1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. logging
  5. getProjectCmekSettings
Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi

gcp.logging.getProjectCmekSettings

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi

    Describes the customer-managed encryption key (CMEK) settings associated with a project.

    To get more information about Service, see:

    Example Usage

    Logging Project Cmek Settings Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const cmekSettings = gcp.logging.getProjectCmekSettings({
        project: "my-project-name",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    cmek_settings = gcp.logging.get_project_cmek_settings(project="my-project-name")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/logging"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := logging.GetProjectCmekSettings(ctx, &logging.GetProjectCmekSettingsArgs{
    			Project: "my-project-name",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var cmekSettings = Gcp.Logging.GetProjectCmekSettings.Invoke(new()
        {
            Project = "my-project-name",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.logging.LoggingFunctions;
    import com.pulumi.gcp.logging.inputs.GetProjectCmekSettingsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var cmekSettings = LoggingFunctions.getProjectCmekSettings(GetProjectCmekSettingsArgs.builder()
                .project("my-project-name")
                .build());
    
        }
    }
    
    variables:
      cmekSettings:
        fn::invoke:
          Function: gcp:logging:getProjectCmekSettings
          Arguments:
            project: my-project-name
    

    Using getProjectCmekSettings

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getProjectCmekSettings(args: GetProjectCmekSettingsArgs, opts?: InvokeOptions): Promise<GetProjectCmekSettingsResult>
    function getProjectCmekSettingsOutput(args: GetProjectCmekSettingsOutputArgs, opts?: InvokeOptions): Output<GetProjectCmekSettingsResult>
    def get_project_cmek_settings(kms_key_name: Optional[str] = None,
                                  project: Optional[str] = None,
                                  opts: Optional[InvokeOptions] = None) -> GetProjectCmekSettingsResult
    def get_project_cmek_settings_output(kms_key_name: Optional[pulumi.Input[str]] = None,
                                  project: Optional[pulumi.Input[str]] = None,
                                  opts: Optional[InvokeOptions] = None) -> Output[GetProjectCmekSettingsResult]
    func GetProjectCmekSettings(ctx *Context, args *GetProjectCmekSettingsArgs, opts ...InvokeOption) (*GetProjectCmekSettingsResult, error)
    func GetProjectCmekSettingsOutput(ctx *Context, args *GetProjectCmekSettingsOutputArgs, opts ...InvokeOption) GetProjectCmekSettingsResultOutput

    > Note: This function is named GetProjectCmekSettings in the Go SDK.

    public static class GetProjectCmekSettings 
    {
        public static Task<GetProjectCmekSettingsResult> InvokeAsync(GetProjectCmekSettingsArgs args, InvokeOptions? opts = null)
        public static Output<GetProjectCmekSettingsResult> Invoke(GetProjectCmekSettingsInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetProjectCmekSettingsResult> getProjectCmekSettings(GetProjectCmekSettingsArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: gcp:logging/getProjectCmekSettings:getProjectCmekSettings
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Project string
    The ID of the project.
    KmsKeyName string
    The resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
    Project string
    The ID of the project.
    KmsKeyName string
    The resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
    project String
    The ID of the project.
    kmsKeyName String
    The resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
    project string
    The ID of the project.
    kmsKeyName string
    The resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
    project str
    The ID of the project.
    kms_key_name str
    The resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
    project String
    The ID of the project.
    kmsKeyName String
    The resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.

    getProjectCmekSettings Result

    The following output properties are available:

    Id string
    The provider-assigned unique ID for this managed resource.
    KmsKeyVersionName string
    The CryptoKeyVersion resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]' For example: "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.
    Name string
    The resource name of the CMEK settings.
    Project string
    ServiceAccountId string
    The service account associated with a project for which CMEK will apply. Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. See Enabling CMEK for Logging Buckets for more information.
    KmsKeyName string
    The resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
    Id string
    The provider-assigned unique ID for this managed resource.
    KmsKeyVersionName string
    The CryptoKeyVersion resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]' For example: "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.
    Name string
    The resource name of the CMEK settings.
    Project string
    ServiceAccountId string
    The service account associated with a project for which CMEK will apply. Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. See Enabling CMEK for Logging Buckets for more information.
    KmsKeyName string
    The resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
    id String
    The provider-assigned unique ID for this managed resource.
    kmsKeyVersionName String
    The CryptoKeyVersion resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]' For example: "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.
    name String
    The resource name of the CMEK settings.
    project String
    serviceAccountId String
    The service account associated with a project for which CMEK will apply. Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. See Enabling CMEK for Logging Buckets for more information.
    kmsKeyName String
    The resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
    id string
    The provider-assigned unique ID for this managed resource.
    kmsKeyVersionName string
    The CryptoKeyVersion resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]' For example: "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.
    name string
    The resource name of the CMEK settings.
    project string
    serviceAccountId string
    The service account associated with a project for which CMEK will apply. Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. See Enabling CMEK for Logging Buckets for more information.
    kmsKeyName string
    The resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
    id str
    The provider-assigned unique ID for this managed resource.
    kms_key_version_name str
    The CryptoKeyVersion resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]' For example: "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.
    name str
    The resource name of the CMEK settings.
    project str
    service_account_id str
    The service account associated with a project for which CMEK will apply. Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. See Enabling CMEK for Logging Buckets for more information.
    kms_key_name str
    The resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
    id String
    The provider-assigned unique ID for this managed resource.
    kmsKeyVersionName String
    The CryptoKeyVersion resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]' For example: "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.
    name String
    The resource name of the CMEK settings.
    project String
    serviceAccountId String
    The service account associated with a project for which CMEK will apply. Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. See Enabling CMEK for Logging Buckets for more information.
    kmsKeyName String
    The resource name for the configured Cloud KMS key. KMS key name format: 'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]' To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.29.0 published on Wednesday, Jun 26, 2024 by Pulumi