import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages an Azure App Configuration. * * ## Disclaimers * * > **Note:** Version 3.27.0 and later of the Azure Provider include a Feature Toggle which will purge an App Configuration resource on destroy, rather than the default soft-delete. The Provider will automatically recover a soft-deleted App Configuration during creation if one is found. See the Features block documentation for more information on Feature Toggles within Terraform. * * > **Note:** Reading and purging soft-deleted App Configurations requires the `Microsoft.AppConfiguration/locations/deletedConfigurationStores/read` and `Microsoft.AppConfiguration/locations/deletedConfigurationStores/purge/action` permission on Subscription scope. Recovering a soft-deleted App Configuration requires the `Microsoft.AppConfiguration/configurationStores/write` permission on Subscription or Resource Group scope. [More information can be found in the Azure Documentation for App Configuration](https://learn.microsoft.com/en-us/azure/azure-app-configuration/concept-soft-delete#permissions-to-recover-a-deleted-store). See the following links for more information on assigning [Azure custom roles](https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles) or using the `azure.authorization.Assignment` resource to assign a custom role. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const appconf = new azure.appconfiguration.ConfigurationStore("appconf", { * name: "appConf1", * resourceGroupName: example.name, * location: example.location, * }); * ``` * * ### Encryption) * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { * name: "example-identity", * location: example.location, * resourceGroupName: example.name, * }); * const current = azure.core.getClientConfig({}); * const exampleKeyVault = new azure.keyvault.KeyVault("example", { * name: "exampleKVt123", * location: example.location, * resourceGroupName: example.name, * tenantId: current.then(current => current.tenantId), * skuName: "standard", * softDeleteRetentionDays: 7, * purgeProtectionEnabled: true, * }); * const server = new azure.keyvault.AccessPolicy("server", { * keyVaultId: exampleKeyVault.id, * tenantId: current.then(current => current.tenantId), * objectId: exampleUserAssignedIdentity.principalId, * keyPermissions: [ * "Get", * "UnwrapKey", * "WrapKey", * ], * secretPermissions: ["Get"], * }); * const client = new azure.keyvault.AccessPolicy("client", { * keyVaultId: exampleKeyVault.id, * tenantId: current.then(current => current.tenantId), * objectId: current.then(current => current.objectId), * keyPermissions: [ * "Get", * "Create", * "Delete", * "List", * "Restore", * "Recover", * "UnwrapKey", * "WrapKey", * "Purge", * "Encrypt", * "Decrypt", * "Sign", * "Verify", * "GetRotationPolicy", * ], * secretPermissions: ["Get"], * }); * const exampleKey = new azure.keyvault.Key("example", { * name: "exampleKVkey", * keyVaultId: exampleKeyVault.id, * keyType: "RSA", * keySize: 2048, * keyOpts: [ * "decrypt", * "encrypt", * "sign", * "unwrapKey", * "verify", * "wrapKey", * ], * }, { * dependsOn: [ * client, * server, * ], * }); * const exampleConfigurationStore = new azure.appconfiguration.ConfigurationStore("example", { * name: "appConf2", * resourceGroupName: example.name, * location: example.location, * sku: "standard", * localAuthEnabled: true, * publicNetworkAccess: "Enabled", * purgeProtectionEnabled: false, * softDeleteRetentionDays: 1, * identity: { * type: "UserAssigned", * identityIds: [exampleUserAssignedIdentity.id], * }, * encryption: { * keyVaultKeyIdentifier: exampleKey.id, * identityClientId: exampleUserAssignedIdentity.clientId, * }, * replicas: [{ * name: "replica1", * location: "West US", * }], * tags: { * environment: "development", * }, * }, { * dependsOn: [ * client, * server, * ], * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.AppConfiguration` - 2024-05-01 * * ## Import * * App Configurations can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:appconfiguration/configurationStore:ConfigurationStore appconf /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.AppConfiguration/configurationStores/appConf1 * ``` */ export declare class ConfigurationStore extends pulumi.CustomResource { /** * Get an existing ConfigurationStore resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ConfigurationStoreState, opts?: pulumi.CustomResourceOptions): ConfigurationStore; /** * Returns true if the given object is an instance of ConfigurationStore. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ConfigurationStore; /** * The data plane proxy authentication mode. Possible values are `Local` and `Pass-through`. Defaults to `Local`. */ readonly dataPlaneProxyAuthenticationMode: pulumi.Output; /** * Whether data plane proxy private link delegation is enabled. Defaults to `false`. * * > **Note:** `dataPlaneProxyPrivateLinkDelegationEnabled` cannot be set to `true` when `dataPlaneProxyAuthenticationMode` is set to `Local`. */ readonly dataPlaneProxyPrivateLinkDelegationEnabled: pulumi.Output; /** * An `encryption` block as defined below. */ readonly encryption: pulumi.Output; /** * The URL of the App Configuration Replica. */ readonly endpoint: pulumi.Output; /** * An `identity` block as defined below. */ readonly identity: pulumi.Output; /** * Whether local authentication methods is enabled. Defaults to `true`. */ readonly localAuthEnabled: pulumi.Output; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ readonly location: pulumi.Output; /** * Specifies the name of the App Configuration. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * A `primaryReadKey` block as defined below containing the primary read access key. */ readonly primaryReadKeys: pulumi.Output; /** * A `primaryWriteKey` block as defined below containing the primary write access key. */ readonly primaryWriteKeys: pulumi.Output; /** * The Public Network Access setting of the App Configuration. Possible values are `Enabled` and `Disabled`. * * > **Note:** If `publicNetworkAccess` is not specified, the App Configuration will be created as `Automatic`. However, once a different value is defined, can not be set again as automatic. */ readonly publicNetworkAccess: pulumi.Output; /** * Whether Purge Protection is enabled. This field only works for `standard` sku. Defaults to `false`. * * !> **Note:** Once Purge Protection has been enabled it's not possible to disable it. Deleting the App Configuration with Purge Protection enabled will schedule the App Configuration to be deleted (which will happen by Azure in the configured number of days). */ readonly purgeProtectionEnabled: pulumi.Output; /** * One or more `replica` blocks as defined below. */ readonly replicas: pulumi.Output; /** * The name of the resource group in which to create the App Configuration. Changing this forces a new resource to be created. */ readonly resourceGroupName: pulumi.Output; /** * A `secondaryReadKey` block as defined below containing the secondary read access key. */ readonly secondaryReadKeys: pulumi.Output; /** * A `secondaryWriteKey` block as defined below containing the secondary write access key. */ readonly secondaryWriteKeys: pulumi.Output; /** * The SKU name of the App Configuration. Possible values are `free`, `developer`, `standard` and `premium`. Defaults to `free`. * * > **Note:** Azure does not support downgrading `sku` to a lower tier, except from `premium` to `standard`. Downgrading will force a new resource to be created. */ readonly sku: pulumi.Output; /** * The number of days that items should be retained for once soft-deleted. This field only works for `standard` sku. This value can be between `1` and `7` days. Defaults to `7`. Changing this forces a new resource to be created. * * > **Note:** If Purge Protection is enabled, this field can only be configured one time and cannot be updated. */ readonly softDeleteRetentionDays: pulumi.Output; /** * A mapping of tags to assign to the resource. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Create a ConfigurationStore resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ConfigurationStoreArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ConfigurationStore resources. */ export interface ConfigurationStoreState { /** * The data plane proxy authentication mode. Possible values are `Local` and `Pass-through`. Defaults to `Local`. */ dataPlaneProxyAuthenticationMode?: pulumi.Input; /** * Whether data plane proxy private link delegation is enabled. Defaults to `false`. * * > **Note:** `dataPlaneProxyPrivateLinkDelegationEnabled` cannot be set to `true` when `dataPlaneProxyAuthenticationMode` is set to `Local`. */ dataPlaneProxyPrivateLinkDelegationEnabled?: pulumi.Input; /** * An `encryption` block as defined below. */ encryption?: pulumi.Input; /** * The URL of the App Configuration Replica. */ endpoint?: pulumi.Input; /** * An `identity` block as defined below. */ identity?: pulumi.Input; /** * Whether local authentication methods is enabled. Defaults to `true`. */ localAuthEnabled?: pulumi.Input; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * Specifies the name of the App Configuration. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * A `primaryReadKey` block as defined below containing the primary read access key. */ primaryReadKeys?: pulumi.Input[]>; /** * A `primaryWriteKey` block as defined below containing the primary write access key. */ primaryWriteKeys?: pulumi.Input[]>; /** * The Public Network Access setting of the App Configuration. Possible values are `Enabled` and `Disabled`. * * > **Note:** If `publicNetworkAccess` is not specified, the App Configuration will be created as `Automatic`. However, once a different value is defined, can not be set again as automatic. */ publicNetworkAccess?: pulumi.Input; /** * Whether Purge Protection is enabled. This field only works for `standard` sku. Defaults to `false`. * * !> **Note:** Once Purge Protection has been enabled it's not possible to disable it. Deleting the App Configuration with Purge Protection enabled will schedule the App Configuration to be deleted (which will happen by Azure in the configured number of days). */ purgeProtectionEnabled?: pulumi.Input; /** * One or more `replica` blocks as defined below. */ replicas?: pulumi.Input[]>; /** * The name of the resource group in which to create the App Configuration. Changing this forces a new resource to be created. */ resourceGroupName?: pulumi.Input; /** * A `secondaryReadKey` block as defined below containing the secondary read access key. */ secondaryReadKeys?: pulumi.Input[]>; /** * A `secondaryWriteKey` block as defined below containing the secondary write access key. */ secondaryWriteKeys?: pulumi.Input[]>; /** * The SKU name of the App Configuration. Possible values are `free`, `developer`, `standard` and `premium`. Defaults to `free`. * * > **Note:** Azure does not support downgrading `sku` to a lower tier, except from `premium` to `standard`. Downgrading will force a new resource to be created. */ sku?: pulumi.Input; /** * The number of days that items should be retained for once soft-deleted. This field only works for `standard` sku. This value can be between `1` and `7` days. Defaults to `7`. Changing this forces a new resource to be created. * * > **Note:** If Purge Protection is enabled, this field can only be configured one time and cannot be updated. */ softDeleteRetentionDays?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } /** * The set of arguments for constructing a ConfigurationStore resource. */ export interface ConfigurationStoreArgs { /** * The data plane proxy authentication mode. Possible values are `Local` and `Pass-through`. Defaults to `Local`. */ dataPlaneProxyAuthenticationMode?: pulumi.Input; /** * Whether data plane proxy private link delegation is enabled. Defaults to `false`. * * > **Note:** `dataPlaneProxyPrivateLinkDelegationEnabled` cannot be set to `true` when `dataPlaneProxyAuthenticationMode` is set to `Local`. */ dataPlaneProxyPrivateLinkDelegationEnabled?: pulumi.Input; /** * An `encryption` block as defined below. */ encryption?: pulumi.Input; /** * An `identity` block as defined below. */ identity?: pulumi.Input; /** * Whether local authentication methods is enabled. Defaults to `true`. */ localAuthEnabled?: pulumi.Input; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * Specifies the name of the App Configuration. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * The Public Network Access setting of the App Configuration. Possible values are `Enabled` and `Disabled`. * * > **Note:** If `publicNetworkAccess` is not specified, the App Configuration will be created as `Automatic`. However, once a different value is defined, can not be set again as automatic. */ publicNetworkAccess?: pulumi.Input; /** * Whether Purge Protection is enabled. This field only works for `standard` sku. Defaults to `false`. * * !> **Note:** Once Purge Protection has been enabled it's not possible to disable it. Deleting the App Configuration with Purge Protection enabled will schedule the App Configuration to be deleted (which will happen by Azure in the configured number of days). */ purgeProtectionEnabled?: pulumi.Input; /** * One or more `replica` blocks as defined below. */ replicas?: pulumi.Input[]>; /** * The name of the resource group in which to create the App Configuration. Changing this forces a new resource to be created. */ resourceGroupName: pulumi.Input; /** * The SKU name of the App Configuration. Possible values are `free`, `developer`, `standard` and `premium`. Defaults to `free`. * * > **Note:** Azure does not support downgrading `sku` to a lower tier, except from `premium` to `standard`. Downgrading will force a new resource to be created. */ sku?: pulumi.Input; /** * The number of days that items should be retained for once soft-deleted. This field only works for `standard` sku. This value can be between `1` and `7` days. Defaults to `7`. Changing this forces a new resource to be created. * * > **Note:** If Purge Protection is enabled, this field can only be configured one time and cannot be updated. */ softDeleteRetentionDays?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; }