pulumi-gcp-kotlin/com.pulumi.gcp.firestore.kotlin/Database

Database

class Database : KotlinCustomResource

A Cloud Firestore Database. If you wish to use Firestore with App Engine, use the gcp.appengine.Application resource instead. If you were previously using the gcp.appengine.Application resource exclusively for managing a Firestore database and would like to use the gcp.firestore.Database resource instead, please follow the instructions here. To get more information about Database, see:

API documentation
How-to Guides

Official Documentation

Example Usage

Firestore Default Database

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const database = new gcp.firestore.Database("database", {
    project: "my-project-name",
    name: "(default)",
    locationId: "nam5",
    type: "FIRESTORE_NATIVE",
});

import pulumi
import pulumi_gcp as gcp
database = gcp.firestore.Database("database",
    project="my-project-name",
    name="(default)",
    location_id="nam5",
    type="FIRESTORE_NATIVE")

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var database = new Gcp.Firestore.Database("database", new()
    {
        Project = "my-project-name",
        Name = "(default)",
        LocationId = "nam5",
        Type = "FIRESTORE_NATIVE",
    });
});

package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/firestore"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := firestore.NewDatabase(ctx, "database", &firestore.DatabaseArgs{
			Project:    pulumi.String("my-project-name"),
			Name:       pulumi.String("(default)"),
			LocationId: pulumi.String("nam5"),
			Type:       pulumi.String("FIRESTORE_NATIVE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.firestore.Database;
import com.pulumi.gcp.firestore.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var database = new Database("database", DatabaseArgs.builder()
            .project("my-project-name")
            .name("(default)")
            .locationId("nam5")
            .type("FIRESTORE_NATIVE")
            .build());
    }
}

resources:
  database:
    type: gcp:firestore:Database
    properties:
      project: my-project-name
      name: (default)
      locationId: nam5
      type: FIRESTORE_NATIVE

Firestore Database

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const database = new gcp.firestore.Database("database", {
    project: "my-project-name",
    name: "database-id",
    locationId: "nam5",
    type: "FIRESTORE_NATIVE",
    concurrencyMode: "OPTIMISTIC",
    appEngineIntegrationMode: "DISABLED",
    pointInTimeRecoveryEnablement: "POINT_IN_TIME_RECOVERY_ENABLED",
    deleteProtectionState: "DELETE_PROTECTION_ENABLED",
    deletionPolicy: "DELETE",
});

import pulumi
import pulumi_gcp as gcp
database = gcp.firestore.Database("database",
    project="my-project-name",
    name="database-id",
    location_id="nam5",
    type="FIRESTORE_NATIVE",
    concurrency_mode="OPTIMISTIC",
    app_engine_integration_mode="DISABLED",
    point_in_time_recovery_enablement="POINT_IN_TIME_RECOVERY_ENABLED",
    delete_protection_state="DELETE_PROTECTION_ENABLED",
    deletion_policy="DELETE")

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var database = new Gcp.Firestore.Database("database", new()
    {
        Project = "my-project-name",
        Name = "database-id",
        LocationId = "nam5",
        Type = "FIRESTORE_NATIVE",
        ConcurrencyMode = "OPTIMISTIC",
        AppEngineIntegrationMode = "DISABLED",
        PointInTimeRecoveryEnablement = "POINT_IN_TIME_RECOVERY_ENABLED",
        DeleteProtectionState = "DELETE_PROTECTION_ENABLED",
        DeletionPolicy = "DELETE",
    });
});

package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/firestore"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := firestore.NewDatabase(ctx, "database", &firestore.DatabaseArgs{
			Project:                       pulumi.String("my-project-name"),
			Name:                          pulumi.String("database-id"),
			LocationId:                    pulumi.String("nam5"),
			Type:                          pulumi.String("FIRESTORE_NATIVE"),
			ConcurrencyMode:               pulumi.String("OPTIMISTIC"),
			AppEngineIntegrationMode:      pulumi.String("DISABLED"),
			PointInTimeRecoveryEnablement: pulumi.String("POINT_IN_TIME_RECOVERY_ENABLED"),
			DeleteProtectionState:         pulumi.String("DELETE_PROTECTION_ENABLED"),
			DeletionPolicy:                pulumi.String("DELETE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.firestore.Database;
import com.pulumi.gcp.firestore.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var database = new Database("database", DatabaseArgs.builder()
            .project("my-project-name")
            .name("database-id")
            .locationId("nam5")
            .type("FIRESTORE_NATIVE")
            .concurrencyMode("OPTIMISTIC")
            .appEngineIntegrationMode("DISABLED")
            .pointInTimeRecoveryEnablement("POINT_IN_TIME_RECOVERY_ENABLED")
            .deleteProtectionState("DELETE_PROTECTION_ENABLED")
            .deletionPolicy("DELETE")
            .build());
    }
}

resources:
  database:
    type: gcp:firestore:Database
    properties:
      project: my-project-name
      name: database-id
      locationId: nam5
      type: FIRESTORE_NATIVE
      concurrencyMode: OPTIMISTIC
      appEngineIntegrationMode: DISABLED
      pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED
      deleteProtectionState: DELETE_PROTECTION_ENABLED
      deletionPolicy: DELETE

Firestore Cmek Database

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const keyRing = new gcp.kms.KeyRing("key_ring", {
    name: "kms-key-ring",
    location: "us",
});
const cryptoKey = new gcp.kms.CryptoKey("crypto_key", {
    name: "kms-key",
    keyRing: keyRing.id,
    purpose: "ENCRYPT_DECRYPT",
});
const firestoreCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding("firestore_cmek_keyuser", {
    cryptoKeyId: cryptoKey.id,
    role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",
    members: [project&#46;then(project => `serviceAccount:service-${project&#46;number}@gcp-sa-firestore&#46;iam&#46;gserviceaccount&#46;com`)],
});
const database = new gcp.firestore.Database("database", {
    project: "my-project-name",
    name: "cmek-database-id",
    locationId: "nam5",
    type: "FIRESTORE_NATIVE",
    concurrencyMode: "OPTIMISTIC",
    appEngineIntegrationMode: "DISABLED",
    pointInTimeRecoveryEnablement: "POINT_IN_TIME_RECOVERY_ENABLED",
    deleteProtectionState: "DELETE_PROTECTION_ENABLED",
    deletionPolicy: "DELETE",
    cmekConfig: {
        kmsKeyName: cryptoKey.id,
    },
}, {
    dependsOn: [firestoreCmekKeyuser],
});

import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
key_ring = gcp.kms.KeyRing("key_ring",
    name="kms-key-ring",
    location="us")
crypto_key = gcp.kms.CryptoKey("crypto_key",
    name="kms-key",
    key_ring=key_ring.id,
    purpose="ENCRYPT_DECRYPT")
firestore_cmek_keyuser = gcp.kms.CryptoKeyIAMBinding("firestore_cmek_keyuser",
    crypto_key_id=crypto_key.id,
    role="roles/cloudkms.cryptoKeyEncrypterDecrypter",
    members=[f"serviceAccount:service-{project&#46;number}@gcp-sa-firestore&#46;iam&#46;gserviceaccount&#46;com"])
database = gcp.firestore.Database("database",
    project="my-project-name",
    name="cmek-database-id",
    location_id="nam5",
    type="FIRESTORE_NATIVE",
    concurrency_mode="OPTIMISTIC",
    app_engine_integration_mode="DISABLED",
    point_in_time_recovery_enablement="POINT_IN_TIME_RECOVERY_ENABLED",
    delete_protection_state="DELETE_PROTECTION_ENABLED",
    deletion_policy="DELETE",
    cmek_config={
        "kms_key_name": crypto_key.id,
    },
    opts = pulumi.ResourceOptions(depends_on=[firestore_cmek_keyuser]))

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var project = Gcp.Organizations.GetProject.Invoke();
    var keyRing = new Gcp.Kms.KeyRing("key_ring", new()
    {
        Name = "kms-key-ring",
        Location = "us",
    });
    var cryptoKey = new Gcp.Kms.CryptoKey("crypto_key", new()
    {
        Name = "kms-key",
        KeyRing = keyRing.Id,
        Purpose = "ENCRYPT_DECRYPT",
    });
    var firestoreCmekKeyuser = new Gcp.Kms.CryptoKeyIAMBinding("firestore_cmek_keyuser", new()
    {
        CryptoKeyId = cryptoKey.Id,
        Role = "roles/cloudkms.cryptoKeyEncrypterDecrypter",
        Members = new[]
        {
            $"serviceAccount:service-{project.Apply(getProjectResult => getProjectResult.Number)}@gcp-sa-firestore.iam.gserviceaccount.com",
        },
    });
    var database = new Gcp.Firestore.Database("database", new()
    {
        Project = "my-project-name",
        Name = "cmek-database-id",
        LocationId = "nam5",
        Type = "FIRESTORE_NATIVE",
        ConcurrencyMode = "OPTIMISTIC",
        AppEngineIntegrationMode = "DISABLED",
        PointInTimeRecoveryEnablement = "POINT_IN_TIME_RECOVERY_ENABLED",
        DeleteProtectionState = "DELETE_PROTECTION_ENABLED",
        DeletionPolicy = "DELETE",
        CmekConfig = new Gcp.Firestore.Inputs.DatabaseCmekConfigArgs
        {
            KmsKeyName = cryptoKey.Id,
        },
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            firestoreCmekKeyuser,
        },
    });
});

package main
import (
	"fmt"
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/firestore"
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project, err := organizations.LookupProject(ctx, nil, nil)
		if err != nil {
			return err
		}
		keyRing, err := kms.NewKeyRing(ctx, "key_ring", &kms.KeyRingArgs{
			Name:     pulumi.String("kms-key-ring"),
			Location: pulumi.String("us"),
		})
		if err != nil {
			return err
		}
		cryptoKey, err := kms.NewCryptoKey(ctx, "crypto_key", &kms.CryptoKeyArgs{
			Name:    pulumi.String("kms-key"),
			KeyRing: keyRing.ID(),
			Purpose: pulumi.String("ENCRYPT_DECRYPT"),
		})
		if err != nil {
			return err
		}
		firestoreCmekKeyuser, err := kms.NewCryptoKeyIAMBinding(ctx, "firestore_cmek_keyuser", &kms.CryptoKeyIAMBindingArgs{
			CryptoKeyId: cryptoKey.ID(),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypterDecrypter"),
			Members: pulumi.StringArray{
				pulumi.Sprintf("serviceAccount:service-%v@gcp-sa-firestore.iam.gserviceaccount.com", project.Number),
			},
		})
		if err != nil {
			return err
		}
		_, err = firestore.NewDatabase(ctx, "database", &firestore.DatabaseArgs{
			Project:                       pulumi.String("my-project-name"),
			Name:                          pulumi.String("cmek-database-id"),
			LocationId:                    pulumi.String("nam5"),
			Type:                          pulumi.String("FIRESTORE_NATIVE"),
			ConcurrencyMode:               pulumi.String("OPTIMISTIC"),
			AppEngineIntegrationMode:      pulumi.String("DISABLED"),
			PointInTimeRecoveryEnablement: pulumi.String("POINT_IN_TIME_RECOVERY_ENABLED"),
			DeleteProtectionState:         pulumi.String("DELETE_PROTECTION_ENABLED"),
			DeletionPolicy:                pulumi.String("DELETE"),
			CmekConfig: &firestore.DatabaseCmekConfigArgs{
				KmsKeyName: cryptoKey.ID(),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			firestoreCmekKeyuser,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.kms.CryptoKeyIAMBinding;
import com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;
import com.pulumi.gcp.firestore.Database;
import com.pulumi.gcp.firestore.DatabaseArgs;
import com.pulumi.gcp.firestore.inputs.DatabaseCmekConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var project = OrganizationsFunctions.getProject();
        var keyRing = new KeyRing("keyRing", KeyRingArgs.builder()
            .name("kms-key-ring")
            .location("us")
            .build());
        var cryptoKey = new CryptoKey("cryptoKey", CryptoKeyArgs.builder()
            .name("kms-key")
            .keyRing(keyRing.id())
            .purpose("ENCRYPT_DECRYPT")
            .build());
        var firestoreCmekKeyuser = new CryptoKeyIAMBinding("firestoreCmekKeyuser", CryptoKeyIAMBindingArgs.builder()
            .cryptoKeyId(cryptoKey.id())
            .role("roles/cloudkms.cryptoKeyEncrypterDecrypter")
            .members(String.format("serviceAccount:service-%s@gcp-sa-firestore.iam.gserviceaccount.com", project.applyValue(getProjectResult -> getProjectResult.number())))
            .build());
        var database = new Database("database", DatabaseArgs.builder()
            .project("my-project-name")
            .name("cmek-database-id")
            .locationId("nam5")
            .type("FIRESTORE_NATIVE")
            .concurrencyMode("OPTIMISTIC")
            .appEngineIntegrationMode("DISABLED")
            .pointInTimeRecoveryEnablement("POINT_IN_TIME_RECOVERY_ENABLED")
            .deleteProtectionState("DELETE_PROTECTION_ENABLED")
            .deletionPolicy("DELETE")
            .cmekConfig(DatabaseCmekConfigArgs.builder()
                .kmsKeyName(cryptoKey.id())
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(firestoreCmekKeyuser)
                .build());
    }
}

resources:
  database:
    type: gcp:firestore:Database
    properties:
      project: my-project-name
      name: cmek-database-id
      locationId: nam5
      type: FIRESTORE_NATIVE
      concurrencyMode: OPTIMISTIC
      appEngineIntegrationMode: DISABLED
      pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED
      deleteProtectionState: DELETE_PROTECTION_ENABLED
      deletionPolicy: DELETE
      cmekConfig:
        kmsKeyName: ${cryptoKey.id}
    options:
      dependson:
        - ${firestoreCmekKeyuser}
  cryptoKey:
    type: gcp:kms:CryptoKey
    name: crypto_key
    properties:
      name: kms-key
      keyRing: ${keyRing.id}
      purpose: ENCRYPT_DECRYPT
  keyRing:
    type: gcp:kms:KeyRing
    name: key_ring
    properties:
      name: kms-key-ring
      location: us
  firestoreCmekKeyuser:
    type: gcp:kms:CryptoKeyIAMBinding
    name: firestore_cmek_keyuser
    properties:
      cryptoKeyId: ${cryptoKey.id}
      role: roles/cloudkms.cryptoKeyEncrypterDecrypter
      members:
        - serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com
variables:
  project:
    fn::invoke:
      Function: gcp:organizations:getProject
      Arguments: {}

Firestore Default Database In Datastore Mode

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const datastoreModeDatabase = new gcp.firestore.Database("datastore_mode_database", {
    project: "my-project-name",
    name: "(default)",
    locationId: "nam5",
    type: "DATASTORE_MODE",
});

import pulumi
import pulumi_gcp as gcp
datastore_mode_database = gcp.firestore.Database("datastore_mode_database",
    project="my-project-name",
    name="(default)",
    location_id="nam5",
    type="DATASTORE_MODE")

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var datastoreModeDatabase = new Gcp.Firestore.Database("datastore_mode_database", new()
    {
        Project = "my-project-name",
        Name = "(default)",
        LocationId = "nam5",
        Type = "DATASTORE_MODE",
    });
});

package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/firestore"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := firestore.NewDatabase(ctx, "datastore_mode_database", &firestore.DatabaseArgs{
			Project:    pulumi.String("my-project-name"),
			Name:       pulumi.String("(default)"),
			LocationId: pulumi.String("nam5"),
			Type:       pulumi.String("DATASTORE_MODE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.firestore.Database;
import com.pulumi.gcp.firestore.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var datastoreModeDatabase = new Database("datastoreModeDatabase", DatabaseArgs.builder()
            .project("my-project-name")
            .name("(default)")
            .locationId("nam5")
            .type("DATASTORE_MODE")
            .build());
    }
}

resources:
  datastoreModeDatabase:
    type: gcp:firestore:Database
    name: datastore_mode_database
    properties:
      project: my-project-name
      name: (default)
      locationId: nam5
      type: DATASTORE_MODE

Firestore Database In Datastore Mode

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const datastoreModeDatabase = new gcp.firestore.Database("datastore_mode_database", {
    project: "my-project-name",
    name: "database-id",
    locationId: "nam5",
    type: "DATASTORE_MODE",
    concurrencyMode: "OPTIMISTIC",
    appEngineIntegrationMode: "DISABLED",
    pointInTimeRecoveryEnablement: "POINT_IN_TIME_RECOVERY_ENABLED",
    deleteProtectionState: "DELETE_PROTECTION_ENABLED",
    deletionPolicy: "DELETE",
});

import pulumi
import pulumi_gcp as gcp
datastore_mode_database = gcp.firestore.Database("datastore_mode_database",
    project="my-project-name",
    name="database-id",
    location_id="nam5",
    type="DATASTORE_MODE",
    concurrency_mode="OPTIMISTIC",
    app_engine_integration_mode="DISABLED",
    point_in_time_recovery_enablement="POINT_IN_TIME_RECOVERY_ENABLED",
    delete_protection_state="DELETE_PROTECTION_ENABLED",
    deletion_policy="DELETE")

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var datastoreModeDatabase = new Gcp.Firestore.Database("datastore_mode_database", new()
    {
        Project = "my-project-name",
        Name = "database-id",
        LocationId = "nam5",
        Type = "DATASTORE_MODE",
        ConcurrencyMode = "OPTIMISTIC",
        AppEngineIntegrationMode = "DISABLED",
        PointInTimeRecoveryEnablement = "POINT_IN_TIME_RECOVERY_ENABLED",
        DeleteProtectionState = "DELETE_PROTECTION_ENABLED",
        DeletionPolicy = "DELETE",
    });
});

package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/firestore"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := firestore.NewDatabase(ctx, "datastore_mode_database", &firestore.DatabaseArgs{
			Project:                       pulumi.String("my-project-name"),
			Name:                          pulumi.String("database-id"),
			LocationId:                    pulumi.String("nam5"),
			Type:                          pulumi.String("DATASTORE_MODE"),
			ConcurrencyMode:               pulumi.String("OPTIMISTIC"),
			AppEngineIntegrationMode:      pulumi.String("DISABLED"),
			PointInTimeRecoveryEnablement: pulumi.String("POINT_IN_TIME_RECOVERY_ENABLED"),
			DeleteProtectionState:         pulumi.String("DELETE_PROTECTION_ENABLED"),
			DeletionPolicy:                pulumi.String("DELETE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.firestore.Database;
import com.pulumi.gcp.firestore.DatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var datastoreModeDatabase = new Database("datastoreModeDatabase", DatabaseArgs.builder()
            .project("my-project-name")
            .name("database-id")
            .locationId("nam5")
            .type("DATASTORE_MODE")
            .concurrencyMode("OPTIMISTIC")
            .appEngineIntegrationMode("DISABLED")
            .pointInTimeRecoveryEnablement("POINT_IN_TIME_RECOVERY_ENABLED")
            .deleteProtectionState("DELETE_PROTECTION_ENABLED")
            .deletionPolicy("DELETE")
            .build());
    }
}

resources:
  datastoreModeDatabase:
    type: gcp:firestore:Database
    name: datastore_mode_database
    properties:
      project: my-project-name
      name: database-id
      locationId: nam5
      type: DATASTORE_MODE
      concurrencyMode: OPTIMISTIC
      appEngineIntegrationMode: DISABLED
      pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED
      deleteProtectionState: DELETE_PROTECTION_ENABLED
      deletionPolicy: DELETE

Firestore Cmek Database In Datastore Mode

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const keyRing = new gcp.kms.KeyRing("key_ring", {
    name: "kms-key-ring",
    location: "us",
});
const cryptoKey = new gcp.kms.CryptoKey("crypto_key", {
    name: "kms-key",
    keyRing: keyRing.id,
    purpose: "ENCRYPT_DECRYPT",
});
const firestoreCmekKeyuser = new gcp.kms.CryptoKeyIAMBinding("firestore_cmek_keyuser", {
    cryptoKeyId: cryptoKey.id,
    role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",
    members: [project&#46;then(project => `serviceAccount:service-${project&#46;number}@gcp-sa-firestore&#46;iam&#46;gserviceaccount&#46;com`)],
});
const database = new gcp.firestore.Database("database", {
    project: "my-project-name",
    name: "cmek-database-id",
    locationId: "nam5",
    type: "DATASTORE_MODE",
    concurrencyMode: "OPTIMISTIC",
    appEngineIntegrationMode: "DISABLED",
    pointInTimeRecoveryEnablement: "POINT_IN_TIME_RECOVERY_ENABLED",
    deleteProtectionState: "DELETE_PROTECTION_ENABLED",
    deletionPolicy: "DELETE",
    cmekConfig: {
        kmsKeyName: cryptoKey.id,
    },
}, {
    dependsOn: [firestoreCmekKeyuser],
});

import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
key_ring = gcp.kms.KeyRing("key_ring",
    name="kms-key-ring",
    location="us")
crypto_key = gcp.kms.CryptoKey("crypto_key",
    name="kms-key",
    key_ring=key_ring.id,
    purpose="ENCRYPT_DECRYPT")
firestore_cmek_keyuser = gcp.kms.CryptoKeyIAMBinding("firestore_cmek_keyuser",
    crypto_key_id=crypto_key.id,
    role="roles/cloudkms.cryptoKeyEncrypterDecrypter",
    members=[f"serviceAccount:service-{project&#46;number}@gcp-sa-firestore&#46;iam&#46;gserviceaccount&#46;com"])
database = gcp.firestore.Database("database",
    project="my-project-name",
    name="cmek-database-id",
    location_id="nam5",
    type="DATASTORE_MODE",
    concurrency_mode="OPTIMISTIC",
    app_engine_integration_mode="DISABLED",
    point_in_time_recovery_enablement="POINT_IN_TIME_RECOVERY_ENABLED",
    delete_protection_state="DELETE_PROTECTION_ENABLED",
    deletion_policy="DELETE",
    cmek_config={
        "kms_key_name": crypto_key.id,
    },
    opts = pulumi.ResourceOptions(depends_on=[firestore_cmek_keyuser]))

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var project = Gcp.Organizations.GetProject.Invoke();
    var keyRing = new Gcp.Kms.KeyRing("key_ring", new()
    {
        Name = "kms-key-ring",
        Location = "us",
    });
    var cryptoKey = new Gcp.Kms.CryptoKey("crypto_key", new()
    {
        Name = "kms-key",
        KeyRing = keyRing.Id,
        Purpose = "ENCRYPT_DECRYPT",
    });
    var firestoreCmekKeyuser = new Gcp.Kms.CryptoKeyIAMBinding("firestore_cmek_keyuser", new()
    {
        CryptoKeyId = cryptoKey.Id,
        Role = "roles/cloudkms.cryptoKeyEncrypterDecrypter",
        Members = new[]
        {
            $"serviceAccount:service-{project.Apply(getProjectResult => getProjectResult.Number)}@gcp-sa-firestore.iam.gserviceaccount.com",
        },
    });
    var database = new Gcp.Firestore.Database("database", new()
    {
        Project = "my-project-name",
        Name = "cmek-database-id",
        LocationId = "nam5",
        Type = "DATASTORE_MODE",
        ConcurrencyMode = "OPTIMISTIC",
        AppEngineIntegrationMode = "DISABLED",
        PointInTimeRecoveryEnablement = "POINT_IN_TIME_RECOVERY_ENABLED",
        DeleteProtectionState = "DELETE_PROTECTION_ENABLED",
        DeletionPolicy = "DELETE",
        CmekConfig = new Gcp.Firestore.Inputs.DatabaseCmekConfigArgs
        {
            KmsKeyName = cryptoKey.Id,
        },
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            firestoreCmekKeyuser,
        },
    });
});

package main
import (
	"fmt"
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/firestore"
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		project, err := organizations.LookupProject(ctx, nil, nil)
		if err != nil {
			return err
		}
		keyRing, err := kms.NewKeyRing(ctx, "key_ring", &kms.KeyRingArgs{
			Name:     pulumi.String("kms-key-ring"),
			Location: pulumi.String("us"),
		})
		if err != nil {
			return err
		}
		cryptoKey, err := kms.NewCryptoKey(ctx, "crypto_key", &kms.CryptoKeyArgs{
			Name:    pulumi.String("kms-key"),
			KeyRing: keyRing.ID(),
			Purpose: pulumi.String("ENCRYPT_DECRYPT"),
		})
		if err != nil {
			return err
		}
		firestoreCmekKeyuser, err := kms.NewCryptoKeyIAMBinding(ctx, "firestore_cmek_keyuser", &kms.CryptoKeyIAMBindingArgs{
			CryptoKeyId: cryptoKey.ID(),
			Role:        pulumi.String("roles/cloudkms.cryptoKeyEncrypterDecrypter"),
			Members: pulumi.StringArray{
				pulumi.Sprintf("serviceAccount:service-%v@gcp-sa-firestore.iam.gserviceaccount.com", project.Number),
			},
		})
		if err != nil {
			return err
		}
		_, err = firestore.NewDatabase(ctx, "database", &firestore.DatabaseArgs{
			Project:                       pulumi.String("my-project-name"),
			Name:                          pulumi.String("cmek-database-id"),
			LocationId:                    pulumi.String("nam5"),
			Type:                          pulumi.String("DATASTORE_MODE"),
			ConcurrencyMode:               pulumi.String("OPTIMISTIC"),
			AppEngineIntegrationMode:      pulumi.String("DISABLED"),
			PointInTimeRecoveryEnablement: pulumi.String("POINT_IN_TIME_RECOVERY_ENABLED"),
			DeleteProtectionState:         pulumi.String("DELETE_PROTECTION_ENABLED"),
			DeletionPolicy:                pulumi.String("DELETE"),
			CmekConfig: &firestore.DatabaseCmekConfigArgs{
				KmsKeyName: cryptoKey.ID(),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			firestoreCmekKeyuser,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.kms.CryptoKeyIAMBinding;
import com.pulumi.gcp.kms.CryptoKeyIAMBindingArgs;
import com.pulumi.gcp.firestore.Database;
import com.pulumi.gcp.firestore.DatabaseArgs;
import com.pulumi.gcp.firestore.inputs.DatabaseCmekConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var project = OrganizationsFunctions.getProject();
        var keyRing = new KeyRing("keyRing", KeyRingArgs.builder()
            .name("kms-key-ring")
            .location("us")
            .build());
        var cryptoKey = new CryptoKey("cryptoKey", CryptoKeyArgs.builder()
            .name("kms-key")
            .keyRing(keyRing.id())
            .purpose("ENCRYPT_DECRYPT")
            .build());
        var firestoreCmekKeyuser = new CryptoKeyIAMBinding("firestoreCmekKeyuser", CryptoKeyIAMBindingArgs.builder()
            .cryptoKeyId(cryptoKey.id())
            .role("roles/cloudkms.cryptoKeyEncrypterDecrypter")
            .members(String.format("serviceAccount:service-%s@gcp-sa-firestore.iam.gserviceaccount.com", project.applyValue(getProjectResult -> getProjectResult.number())))
            .build());
        var database = new Database("database", DatabaseArgs.builder()
            .project("my-project-name")
            .name("cmek-database-id")
            .locationId("nam5")
            .type("DATASTORE_MODE")
            .concurrencyMode("OPTIMISTIC")
            .appEngineIntegrationMode("DISABLED")
            .pointInTimeRecoveryEnablement("POINT_IN_TIME_RECOVERY_ENABLED")
            .deleteProtectionState("DELETE_PROTECTION_ENABLED")
            .deletionPolicy("DELETE")
            .cmekConfig(DatabaseCmekConfigArgs.builder()
                .kmsKeyName(cryptoKey.id())
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(firestoreCmekKeyuser)
                .build());
    }
}

resources:
  database:
    type: gcp:firestore:Database
    properties:
      project: my-project-name
      name: cmek-database-id
      locationId: nam5
      type: DATASTORE_MODE
      concurrencyMode: OPTIMISTIC
      appEngineIntegrationMode: DISABLED
      pointInTimeRecoveryEnablement: POINT_IN_TIME_RECOVERY_ENABLED
      deleteProtectionState: DELETE_PROTECTION_ENABLED
      deletionPolicy: DELETE
      cmekConfig:
        kmsKeyName: ${cryptoKey.id}
    options:
      dependson:
        - ${firestoreCmekKeyuser}
  cryptoKey:
    type: gcp:kms:CryptoKey
    name: crypto_key
    properties:
      name: kms-key
      keyRing: ${keyRing.id}
      purpose: ENCRYPT_DECRYPT
  keyRing:
    type: gcp:kms:KeyRing
    name: key_ring
    properties:
      name: kms-key-ring
      location: us
  firestoreCmekKeyuser:
    type: gcp:kms:CryptoKeyIAMBinding
    name: firestore_cmek_keyuser
    properties:
      cryptoKeyId: ${cryptoKey.id}
      role: roles/cloudkms.cryptoKeyEncrypterDecrypter
      members:
        - serviceAccount:service-${project.number}@gcp-sa-firestore.iam.gserviceaccount.com
variables:
  project:
    fn::invoke:
      Function: gcp:organizations:getProject
      Arguments: {}

Import

Database can be imported using any of these accepted formats:

projects/{{project}}/databases/{{name}}
{{project}}/{{name}}
{{name}} When using the pulumi import command, Database can be imported using one of the formats above. For example:

$ pulumi import gcp:firestore/database:Database default projects/{{project}}/databases/{{name}}

$ pulumi import gcp:firestore/database:Database default {{project}}/{{name}}

$ pulumi import gcp:firestore/database:Database default {{name}}

Properties

appEngineIntegrationMode

val appEngineIntegrationMode: Output<String>

The App Engine integration mode to use for this database. Possible values are: ENABLED, DISABLED.

cmekConfig

val cmekConfig: Output<DatabaseCmekConfig>?

The CMEK (Customer Managed Encryption Key) configuration for a Firestore database. If not present, the database is secured by the default Google encryption key. Structure is documented below.

concurrencyMode

val concurrencyMode: Output<String>

The concurrency control mode to use for this database. Possible values are: OPTIMISTIC, PESSIMISTIC, OPTIMISTIC_WITH_ENTITY_GROUPS.

createTime

val createTime: Output<String>

Output only. The timestamp at which this database was created.

deleteProtectionState

val deleteProtectionState: Output<String>

deletionPolicy

val deletionPolicy: Output<String>?

earliestVersionTime

val earliestVersionTime: Output<String>

Output only. The earliest timestamp at which older versions of the data can be read from the database. See versionRetentionPeriod above; this field is populated with now - versionRetentionPeriod. This value is continuously updated, and becomes stale the moment it is queried. If you are using this value to recover data, make sure to account for the time from the moment when the value is queried to the moment when you initiate the recovery. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

etag

val etag: Output<String>

Output only. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.

val id: Output<String>

keyPrefix

val keyPrefix: Output<String>

Output only. The keyPrefix for this database. This keyPrefix is used, in combination with the project id ("~") to construct the application id that is returned from the Cloud Datastore APIs in Google App Engine first generation runtimes. This value may be empty in which case the appid to use for URL-encoded keys is the project_id (eg: foo instead of v~foo).

locationId

val locationId: Output<String>

The location of the database. Available locations are listed at https://cloud.google.com/firestore/docs/locations.

name

val name: Output<String>

The ID to use for the database, which will become the final component of the database's resource name. This value should be 4-63 characters. Valid characters are /0-9-/ with first character a letter and the last a letter or a number. Must not be UUID-like /0-9a-f{8}(-0-9a-f{4}){3}-0-9a-f{12}/. "(default)" database id is also valid.

pointInTimeRecoveryEnablement

val pointInTimeRecoveryEnablement: Output<String>?

Whether to enable the PITR feature on this database. If POINT_IN_TIME_RECOVERY_ENABLED is selected, reads are supported on selected versions of the data from within the past 7 days. versionRetentionPeriod and earliestVersionTime can be used to determine the supported versions. These include reads against any timestamp within the past hour and reads against 1-minute snapshots beyond 1 hour and within 7 days. If POINT_IN_TIME_RECOVERY_DISABLED is selected, reads are supported on any version of the data from within the past 1 hour. Default value is POINT_IN_TIME_RECOVERY_DISABLED. Possible values are: POINT_IN_TIME_RECOVERY_ENABLED, POINT_IN_TIME_RECOVERY_DISABLED.

project

val project: Output<String>

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

type

val type: Output<String>

The type of the database. See https://cloud.google.com/datastore/docs/firestore-or-datastore for information about how to choose. Possible values are: FIRESTORE_NATIVE, DATASTORE_MODE.

uid

val uid: Output<String>

Output only. The system-generated UUID4 for this Database.

updateTime

val updateTime: Output<String>

Output only. The timestamp at which this database was most recently updated.

urn

val urn: Output<String>

versionRetentionPeriod

val versionRetentionPeriod: Output<String>

Output only. The period during which past versions of data are retained in the database. Any read or query can specify a readTime within this window, and will read the state of the database at that time. If the PITR feature is enabled, the retention period is 7 days. Otherwise, the retention period is 1 hour. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".