionPolicy = "DELETE",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/firestore"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := firestore.NewDatabase(ctx, "database", &firestore.DatabaseArgs{
Project: pulumi.String("my-project-name"),
Name: pulumi.String("database-id"),
LocationId: pulumi.String("nam5"),
Type: pulumi.String("FIRESTORE_NATIVE"),
ConcurrencyMode: pulumi.String("OPTIMISTIC"),
AppEngineIntegrationMode: pulumi.String("DISABLED"),
PointInTimeRecoveryEnablement: pulumi.String("POINT_IN_TIME_RECOVERY_ENABLED"),
DeleteProtectionState: pulumi.String("DELETE_PROTECTION_ENABLED"),
DeletionPolicy: pulumi.String("DELETE"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.firestore.Database;
import com.pulumi.gcp.firestore.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var database = new Database("database", DatabaseArgs.builder()
.project("my-project-name")
.name("database-id")
.locationId("nam5")
.type("FIRESTORE_NATIVE")
.concurrencyMode("OPTIMISTIC")
.appEngineIntegrationMode("DISABLED")
.pointInTimeRecoveryEnablement("POINT_IN_TIME_RECOVERY_ENABLED")
.deleteProtectionState("DELETE_PROTECTION_ENABLED")
.deletionPolicy("DELETE")
.build());
}
}Content copied to clipboard
resources:
database:
type: gcp:firestore:Database
properties:
project: my-project-name
name: database-id
locationId: nam5
type: FIRESTORE_NATIVE
concurrencyMode: OPTIMISTIC
appEngineIntegrationMode: DISABLED
pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED
deleteProtectionState: DELETE_PROTECTION_ENABLED
deletionPolicy: DELETEContent copied to clipboard
Firestore Cmek Database
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const keyRing = new gcp.kms.KeyRing("key_ring", {
name: "kms-key-ring",
location: "us",
});
const cryptoKey = new gcp.kms.CryptoKey("crypto_key", {
name: "kms-key",
keyRing: keyRing.id,
purpose: "ENCRYPT_DECRYPT",
});
const firestoreCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding("firestore_cmek_keyuser", {
cryptoKeyId: cryptoKey.id,
role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",
members: [project.then(project => `serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com`)],
});
const database = new gcp.firestore.Database("database", {
project: "my-project-name",
name: "cmek-database-id",
locationId: "nam5",
type: "FIRESTORE_NATIVE",
concurrencyMode: "OPTIMISTIC",
appEngineIntegrationMode: "DISABLED",
pointInTimeRecoveryEnablement: "POINT_IN_TIME_RECOVERY_ENABLED",
deleteProtectionState: "DELETE_PROTECTION_ENABLED",
deletionPolicy: "DELETE",
cmekConfig: {
kmsKeyName: cryptoKey.id,
},
}, {
dependsOn: [firestoreCmekKeyuser],
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
key_ring = gcp.kms.KeyRing("key_ring",
name="kms-key-ring",
location="us")
crypto_key = gcp.kms.CryptoKey("crypto_key",
name="kms-key",
key_ring=key_ring.id,
purpose="ENCRYPT_DECRYPT")
firestore_cmek_keyuser = gcp.kms.CryptoKeyIAMBinding("firestore_cmek_keyuser",
crypto_key_id=crypto_key.id,
role="roles/cloudkms.cryptoKeyEncrypterDecrypter",
members=[f"serviceAccount:service-{project.number}@gcp-sa-firestore.iam.gserviceaccount.com"])
database = gcp.firestore.Database("database",
project="my-project-name",
name="cmek-database-id",
location_id="nam5",
type="FIRESTORE_NATIVE",
concurrency_mode="OPTIMISTIC",
app_engine_integration_mode="DISABLED",
point_in_time_recovery_enablement="POINT_IN_TIME_RECOVERY_ENABLED",
delete_protection_state="DELETE_PROTECTION_ENABLED",
deletion_policy="DELETE",
cmek_config={
"kms_key_name": crypto_key.id,
},
opts = pulumi.ResourceOptions(depends_on=[firestore_cmek_keyuser]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var keyRing = new Gcp.Kms.KeyRing("key_ring", new()
{
Name = "kms-key-ring",
Location = "us",
});
var cryptoKey = new Gcp.Kms.CryptoKey("crypto_key", new()
{
Name = "kms-key",
KeyRing = keyRing.Id,
Purpose = "ENCRYPT_DECRYPT",
});
var firestoreCmekKeyuser = new Gcp.Kms.CryptoKeyIAMBinding("firestore_cmek_keyuser", new()
{
CryptoKeyId = cryptoKey.Id,
Role = "roles/cloudkms.cryptoKeyEncrypterDecrypter",
Members = new[]
{
$"serviceAccount:service-{project.Apply(getProjectResult => getProjectResult.Number)}@gcp-sa-firestore.iam.gserviceaccount.com",
},
});
var database = new Gcp.Firestore.Database("database", new()
{
Project = "my-project-name",
Name = "cmek-database-id",
LocationId = "nam5",
Type = "FIRESTORE_NATIVE",
ConcurrencyMode = "OPTIMISTIC",
AppEngineIntegrationMode = "DISABLED",
PointInTimeRecoveryEnablement = "POINT_IN_TIME_RECOVERY_ENABLED",
DeleteProtectionState = "DELETE_PROTECTION_ENABLED",
DeletionPolicy = "DELETE",
CmekConfig = new Gcp.Firestore.Inputs.DatabaseCmekConfigArgs
{
KmsKeyName = cryptoKey.Id,
},
}, new CustomResourceOptions
{
DependsOn =
{
firestoreCmekKeyuser,
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/firestore"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.LookupProject(ctx, nil, nil)
if err != nil {
return err
}
keyRing, err := kms.NewKeyRing(ctx, "key_ring", &kms.KeyRingArgs{
Name: pulumi.String("kms-key-ring"),
Location: pulumi.String("us"),
})
if err != nil {
return err
}
cryptoKey, err := kms.NewCryptoKey(ctx, "crypto_key", &kms.CryptoKeyArgs{
Name: pulumi.String("kms-key"),
KeyRing: keyRing.ID(),
Purpose: pulumi.String("ENCRYPT_DECRYPT"),
})
if err != nil {
return err
}
firestoreCmekKeyuser, err := kms.NewCryptoKeyIAMBinding(ctx, "firestore_cmek_keyuser", &kms.CryptoKeyIAMBindingArgs{
CryptoKeyId: cryptoKey.ID(),
Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypterDecrypter"),
Members: pulumi.StringArray{
pulumi.Sprintf("serviceAccount:service-%v@gcp-sa-firestore.iam.gserviceaccount.com", project.Number),
},
})
if err != nil {
return err
}
_, err = firestore.NewDatabase(ctx, "database", &firestore.DatabaseArgs{
Project: pulumi.String("my-project-name"),
Name: pulumi.String("cmek-database-id"),
LocationId: pulumi.String("nam5"),
Type: pulumi.String("FIRESTORE_NATIVE"),
ConcurrencyMode: pulumi.String("OPTIMISTIC"),
AppEngineIntegrationMode: pulumi.String("DISABLED"),
PointInTimeRecoveryEnablement: pulumi.String("POINT_IN_TIME_RECOVERY_ENABLED"),
DeleteProtectionState: pulumi.String("DELETE_PROTECTION_ENABLED"),
DeletionPolicy: pulumi.String("DELETE"),
CmekConfig: &firestore.DatabaseCmekConfigArgs{
KmsKeyName: cryptoKey.ID(),
},
}, pulumi.DependsOn([]pulumi.Resource{
firestoreCmekKeyuser,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.kms.CryptoKeyIAMBinding;
import com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;
import com.pulumi.gcp.firestore.Database;
import com.pulumi.gcp.firestore.DatabaseArgs;
import com.pulumi.gcp.firestore.inputs.DatabaseCmekConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject();
var keyRing = new KeyRing("keyRing", KeyRingArgs.builder()
.name("kms-key-ring")
.location("us")
.build());
var cryptoKey = new CryptoKey("cryptoKey", CryptoKeyArgs.builder()
.name("kms-key")
.keyRing(keyRing.id())
.purpose("ENCRYPT_DECRYPT")
.build());
var firestoreCmekKeyuser = new CryptoKeyIAMBinding("firestoreCmekKeyuser", CryptoKeyIAMBindingArgs.builder()
.cryptoKeyId(cryptoKey.id())
.role("roles/cloudkms.cryptoKeyEncrypterDecrypter")
.members(String.format("serviceAccount:service-%s@gcp-sa-firestore.iam.gserviceaccount.com", project.applyValue(getProjectResult -> getProjectResult.number())))
.build());
var database = new Database("database", DatabaseArgs.builder()
.project("my-project-name")
.name("cmek-database-id")
.locationId("nam5")
.type("FIRESTORE_NATIVE")
.concurrencyMode("OPTIMISTIC")
.appEngineIntegrationMode("DISABLED")
.pointInTimeRecoveryEnablement("POINT_IN_TIME_RECOVERY_ENABLED")
.deleteProtectionState("DELETE_PROTECTION_ENABLED")
.deletionPolicy("DELETE")
.cmekConfig(DatabaseCmekConfigArgs.builder()
.kmsKeyName(cryptoKey.id())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(firestoreCmekKeyuser)
.build());
}
}Content copied to clipboard
resources:
database:
type: gcp:firestore:Database
properties:
project: my-project-name
name: cmek-database-id
locationId: nam5
type: FIRESTORE_NATIVE
concurrencyMode: OPTIMISTIC
appEngineIntegrationMode: DISABLED
pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED
deleteProtectionState: DELETE_PROTECTION_ENABLED
deletionPolicy: DELETE
cmekConfig:
kmsKeyName: ${cryptoKey.id}
options:
dependson:
- ${firestoreCmekKeyuser}
cryptoKey:
type: gcp:kms:CryptoKey
name: crypto_key
properties:
name: kms-key
keyRing: ${keyRing.id}
purpose: ENCRYPT_DECRYPT
keyRing:
type: gcp:kms:KeyRing
name: key_ring
properties:
name: kms-key-ring
location: us
firestoreCmekKeyuser:
type: gcp:kms:CryptoKeyIAMBinding
name: firestore_cmek_keyuser
properties:
cryptoKeyId: ${cryptoKey.id}
role: roles/cloudkms.cryptoKeyEncrypterDecrypter
members:
- serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com
variables:
project:
fn::invoke:
Function: gcp:organizations:getProject
Arguments: {}Content copied to clipboard
Firestore Default Database In Datastore Mode
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const datastoreModeDatabase = new gcp.firestore.Database("datastore_mode_database", {
project: "my-project-name",
name: "(default)",
locationId: "nam5",
type: "DATASTORE_MODE",
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
datastore_mode_database = gcp.firestore.Database("datastore_mode_database",
project="my-project-name",
name="(default)",
location_id="nam5",
type="DATASTORE_MODE")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var datastoreModeDatabase = new Gcp.Firestore.Database("datastore_mode_database", new()
{
Project = "my-project-name",
Name = "(default)",
LocationId = "nam5",
Type = "DATASTORE_MODE",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/firestore"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := firestore.NewDatabase(ctx, "datastore_mode_database", &firestore.DatabaseArgs{
Project: pulumi.String("my-project-name"),
Name: pulumi.String("(default)"),
LocationId: pulumi.String("nam5"),
Type: pulumi.String("DATASTORE_MODE"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.firestore.Database;
import com.pulumi.gcp.firestore.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var datastoreModeDatabase = new Database("datastoreModeDatabase", DatabaseArgs.builder()
.project("my-project-name")
.name("(default)")
.locationId("nam5")
.type("DATASTORE_MODE")
.build());
}
}Content copied to clipboard
resources:
datastoreModeDatabase:
type: gcp:firestore:Database
name: datastore_mode_database
properties:
project: my-project-name
name: (default)
locationId: nam5
type: DATASTORE_MODEContent copied to clipboard
Firestore Database In Datastore Mode
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const datastoreModeDatabase = new gcp.firestore.Database("datastore_mode_database", {
project: "my-project-name",
name: "database-id",
locationId: "nam5",
type: "DATASTORE_MODE",
concurrencyMode: "OPTIMISTIC",
appEngineIntegrationMode: "DISABLED",
pointInTimeRecoveryEnablement: "POINT_IN_TIME_RECOVERY_ENABLED",
deleteProtectionState: "DELETE_PROTECTION_ENABLED",
deletionPolicy: "DELETE",
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
datastore_mode_database = gcp.firestore.Database("datastore_mode_database",
project="my-project-name",
name="database-id",
location_id="nam5",
type="DATASTORE_MODE",
concurrency_mode="OPTIMISTIC",
app_engine_integration_mode="DISABLED",
point_in_time_recovery_enablement="POINT_IN_TIME_RECOVERY_ENABLED",
delete_protection_state="DELETE_PROTECTION_ENABLED",
deletion_policy="DELETE")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var datastoreModeDatabase = new Gcp.Firestore.Database("datastore_mode_database", new()
{
Project = "my-project-name",
Name = "database-id",
LocationId = "nam5",
Type = "DATASTORE_MODE",
ConcurrencyMode = "OPTIMISTIC",
AppEngineIntegrationMode = "DISABLED",
PointInTimeRecoveryEnablement = "POINT_IN_TIME_RECOVERY_ENABLED",
DeleteProtectionState = "DELETE_PROTECTION_ENABLED",
DeletionPolicy = "DELETE",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/firestore"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := firestore.NewDatabase(ctx, "datastore_mode_database", &firestore.DatabaseArgs{
Project: pulumi.String("my-project-name"),
Name: pulumi.String("database-id"),
LocationId: pulumi.String("nam5"),
Type: pulumi.String("DATASTORE_MODE"),
ConcurrencyMode: pulumi.String("OPTIMISTIC"),
AppEngineIntegrationMode: pulumi.String("DISABLED"),
PointInTimeRecoveryEnablement: pulumi.String("POINT_IN_TIME_RECOVERY_ENABLED"),
DeleteProtectionState: pulumi.String("DELETE_PROTECTION_ENABLED"),
DeletionPolicy: pulumi.String("DELETE"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.firestore.Database;
import com.pulumi.gcp.firestore.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var datastoreModeDatabase = new Database("datastoreModeDatabase", DatabaseArgs.builder()
.project("my-project-name")
.name("database-id")
.locationId("nam5")
.type("DATASTORE_MODE")
.concurrencyMode("OPTIMISTIC")
.appEngineIntegrationMode("DISABLED")
.pointInTimeRecoveryEnablement("POINT_IN_TIME_RECOVERY_ENABLED")
.deleteProtectionState("DELETE_PROTECTION_ENABLED")
.deletionPolicy("DELETE")
.build());
}
}Content copied to clipboard
resources:
datastoreModeDatabase:
type: gcp:firestore:Database
name: datastore_mode_database
properties:
project: my-project-name
name: database-id
locationId: nam5
type: DATASTORE_MODE
concurrencyMode: OPTIMISTIC
appEngineIntegrationMode: DISABLED
pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED
deleteProtectionState: DELETE_PROTECTION_ENABLED
deletionPolicy: DELETEContent copied to clipboard
Firestore Cmek Database In Datastore Mode
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const keyRing = new gcp.kms.KeyRing("key_ring", {
name: "kms-key-ring",
location: "us",
});
const cryptoKey = new gcp.kms.CryptoKey("crypto_key", {
name: "kms-key",
keyRing: keyRing.id,
purpose: "ENCRYPT_DECRYPT",
});
const firestoreCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding("firestore_cmek_keyuser", {
cryptoKeyId: cryptoKey.id,
role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",
members: [project.then(project => `serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com`)],
});
const database = new gcp.firestore.Database("database", {
project: "my-project-name",
name: "cmek-database-id",
locationId: "nam5",
type: "DATASTORE_MODE",
concurrencyMode: "OPTIMISTIC",
appEngineIntegrationMode: "DISABLED",
pointInTimeRecoveryEnablement: "POINT_IN_TIME_RECOVERY_ENABLED",
deleteProtectionState: "DELETE_PROTECTION_ENABLED",
deletionPolicy: "DELETE",
cmekConfig: {
kmsKeyName: cryptoKey.id,
},
}, {
dependsOn: [firestoreCmekKeyuser],
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
key_ring = gcp.kms.KeyRing("key_ring",
name="kms-key-ring",
location="us")
crypto_key = gcp.kms.CryptoKey("crypto_key",
name="kms-key",
key_ring=key_ring.id,
purpose="ENCRYPT_DECRYPT")
firestore_cmek_keyuser = gcp.kms.CryptoKeyIAMBinding("firestore_cmek_keyuser",
crypto_key_id=crypto_key.id,
role="roles/cloudkms.cryptoKeyEncrypterDecrypter",
members=[f"serviceAccount:service-{project.number}@gcp-sa-firestore.iam.gserviceaccount.com"])
database = gcp.firestore.Database("database",
project="my-project-name",
name="cmek-database-id",
location_id="nam5",
type="DATASTORE_MODE",
concurrency_mode="OPTIMISTIC",
app_engine_integration_mode="DISABLED",
point_in_time_recovery_enablement="POINT_IN_TIME_RECOVERY_ENABLED",
delete_protection_state="DELETE_PROTECTION_ENABLED",
deletion_policy="DELETE",
cmek_config={
"kms_key_name": crypto_key.id,
},
opts = pulumi.ResourceOptions(depends_on=[firestore_cmek_keyuser]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var keyRing = new Gcp.Kms.KeyRing("key_ring", new()
{
Name = "kms-key-ring",
Location = "us",
});
var cryptoKey = new Gcp.Kms.CryptoKey("crypto_key", new()
{
Name = "kms-key",
KeyRing = keyRing.Id,
Purpose = "ENCRYPT_DECRYPT",
});
var firestoreCmekKeyuser = new Gcp.Kms.CryptoKeyIAMBinding("firestore_cmek_keyuser", new()
{
CryptoKeyId = cryptoKey.Id,
Role = "roles/cloudkms.cryptoKeyEncrypterDecrypter",
Members = new[]
{
$"serviceAccount:service-{project.Apply(getProjectResult => getProjectResult.Number)}@gcp-sa-firestore.iam.gserviceaccount.com",
},
});
var database = new Gcp.Firestore.Database("database", new()
{
Project = "my-project-name",
Name = "cmek-database-id",
LocationId = "nam5",
Type = "DATASTORE_MODE",
ConcurrencyMode = "OPTIMISTIC",
AppEngineIntegrationMode = "DISABLED",
PointInTimeRecoveryEnablement = "POINT_IN_TIME_RECOVERY_ENABLED",
DeleteProtectionState = "DELETE_PROTECTION_ENABLED",
DeletionPolicy = "DELETE",
CmekConfig = new Gcp.Firestore.Inputs.DatabaseCmekConfigArgs
{
KmsKeyName = cryptoKey.Id,
},
}, new CustomResourceOptions
{
DependsOn =
{
firestoreCmekKeyuser,
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/firestore"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.LookupProject(ctx, nil, nil)
if err != nil {
return err
}
keyRing, err := kms.NewKeyRing(ctx, "key_ring", &kms.KeyRingArgs{
Name: pulumi.String("kms-key-ring"),
Location: pulumi.String("us"),
})
if err != nil {
return err
}
cryptoKey, err := kms.NewCryptoKey(ctx, "crypto_key", &kms.CryptoKeyArgs{
Name: pulumi.String("kms-key"),
KeyRing: keyRing.ID(),
Purpose: pulumi.String("ENCRYPT_DECRYPT"),
})
if err != nil {
return err
}
firestoreCmekKeyuser, err := kms.NewCryptoKeyIAMBinding(ctx, "firestore_cmek_keyuser", &kms.CryptoKeyIAMBindingArgs{
CryptoKeyId: cryptoKey.ID(),
Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypterDecrypter"),
Members: pulumi.StringArray{
pulumi.Sprintf("serviceAccount:service-%v@gcp-sa-firestore.iam.gserviceaccount.com", project.Number),
},
})
if err != nil {
return err
}
_, err = firestore.NewDatabase(ctx, "database", &firestore.DatabaseArgs{
Project: pulumi.String("my-project-name"),
Name: pulumi.String("cmek-database-id"),
LocationId: pulumi.String("nam5"),
Type: pulumi.String("DATASTORE_MODE"),
ConcurrencyMode: pulumi.String("OPTIMISTIC"),
AppEngineIntegrationMode: pulumi.String("DISABLED"),
PointInTimeRecoveryEnablement: pulumi.String("POINT_IN_TIME_RECOVERY_ENABLED"),
DeleteProtectionState: pulumi.String("DELETE_PROTECTION_ENABLED"),
DeletionPolicy: pulumi.String("DELETE"),
CmekConfig: &firestore.DatabaseCmekConfigArgs{
KmsKeyName: cryptoKey.ID(),
},
}, pulumi.DependsOn([]pulumi.Resource{
firestoreCmekKeyuser,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.kms.CryptoKeyIAMBinding;
import com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;
import com.pulumi.gcp.firestore.Database;
import com.pulumi.gcp.firestore.DatabaseArgs;
import com.pulumi.gcp.firestore.inputs.DatabaseCmekConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject();
var keyRing = new KeyRing("keyRing", KeyRingArgs.builder()
.name("kms-key-ring")
.location("us")
.build());
var cryptoKey = new CryptoKey("cryptoKey", CryptoKeyArgs.builder()
.name("kms-key")
.keyRing(keyRing.id())
.purpose("ENCRYPT_DECRYPT")
.build());
var firestoreCmekKeyuser = new CryptoKeyIAMBinding("firestoreCmekKeyuser", CryptoKeyIAMBindingArgs.builder()
.cryptoKeyId(cryptoKey.id())
.role("roles/cloudkms.cryptoKeyEncrypterDecrypter")
.members(String.format("serviceAccount:service-%s@gcp-sa-firestore.iam.gserviceaccount.com", project.applyValue(getProjectResult -> getProjectResult.number())))
.build());
var database = new Database("database", DatabaseArgs.builder()
.project("my-project-name")
.name("cmek-database-id")
.locationId("nam5")
.type("DATASTORE_MODE")
.concurrencyMode("OPTIMISTIC")
.appEngineIntegrationMode("DISABLED")
.pointInTimeRecoveryEnablement("POINT_IN_TIME_RECOVERY_ENABLED")
.deleteProtectionState("DELETE_PROTECTION_ENABLED")
.deletionPolicy("DELETE")
.cmekConfig(DatabaseCmekConfigArgs.builder()
.kmsKeyName(cryptoKey.id())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(firestoreCmekKeyuser)
.build());
}
}Content copied to clipboard
resources:
database:
type: gcp:firestore:Database
properties:
project: my-project-name
name: cmek-database-id
locationId: nam5
type: DATASTORE_MODE
concurrencyMode: OPTIMISTIC
appEngineIntegrationMode: DISABLED
pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED
deleteProtectionState: DELETE_PROTECTION_ENABLED
deletionPolicy: DELETE
cmekConfig:
kmsKeyName: ${cryptoKey.id}
options:
dependson:
- ${firestoreCmekKeyuser}
cryptoKey:
type: gcp:kms:CryptoKey
name: crypto_key
properties:
name: kms-key
keyRing: ${keyRing.id}
purpose: ENCRYPT_DECRYPT
keyRing:
type: gcp:kms:KeyRing
name: key_ring
properties:
name: kms-key-ring
location: us
firestoreCmekKeyuser:
type: gcp:kms:CryptoKeyIAMBinding
name: firestore_cmek_keyuser
properties:
cryptoKeyId: ${cryptoKey.id}
role: roles/cloudkms.cryptoKeyEncrypterDecrypter
members:
- serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com
variables:
project:
fn::invoke:
Function: gcp:organizations:getProject
Arguments: {}Content copied to clipboard
Import
Database can be imported using any of these accepted formats:
projects/{{project}}/databases/{{name}}{{project}}/{{name}}{{name}}When using thepulumi importcommand, Database can be imported using one of the formats above. For example:
$ pulumi import gcp:firestore/database:Database default projects/{{project}}/databases/{{name}}Content copied to clipboard
$ pulumi import gcp:firestore/database:Database default {{project}}/{{name}}Content copied to clipboard
$ pulumi import gcp:firestore/database:Database default {{name}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(appEngineIntegrationMode: Output<String>? = null, cmekConfig: Output<DatabaseCmekConfigArgs>? = null, concurrencyMode: Output<String>? = null, deleteProtectionState: Output<String>? = null, deletionPolicy: Output<String>? = null, locationId: Output<String>? = null, name: Output<String>? = null, pointInTimeRecoveryEnablement: Output<String>? = null, project: Output<String>? = null, type: Output<String>? = null)
Properties
Link copied to clipboard
The App Engine integration mode to use for this database. Possible values are: ENABLED, DISABLED.
Link copied to clipboard
The CMEK (Customer Managed Encryption Key) configuration for a Firestore database. If not present, the database is secured by the default Google encryption key. Structure is documented below.
Link copied to clipboard
The concurrency control mode to use for this database. Possible values are: OPTIMISTIC, PESSIMISTIC, OPTIMISTIC_WITH_ENTITY_GROUPS.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The location of the database. Available locations are listed at https://cloud.google.com/firestore/docs/locations.
Link copied to clipboard
The ID to use for the database, which will become the final component of the database's resource name. This value should be 4-63 characters. Valid characters are /0-9-/ with first character a letter and the last a letter or a number. Must not be UUID-like /0-9a-f{8}(-0-9a-f{4}){3}-0-9a-f{12}/. "(default)" database id is also valid.
Link copied to clipboard
Whether to enable the PITR feature on this database. If POINT_IN_TIME_RECOVERY_ENABLED is selected, reads are supported on selected versions of the data from within the past 7 days. versionRetentionPeriod and earliestVersionTime can be used to determine the supported versions. These include reads against any timestamp within the past hour and reads against 1-minute snapshots beyond 1 hour and within 7 days. If POINT_IN_TIME_RECOVERY_DISABLED is selected, reads are supported on any version of the data from within the past 1 hour. Default value is POINT_IN_TIME_RECOVERY_DISABLED. Possible values are: POINT_IN_TIME_RECOVERY_ENABLED, POINT_IN_TIME_RECOVERY_DISABLED.