1. Packages
  2. Azure Classic
  3. API Docs
  4. loganalytics
  5. ClusterCustomerManagedKey

We recommend using Azure Native.

Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi

azure.loganalytics.ClusterCustomerManagedKey

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi

    Manages a Log Analytics Cluster Customer Managed Key.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
        {
            Location = "West Europe",
        });
    
        var current = Azure.Core.GetClientConfig.Invoke();
    
        var exampleCluster = new Azure.LogAnalytics.Cluster("exampleCluster", new()
        {
            ResourceGroupName = exampleResourceGroup.Name,
            Location = exampleResourceGroup.Location,
            Identity = new Azure.LogAnalytics.Inputs.ClusterIdentityArgs
            {
                Type = "SystemAssigned",
            },
        });
    
        var exampleKeyVault = new Azure.KeyVault.KeyVault("exampleKeyVault", new()
        {
            Location = exampleResourceGroup.Location,
            ResourceGroupName = exampleResourceGroup.Name,
            TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
            SkuName = "premium",
            AccessPolicies = new[]
            {
                new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
                {
                    TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
                    ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
                    KeyPermissions = new[]
                    {
                        "Create",
                        "Get",
                        "GetRotationPolicy",
                    },
                    SecretPermissions = new[]
                    {
                        "Set",
                    },
                },
                new Azure.KeyVault.Inputs.KeyVaultAccessPolicyArgs
                {
                    TenantId = exampleCluster.Identity.Apply(identity => identity.TenantId),
                    ObjectId = exampleCluster.Identity.Apply(identity => identity.PrincipalId),
                    KeyPermissions = new[]
                    {
                        "Get",
                        "Unwrapkey",
                        "Wrapkey",
                    },
                },
            },
            Tags = 
            {
                { "environment", "Production" },
            },
        });
    
        var exampleKey = new Azure.KeyVault.Key("exampleKey", new()
        {
            KeyVaultId = exampleKeyVault.Id,
            KeyType = "RSA",
            KeySize = 2048,
            KeyOpts = new[]
            {
                "decrypt",
                "encrypt",
                "sign",
                "unwrapKey",
                "verify",
                "wrapKey",
            },
        });
    
        var exampleClusterCustomerManagedKey = new Azure.LogAnalytics.ClusterCustomerManagedKey("exampleClusterCustomerManagedKey", new()
        {
            LogAnalyticsClusterId = exampleCluster.Id,
            KeyVaultKeyId = exampleKey.Id,
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/loganalytics"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		current, err := core.GetClientConfig(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		exampleCluster, err := loganalytics.NewCluster(ctx, "exampleCluster", &loganalytics.ClusterArgs{
    			ResourceGroupName: exampleResourceGroup.Name,
    			Location:          exampleResourceGroup.Location,
    			Identity: &loganalytics.ClusterIdentityArgs{
    				Type: pulumi.String("SystemAssigned"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "exampleKeyVault", &keyvault.KeyVaultArgs{
    			Location:          exampleResourceGroup.Location,
    			ResourceGroupName: exampleResourceGroup.Name,
    			TenantId:          *pulumi.String(current.TenantId),
    			SkuName:           pulumi.String("premium"),
    			AccessPolicies: keyvault.KeyVaultAccessPolicyArray{
    				&keyvault.KeyVaultAccessPolicyArgs{
    					TenantId: *pulumi.String(current.TenantId),
    					ObjectId: *pulumi.String(current.ObjectId),
    					KeyPermissions: pulumi.StringArray{
    						pulumi.String("Create"),
    						pulumi.String("Get"),
    						pulumi.String("GetRotationPolicy"),
    					},
    					SecretPermissions: pulumi.StringArray{
    						pulumi.String("Set"),
    					},
    				},
    				&keyvault.KeyVaultAccessPolicyArgs{
    					TenantId: exampleCluster.Identity.ApplyT(func(identity loganalytics.ClusterIdentity) (*string, error) {
    						return &identity.TenantId, nil
    					}).(pulumi.StringPtrOutput),
    					ObjectId: exampleCluster.Identity.ApplyT(func(identity loganalytics.ClusterIdentity) (*string, error) {
    						return &identity.PrincipalId, nil
    					}).(pulumi.StringPtrOutput),
    					KeyPermissions: pulumi.StringArray{
    						pulumi.String("Get"),
    						pulumi.String("Unwrapkey"),
    						pulumi.String("Wrapkey"),
    					},
    				},
    			},
    			Tags: pulumi.StringMap{
    				"environment": pulumi.String("Production"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		exampleKey, err := keyvault.NewKey(ctx, "exampleKey", &keyvault.KeyArgs{
    			KeyVaultId: exampleKeyVault.ID(),
    			KeyType:    pulumi.String("RSA"),
    			KeySize:    pulumi.Int(2048),
    			KeyOpts: pulumi.StringArray{
    				pulumi.String("decrypt"),
    				pulumi.String("encrypt"),
    				pulumi.String("sign"),
    				pulumi.String("unwrapKey"),
    				pulumi.String("verify"),
    				pulumi.String("wrapKey"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = loganalytics.NewClusterCustomerManagedKey(ctx, "exampleClusterCustomerManagedKey", &loganalytics.ClusterCustomerManagedKeyArgs{
    			LogAnalyticsClusterId: exampleCluster.ID(),
    			KeyVaultKeyId:         exampleKey.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.core.CoreFunctions;
    import com.pulumi.azure.loganalytics.Cluster;
    import com.pulumi.azure.loganalytics.ClusterArgs;
    import com.pulumi.azure.loganalytics.inputs.ClusterIdentityArgs;
    import com.pulumi.azure.keyvault.KeyVault;
    import com.pulumi.azure.keyvault.KeyVaultArgs;
    import com.pulumi.azure.keyvault.inputs.KeyVaultAccessPolicyArgs;
    import com.pulumi.azure.keyvault.Key;
    import com.pulumi.azure.keyvault.KeyArgs;
    import com.pulumi.azure.loganalytics.ClusterCustomerManagedKey;
    import com.pulumi.azure.loganalytics.ClusterCustomerManagedKeyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
                .location("West Europe")
                .build());
    
            final var current = CoreFunctions.getClientConfig();
    
            var exampleCluster = new Cluster("exampleCluster", ClusterArgs.builder()        
                .resourceGroupName(exampleResourceGroup.name())
                .location(exampleResourceGroup.location())
                .identity(ClusterIdentityArgs.builder()
                    .type("SystemAssigned")
                    .build())
                .build());
    
            var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()        
                .location(exampleResourceGroup.location())
                .resourceGroupName(exampleResourceGroup.name())
                .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                .skuName("premium")
                .accessPolicies(            
                    KeyVaultAccessPolicyArgs.builder()
                        .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
                        .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
                        .keyPermissions(                    
                            "Create",
                            "Get",
                            "GetRotationPolicy")
                        .secretPermissions("Set")
                        .build(),
                    KeyVaultAccessPolicyArgs.builder()
                        .tenantId(exampleCluster.identity().applyValue(identity -> identity.tenantId()))
                        .objectId(exampleCluster.identity().applyValue(identity -> identity.principalId()))
                        .keyPermissions(                    
                            "Get",
                            "Unwrapkey",
                            "Wrapkey")
                        .build())
                .tags(Map.of("environment", "Production"))
                .build());
    
            var exampleKey = new Key("exampleKey", KeyArgs.builder()        
                .keyVaultId(exampleKeyVault.id())
                .keyType("RSA")
                .keySize(2048)
                .keyOpts(            
                    "decrypt",
                    "encrypt",
                    "sign",
                    "unwrapKey",
                    "verify",
                    "wrapKey")
                .build());
    
            var exampleClusterCustomerManagedKey = new ClusterCustomerManagedKey("exampleClusterCustomerManagedKey", ClusterCustomerManagedKeyArgs.builder()        
                .logAnalyticsClusterId(exampleCluster.id())
                .keyVaultKeyId(exampleKey.id())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure as azure
    
    example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
    current = azure.core.get_client_config()
    example_cluster = azure.loganalytics.Cluster("exampleCluster",
        resource_group_name=example_resource_group.name,
        location=example_resource_group.location,
        identity=azure.loganalytics.ClusterIdentityArgs(
            type="SystemAssigned",
        ))
    example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
        location=example_resource_group.location,
        resource_group_name=example_resource_group.name,
        tenant_id=current.tenant_id,
        sku_name="premium",
        access_policies=[
            azure.keyvault.KeyVaultAccessPolicyArgs(
                tenant_id=current.tenant_id,
                object_id=current.object_id,
                key_permissions=[
                    "Create",
                    "Get",
                    "GetRotationPolicy",
                ],
                secret_permissions=["Set"],
            ),
            azure.keyvault.KeyVaultAccessPolicyArgs(
                tenant_id=example_cluster.identity.tenant_id,
                object_id=example_cluster.identity.principal_id,
                key_permissions=[
                    "Get",
                    "Unwrapkey",
                    "Wrapkey",
                ],
            ),
        ],
        tags={
            "environment": "Production",
        })
    example_key = azure.keyvault.Key("exampleKey",
        key_vault_id=example_key_vault.id,
        key_type="RSA",
        key_size=2048,
        key_opts=[
            "decrypt",
            "encrypt",
            "sign",
            "unwrapKey",
            "verify",
            "wrapKey",
        ])
    example_cluster_customer_managed_key = azure.loganalytics.ClusterCustomerManagedKey("exampleClusterCustomerManagedKey",
        log_analytics_cluster_id=example_cluster.id,
        key_vault_key_id=example_key.id)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
    const current = azure.core.getClientConfig({});
    const exampleCluster = new azure.loganalytics.Cluster("exampleCluster", {
        resourceGroupName: exampleResourceGroup.name,
        location: exampleResourceGroup.location,
        identity: {
            type: "SystemAssigned",
        },
    });
    const exampleKeyVault = new azure.keyvault.KeyVault("exampleKeyVault", {
        location: exampleResourceGroup.location,
        resourceGroupName: exampleResourceGroup.name,
        tenantId: current.then(current => current.tenantId),
        skuName: "premium",
        accessPolicies: [
            {
                tenantId: current.then(current => current.tenantId),
                objectId: current.then(current => current.objectId),
                keyPermissions: [
                    "Create",
                    "Get",
                    "GetRotationPolicy",
                ],
                secretPermissions: ["Set"],
            },
            {
                tenantId: exampleCluster.identity.apply(identity => identity.tenantId),
                objectId: exampleCluster.identity.apply(identity => identity.principalId),
                keyPermissions: [
                    "Get",
                    "Unwrapkey",
                    "Wrapkey",
                ],
            },
        ],
        tags: {
            environment: "Production",
        },
    });
    const exampleKey = new azure.keyvault.Key("exampleKey", {
        keyVaultId: exampleKeyVault.id,
        keyType: "RSA",
        keySize: 2048,
        keyOpts: [
            "decrypt",
            "encrypt",
            "sign",
            "unwrapKey",
            "verify",
            "wrapKey",
        ],
    });
    const exampleClusterCustomerManagedKey = new azure.loganalytics.ClusterCustomerManagedKey("exampleClusterCustomerManagedKey", {
        logAnalyticsClusterId: exampleCluster.id,
        keyVaultKeyId: exampleKey.id,
    });
    
    resources:
      exampleResourceGroup:
        type: azure:core:ResourceGroup
        properties:
          location: West Europe
      exampleCluster:
        type: azure:loganalytics:Cluster
        properties:
          resourceGroupName: ${exampleResourceGroup.name}
          location: ${exampleResourceGroup.location}
          identity:
            type: SystemAssigned
      exampleKeyVault:
        type: azure:keyvault:KeyVault
        properties:
          location: ${exampleResourceGroup.location}
          resourceGroupName: ${exampleResourceGroup.name}
          tenantId: ${current.tenantId}
          skuName: premium
          accessPolicies:
            - tenantId: ${current.tenantId}
              objectId: ${current.objectId}
              keyPermissions:
                - Create
                - Get
                - GetRotationPolicy
              secretPermissions:
                - Set
            - tenantId: ${exampleCluster.identity.tenantId}
              objectId: ${exampleCluster.identity.principalId}
              keyPermissions:
                - Get
                - Unwrapkey
                - Wrapkey
          tags:
            environment: Production
      exampleKey:
        type: azure:keyvault:Key
        properties:
          keyVaultId: ${exampleKeyVault.id}
          keyType: RSA
          keySize: 2048
          keyOpts:
            - decrypt
            - encrypt
            - sign
            - unwrapKey
            - verify
            - wrapKey
      exampleClusterCustomerManagedKey:
        type: azure:loganalytics:ClusterCustomerManagedKey
        properties:
          logAnalyticsClusterId: ${exampleCluster.id}
          keyVaultKeyId: ${exampleKey.id}
    variables:
      current:
        fn::invoke:
          Function: azure:core:getClientConfig
          Arguments: {}
    

    Create ClusterCustomerManagedKey Resource

    new ClusterCustomerManagedKey(name: string, args: ClusterCustomerManagedKeyArgs, opts?: CustomResourceOptions);
    @overload
    def ClusterCustomerManagedKey(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  key_vault_key_id: Optional[str] = None,
                                  log_analytics_cluster_id: Optional[str] = None)
    @overload
    def ClusterCustomerManagedKey(resource_name: str,
                                  args: ClusterCustomerManagedKeyArgs,
                                  opts: Optional[ResourceOptions] = None)
    func NewClusterCustomerManagedKey(ctx *Context, name string, args ClusterCustomerManagedKeyArgs, opts ...ResourceOption) (*ClusterCustomerManagedKey, error)
    public ClusterCustomerManagedKey(string name, ClusterCustomerManagedKeyArgs args, CustomResourceOptions? opts = null)
    public ClusterCustomerManagedKey(String name, ClusterCustomerManagedKeyArgs args)
    public ClusterCustomerManagedKey(String name, ClusterCustomerManagedKeyArgs args, CustomResourceOptions options)
    
    type: azure:loganalytics:ClusterCustomerManagedKey
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args ClusterCustomerManagedKeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ClusterCustomerManagedKeyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ClusterCustomerManagedKeyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ClusterCustomerManagedKeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ClusterCustomerManagedKeyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    ClusterCustomerManagedKey Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ClusterCustomerManagedKey resource accepts the following input properties:

    KeyVaultKeyId string

    The ID of the Key Vault Key to use for encryption.

    LogAnalyticsClusterId string

    The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.

    KeyVaultKeyId string

    The ID of the Key Vault Key to use for encryption.

    LogAnalyticsClusterId string

    The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.

    keyVaultKeyId String

    The ID of the Key Vault Key to use for encryption.

    logAnalyticsClusterId String

    The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.

    keyVaultKeyId string

    The ID of the Key Vault Key to use for encryption.

    logAnalyticsClusterId string

    The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.

    key_vault_key_id str

    The ID of the Key Vault Key to use for encryption.

    log_analytics_cluster_id str

    The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.

    keyVaultKeyId String

    The ID of the Key Vault Key to use for encryption.

    logAnalyticsClusterId String

    The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ClusterCustomerManagedKey resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    id string

    The provider-assigned unique ID for this managed resource.

    id str

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing ClusterCustomerManagedKey Resource

    Get an existing ClusterCustomerManagedKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ClusterCustomerManagedKeyState, opts?: CustomResourceOptions): ClusterCustomerManagedKey
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            key_vault_key_id: Optional[str] = None,
            log_analytics_cluster_id: Optional[str] = None) -> ClusterCustomerManagedKey
    func GetClusterCustomerManagedKey(ctx *Context, name string, id IDInput, state *ClusterCustomerManagedKeyState, opts ...ResourceOption) (*ClusterCustomerManagedKey, error)
    public static ClusterCustomerManagedKey Get(string name, Input<string> id, ClusterCustomerManagedKeyState? state, CustomResourceOptions? opts = null)
    public static ClusterCustomerManagedKey get(String name, Output<String> id, ClusterCustomerManagedKeyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    KeyVaultKeyId string

    The ID of the Key Vault Key to use for encryption.

    LogAnalyticsClusterId string

    The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.

    KeyVaultKeyId string

    The ID of the Key Vault Key to use for encryption.

    LogAnalyticsClusterId string

    The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.

    keyVaultKeyId String

    The ID of the Key Vault Key to use for encryption.

    logAnalyticsClusterId String

    The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.

    keyVaultKeyId string

    The ID of the Key Vault Key to use for encryption.

    logAnalyticsClusterId string

    The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.

    key_vault_key_id str

    The ID of the Key Vault Key to use for encryption.

    log_analytics_cluster_id str

    The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.

    keyVaultKeyId String

    The ID of the Key Vault Key to use for encryption.

    logAnalyticsClusterId String

    The ID of the Log Analytics Cluster. Changing this forces a new Log Analytics Cluster Customer Managed Key to be created.

    Import

    Log Analytics Cluster Customer Managed Keys can be imported using the resource id, e.g.

     $ pulumi import azure:loganalytics/clusterCustomerManagedKey:ClusterCustomerManagedKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/clusters/cluster1
    

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the azurerm Terraform Provider.

    azure logo

    We recommend using Azure Native.

    Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi