ibm 1.77.1, Apr 14 25

ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud

ibm.getKmsInstancePolicies

Explore with Pulumi AI

ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud

Import the details of existing Key Protect and Hyper Protect Crypto Service (HPCS) instance policies as a read-only data source. You can then reference the fields of the data source in other resources within the same configuration using interpolation syntax. Retreives a list of instance policies from the hs-crypto or key-protect instance for the provided instance id.

Example Usage

To Create A Instance And Associated Instance Policies.

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const test = ibm.getKmsInstancePolicies({
    instanceId: "guid-of-keyprotect-or hs-crypto-instance",
});

import pulumi
import pulumi_ibm as ibm

test = ibm.get_kms_instance_policies(instance_id="guid-of-keyprotect-or hs-crypto-instance")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.LookupKmsInstancePolicies(ctx, &ibm.LookupKmsInstancePoliciesArgs{
			InstanceId: "guid-of-keyprotect-or hs-crypto-instance",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var test = Ibm.GetKmsInstancePolicies.Invoke(new()
    {
        InstanceId = "guid-of-keyprotect-or hs-crypto-instance",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetKmsInstancePoliciesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var test = IbmFunctions.getKmsInstancePolicies(GetKmsInstancePoliciesArgs.builder()
            .instanceId("guid-of-keyprotect-or hs-crypto-instance")
            .build());

    }
}

variables:
  test:
    fn::invoke:
      function: ibm:getKmsInstancePolicies
      arguments:
        instanceId: guid-of-keyprotect-or hs-crypto-instance

Using getKmsInstancePolicies

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKmsInstancePolicies(args: GetKmsInstancePoliciesArgs, opts?: InvokeOptions): Promise<GetKmsInstancePoliciesResult>
function getKmsInstancePoliciesOutput(args: GetKmsInstancePoliciesOutputArgs, opts?: InvokeOptions): Output<GetKmsInstancePoliciesResult>

def get_kms_instance_policies(id: Optional[str] = None,
                              instance_id: Optional[str] = None,
                              policy_type: Optional[str] = None,
                              opts: Optional[InvokeOptions] = None) -> GetKmsInstancePoliciesResult
def get_kms_instance_policies_output(id: Optional[pulumi.Input[str]] = None,
                              instance_id: Optional[pulumi.Input[str]] = None,
                              policy_type: Optional[pulumi.Input[str]] = None,
                              opts: Optional[InvokeOptions] = None) -> Output[GetKmsInstancePoliciesResult]

func LookupKmsInstancePolicies(ctx *Context, args *LookupKmsInstancePoliciesArgs, opts ...InvokeOption) (*LookupKmsInstancePoliciesResult, error)
func LookupKmsInstancePoliciesOutput(ctx *Context, args *LookupKmsInstancePoliciesOutputArgs, opts ...InvokeOption) LookupKmsInstancePoliciesResultOutput

> Note: This function is named LookupKmsInstancePolicies in the Go SDK.

public static class GetKmsInstancePolicies 
{
    public static Task<GetKmsInstancePoliciesResult> InvokeAsync(GetKmsInstancePoliciesArgs args, InvokeOptions? opts = null)
    public static Output<GetKmsInstancePoliciesResult> Invoke(GetKmsInstancePoliciesInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetKmsInstancePoliciesResult> getKmsInstancePolicies(GetKmsInstancePoliciesArgs args, InvokeOptions options)
public static Output<GetKmsInstancePoliciesResult> getKmsInstancePolicies(GetKmsInstancePoliciesArgs args, InvokeOptions options)

fn::invoke:
  function: ibm:index/getKmsInstancePolicies:getKmsInstancePolicies
  arguments:
    # arguments dictionary

The following arguments are supported:

InstanceId string

The key-protect instance ID for creating policies.

Id string

(String) The CRN of the instance.

PolicyType string

The type of policy to be retrieved. Allowed inputs ('dualAuthDelete', 'keyCreateImportAccess', 'metrics', 'rotation')

For Reference to the Policy : https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess

NOTE : Policies allowedIP and allowedNetwork are not supported by instance_policies resource, and can be set using Context Based Restrictions (CBR).

InstanceId string

The key-protect instance ID for creating policies.

Id string

(String) The CRN of the instance.

PolicyType string

The type of policy to be retrieved. Allowed inputs ('dualAuthDelete', 'keyCreateImportAccess', 'metrics', 'rotation')

For Reference to the Policy : https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess

NOTE : Policies allowedIP and allowedNetwork are not supported by instance_policies resource, and can be set using Context Based Restrictions (CBR).

instanceId String

The key-protect instance ID for creating policies.

id String

(String) The CRN of the instance.

policyType String

The type of policy to be retrieved. Allowed inputs ('dualAuthDelete', 'keyCreateImportAccess', 'metrics', 'rotation')

For Reference to the Policy : https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess

NOTE : Policies allowedIP and allowedNetwork are not supported by instance_policies resource, and can be set using Context Based Restrictions (CBR).

instanceId string

The key-protect instance ID for creating policies.

id string

(String) The CRN of the instance.

policyType string

The type of policy to be retrieved. Allowed inputs ('dualAuthDelete', 'keyCreateImportAccess', 'metrics', 'rotation')

For Reference to the Policy : https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess

NOTE : Policies allowedIP and allowedNetwork are not supported by instance_policies resource, and can be set using Context Based Restrictions (CBR).

instance_id str

The key-protect instance ID for creating policies.

id str

(String) The CRN of the instance.

policy_type str

The type of policy to be retrieved. Allowed inputs ('dualAuthDelete', 'keyCreateImportAccess', 'metrics', 'rotation')

For Reference to the Policy : https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess

NOTE : Policies allowedIP and allowedNetwork are not supported by instance_policies resource, and can be set using Context Based Restrictions (CBR).

instanceId String

The key-protect instance ID for creating policies.

id String

(String) The CRN of the instance.

policyType String

The type of policy to be retrieved. Allowed inputs ('dualAuthDelete', 'keyCreateImportAccess', 'metrics', 'rotation')

For Reference to the Policy : https://cloud.ibm.com/docs/key-protect?topic=key-protect-manage-keyCreateImportAccess

NOTE : Policies allowedIP and allowedNetwork are not supported by instance_policies resource, and can be set using Context Based Restrictions (CBR).

getKmsInstancePolicies Result

The following output properties are available:

DualAuthDeletes List<GetKmsInstancePoliciesDualAuthDelete>: (List) The data associated with the dual authorization delete policy.
Id string: (String) The CRN of the instance.
InstanceId string
KeyCreateImportAccesses List<GetKmsInstancePoliciesKeyCreateImportAccess>: (List) The data associated with the key_create_import_access policy.
Metrics List<GetKmsInstancePoliciesMetric>: (List) The data associated with the metrics policy.
Rotations List<GetKmsInstancePoliciesRotation>: (List) The rotation time interval in months, with a minimum of 1, and a maximum of 12.
PolicyType string

DualAuthDeletes []GetKmsInstancePoliciesDualAuthDelete: (List) The data associated with the dual authorization delete policy.
Id string: (String) The CRN of the instance.
InstanceId string
KeyCreateImportAccesses []GetKmsInstancePoliciesKeyCreateImportAccess: (List) The data associated with the key_create_import_access policy.
Metrics []GetKmsInstancePoliciesMetric: (List) The data associated with the metrics policy.
Rotations []GetKmsInstancePoliciesRotation: (List) The rotation time interval in months, with a minimum of 1, and a maximum of 12.
PolicyType string

dualAuthDeletes List<GetKmsInstancePoliciesDualAuthDelete>: (List) The data associated with the dual authorization delete policy.
id String: (String) The CRN of the instance.
instanceId String
keyCreateImportAccesses List<GetKmsInstancePoliciesKeyCreateImportAccess>: (List) The data associated with the key_create_import_access policy.
metrics List<GetKmsInstancePoliciesMetric>: (List) The data associated with the metrics policy.
rotations List<GetKmsInstancePoliciesRotation>: (List) The rotation time interval in months, with a minimum of 1, and a maximum of 12.
policyType String

dualAuthDeletes GetKmsInstancePoliciesDualAuthDelete[]: (List) The data associated with the dual authorization delete policy.
id string: (String) The CRN of the instance.
instanceId string
keyCreateImportAccesses GetKmsInstancePoliciesKeyCreateImportAccess[]: (List) The data associated with the key_create_import_access policy.
metrics GetKmsInstancePoliciesMetric[]: (List) The data associated with the metrics policy.
rotations GetKmsInstancePoliciesRotation[]: (List) The rotation time interval in months, with a minimum of 1, and a maximum of 12.
policyType string

dual_auth_deletes Sequence[GetKmsInstancePoliciesDualAuthDelete]: (List) The data associated with the dual authorization delete policy.
id str: (String) The CRN of the instance.
instance_id str
key_create_import_accesses Sequence[GetKmsInstancePoliciesKeyCreateImportAccess]: (List) The data associated with the key_create_import_access policy.
metrics Sequence[GetKmsInstancePoliciesMetric]: (List) The data associated with the metrics policy.
rotations Sequence[GetKmsInstancePoliciesRotation]: (List) The rotation time interval in months, with a minimum of 1, and a maximum of 12.
policy_type str

dualAuthDeletes List<Property Map>: (List) The data associated with the dual authorization delete policy.
id String: (String) The CRN of the instance.
instanceId String
keyCreateImportAccesses List<Property Map>: (List) The data associated with the key_create_import_access policy.
metrics List<Property Map>: (List) The data associated with the metrics policy.
rotations List<Property Map>: (List) The rotation time interval in months, with a minimum of 1, and a maximum of 12.
policyType String

Supporting Types

GetKmsInstancePoliciesDualAuthDelete

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Enabled bool: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
LastUpdated string
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Enabled bool: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
LastUpdated string
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled Boolean: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
lastUpdated String
updatedBy String: (String) The unique ID for the resource that updated the policy.

createdBy string: (String) The unique ID for the resource that created the policy.
creationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled boolean: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
lastUpdated string
updatedBy string: (String) The unique ID for the resource that updated the policy.

created_by str: (String) The unique ID for the resource that created the policy.
creation_date str: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled bool: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
last_updated str
updated_by str: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled Boolean: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
lastUpdated String
updatedBy String: (String) The unique ID for the resource that updated the policy.

GetKmsInstancePoliciesKeyCreateImportAccess

CreateRootKey bool: (Bool) If set to true it enables the create_root_key attribute for the policy.
CreateStandardKey bool: (Bool) If set to true it enables the create_standard_key attribute for the policy.
CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Enabled bool: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
EnforceToken bool: (Bool) If set to true it enables the enforce_token attribute of the policy.
ImportRootKey bool: (Bool) If set to true it enables import_root_key attribute of the policy.
ImportStandardKey bool: (Bool) If set to true it enables the import_standard_key attribute of the policy.
LastUpdated string
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

CreateRootKey bool: (Bool) If set to true it enables the create_root_key attribute for the policy.
CreateStandardKey bool: (Bool) If set to true it enables the create_standard_key attribute for the policy.
CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Enabled bool: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
EnforceToken bool: (Bool) If set to true it enables the enforce_token attribute of the policy.
ImportRootKey bool: (Bool) If set to true it enables import_root_key attribute of the policy.
ImportStandardKey bool: (Bool) If set to true it enables the import_standard_key attribute of the policy.
LastUpdated string
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

createRootKey Boolean: (Bool) If set to true it enables the create_root_key attribute for the policy.
createStandardKey Boolean: (Bool) If set to true it enables the create_standard_key attribute for the policy.
createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled Boolean: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
enforceToken Boolean: (Bool) If set to true it enables the enforce_token attribute of the policy.
importRootKey Boolean: (Bool) If set to true it enables import_root_key attribute of the policy.
importStandardKey Boolean: (Bool) If set to true it enables the import_standard_key attribute of the policy.
lastUpdated String
updatedBy String: (String) The unique ID for the resource that updated the policy.

createRootKey boolean: (Bool) If set to true it enables the create_root_key attribute for the policy.
createStandardKey boolean: (Bool) If set to true it enables the create_standard_key attribute for the policy.
createdBy string: (String) The unique ID for the resource that created the policy.
creationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled boolean: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
enforceToken boolean: (Bool) If set to true it enables the enforce_token attribute of the policy.
importRootKey boolean: (Bool) If set to true it enables import_root_key attribute of the policy.
importStandardKey boolean: (Bool) If set to true it enables the import_standard_key attribute of the policy.
lastUpdated string
updatedBy string: (String) The unique ID for the resource that updated the policy.

create_root_key bool: (Bool) If set to true it enables the create_root_key attribute for the policy.
create_standard_key bool: (Bool) If set to true it enables the create_standard_key attribute for the policy.
created_by str: (String) The unique ID for the resource that created the policy.
creation_date str: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled bool: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
enforce_token bool: (Bool) If set to true it enables the enforce_token attribute of the policy.
import_root_key bool: (Bool) If set to true it enables import_root_key attribute of the policy.
import_standard_key bool: (Bool) If set to true it enables the import_standard_key attribute of the policy.
last_updated str
updated_by str: (String) The unique ID for the resource that updated the policy.

createRootKey Boolean: (Bool) If set to true it enables the create_root_key attribute for the policy.
createStandardKey Boolean: (Bool) If set to true it enables the create_standard_key attribute for the policy.
createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled Boolean: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
enforceToken Boolean: (Bool) If set to true it enables the enforce_token attribute of the policy.
importRootKey Boolean: (Bool) If set to true it enables import_root_key attribute of the policy.
importStandardKey Boolean: (Bool) If set to true it enables the import_standard_key attribute of the policy.
lastUpdated String
updatedBy String: (String) The unique ID for the resource that updated the policy.

GetKmsInstancePoliciesMetric

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Enabled bool: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
LastUpdated string
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Enabled bool: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
LastUpdated string
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled Boolean: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
lastUpdated String
updatedBy String: (String) The unique ID for the resource that updated the policy.

createdBy string: (String) The unique ID for the resource that created the policy.
creationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled boolean: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
lastUpdated string
updatedBy string: (String) The unique ID for the resource that updated the policy.

created_by str: (String) The unique ID for the resource that created the policy.
creation_date str: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled bool: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
last_updated str
updated_by str: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled Boolean: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
lastUpdated String
updatedBy String: (String) The unique ID for the resource that updated the policy.

GetKmsInstancePoliciesRotation

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Enabled bool: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
IntervalMonth double: (Int) The rotation time interval in months.
LastUpdated string
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Enabled bool: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
IntervalMonth float64: (Int) The rotation time interval in months.
LastUpdated string
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled Boolean: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
intervalMonth Double: (Int) The rotation time interval in months.
lastUpdated String
updatedBy String: (String) The unique ID for the resource that updated the policy.

createdBy string: (String) The unique ID for the resource that created the policy.
creationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled boolean: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
intervalMonth number: (Int) The rotation time interval in months.
lastUpdated string
updatedBy string: (String) The unique ID for the resource that updated the policy.

created_by str: (String) The unique ID for the resource that created the policy.
creation_date str: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled bool: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
interval_month float: (Int) The rotation time interval in months.
last_updated str
updated_by str: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
enabled Boolean: (Bool) Data associated with enable/disbale value for the rotation policy on the instance.
intervalMonth Number: (Int) The rotation time interval in months.
lastUpdated String
updatedBy String: (String) The unique ID for the resource that updated the policy.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

ibm.getKmsInstancePolicies

On this page

On this page

Example Usage

To Create A Instance And Associated Instance Policies.

Using getKmsInstancePolicies

getKmsInstancePolicies Result

Supporting Types

GetKmsInstancePoliciesDualAuthDelete

GetKmsInstancePoliciesKeyCreateImportAccess

GetKmsInstancePoliciesMetric

GetKmsInstancePoliciesRotation

Package Details

On this page

On this page