import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * `Ekm Connections` are used to control the connection settings for an `EXTERNAL_VPC` CryptoKey. * It is used to connect customer's external key manager to Google Cloud EKM. * * > **Note:** Ekm Connections cannot be deleted from Google Cloud Platform. * * To get more information about EkmConnection, see: * * * [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.ekmConnections) * * How-to Guides * * [Creating a Ekm Connection](https://cloud.google.com/kms/docs/create-ekm-connection) * * ## Example Usage * * ### Kms Ekm Connection Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const example_ekmconnection = new gcp.kms.EkmConnection("example-ekmconnection", { * name: "ekmconnection_example", * location: "us-central1", * keyManagementMode: "MANUAL", * serviceResolvers: [{ * serviceDirectoryService: "projects/project_id/locations/us-central1/namespaces/namespace_name/services/service_name", * hostname: "example-ekm.goog", * serverCertificates: [{ * rawDer: "==HAwIBCCAr6gAwIBAgIUWR+EV4lqiV7Ql12VY==", * }], * }], * }); * ``` * * ## Import * * EkmConnection can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}` * * `{{project}}/{{location}}/{{name}}` * * `{{location}}/{{name}}` * * When using the `pulumi import` command, EkmConnection can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:kms/ekmConnection:EkmConnection default projects/{{project}}/locations/{{location}}/ekmConnections/{{name}} * $ pulumi import gcp:kms/ekmConnection:EkmConnection default {{project}}/{{location}}/{{name}} * $ pulumi import gcp:kms/ekmConnection:EkmConnection default {{location}}/{{name}} * ``` */ export declare class EkmConnection extends pulumi.CustomResource { /** * Get an existing EkmConnection resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: EkmConnectionState, opts?: pulumi.CustomResourceOptions): EkmConnection; /** * Returns true if the given object is an instance of EkmConnection. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is EkmConnection; /** * Output only. The time at which the EkmConnection was created. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ readonly createTime: pulumi.Output; /** * Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS. */ readonly cryptoSpacePath: pulumi.Output; /** * Optional. Etag of the currently stored EkmConnection. */ readonly etag: pulumi.Output; /** * Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL * Default value is `MANUAL`. * Possible values are: `MANUAL`, `CLOUD_KMS`. */ readonly keyManagementMode: pulumi.Output; /** * The location for the EkmConnection. * A full list of valid locations can be found by running `gcloud kms locations list`. */ readonly location: pulumi.Output; /** * The resource name for the EkmConnection. */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported * Structure is documented below. */ readonly serviceResolvers: pulumi.Output; /** * Create a EkmConnection resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: EkmConnectionArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering EkmConnection resources. */ export interface EkmConnectionState { /** * Output only. The time at which the EkmConnection was created. * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". */ createTime?: pulumi.Input; /** * Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS. */ cryptoSpacePath?: pulumi.Input; /** * Optional. Etag of the currently stored EkmConnection. */ etag?: pulumi.Input; /** * Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL * Default value is `MANUAL`. * Possible values are: `MANUAL`, `CLOUD_KMS`. */ keyManagementMode?: pulumi.Input; /** * The location for the EkmConnection. * A full list of valid locations can be found by running `gcloud kms locations list`. */ location?: pulumi.Input; /** * The resource name for the EkmConnection. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported * Structure is documented below. */ serviceResolvers?: pulumi.Input[]>; } /** * The set of arguments for constructing a EkmConnection resource. */ export interface EkmConnectionArgs { /** * Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS. */ cryptoSpacePath?: pulumi.Input; /** * Optional. Etag of the currently stored EkmConnection. */ etag?: pulumi.Input; /** * Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL * Default value is `MANUAL`. * Possible values are: `MANUAL`, `CLOUD_KMS`. */ keyManagementMode?: pulumi.Input; /** * The location for the EkmConnection. * A full list of valid locations can be found by running `gcloud kms locations list`. */ location: pulumi.Input; /** * The resource name for the EkmConnection. */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported * Structure is documented below. */ serviceResolvers: pulumi.Input[]>; }