Azure Classic

v5.24.0 published on Wednesday, Nov 9, 2022 by Pulumi

ServerKey

Manages a Customer Managed Key for a PostgreSQL Server.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var current = Azure.Core.GetClientConfig.Invoke();

    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
    {
        Location = "West Europe",
    });

    var exampleKeyVault = new Azure.KeyVault.KeyVault("exampleKeyVault", new()
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        SkuName = "premium",
        PurgeProtectionEnabled = true,
    });

    var exampleServer = new Azure.PostgreSql.Server("exampleServer", new()
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        AdministratorLogin = "psqladmin",
        AdministratorLoginPassword = "H@Sh1CoR3!",
        SkuName = "GP_Gen5_2",
        Version = "11",
        StorageMb = 51200,
        SslEnforcementEnabled = true,
        Identity = new Azure.PostgreSql.Inputs.ServerIdentityArgs
        {
            Type = "SystemAssigned",
        },
    });

    var server = new Azure.KeyVault.AccessPolicy("server", new()
    {
        KeyVaultId = exampleKeyVault.Id,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        ObjectId = exampleServer.Identity.Apply(identity => identity?.PrincipalId),
        KeyPermissions = new[]
        {
            "Get",
            "UnwrapKey",
            "WrapKey",
        },
        SecretPermissions = new[]
        {
            "Get",
        },
    });

    var client = new Azure.KeyVault.AccessPolicy("client", new()
    {
        KeyVaultId = exampleKeyVault.Id,
        TenantId = current.Apply(getClientConfigResult => getClientConfigResult.TenantId),
        ObjectId = current.Apply(getClientConfigResult => getClientConfigResult.ObjectId),
        KeyPermissions = new[]
        {
            "Get",
            "Create",
            "Delete",
            "List",
            "Restore",
            "Recover",
            "UnwrapKey",
            "WrapKey",
            "Purge",
            "Encrypt",
            "Decrypt",
            "Sign",
            "Verify",
        },
        SecretPermissions = new[]
        {
            "Get",
        },
    });

    var exampleKey = new Azure.KeyVault.Key("exampleKey", new()
    {
        KeyVaultId = exampleKeyVault.Id,
        KeyType = "RSA",
        KeySize = 2048,
        KeyOpts = new[]
        {
            "decrypt",
            "encrypt",
            "sign",
            "unwrapKey",
            "verify",
            "wrapKey",
        },
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            client,
            server,
        },
    });

    var exampleServerKey = new Azure.PostgreSql.ServerKey("exampleServerKey", new()
    {
        ServerId = exampleServer.Id,
        KeyVaultKeyId = exampleKey.Id,
    });

});
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/postgresql"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleKeyVault, err := keyvault.NewKeyVault(ctx, "exampleKeyVault", &keyvault.KeyVaultArgs{
			Location:               exampleResourceGroup.Location,
			ResourceGroupName:      exampleResourceGroup.Name,
			TenantId:               pulumi.String(current.TenantId),
			SkuName:                pulumi.String("premium"),
			PurgeProtectionEnabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		exampleServer, err := postgresql.NewServer(ctx, "exampleServer", &postgresql.ServerArgs{
			Location:                   exampleResourceGroup.Location,
			ResourceGroupName:          exampleResourceGroup.Name,
			AdministratorLogin:         pulumi.String("psqladmin"),
			AdministratorLoginPassword: pulumi.String("H@Sh1CoR3!"),
			SkuName:                    pulumi.String("GP_Gen5_2"),
			Version:                    pulumi.String("11"),
			StorageMb:                  pulumi.Int(51200),
			SslEnforcementEnabled:      pulumi.Bool(true),
			Identity: &postgresql.ServerIdentityArgs{
				Type: pulumi.String("SystemAssigned"),
			},
		})
		if err != nil {
			return err
		}
		server, err := keyvault.NewAccessPolicy(ctx, "server", &keyvault.AccessPolicyArgs{
			KeyVaultId: exampleKeyVault.ID(),
			TenantId:   pulumi.String(current.TenantId),
			ObjectId: exampleServer.Identity.ApplyT(func(identity postgresql.ServerIdentity) (string, error) {
				return identity.PrincipalId, nil
			}).(pulumi.StringOutput),
			KeyPermissions: pulumi.StringArray{
				pulumi.String("Get"),
				pulumi.String("UnwrapKey"),
				pulumi.String("WrapKey"),
			},
			SecretPermissions: pulumi.StringArray{
				pulumi.String("Get"),
			},
		})
		if err != nil {
			return err
		}
		client, err := keyvault.NewAccessPolicy(ctx, "client", &keyvault.AccessPolicyArgs{
			KeyVaultId: exampleKeyVault.ID(),
			TenantId:   pulumi.String(current.TenantId),
			ObjectId:   pulumi.String(current.ObjectId),
			KeyPermissions: pulumi.StringArray{
				pulumi.String("Get"),
				pulumi.String("Create"),
				pulumi.String("Delete"),
				pulumi.String("List"),
				pulumi.String("Restore"),
				pulumi.String("Recover"),
				pulumi.String("UnwrapKey"),
				pulumi.String("WrapKey"),
				pulumi.String("Purge"),
				pulumi.String("Encrypt"),
				pulumi.String("Decrypt"),
				pulumi.String("Sign"),
				pulumi.String("Verify"),
			},
			SecretPermissions: pulumi.StringArray{
				pulumi.String("Get"),
			},
		})
		if err != nil {
			return err
		}
		exampleKey, err := keyvault.NewKey(ctx, "exampleKey", &keyvault.KeyArgs{
			KeyVaultId: exampleKeyVault.ID(),
			KeyType:    pulumi.String("RSA"),
			KeySize:    pulumi.Int(2048),
			KeyOpts: pulumi.StringArray{
				pulumi.String("decrypt"),
				pulumi.String("encrypt"),
				pulumi.String("sign"),
				pulumi.String("unwrapKey"),
				pulumi.String("verify"),
				pulumi.String("wrapKey"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			client,
			server,
		}))
		if err != nil {
			return err
		}
		_, err = postgresql.NewServerKey(ctx, "exampleServerKey", &postgresql.ServerKeyArgs{
			ServerId:      exampleServer.ID(),
			KeyVaultKeyId: exampleKey.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.keyvault.KeyVault;
import com.pulumi.azure.keyvault.KeyVaultArgs;
import com.pulumi.azure.postgresql.Server;
import com.pulumi.azure.postgresql.ServerArgs;
import com.pulumi.azure.postgresql.inputs.ServerIdentityArgs;
import com.pulumi.azure.keyvault.AccessPolicy;
import com.pulumi.azure.keyvault.AccessPolicyArgs;
import com.pulumi.azure.keyvault.Key;
import com.pulumi.azure.keyvault.KeyArgs;
import com.pulumi.azure.postgresql.ServerKey;
import com.pulumi.azure.postgresql.ServerKeyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = CoreFunctions.getClientConfig();

        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var exampleKeyVault = new KeyVault("exampleKeyVault", KeyVaultArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .skuName("premium")
            .purgeProtectionEnabled(true)
            .build());

        var exampleServer = new Server("exampleServer", ServerArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .administratorLogin("psqladmin")
            .administratorLoginPassword("H@Sh1CoR3!")
            .skuName("GP_Gen5_2")
            .version("11")
            .storageMb(51200)
            .sslEnforcementEnabled(true)
            .identity(ServerIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .build());

        var server = new AccessPolicy("server", AccessPolicyArgs.builder()        
            .keyVaultId(exampleKeyVault.id())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .objectId(exampleServer.identity().applyValue(identity -> identity.principalId()))
            .keyPermissions(            
                "Get",
                "UnwrapKey",
                "WrapKey")
            .secretPermissions("Get")
            .build());

        var client = new AccessPolicy("client", AccessPolicyArgs.builder()        
            .keyVaultId(exampleKeyVault.id())
            .tenantId(current.applyValue(getClientConfigResult -> getClientConfigResult.tenantId()))
            .objectId(current.applyValue(getClientConfigResult -> getClientConfigResult.objectId()))
            .keyPermissions(            
                "Get",
                "Create",
                "Delete",
                "List",
                "Restore",
                "Recover",
                "UnwrapKey",
                "WrapKey",
                "Purge",
                "Encrypt",
                "Decrypt",
                "Sign",
                "Verify")
            .secretPermissions("Get")
            .build());

        var exampleKey = new Key("exampleKey", KeyArgs.builder()        
            .keyVaultId(exampleKeyVault.id())
            .keyType("RSA")
            .keySize(2048)
            .keyOpts(            
                "decrypt",
                "encrypt",
                "sign",
                "unwrapKey",
                "verify",
                "wrapKey")
            .build(), CustomResourceOptions.builder()
                .dependsOn(                
                    client,
                    server)
                .build());

        var exampleServerKey = new ServerKey("exampleServerKey", ServerKeyArgs.builder()        
            .serverId(exampleServer.id())
            .keyVaultKeyId(exampleKey.id())
            .build());

    }
}
import pulumi
import pulumi_azure as azure

current = azure.core.get_client_config()
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_key_vault = azure.keyvault.KeyVault("exampleKeyVault",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    tenant_id=current.tenant_id,
    sku_name="premium",
    purge_protection_enabled=True)
example_server = azure.postgresql.Server("exampleServer",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    administrator_login="psqladmin",
    administrator_login_password="H@Sh1CoR3!",
    sku_name="GP_Gen5_2",
    version="11",
    storage_mb=51200,
    ssl_enforcement_enabled=True,
    identity=azure.postgresql.ServerIdentityArgs(
        type="SystemAssigned",
    ))
server = azure.keyvault.AccessPolicy("server",
    key_vault_id=example_key_vault.id,
    tenant_id=current.tenant_id,
    object_id=example_server.identity.principal_id,
    key_permissions=[
        "Get",
        "UnwrapKey",
        "WrapKey",
    ],
    secret_permissions=["Get"])
client = azure.keyvault.AccessPolicy("client",
    key_vault_id=example_key_vault.id,
    tenant_id=current.tenant_id,
    object_id=current.object_id,
    key_permissions=[
        "Get",
        "Create",
        "Delete",
        "List",
        "Restore",
        "Recover",
        "UnwrapKey",
        "WrapKey",
        "Purge",
        "Encrypt",
        "Decrypt",
        "Sign",
        "Verify",
    ],
    secret_permissions=["Get"])
example_key = azure.keyvault.Key("exampleKey",
    key_vault_id=example_key_vault.id,
    key_type="RSA",
    key_size=2048,
    key_opts=[
        "decrypt",
        "encrypt",
        "sign",
        "unwrapKey",
        "verify",
        "wrapKey",
    ],
    opts=pulumi.ResourceOptions(depends_on=[
            client,
            server,
        ]))
example_server_key = azure.postgresql.ServerKey("exampleServerKey",
    server_id=example_server.id,
    key_vault_key_id=example_key.id)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const current = azure.core.getClientConfig({});
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleKeyVault = new azure.keyvault.KeyVault("exampleKeyVault", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    tenantId: current.then(current => current.tenantId),
    skuName: "premium",
    purgeProtectionEnabled: true,
});
const exampleServer = new azure.postgresql.Server("exampleServer", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    administratorLogin: "psqladmin",
    administratorLoginPassword: "H@Sh1CoR3!",
    skuName: "GP_Gen5_2",
    version: "11",
    storageMb: 51200,
    sslEnforcementEnabled: true,
    identity: {
        type: "SystemAssigned",
    },
});
const server = new azure.keyvault.AccessPolicy("server", {
    keyVaultId: exampleKeyVault.id,
    tenantId: current.then(current => current.tenantId),
    objectId: exampleServer.identity.apply(identity => identity?.principalId),
    keyPermissions: [
        "Get",
        "UnwrapKey",
        "WrapKey",
    ],
    secretPermissions: ["Get"],
});
const client = new azure.keyvault.AccessPolicy("client", {
    keyVaultId: exampleKeyVault.id,
    tenantId: current.then(current => current.tenantId),
    objectId: current.then(current => current.objectId),
    keyPermissions: [
        "Get",
        "Create",
        "Delete",
        "List",
        "Restore",
        "Recover",
        "UnwrapKey",
        "WrapKey",
        "Purge",
        "Encrypt",
        "Decrypt",
        "Sign",
        "Verify",
    ],
    secretPermissions: ["Get"],
});
const exampleKey = new azure.keyvault.Key("exampleKey", {
    keyVaultId: exampleKeyVault.id,
    keyType: "RSA",
    keySize: 2048,
    keyOpts: [
        "decrypt",
        "encrypt",
        "sign",
        "unwrapKey",
        "verify",
        "wrapKey",
    ],
}, {
    dependsOn: [
        client,
        server,
    ],
});
const exampleServerKey = new azure.postgresql.ServerKey("exampleServerKey", {
    serverId: exampleServer.id,
    keyVaultKeyId: exampleKey.id,
});
resources:
  exampleResourceGroup:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  exampleKeyVault:
    type: azure:keyvault:KeyVault
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      tenantId: ${current.tenantId}
      skuName: premium
      purgeProtectionEnabled: true
  server:
    type: azure:keyvault:AccessPolicy
    properties:
      keyVaultId: ${exampleKeyVault.id}
      tenantId: ${current.tenantId}
      objectId: ${exampleServer.identity.principalId}
      keyPermissions:
        - Get
        - UnwrapKey
        - WrapKey
      secretPermissions:
        - Get
  client:
    type: azure:keyvault:AccessPolicy
    properties:
      keyVaultId: ${exampleKeyVault.id}
      tenantId: ${current.tenantId}
      objectId: ${current.objectId}
      keyPermissions:
        - Get
        - Create
        - Delete
        - List
        - Restore
        - Recover
        - UnwrapKey
        - WrapKey
        - Purge
        - Encrypt
        - Decrypt
        - Sign
        - Verify
      secretPermissions:
        - Get
  exampleKey:
    type: azure:keyvault:Key
    properties:
      keyVaultId: ${exampleKeyVault.id}
      keyType: RSA
      keySize: 2048
      keyOpts:
        - decrypt
        - encrypt
        - sign
        - unwrapKey
        - verify
        - wrapKey
    options:
      dependson:
        - ${client}
        - ${server}
  exampleServer:
    type: azure:postgresql:Server
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      administratorLogin: psqladmin
      administratorLoginPassword: H@Sh1CoR3!
      skuName: GP_Gen5_2
      version: 11
      storageMb: 51200
      sslEnforcementEnabled: true
      identity:
        type: SystemAssigned
  exampleServerKey:
    type: azure:postgresql:ServerKey
    properties:
      serverId: ${exampleServer.id}
      keyVaultKeyId: ${exampleKey.id}
variables:
  current:
    Fn::Invoke:
      Function: azure:core:getClientConfig
      Arguments: {}

Create ServerKey Resource

new ServerKey(name: string, args: ServerKeyArgs, opts?: CustomResourceOptions);
@overload
def ServerKey(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              key_vault_key_id: Optional[str] = None,
              server_id: Optional[str] = None)
@overload
def ServerKey(resource_name: str,
              args: ServerKeyArgs,
              opts: Optional[ResourceOptions] = None)
func NewServerKey(ctx *Context, name string, args ServerKeyArgs, opts ...ResourceOption) (*ServerKey, error)
public ServerKey(string name, ServerKeyArgs args, CustomResourceOptions? opts = null)
public ServerKey(String name, ServerKeyArgs args)
public ServerKey(String name, ServerKeyArgs args, CustomResourceOptions options)
type: azure:postgresql:ServerKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args ServerKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ServerKeyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ServerKeyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ServerKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args ServerKeyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

ServerKey Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The ServerKey resource accepts the following input properties:

KeyVaultKeyId string

The URL to a Key Vault Key.

ServerId string

The ID of the PostgreSQL Server. Changing this forces a new resource to be created.

KeyVaultKeyId string

The URL to a Key Vault Key.

ServerId string

The ID of the PostgreSQL Server. Changing this forces a new resource to be created.

keyVaultKeyId String

The URL to a Key Vault Key.

serverId String

The ID of the PostgreSQL Server. Changing this forces a new resource to be created.

keyVaultKeyId string

The URL to a Key Vault Key.

serverId string

The ID of the PostgreSQL Server. Changing this forces a new resource to be created.

key_vault_key_id str

The URL to a Key Vault Key.

server_id str

The ID of the PostgreSQL Server. Changing this forces a new resource to be created.

keyVaultKeyId String

The URL to a Key Vault Key.

serverId String

The ID of the PostgreSQL Server. Changing this forces a new resource to be created.

Outputs

All input properties are implicitly available as output properties. Additionally, the ServerKey resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing ServerKey Resource

Get an existing ServerKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ServerKeyState, opts?: CustomResourceOptions): ServerKey
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        key_vault_key_id: Optional[str] = None,
        server_id: Optional[str] = None) -> ServerKey
func GetServerKey(ctx *Context, name string, id IDInput, state *ServerKeyState, opts ...ResourceOption) (*ServerKey, error)
public static ServerKey Get(string name, Input<string> id, ServerKeyState? state, CustomResourceOptions? opts = null)
public static ServerKey get(String name, Output<String> id, ServerKeyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
KeyVaultKeyId string

The URL to a Key Vault Key.

ServerId string

The ID of the PostgreSQL Server. Changing this forces a new resource to be created.

KeyVaultKeyId string

The URL to a Key Vault Key.

ServerId string

The ID of the PostgreSQL Server. Changing this forces a new resource to be created.

keyVaultKeyId String

The URL to a Key Vault Key.

serverId String

The ID of the PostgreSQL Server. Changing this forces a new resource to be created.

keyVaultKeyId string

The URL to a Key Vault Key.

serverId string

The ID of the PostgreSQL Server. Changing this forces a new resource to be created.

key_vault_key_id str

The URL to a Key Vault Key.

server_id str

The ID of the PostgreSQL Server. Changing this forces a new resource to be created.

keyVaultKeyId String

The URL to a Key Vault Key.

serverId String

The ID of the PostgreSQL Server. Changing this forces a new resource to be created.

Import

A PostgreSQL Server Key can be imported using the resource id of the PostgreSQL Server Key, e.g.

 $ pulumi import azure:postgresql/serverKey:ServerKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.DBforPostgreSQL/servers/server1/keys/keyvaultname_key-name_keyversion

Package Details

Repository
https://github.com/pulumi/pulumi-azure
License
Apache-2.0
Notes

This Pulumi package is based on the azurerm Terraform Provider.