Docs
PackagesWe recommend using Azure Native.
Azure Classic v5.72.0 published on Monday, Apr 15, 2024 by Pulumi
azure.loganalytics.ClusterCustomerManagedKey
Explore with Pulumi AI
Manages a Log Analytics Cluster Customer Managed Key.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const current = azure.core.getClientConfig({});
const exampleCluster = new azure.loganalytics.Cluster("example", {
name: "example-cluster",
resourceGroupName: example.name,
location: example.location,
identity: {
type: "SystemAssigned",
},
});
const exampleKeyVault = new azure.keyvault.KeyVault("example", {
name: "keyvaultkeyexample",
location: example.location,
resourceGroupName: example.name,
tenantId: current.then(current => current.tenantId),
skuName: "premium",
accessPolicies: [
{
tenantId: current.then(current => current.tenantId),
objectId: current.then(current => current.objectId),
keyPermissions: [
"Create",
"Get",
"GetRotationPolicy",
],
secretPermissions: ["Set"],
},
{
tenantId: exampleCluster.identity.apply(identity => identity.tenantId),
objectId: exampleCluster.identity.apply(identity => identity.principalId),
keyPermissions: [
"Get",
"Unwrapkey",
"Wrapkey",
],
},
],
tags: {
environment: "Production",
},
});
const exampleKey = new azure.keyvault.Key("example", {
name: "generated-certificate",
keyVaultId: exampleKeyVault.id,
keyType: "RSA",
keySize: 2048,
keyOpts: [
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
],
});
const exampleClusterCustomerManagedKey = new azure.loganalytics.ClusterCustomerManagedKey("example", {
logAnalyticsClusterId: exampleCluster.id,
keyVaultKeyId: exampleKey.id,
});
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
current = azure.core.get_client_config()
example_cluster = azure.loganalytics.Cluster("example",
name="example-cluster",
resource_group_name=example.name,
location=example.location,
identity=azure.loganalytics.ClusterIdentityArgs(
type="SystemAssigned",
))
example_key_vault = azure.keyvault.KeyVault("example",
name="keyvaultkeyexample",
location=example.location,
resource_group_name=example.name,
tenant_id=current.tenant_id,
sku_name="premium",
access_policies=[
azure.keyvault.KeyVaultAccessPolicyArgs(
tenant_id=current.tenant_id,
object_id=current.object_id,
key_permissions=[
"Create",
"Get",
"GetRotationPolicy",
],
secret_permissions=["Set"],
),
azure.keyvault.KeyVaultAccessPolicyArgs(
tenant_id=example_cluster.identity.tenant_id,
object_id=example_cluster.identity.principal_id,
key_permissions=[
"Get",
"Unwrapkey",
"Wrapkey",
],
),
],
tags={
"environment": "Production",
})
example_key = azure.keyvault.Key("example",
name="generated-certificate",
key_vault_id=example_key_vault.id,
key_type="RSA",
key_size=2048,
key_opts=[
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
])
example_cluster_customer_managed_key = azure.loganalytics.ClusterCustomerManagedKey("example",
log_analytics_cluster_id=example_cluster.id,
key_vault_key_id=example_key.id)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/loganalytics"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
current, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
exampleCluster, err := loganalytics.NewCluster(ctx, "example", &loganalytics.ClusterArgs{
Name: pulumi.String("example-cluster"),
ResourceGroupName: example.Name,
Location: example.Location,
Identity: &loganalytics.ClusterIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
})
if err != nil {
return err
}
exampleKeyVault, err := keyvault.NewKeyVault(ctx, "example", &keyvault.KeyVaultArgs{
Name: pulumi.String("keyvaultkeyexample"),
Location: example.Location,
ResourceGroupName: example.Name,
TenantId: pulumi.String(current.TenantId),
SkuName: pulumi.String("premium"),
AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: pulumi.String(current.TenantId),
ObjectId: pulumi.String(current.ObjectId),
KeyPermissions: pulumi.StringArray{
pulumi.String("Create"),
pulumi.String("Get"),
pulumi.String("GetRotationPolicy"),
},
SecretPermissions: pulumi.StringArray{
pulumi.String("Set"),
},
},
&keyvault.KeyVaultAccessPolicyArgs{
TenantId: exampleCluster.Identity.ApplyT(func(identity loganalytics.ClusterIdentity) (*string, error) {
return &identity.TenantId, nil
}).(pulumi.StringPtrOutput),
ObjectId: exampleCluster.Identity.ApplyT(func(identity loganalytics.ClusterIdentity) (*string, error) {
return &identity.PrincipalId, nil
}).(pulumi.StringPtrOutput),
KeyPermissions: pulumi.StringArray{
pulumi.String("Get"),
pulumi.String("Unwrapkey"),
pulumi.String("Wrapkey"),
},
},
},
Tags: pulumi.StringMap{
"environment": pulumi.String("Production"),
},
})
if err != nil {
return err
}
exampleKey, err := keyvault.NewKey(ctx, "example", &keyvault.KeyArgs{
Name: pulumi.String("generated-certificate"),
KeyVaultId: exampleKeyVault.ID(),
KeyType: pulumi.String("RSA"),
KeySize: pulumi.Int(2048),
KeyOpts: pulumi.StringArray{
pulumi.String("decrypt"),
pulumi.String("encrypt"),
pulumi.String("sign"),
pulumi.String("unwrapKey"),
pulumi.String("verify"),
pulumi.String("wrapKey"),
},
})
if err != nil {
return err
}
_, err = loganalytics.NewClusterCustomerManagedKey(ctx, "example", &loganalytics.ClusterCustomerManagedKeyArgs{
LogAnalyticsClusterId: exampleCluster.ID(),
KeyVaultKeyId: exampleKey.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var current = Azure.Core.GetClientConfig.Invoke();
var exampleCluster = new Azure.LogAnalytics.Cluster("example", new()
{
Name = "example-cluster",
ResourceGroupName = example.Name,
Location = example.Location,
Identity = new Azure.LogAnalytics.Inputs.ClusterIdentityArgs
{
Type = "SystemAssigned",
},
});
var exampleKeyVault = new Azure.KeyVault.KeyVault("example", new()
{
Name = "keyvaultkeyexample",
Location = example.Location,
ResourceGroupName = example.Name,
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
SkuName = "premium",
AccessPolicies = new[]
{
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
KeyPermissions = new[]
{
"Create",
"Get",
"GetRotationPolicy",
},
SecretPermissions = new[]
{
"Set",
},
},
new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
{
TenantId = exampleCluster.Identity.Apply(identity => identity.TenantId),
ObjectId = exampleCluster.Identity.Apply(identity => identity.PrincipalId),
KeyPermissions = new[]
{
"Get",
"Unwrapkey",
"Wrapkey",
},
},
},
Tags =
{
{ "environment", "Production" },
},
});
var exampleKey = new Azure.KeyVault.Key("example", new()
{
Name = "generated-certificate",
KeyVaultId = exampleKeyVault.Id,
KeyType = "RSA",
KeySize = 2048,
KeyOpts = new[]
{
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey",
},
});
var exampleClusterCustomerManagedKey = new Azure.LogAnalytics.ClusterCustomerManagedKey("example", new()
{
LogAnalyticsClusterId = exampleCluster.Id,
KeyVaultKeyId = exampleKey.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.loganalytics.Cluster;
import com.pulumi.azure.loganalytics.ClusterArgs;
import com.pulumi.azure.loganalytics.inputs.ClusterIdentityArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.loganalytics.ClusterCustomerManagedKey;
import com.pulumi.azure.loganalytics.ClusterCustomerManagedKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
final var current = CoreFunctions.getClientConfig();
var exampleCluster = new Cluster("exampleCluster", ClusterArgs.builder()
.name("example-cluster")
.resourceGroupName(example.name())
.location(example.location())
.identity(ClusterIdentityArgs.builder()
.type("SystemAssigned")
.build())
.build());
var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()
.name("keyvaultkeyexample")
.location(example.location())
.resourceGroupName(example.name())
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.skuName("premium")
.accessPolicies(
KeyVaultAccessPolicyArgs.builder()
.tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
.objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
.keyPermissions(
"Create",
"Get",
"GetRotationPolicy")
.secretPermissions("Set")
.build(),
KeyVaultAccessPolicyArgs.builder()
.tenantId(exampleCluster.identity().applyValue(identity -> identity.tenantId()))
.objectId(exampleCluster.identity().applyValue(identity -> identity.principalId()))
.keyPermissions(
"Get",
"Unwrapkey",
"Wrapkey")
.build())
.tags(Map.of("environment", "Production"))
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.name("generated-certificate")
.keyVaultId(exampleKeyVault.id())
.keyType("RSA")
.keySize(2048)
.keyOpts(
"decrypt",
"encrypt",
"sign",
"unwrapKey",
"verify",
"wrapKey")
.build());
var exampleClusterCustomerManagedKey = new ClusterCustomerManagedKey("exampleClusterCustomerManagedKey", ClusterCustomerManagedKeyArgs.builder()
.logAnalyticsClusterId(exampleCluster.id())
.keyVaultKeyId(exampleKey.id())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleCluster:
type: azure:loganalytics:Cluster
name: example
properties:
name: example-cluster
resourceGroupName: ${example.name}
location: ${example.location}
identity:
type: SystemAssigned
exampleKeyVault:
type: azure:keyvault:KeyVault
name: example
properties:
name: keyvaultkeyexample
location: ${example.location}
resourceGroupName: ${example.name}
tenantId: ${current.tenantId}
skuName: premium
accessPolicies:
- tenantId: ${current.tenantId}
objectId: ${current.objectId}
keyPermissions:
- Create
- Get
- GetRotationPolicy
secretPermissions:
- Set
- tenantId: ${exampleCluster.identity.tenantId}
objectId: ${exampleCluster.identity.principalId}
keyPermissions:
- Get
- Unwrapkey
- Wrapkey
tags:
environment: Production
exampleKey:
type: azure:keyvault:Key
name: example
properties:
name: generated-certificate
keyVaultId: ${exampleKeyVault.id}
keyType: RSA
keySize: 2048
keyOpts:
- decrypt
- encrypt
- sign
- unwrapKey
- verify
- wrapKey
exampleClusterCustomerManagedKey:
type: azure:loganalytics:ClusterCustomerManagedKey
name: example
properties:
logAnalyticsClusterId: ${exampleCluster.id}
keyVaultKeyId: ${exampleKey.id}
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}
Create ClusterCustomerManagedKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ClusterCustomerManagedKey(name: string, args: ClusterCustomerManagedKeyArgs, opts?: CustomResourceOptions);@overload
def ClusterCustomerManagedKey(resource_name: str,
args: ClusterCustomerManagedKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ClusterCustomerManagedKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
key_vault_key_id: Optional[str] = None,
log_analytics_cluster_id: Optional[str] = None)func NewClusterCustomerManagedKey(ctx *Context, name string, args ClusterCustomerManagedKeyArgs, opts ...ResourceOption) (*ClusterCustomerManagedKey, error)public ClusterCustomerManagedKey(string name, ClusterCustomerManagedKeyArgs args, CustomResourceOptions? opts = null)
public ClusterCustomerManagedKey(String name, ClusterCustomerManagedKeyArgs args)
public ClusterCustomerManagedKey(String name, ClusterCustomerManagedKeyArgs args, CustomResourceOptions options)
type: azure:loganalytics:ClusterCustomerManagedKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ClusterCustomerManagedKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ClusterCustomerManagedKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ClusterCustomerManagedKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClusterCustomerManagedKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ClusterCustomerManagedKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var azureClusterCustomerManagedKeyResource = new Azure.LogAnalytics.ClusterCustomerManagedKey("azureClusterCustomerManagedKeyResource", new()
{
KeyVaultKeyId = "string",
LogAnalyticsClusterId = "string",
});
example, err := loganalytics.NewClusterCustomerManagedKey(ctx, "azureClusterCustomerManagedKeyResource", &loganalytics.ClusterCustomerManagedKeyArgs{
KeyVaultKeyId: pulumi.String("string"),
LogAnalyticsClusterId: pulumi.String("string"),
})
var azureClusterCustomerManagedKeyResource = new ClusterCustomerManagedKey("azureClusterCustomerManagedKeyResource", ClusterCustomerManagedKeyArgs.builder()
.keyVaultKeyId("string")
.logAnalyticsClusterId("string")
.build());
azure_cluster_customer_managed_key_resource = azure.loganalytics.ClusterCustomerManagedKey("azureClusterCustomerManagedKeyResource",
key_vault_key_id="string",
log_analytics_cluster_id="string")
const azureClusterCustomerManagedKeyResource = new azure.loganalytics.ClusterCustomerManagedKey("azureClusterCustomerManagedKeyResource", {
keyVaultKeyId: "string",
logAnalyticsClusterId: "string",
});
type: azure:loganalytics:ClusterCustomerManagedKey
properties:
keyVaultKeyId: string
logAnalyticsClusterId: string
ClusterCustomerManagedKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ClusterCustomerManagedKey resource accepts the following input properties:
- Key
Vault stringKey Id - The ID of the Key Vault Key to use for encryption.
- Log
Analytics stringCluster Id - The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.
- Key
Vault stringKey Id - The ID of the Key Vault Key to use for encryption.
- Log
Analytics stringCluster Id - The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.
- key
Vault StringKey Id - The ID of the Key Vault Key to use for encryption.
- log
Analytics StringCluster Id - The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.
- key
Vault stringKey Id - The ID of the Key Vault Key to use for encryption.
- log
Analytics stringCluster Id - The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.
- key_
vault_ strkey_ id - The ID of the Key Vault Key to use for encryption.
- log_
analytics_ strcluster_ id - The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.
- key
Vault StringKey Id - The ID of the Key Vault Key to use for encryption.
- log
Analytics StringCluster Id - The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.
Outputs
All input properties are implicitly available as output properties. Additionally, the ClusterCustomerManagedKey resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ClusterCustomerManagedKey Resource
Get an existing ClusterCustomerManagedKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ClusterCustomerManagedKeyState, opts?: CustomResourceOptions): ClusterCustomerManagedKey@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
key_vault_key_id: Optional[str] = None,
log_analytics_cluster_id: Optional[str] = None) -> ClusterCustomerManagedKeyfunc GetClusterCustomerManagedKey(ctx *Context, name string, id IDInput, state *ClusterCustomerManagedKeyState, opts ...ResourceOption) (*ClusterCustomerManagedKey, error)public static ClusterCustomerManagedKey Get(string name, Input<string> id, ClusterCustomerManagedKeyState? state, CustomResourceOptions? opts = null)public static ClusterCustomerManagedKey get(String name, Output<String> id, ClusterCustomerManagedKeyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Key
Vault stringKey Id - The ID of the Key Vault Key to use for encryption.
- Log
Analytics stringCluster Id - The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.
- Key
Vault stringKey Id - The ID of the Key Vault Key to use for encryption.
- Log
Analytics stringCluster Id - The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.
- key
Vault StringKey Id - The ID of the Key Vault Key to use for encryption.
- log
Analytics StringCluster Id - The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.
- key
Vault stringKey Id - The ID of the Key Vault Key to use for encryption.
- log
Analytics stringCluster Id - The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.
- key_
vault_ strkey_ id - The ID of the Key Vault Key to use for encryption.
- log_
analytics_ strcluster_ id - The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.
- key
Vault StringKey Id - The ID of the Key Vault Key to use for encryption.
- log
Analytics StringCluster Id - The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.
Import
Log Analytics Cluster Customer Managed Keys can be imported using the resource id, e.g.
$ pulumi import azure:loganalytics/clusterCustomerManagedKey:ClusterCustomerManagedKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/clusters/cluster1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.