Docs Home
opentelekomcloud 1.36.37 published on Thursday, Apr 24, 2025 by opentelekomcloud
opentelekomcloud.KmsGrantV1
Explore with Pulumi AI
opentelekomcloud 1.36.37 published on Thursday, Apr 24, 2025 by opentelekomcloud
Up-to-date reference of API arguments for KMS grant you can get at documentation portal
Manages a V1 KMS grant resource within OpenTelekomCloud.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as opentelekomcloud from "@pulumi/opentelekomcloud";
const grant1 = new opentelekomcloud.KmsGrantV1("grant1", {
keyId: _var.kms_id,
granteePrincipal: _var.user_id,
operations: [
"describe-key",
"create-datakey",
"encrypt-datakey",
],
});
import pulumi
import pulumi_opentelekomcloud as opentelekomcloud
grant1 = opentelekomcloud.KmsGrantV1("grant1",
key_id=var["kms_id"],
grantee_principal=var["user_id"],
operations=[
"describe-key",
"create-datakey",
"encrypt-datakey",
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/opentelekomcloud/opentelekomcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := opentelekomcloud.NewKmsGrantV1(ctx, "grant1", &opentelekomcloud.KmsGrantV1Args{
KeyId: pulumi.Any(_var.Kms_id),
GranteePrincipal: pulumi.Any(_var.User_id),
Operations: pulumi.StringArray{
pulumi.String("describe-key"),
pulumi.String("create-datakey"),
pulumi.String("encrypt-datakey"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Opentelekomcloud = Pulumi.Opentelekomcloud;
return await Deployment.RunAsync(() =>
{
var grant1 = new Opentelekomcloud.KmsGrantV1("grant1", new()
{
KeyId = @var.Kms_id,
GranteePrincipal = @var.User_id,
Operations = new[]
{
"describe-key",
"create-datakey",
"encrypt-datakey",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.opentelekomcloud.KmsGrantV1;
import com.pulumi.opentelekomcloud.KmsGrantV1Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var grant1 = new KmsGrantV1("grant1", KmsGrantV1Args.builder()
.keyId(var_.kms_id())
.granteePrincipal(var_.user_id())
.operations(
"describe-key",
"create-datakey",
"encrypt-datakey")
.build());
}
}
resources:
grant1:
type: opentelekomcloud:KmsGrantV1
properties:
keyId: ${var.kms_id}
granteePrincipal: ${var.user_id}
operations:
- describe-key
- create-datakey
- encrypt-datakey
Create KmsGrantV1 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KmsGrantV1(name: string, args: KmsGrantV1Args, opts?: CustomResourceOptions);@overload
def KmsGrantV1(resource_name: str,
args: KmsGrantV1Args,
opts: Optional[ResourceOptions] = None)
@overload
def KmsGrantV1(resource_name: str,
opts: Optional[ResourceOptions] = None,
grantee_principal: Optional[str] = None,
key_id: Optional[str] = None,
kms_grant_v1_id: Optional[str] = None,
name: Optional[str] = None,
operations: Optional[Sequence[str]] = None,
retiring_principal: Optional[str] = None)func NewKmsGrantV1(ctx *Context, name string, args KmsGrantV1Args, opts ...ResourceOption) (*KmsGrantV1, error)public KmsGrantV1(string name, KmsGrantV1Args args, CustomResourceOptions? opts = null)
public KmsGrantV1(String name, KmsGrantV1Args args)
public KmsGrantV1(String name, KmsGrantV1Args args, CustomResourceOptions options)
type: opentelekomcloud:KmsGrantV1
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KmsGrantV1Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KmsGrantV1Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KmsGrantV1Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KmsGrantV1Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KmsGrantV1Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var kmsGrantV1Resource = new Opentelekomcloud.KmsGrantV1("kmsGrantV1Resource", new()
{
GranteePrincipal = "string",
KeyId = "string",
KmsGrantV1Id = "string",
Name = "string",
Operations = new[]
{
"string",
},
RetiringPrincipal = "string",
});
example, err := opentelekomcloud.NewKmsGrantV1(ctx, "kmsGrantV1Resource", &opentelekomcloud.KmsGrantV1Args{
GranteePrincipal: pulumi.String("string"),
KeyId: pulumi.String("string"),
KmsGrantV1Id: pulumi.String("string"),
Name: pulumi.String("string"),
Operations: pulumi.StringArray{
pulumi.String("string"),
},
RetiringPrincipal: pulumi.String("string"),
})
var kmsGrantV1Resource = new KmsGrantV1("kmsGrantV1Resource", KmsGrantV1Args.builder()
.granteePrincipal("string")
.keyId("string")
.kmsGrantV1Id("string")
.name("string")
.operations("string")
.retiringPrincipal("string")
.build());
kms_grant_v1_resource = opentelekomcloud.KmsGrantV1("kmsGrantV1Resource",
grantee_principal="string",
key_id="string",
kms_grant_v1_id="string",
name="string",
operations=["string"],
retiring_principal="string")
const kmsGrantV1Resource = new opentelekomcloud.KmsGrantV1("kmsGrantV1Resource", {
granteePrincipal: "string",
keyId: "string",
kmsGrantV1Id: "string",
name: "string",
operations: ["string"],
retiringPrincipal: "string",
});
type: opentelekomcloud:KmsGrantV1
properties:
granteePrincipal: string
keyId: string
kmsGrantV1Id: string
name: string
operations:
- string
retiringPrincipal: string
KmsGrantV1 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KmsGrantV1 resource accepts the following input properties:
- Grantee
Principal string - Indicates the ID of the authorized user. Changing this creates new grant.
- Key
Id string - Indicates the ID of the KMS. Changing this creates new grant.
- Kms
Grant stringV1Id - Name string
- Name of a grant which can be 1 to 255 characters in length
and matches the regular expression
^[a-zA-Z0-9:/_-]{1,255}$. Changing this creates new grant. - Operations List<string>
- Permissions that can be granted.
The valid values are:
create-datakey,create-datakey-without-plaintext,encrypt-datakey,decrypt-datakey,describe-key,create-grant,retire-grant. Changing this creates new grant. - Retiring
Principal string - Indicates the ID of the retiring user. Changing this creates new grant.
- Grantee
Principal string - Indicates the ID of the authorized user. Changing this creates new grant.
- Key
Id string - Indicates the ID of the KMS. Changing this creates new grant.
- Kms
Grant stringV1Id - Name string
- Name of a grant which can be 1 to 255 characters in length
and matches the regular expression
^[a-zA-Z0-9:/_-]{1,255}$. Changing this creates new grant. - Operations []string
- Permissions that can be granted.
The valid values are:
create-datakey,create-datakey-without-plaintext,encrypt-datakey,decrypt-datakey,describe-key,create-grant,retire-grant. Changing this creates new grant. - Retiring
Principal string - Indicates the ID of the retiring user. Changing this creates new grant.
- grantee
Principal String - Indicates the ID of the authorized user. Changing this creates new grant.
- key
Id String - Indicates the ID of the KMS. Changing this creates new grant.
- kms
Grant StringV1Id - name String
- Name of a grant which can be 1 to 255 characters in length
and matches the regular expression
^[a-zA-Z0-9:/_-]{1,255}$. Changing this creates new grant. - operations List<String>
- Permissions that can be granted.
The valid values are:
create-datakey,create-datakey-without-plaintext,encrypt-datakey,decrypt-datakey,describe-key,create-grant,retire-grant. Changing this creates new grant. - retiring
Principal String - Indicates the ID of the retiring user. Changing this creates new grant.
- grantee
Principal string - Indicates the ID of the authorized user. Changing this creates new grant.
- key
Id string - Indicates the ID of the KMS. Changing this creates new grant.
- kms
Grant stringV1Id - name string
- Name of a grant which can be 1 to 255 characters in length
and matches the regular expression
^[a-zA-Z0-9:/_-]{1,255}$. Changing this creates new grant. - operations string[]
- Permissions that can be granted.
The valid values are:
create-datakey,create-datakey-without-plaintext,encrypt-datakey,decrypt-datakey,describe-key,create-grant,retire-grant. Changing this creates new grant. - retiring
Principal string - Indicates the ID of the retiring user. Changing this creates new grant.
- grantee_
principal str - Indicates the ID of the authorized user. Changing this creates new grant.
- key_
id str - Indicates the ID of the KMS. Changing this creates new grant.
- kms_
grant_ strv1_ id - name str
- Name of a grant which can be 1 to 255 characters in length
and matches the regular expression
^[a-zA-Z0-9:/_-]{1,255}$. Changing this creates new grant. - operations Sequence[str]
- Permissions that can be granted.
The valid values are:
create-datakey,create-datakey-without-plaintext,encrypt-datakey,decrypt-datakey,describe-key,create-grant,retire-grant. Changing this creates new grant. - retiring_
principal str - Indicates the ID of the retiring user. Changing this creates new grant.
- grantee
Principal String - Indicates the ID of the authorized user. Changing this creates new grant.
- key
Id String - Indicates the ID of the KMS. Changing this creates new grant.
- kms
Grant StringV1Id - name String
- Name of a grant which can be 1 to 255 characters in length
and matches the regular expression
^[a-zA-Z0-9:/_-]{1,255}$. Changing this creates new grant. - operations List<String>
- Permissions that can be granted.
The valid values are:
create-datakey,create-datakey-without-plaintext,encrypt-datakey,decrypt-datakey,describe-key,create-grant,retire-grant. Changing this creates new grant. - retiring
Principal String - Indicates the ID of the retiring user. Changing this creates new grant.
Outputs
All input properties are implicitly available as output properties. Additionally, the KmsGrantV1 resource produces the following output properties:
- Creation
Date string - Creation time. The value is a timestamp expressed in the number of seconds since 00:00:00 UTC on January 1, 1970.
- Id string
- The provider-assigned unique ID for this managed resource.
- Issuing
Principal string - Indicates the ID of the user who created the grant.
- Creation
Date string - Creation time. The value is a timestamp expressed in the number of seconds since 00:00:00 UTC on January 1, 1970.
- Id string
- The provider-assigned unique ID for this managed resource.
- Issuing
Principal string - Indicates the ID of the user who created the grant.
- creation
Date String - Creation time. The value is a timestamp expressed in the number of seconds since 00:00:00 UTC on January 1, 1970.
- id String
- The provider-assigned unique ID for this managed resource.
- issuing
Principal String - Indicates the ID of the user who created the grant.
- creation
Date string - Creation time. The value is a timestamp expressed in the number of seconds since 00:00:00 UTC on January 1, 1970.
- id string
- The provider-assigned unique ID for this managed resource.
- issuing
Principal string - Indicates the ID of the user who created the grant.
- creation_
date str - Creation time. The value is a timestamp expressed in the number of seconds since 00:00:00 UTC on January 1, 1970.
- id str
- The provider-assigned unique ID for this managed resource.
- issuing_
principal str - Indicates the ID of the user who created the grant.
- creation
Date String - Creation time. The value is a timestamp expressed in the number of seconds since 00:00:00 UTC on January 1, 1970.
- id String
- The provider-assigned unique ID for this managed resource.
- issuing
Principal String - Indicates the ID of the user who created the grant.
Look up Existing KmsGrantV1 Resource
Get an existing KmsGrantV1 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KmsGrantV1State, opts?: CustomResourceOptions): KmsGrantV1@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
creation_date: Optional[str] = None,
grantee_principal: Optional[str] = None,
issuing_principal: Optional[str] = None,
key_id: Optional[str] = None,
kms_grant_v1_id: Optional[str] = None,
name: Optional[str] = None,
operations: Optional[Sequence[str]] = None,
retiring_principal: Optional[str] = None) -> KmsGrantV1func GetKmsGrantV1(ctx *Context, name string, id IDInput, state *KmsGrantV1State, opts ...ResourceOption) (*KmsGrantV1, error)public static KmsGrantV1 Get(string name, Input<string> id, KmsGrantV1State? state, CustomResourceOptions? opts = null)public static KmsGrantV1 get(String name, Output<String> id, KmsGrantV1State state, CustomResourceOptions options)resources: _: type: opentelekomcloud:KmsGrantV1 get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Creation
Date string - Creation time. The value is a timestamp expressed in the number of seconds since 00:00:00 UTC on January 1, 1970.
- Grantee
Principal string - Indicates the ID of the authorized user. Changing this creates new grant.
- Issuing
Principal string - Indicates the ID of the user who created the grant.
- Key
Id string - Indicates the ID of the KMS. Changing this creates new grant.
- Kms
Grant stringV1Id - Name string
- Name of a grant which can be 1 to 255 characters in length
and matches the regular expression
^[a-zA-Z0-9:/_-]{1,255}$. Changing this creates new grant. - Operations List<string>
- Permissions that can be granted.
The valid values are:
create-datakey,create-datakey-without-plaintext,encrypt-datakey,decrypt-datakey,describe-key,create-grant,retire-grant. Changing this creates new grant. - Retiring
Principal string - Indicates the ID of the retiring user. Changing this creates new grant.
- Creation
Date string - Creation time. The value is a timestamp expressed in the number of seconds since 00:00:00 UTC on January 1, 1970.
- Grantee
Principal string - Indicates the ID of the authorized user. Changing this creates new grant.
- Issuing
Principal string - Indicates the ID of the user who created the grant.
- Key
Id string - Indicates the ID of the KMS. Changing this creates new grant.
- Kms
Grant stringV1Id - Name string
- Name of a grant which can be 1 to 255 characters in length
and matches the regular expression
^[a-zA-Z0-9:/_-]{1,255}$. Changing this creates new grant. - Operations []string
- Permissions that can be granted.
The valid values are:
create-datakey,create-datakey-without-plaintext,encrypt-datakey,decrypt-datakey,describe-key,create-grant,retire-grant. Changing this creates new grant. - Retiring
Principal string - Indicates the ID of the retiring user. Changing this creates new grant.
- creation
Date String - Creation time. The value is a timestamp expressed in the number of seconds since 00:00:00 UTC on January 1, 1970.
- grantee
Principal String - Indicates the ID of the authorized user. Changing this creates new grant.
- issuing
Principal String - Indicates the ID of the user who created the grant.
- key
Id String - Indicates the ID of the KMS. Changing this creates new grant.
- kms
Grant StringV1Id - name String
- Name of a grant which can be 1 to 255 characters in length
and matches the regular expression
^[a-zA-Z0-9:/_-]{1,255}$. Changing this creates new grant. - operations List<String>
- Permissions that can be granted.
The valid values are:
create-datakey,create-datakey-without-plaintext,encrypt-datakey,decrypt-datakey,describe-key,create-grant,retire-grant. Changing this creates new grant. - retiring
Principal String - Indicates the ID of the retiring user. Changing this creates new grant.
- creation
Date string - Creation time. The value is a timestamp expressed in the number of seconds since 00:00:00 UTC on January 1, 1970.
- grantee
Principal string - Indicates the ID of the authorized user. Changing this creates new grant.
- issuing
Principal string - Indicates the ID of the user who created the grant.
- key
Id string - Indicates the ID of the KMS. Changing this creates new grant.
- kms
Grant stringV1Id - name string
- Name of a grant which can be 1 to 255 characters in length
and matches the regular expression
^[a-zA-Z0-9:/_-]{1,255}$. Changing this creates new grant. - operations string[]
- Permissions that can be granted.
The valid values are:
create-datakey,create-datakey-without-plaintext,encrypt-datakey,decrypt-datakey,describe-key,create-grant,retire-grant. Changing this creates new grant. - retiring
Principal string - Indicates the ID of the retiring user. Changing this creates new grant.
- creation_
date str - Creation time. The value is a timestamp expressed in the number of seconds since 00:00:00 UTC on January 1, 1970.
- grantee_
principal str - Indicates the ID of the authorized user. Changing this creates new grant.
- issuing_
principal str - Indicates the ID of the user who created the grant.
- key_
id str - Indicates the ID of the KMS. Changing this creates new grant.
- kms_
grant_ strv1_ id - name str
- Name of a grant which can be 1 to 255 characters in length
and matches the regular expression
^[a-zA-Z0-9:/_-]{1,255}$. Changing this creates new grant. - operations Sequence[str]
- Permissions that can be granted.
The valid values are:
create-datakey,create-datakey-without-plaintext,encrypt-datakey,decrypt-datakey,describe-key,create-grant,retire-grant. Changing this creates new grant. - retiring_
principal str - Indicates the ID of the retiring user. Changing this creates new grant.
- creation
Date String - Creation time. The value is a timestamp expressed in the number of seconds since 00:00:00 UTC on January 1, 1970.
- grantee
Principal String - Indicates the ID of the authorized user. Changing this creates new grant.
- issuing
Principal String - Indicates the ID of the user who created the grant.
- key
Id String - Indicates the ID of the KMS. Changing this creates new grant.
- kms
Grant StringV1Id - name String
- Name of a grant which can be 1 to 255 characters in length
and matches the regular expression
^[a-zA-Z0-9:/_-]{1,255}$. Changing this creates new grant. - operations List<String>
- Permissions that can be granted.
The valid values are:
create-datakey,create-datakey-without-plaintext,encrypt-datakey,decrypt-datakey,describe-key,create-grant,retire-grant. Changing this creates new grant. - retiring
Principal String - Indicates the ID of the retiring user. Changing this creates new grant.
Import
KMS Grants can be imported using the key_id/grant_id, e.g.
$ pulumi import opentelekomcloud:index/kmsGrantV1:KmsGrantV1 grant_1 4779ab1c-7c1a-44b1-a02e-93dfc361b32d/7056d636-ac60-4663-8a6c-82d3c32c1c64
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- opentelekomcloud opentelekomcloud/terraform-provider-opentelekomcloud
- License
- Notes
- This Pulumi package is based on the
opentelekomcloudTerraform Provider.
opentelekomcloud 1.36.37 published on Thursday, Apr 24, 2025 by opentelekomcloud