import * as pulumi from "@pulumi/pulumi"; /** * Manages a Customer Managed Key for a Data Factory. * * > **Note:** The Customer Managed Key cannot be removed from the Data Factory once added. To remove the Customer Managed Key delete and recreate the parent Data Factory. * * ## Example Usage * * ### With System Assigned Identity * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const current = azure.core.getClientConfig({}); * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleKeyVault = new azure.keyvault.KeyVault("example", { * name: "example-key-vault", * location: example.location, * resourceGroupName: example.name, * tenantId: current.then(current => current.tenantId), * skuName: "standard", * purgeProtectionEnabled: true, * }); * const exampleKey = new azure.keyvault.Key("example", { * name: "examplekey", * keyVaultId: exampleKeyVault.id, * keyType: "RSA", * keySize: 2048, * keyOpts: [ * "unwrapKey", * "wrapKey", * ], * }); * const currentClientPolicy = new azure.keyvault.AccessPolicy("current_client_policy", { * keyVaultId: exampleKeyVault.id, * tenantId: current.then(current => current.tenantId), * objectId: current.then(current => current.objectId), * keyPermissions: [ * "Create", * "Delete", * "Get", * "Purge", * "Recover", * "Update", * "GetRotationPolicy", * ], * secretPermissions: [ * "Delete", * "Get", * "Set", * ], * }); * const exampleFactory = new azure.datafactory.Factory("example", { * name: "example_data_factory", * location: example.location, * resourceGroupName: example.name, * identity: { * type: "SystemAssigned", * identityIds: [exampleAzurermUserAssignedIdentity.id], * }, * }); * const datafactory = new azure.keyvault.AccessPolicy("datafactory", { * keyVaultId: exampleKeyVault.id, * tenantId: exampleFactory.identity.apply(identity => identity?.tenantId), * objectId: exampleFactory.identity.apply(identity => identity?.principalId), * keyPermissions: [ * "Create", * "Delete", * "Get", * "Purge", * "Recover", * "Update", * "GetRotationPolicy", * "WrapKey", * "UnwrapKey", * ], * secretPermissions: [ * "Delete", * "Get", * "Set", * ], * }); * const exampleCustomerManagedKey = new azure.datafactory.CustomerManagedKey("example", { * dataFactoryId: exampleFactory.id, * customerManagedKeyId: exampleKey.id, * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.DataFactory` - 2018-06-01 * * ## Import * * Data Factory Customer Managed Keys can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:datafactory/customerManagedKey:CustomerManagedKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example/providers/Microsoft.DataFactory/factories/example * ``` */ export declare class CustomerManagedKey extends pulumi.CustomResource { /** * Get an existing CustomerManagedKey resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: CustomerManagedKeyState, opts?: pulumi.CustomResourceOptions): CustomerManagedKey; /** * Returns true if the given object is an instance of CustomerManagedKey. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is CustomerManagedKey; /** * The ID the of the Customer Managed Key to associate with the Data Factory. */ readonly customerManagedKeyId: pulumi.Output; /** * The ID of the Data Factory Resource the Customer Managed Key will be associated with. Changing this forces a new resource to be created. */ readonly dataFactoryId: pulumi.Output; /** * The User Assigned Identity ID that will be used to access Key Vaults that contain the encryption keys. */ readonly userAssignedIdentityId: pulumi.Output; /** * Create a CustomerManagedKey resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: CustomerManagedKeyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering CustomerManagedKey resources. */ export interface CustomerManagedKeyState { /** * The ID the of the Customer Managed Key to associate with the Data Factory. */ customerManagedKeyId?: pulumi.Input; /** * The ID of the Data Factory Resource the Customer Managed Key will be associated with. Changing this forces a new resource to be created. */ dataFactoryId?: pulumi.Input; /** * The User Assigned Identity ID that will be used to access Key Vaults that contain the encryption keys. */ userAssignedIdentityId?: pulumi.Input; } /** * The set of arguments for constructing a CustomerManagedKey resource. */ export interface CustomerManagedKeyArgs { /** * The ID the of the Customer Managed Key to associate with the Data Factory. */ customerManagedKeyId: pulumi.Input; /** * The ID of the Data Factory Resource the Customer Managed Key will be associated with. Changing this forces a new resource to be created. */ dataFactoryId: pulumi.Input; /** * The User Assigned Identity ID that will be used to access Key Vaults that contain the encryption keys. */ userAssignedIdentityId?: pulumi.Input; }