pulumi-gcp-kotlin/com.pulumi.gcp.kms.kotlin/EkmConnectionArgs

EkmConnectionArgs

data class EkmConnectionArgs(val cryptoSpacePath: Output<String>? = null, val etag: Output<String>? = null, val keyManagementMode: Output<String>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val project: Output<String>? = null, val serviceResolvers: Output<List<EkmConnectionServiceResolverArgs>>? = null) : ConvertibleToJava<EkmConnectionArgs>

Ekm Connections are used to control the connection settings for an EXTERNAL_VPC CryptoKey. It is used to connect customer's external key manager to Google Cloud EKM.

Note: Ekm Connections cannot be deleted from Google Cloud Platform. To get more information about EkmConnection, see:

Example Usage

Kms Ekm Connection Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const example_ekmconnection = new gcp.kms.EkmConnection("example-ekmconnection", {
    name: "ekmconnection_example",
    location: "us-central1",
    keyManagementMode: "MANUAL",
    serviceResolvers: [{
        serviceDirectoryService: "projects/project_id/locations/us-central1/namespaces/namespace_name/services/service_name",
        hostname: "example-ekm.goog",
        serverCertificates: [{
            rawDer: "==HAwIBCCAr6gAwIBAgIUWR+EV4lqiV7Ql12VY==",
        }],
    }],
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
example_ekmconnection = gcp.kms.EkmConnection("example-ekmconnection",
    name="ekmconnection_example",
    location="us-central1",
    key_management_mode="MANUAL",
    service_resolvers=[{
        "service_directory_service": "projects/project_id/locations/us-central1/namespaces/namespace_name/services/service_name",
        "hostname": "example-ekm.goog",
        "server_certificates": [{
            "raw_der": "==HAwIBCCAr6gAwIBAgIUWR+EV4lqiV7Ql12VY==",
        }],
    }])
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var example_ekmconnection = new Gcp.Kms.EkmConnection("example-ekmconnection", new()
    {
        Name = "ekmconnection_example",
        Location = "us-central1",
        KeyManagementMode = "MANUAL",
        ServiceResolvers = new[]
        {
            new Gcp.Kms.Inputs.EkmConnectionServiceResolverArgs
            {
                ServiceDirectoryService = "projects/project_id/locations/us-central1/namespaces/namespace_name/services/service_name",
                Hostname = "example-ekm.goog",
                ServerCertificates = new[]
                {
                    new Gcp.Kms.Inputs.EkmConnectionServiceResolverServerCertificateArgs
                    {
                        RawDer = "==HAwIBCCAr6gAwIBAgIUWR+EV4lqiV7Ql12VY==",
                    },
                },
            },
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewEkmConnection(ctx, "example-ekmconnection", &kms.EkmConnectionArgs{
			Name:              pulumi.String("ekmconnection_example"),
			Location:          pulumi.String("us-central1"),
			KeyManagementMode: pulumi.String("MANUAL"),
			ServiceResolvers: kms.EkmConnectionServiceResolverArray{
				&kms.EkmConnectionServiceResolverArgs{
					ServiceDirectoryService: pulumi.String("projects/project_id/locations/us-central1/namespaces/namespace_name/services/service_name"),
					Hostname:                pulumi.String("example-ekm.goog"),
					ServerCertificates: kms.EkmConnectionServiceResolverServerCertificateArray{
						&kms.EkmConnectionServiceResolverServerCertificateArgs{
							RawDer: pulumi.String("==HAwIBCCAr6gAwIBAgIUWR+EV4lqiV7Ql12VY=="),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.kms.EkmConnection;
import com.pulumi.gcp.kms.EkmConnectionArgs;
import com.pulumi.gcp.kms.inputs.EkmConnectionServiceResolverArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example_ekmconnection = new EkmConnection("example-ekmconnection", EkmConnectionArgs.builder()
            .name("ekmconnection_example")
            .location("us-central1")
            .keyManagementMode("MANUAL")
            .serviceResolvers(EkmConnectionServiceResolverArgs.builder()
                .serviceDirectoryService("projects/project_id/locations/us-central1/namespaces/namespace_name/services/service_name")
                .hostname("example-ekm.goog")
                .serverCertificates(EkmConnectionServiceResolverServerCertificateArgs.builder()
                    .rawDer("==HAwIBCCAr6gAwIBAgIUWR+EV4lqiV7Ql12VY==")
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  example-ekmconnection:
    type: gcp:kms:EkmConnection
    properties:
      name: ekmconnection_example
      location: us-central1
      keyManagementMode: MANUAL
      serviceResolvers:
        - serviceDirectoryService: projects/project_id/locations/us-central1/namespaces/namespace_name/services/service_name
          hostname: example-ekm.goog
          serverCertificates:
            - rawDer: ==HAwIBCCAr6gAwIBAgIUWR+EV4lqiV7Ql12VY==
Content copied to clipboard

Import

EkmConnection can be imported using any of these accepted formats:

  • projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}

  • {{project}}/{{location}}/{{name}}

  • {{location}}/{{name}} When using the pulumi import command, EkmConnection can be imported using one of the formats above. For example:

$ pulumi import gcp:kms/ekmConnection:EkmConnection default projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}
Content copied to clipboard
$ pulumi import gcp:kms/ekmConnection:EkmConnection default {{project}}/{{location}}/{{name}}
Content copied to clipboard
$ pulumi import gcp:kms/ekmConnection:EkmConnection default {{location}}/{{name}}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(cryptoSpacePath: Output<String>? = null, etag: Output<String>? = null, keyManagementMode: Output<String>? = null, location: Output<String>? = null, name: Output<String>? = null, project: Output<String>? = null, serviceResolvers: Output<List<EkmConnectionServiceResolverArgs>>? = null)

Properties

Link copied to clipboard
val cryptoSpacePath: Output<String>? = null

Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.

Link copied to clipboard
val etag: Output<String>? = null

Optional. Etag of the currently stored EkmConnection.

Link copied to clipboard
val keyManagementMode: Output<String>? = null

Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL Default value: "MANUAL" Possible values: "MANUAL", "CLOUD_KMS"

Link copied to clipboard
val location: Output<String>? = null

The location for the EkmConnection. A full list of valid locations can be found by running gcloud kms locations list.

Link copied to clipboard
val name: Output<String>? = null

The resource name for the EkmConnection.

Link copied to clipboard
val project: Output<String>? = null
Link copied to clipboard
val serviceResolvers: Output<List<EkmConnectionServiceResolverArgs>>? = null

A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported Structure is documented below.

Functions

Link copied to clipboard
open override fun toJava(): EkmConnectionArgs