kms

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-gcp repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-google repo.

class pulumi_gcp.kms.AwaitableGetKMSCryptoKeyResult(key_ring=None, labels=None, name=None, purpose=None, rotation_period=None, self_link=None, version_templates=None, id=None)
class pulumi_gcp.kms.AwaitableGetKMSCryptoKeyVersionResult(algorithm=None, crypto_key=None, protection_level=None, public_key=None, state=None, version=None, id=None)
class pulumi_gcp.kms.AwaitableGetKMSKeyRingResult(location=None, name=None, project=None, self_link=None, id=None)
class pulumi_gcp.kms.AwaitableGetKMSSecretCiphertextResult(ciphertext=None, crypto_key=None, plaintext=None, id=None)
class pulumi_gcp.kms.AwaitableGetKMSSecretResult(ciphertext=None, crypto_key=None, plaintext=None, id=None)
class pulumi_gcp.kms.CryptoKey(resource_name, opts=None, key_ring=None, labels=None, name=None, purpose=None, rotation_period=None, version_template=None, __props__=None, __name__=None, __opts__=None)

A CryptoKey represents a logical key that can be used for cryptographic operations.

Note: CryptoKeys cannot be deleted from Google Cloud Platform. Destroying a CryptoKey will remove it from state and delete all CryptoKeyVersions, rendering the key unusable, but will not delete the resource on the server. When this provider destroys these keys, any data previously encrypted with these keys will be irrecoverable. For this reason, it is strongly recommended that you add lifecycle hooks to the resource to prevent accidental destruction.

To get more information about CryptoKey, see:

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

The version_template object supports the following:

  • algorithm (pulumi.Input[str])

  • protectionLevel (pulumi.Input[str])

static get(resource_name, id, opts=None, key_ring=None, labels=None, name=None, purpose=None, rotation_period=None, self_link=None, version_template=None)

Get an existing CryptoKey resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

The version_template object supports the following:

  • algorithm (pulumi.Input[str])

  • protectionLevel (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.kms.CryptoKeyIAMBinding(resource_name, opts=None, condition=None, crypto_key_id=None, members=None, role=None, __props__=None, __name__=None, __opts__=None)

Allows creation and management of a single binding within IAM policy for an existing Google Cloud KMS crypto key.

Note: On create, this resource will overwrite members of any existing roles.

Use import and inspect the preview output to ensure your existing members are preserved.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • crypto_key_id (pulumi.Input[str]) – The crypto key ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider’s project setting will be used as a fallback.

  • members (pulumi.Input[list]) – A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

  • role (pulumi.Input[str]) – The role that should be applied. Only one kms.CryptoKeyIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

crypto_key_id = None

The crypto key ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider’s project setting will be used as a fallback.

etag = None

(Computed) The etag of the crypto key’s IAM policy.

members = None

A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

role = None

The role that should be applied. Only one kms.CryptoKeyIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

static get(resource_name, id, opts=None, condition=None, crypto_key_id=None, etag=None, members=None, role=None)

Get an existing CryptoKeyIAMBinding resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • crypto_key_id (pulumi.Input[str]) – The crypto key ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider’s project setting will be used as a fallback.

  • etag (pulumi.Input[str]) – (Computed) The etag of the crypto key’s IAM policy.

  • members (pulumi.Input[list]) – A list of users that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

  • role (pulumi.Input[str]) – The role that should be applied. Only one kms.CryptoKeyIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.kms.CryptoKeyIAMMember(resource_name, opts=None, condition=None, crypto_key_id=None, member=None, role=None, __props__=None, __name__=None, __opts__=None)

Allows creation and management of a single member for a single binding within the IAM policy for an existing Google Cloud KMS crypto key.

Note: This resource must not be used in conjunction with

google_kms_crypto_key_iam_policy or they will fight over what your policy should be. Similarly, roles controlled by kms.CryptoKeyIAMBinding should not be assigned to using kms.CryptoKeyIAMMember.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • crypto_key_id (pulumi.Input[str]) – The key ring ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider’s project setting will be used as a fallback.

  • member (pulumi.Input[str]) – The user that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

  • role (pulumi.Input[str]) – The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

crypto_key_id = None

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider’s project setting will be used as a fallback.

etag = None

(Computed) The etag of the project’s IAM policy.

member = None

The user that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

role = None

The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

static get(resource_name, id, opts=None, condition=None, crypto_key_id=None, etag=None, member=None, role=None)

Get an existing CryptoKeyIAMMember resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • crypto_key_id (pulumi.Input[str]) – The key ring ID, in the form {project_id}/{location_name}/{key_ring_name}/{crypto_key_name} or {location_name}/{key_ring_name}/{crypto_key_name}. In the second form, the provider’s project setting will be used as a fallback.

  • etag (pulumi.Input[str]) – (Computed) The etag of the project’s IAM policy.

  • member (pulumi.Input[str]) – The user that the role should apply to. For more details on format and restrictions see https://cloud.google.com/billing/reference/rest/v1/Policy#Binding

  • role (pulumi.Input[str]) – The role that should be applied. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.kms.GetKMSCryptoKeyResult(key_ring=None, labels=None, name=None, purpose=None, rotation_period=None, self_link=None, version_templates=None, id=None)

A collection of values returned by getKMSCryptoKey.

purpose = None

Defines the cryptographic capabilities of the key.

rotation_period = None

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

The self link of the created CryptoKey. Its format is projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.kms.GetKMSCryptoKeyVersionResult(algorithm=None, crypto_key=None, protection_level=None, public_key=None, state=None, version=None, id=None)

A collection of values returned by getKMSCryptoKeyVersion.

algorithm = None

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

protection_level = None

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. See the protection_level reference for possible outputs.

public_key = None

If the enclosing CryptoKey has purpose ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT, this block contains details about the public key associated to this CryptoKeyVersion. Structure is documented below.

state = None

The current state of the CryptoKeyVersion. See the state reference for possible outputs.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.kms.GetKMSKeyRingResult(location=None, name=None, project=None, self_link=None, id=None)

A collection of values returned by getKMSKeyRing.

The self link of the created KeyRing. Its format is projects/{projectId}/locations/{location}/keyRings/{keyRingName}.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.kms.GetKMSSecretCiphertextResult(ciphertext=None, crypto_key=None, plaintext=None, id=None)

A collection of values returned by getKMSSecretCiphertext.

ciphertext = None

Contains the result of encrypting the provided plaintext, encoded in base64.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.kms.GetKMSSecretResult(ciphertext=None, crypto_key=None, plaintext=None, id=None)

A collection of values returned by getKMSSecret.

plaintext = None

Contains the result of decrypting the provided ciphertext.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_gcp.kms.KeyRing(resource_name, opts=None, location=None, name=None, project=None, __props__=None, __name__=None, __opts__=None)

Create a KeyRing resource with the given unique name, props, and options.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

project = None

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

static get(resource_name, id, opts=None, location=None, name=None, project=None, self_link=None)

Get an existing KeyRing resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.kms.KeyRingIAMBinding(resource_name, opts=None, condition=None, key_ring_id=None, members=None, role=None, __props__=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:

  • kms.KeyRingIAMPolicy: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.

  • kms.KeyRingIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.

  • kms.KeyRingIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.

Note: kms.KeyRingIAMPolicy cannot be used in conjunction with kms.KeyRingIAMBinding and kms.KeyRingIAMMember or they will fight over what your policy should be.

Note: kms.KeyRingIAMBinding resources can be used in conjunction with kms.KeyRingIAMMember resources only if they do not grant privilege to the same role.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • key_ring_id (pulumi.Input[str]) – The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

  • role (pulumi.Input[str]) – The role that should be applied. Only one kms.KeyRingIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

etag = None

(Computed) The etag of the key ring’s IAM policy.

key_ring_id = None

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

role = None

The role that should be applied. Only one kms.KeyRingIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

static get(resource_name, id, opts=None, condition=None, etag=None, key_ring_id=None, members=None, role=None)

Get an existing KeyRingIAMBinding resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • etag (pulumi.Input[str]) – (Computed) The etag of the key ring’s IAM policy.

  • key_ring_id (pulumi.Input[str]) – The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

  • role (pulumi.Input[str]) – The role that should be applied. Only one kms.KeyRingIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.kms.KeyRingIAMMember(resource_name, opts=None, condition=None, key_ring_id=None, member=None, role=None, __props__=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:

  • kms.KeyRingIAMPolicy: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.

  • kms.KeyRingIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.

  • kms.KeyRingIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.

Note: kms.KeyRingIAMPolicy cannot be used in conjunction with kms.KeyRingIAMBinding and kms.KeyRingIAMMember or they will fight over what your policy should be.

Note: kms.KeyRingIAMBinding resources can be used in conjunction with kms.KeyRingIAMMember resources only if they do not grant privilege to the same role.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • key_ring_id (pulumi.Input[str]) – The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

  • role (pulumi.Input[str]) – The role that should be applied. Only one kms.KeyRingIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

etag = None

(Computed) The etag of the key ring’s IAM policy.

key_ring_id = None

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

role = None

The role that should be applied. Only one kms.KeyRingIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

static get(resource_name, id, opts=None, condition=None, etag=None, key_ring_id=None, member=None, role=None)

Get an existing KeyRingIAMMember resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • etag (pulumi.Input[str]) – (Computed) The etag of the key ring’s IAM policy.

  • key_ring_id (pulumi.Input[str]) – The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

  • role (pulumi.Input[str]) – The role that should be applied. Only one kms.KeyRingIAMBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.kms.KeyRingIAMPolicy(resource_name, opts=None, key_ring_id=None, policy_data=None, __props__=None, __name__=None, __opts__=None)

Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:

  • kms.KeyRingIAMPolicy: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.

  • kms.KeyRingIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.

  • kms.KeyRingIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.

Note: kms.KeyRingIAMPolicy cannot be used in conjunction with kms.KeyRingIAMBinding and kms.KeyRingIAMMember or they will fight over what your policy should be.

Note: kms.KeyRingIAMBinding resources can be used in conjunction with kms.KeyRingIAMMember resources only if they do not grant privilege to the same role.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • key_ring_id (pulumi.Input[str]) – The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

  • policy_data (pulumi.Input[str]) – The policy data generated by a organizations.getIAMPolicy data source.

etag = None

(Computed) The etag of the key ring’s IAM policy.

key_ring_id = None

The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

policy_data = None

The policy data generated by a organizations.getIAMPolicy data source.

static get(resource_name, id, opts=None, etag=None, key_ring_id=None, policy_data=None)

Get an existing KeyRingIAMPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • etag (pulumi.Input[str]) – (Computed) The etag of the key ring’s IAM policy.

  • key_ring_id (pulumi.Input[str]) – The key ring ID, in the form {project_id}/{location_name}/{key_ring_name} or {location_name}/{key_ring_name}. In the second form, the provider’s project setting will be used as a fallback.

  • policy_data (pulumi.Input[str]) – The policy data generated by a organizations.getIAMPolicy data source.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.kms.Registry(resource_name, opts=None, credentials=None, event_notification_config=None, event_notification_configs=None, http_config=None, log_level=None, mqtt_config=None, name=None, project=None, region=None, state_notification_config=None, __props__=None, __name__=None, __opts__=None)

Creates a device registry in Google’s Cloud IoT Core platform. For more information see

the official documentation and API.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • credentials (pulumi.Input[list]) – List of public key certificates to authenticate devices. Structure is documented below.

  • event_notification_config (pulumi.Input[dict]) – Use event_notification_configs instead.

  • event_notification_configs (pulumi.Input[list]) – List of configurations for event notification, such as PubSub topics to publish device events to. Structure is documented below.

  • http_config (pulumi.Input[dict]) – Activate or deactivate HTTP. Structure is documented below.

  • mqtt_config (pulumi.Input[dict]) – Activate or deactivate MQTT. Structure is documented below.

  • name (pulumi.Input[str]) – A unique name for the resource, required by device registry. Changing this forces a new resource to be created.

  • project (pulumi.Input[str]) – The project in which the resource belongs. If it is not provided, the provider project is used.

  • region (pulumi.Input[str]) – The Region in which the created address should reside. If it is not provided, the provider region is used.

  • state_notification_config (pulumi.Input[dict]) – A PubSub topic to publish device state updates. Structure is documented below.

The credentials object supports the following:

  • publicKeyCertificate (pulumi.Input[dict])

    • certificate (pulumi.Input[str])

    • format (pulumi.Input[str])

The event_notification_config object supports the following:

  • pubsub_topic_name (pulumi.Input[str])

The event_notification_configs object supports the following:

  • pubsub_topic_name (pulumi.Input[str])

  • subfolderMatches (pulumi.Input[str])

The http_config object supports the following:

  • http_enabled_state (pulumi.Input[str])

The mqtt_config object supports the following:

  • mqtt_enabled_state (pulumi.Input[str])

The state_notification_config object supports the following:

  • pubsub_topic_name (pulumi.Input[str])

credentials = None

List of public key certificates to authenticate devices. Structure is documented below.

  • publicKeyCertificate (dict)

    • certificate (str)

    • format (str)

event_notification_config = None

Use event_notification_configs instead.

  • pubsub_topic_name (str)

event_notification_configs = None

List of configurations for event notification, such as PubSub topics to publish device events to. Structure is documented below.

  • pubsub_topic_name (str)

  • subfolderMatches (str)

http_config = None

Activate or deactivate HTTP. Structure is documented below.

  • http_enabled_state (str)

mqtt_config = None

Activate or deactivate MQTT. Structure is documented below.

  • mqtt_enabled_state (str)

name = None

A unique name for the resource, required by device registry. Changing this forces a new resource to be created.

project = None

The project in which the resource belongs. If it is not provided, the provider project is used.

region = None

The Region in which the created address should reside. If it is not provided, the provider region is used.

state_notification_config = None

A PubSub topic to publish device state updates. Structure is documented below.

  • pubsub_topic_name (str)

static get(resource_name, id, opts=None, credentials=None, event_notification_config=None, event_notification_configs=None, http_config=None, log_level=None, mqtt_config=None, name=None, project=None, region=None, state_notification_config=None)

Get an existing Registry resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • credentials (pulumi.Input[list]) – List of public key certificates to authenticate devices. Structure is documented below.

  • event_notification_config (pulumi.Input[dict]) – Use event_notification_configs instead.

  • event_notification_configs (pulumi.Input[list]) – List of configurations for event notification, such as PubSub topics to publish device events to. Structure is documented below.

  • http_config (pulumi.Input[dict]) – Activate or deactivate HTTP. Structure is documented below.

  • mqtt_config (pulumi.Input[dict]) – Activate or deactivate MQTT. Structure is documented below.

  • name (pulumi.Input[str]) – A unique name for the resource, required by device registry. Changing this forces a new resource to be created.

  • project (pulumi.Input[str]) – The project in which the resource belongs. If it is not provided, the provider project is used.

  • region (pulumi.Input[str]) – The Region in which the created address should reside. If it is not provided, the provider region is used.

  • state_notification_config (pulumi.Input[dict]) – A PubSub topic to publish device state updates. Structure is documented below.

The credentials object supports the following:

  • publicKeyCertificate (pulumi.Input[dict])

    • certificate (pulumi.Input[str])

    • format (pulumi.Input[str])

The event_notification_config object supports the following:

  • pubsub_topic_name (pulumi.Input[str])

The event_notification_configs object supports the following:

  • pubsub_topic_name (pulumi.Input[str])

  • subfolderMatches (pulumi.Input[str])

The http_config object supports the following:

  • http_enabled_state (pulumi.Input[str])

The mqtt_config object supports the following:

  • mqtt_enabled_state (pulumi.Input[str])

The state_notification_config object supports the following:

  • pubsub_topic_name (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_gcp.kms.get_kms_crypto_key(key_ring=None, name=None, opts=None)

Provides access to a Google Cloud Platform KMS CryptoKey. For more information see the official documentation and API.

A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.

Parameters
  • key_ring (str) – The self_link of the Google Cloud Platform KeyRing to which the key belongs.

  • name (str) – The CryptoKey’s name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

pulumi_gcp.kms.get_kms_crypto_key_version(crypto_key=None, public_key=None, version=None, opts=None)

Provides access to a Google Cloud Platform KMS CryptoKeyVersion. For more information see the official documentation and API.

A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.

Parameters
  • crypto_key (str) – The self_link of the Google Cloud Platform CryptoKey to which the key version belongs.

  • version (float) – The version number for this CryptoKeyVersion. Defaults to 1.

The public_key object supports the following:

  • algorithm (str) - The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

  • pem (str) - The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.

pulumi_gcp.kms.get_kms_key_ring(location=None, name=None, project=None, opts=None)

Provides access to Google Cloud Platform KMS KeyRing. For more information see the official documentation and API.

A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project and resides in a specific location.

Parameters
  • location (str) – The Google Cloud Platform location for the KeyRing. A full list of valid locations can be found by running gcloud kms locations list.

  • name (str) – The KeyRing’s name. A KeyRing name must exist within the provided location and match the regular expression [a-zA-Z0-9_-]{1,63}

  • project (str) – The project in which the resource belongs. If it is not provided, the provider project is used.

pulumi_gcp.kms.get_kms_secret(ciphertext=None, crypto_key=None, opts=None)

This data source allows you to use data encrypted with Google Cloud KMS within your resource definitions.

For more information see the official documentation.

NOTE: Using this data provider will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.

Parameters
  • ciphertext (str) – The ciphertext to be decrypted, encoded in base64

  • crypto_key (str) – The id of the CryptoKey that will be used to decrypt the provided ciphertext. This is represented by the format {projectId}/{location}/{keyRingName}/{cryptoKeyName}.

pulumi_gcp.kms.get_kms_secret_ciphertext(crypto_key=None, plaintext=None, opts=None)

This data source allows you to encrypt data with Google Cloud KMS and use the ciphertext within your resource definitions.

For more information see the official documentation.

NOTE: Using this data source will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.

Parameters
  • crypto_key (str) – The id of the CryptoKey that will be used to encrypt the provided plaintext. This is represented by the format {projectId}/{location}/{keyRingName}/{cryptoKeyName}.

  • plaintext (str) – The plaintext to be encrypted