/
alias.go
181 lines (155 loc) · 11 KB
/
alias.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
// Code generated by pulumi-language-go DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***
package kms
import (
"context"
"reflect"
"errors"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/internal"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
// The “AWS::KMS::Alias“ resource specifies a display name for a [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys). You can use an alias to identify a KMS key in the KMS console, in the [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) operation, and in [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), such as [Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) and [GenerateDataKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html).
//
// Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see [ABAC for](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *Developer Guide*.
// Using an alias to refer to a KMS key can help you simplify key management. For example, an alias in your code can be associated with different KMS keys i
type Alias struct {
pulumi.CustomResourceState
// Specifies the alias name. This value must begin with ``alias/`` followed by a name, such as ``alias/ExampleAlias``.
// If you change the value of the ``AliasName`` property, the existing alias is deleted and a new alias is created for the specified KMS key. This change can disrupt applications that use the alias. It can also allow or deny access to a KMS key affected by attribute-based access control (ABAC).
// The alias must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with ``alias/aws/``. The ``alias/aws/`` prefix is reserved for [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).
AliasName pulumi.StringOutput `pulumi:"aliasName"`
// Associates the alias with the specified [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). The KMS key must be in the same AWS-account and Region.
// A valid key ID is required. If you supply a null or empty string value, this operation returns an error.
// For help finding the key ID and ARN, see [Finding the key ID and ARN](https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) in the *Developer Guide*.
// Specify the key ID or the key ARN of the KMS key.
// For example:
// + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab``
// + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab``
//
// To get the key ID and key ARN for a KMS key, use [ListKeys](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html) or [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html).
TargetKeyId pulumi.StringOutput `pulumi:"targetKeyId"`
}
// NewAlias registers a new resource with the given unique name, arguments, and options.
func NewAlias(ctx *pulumi.Context,
name string, args *AliasArgs, opts ...pulumi.ResourceOption) (*Alias, error) {
if args == nil {
return nil, errors.New("missing one or more required arguments")
}
if args.TargetKeyId == nil {
return nil, errors.New("invalid value for required argument 'TargetKeyId'")
}
replaceOnChanges := pulumi.ReplaceOnChanges([]string{
"aliasName",
})
opts = append(opts, replaceOnChanges)
opts = internal.PkgResourceDefaultOpts(opts)
var resource Alias
err := ctx.RegisterResource("aws-native:kms:Alias", name, args, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// GetAlias gets an existing Alias resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetAlias(ctx *pulumi.Context,
name string, id pulumi.IDInput, state *AliasState, opts ...pulumi.ResourceOption) (*Alias, error) {
var resource Alias
err := ctx.ReadResource("aws-native:kms:Alias", name, id, state, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// Input properties used for looking up and filtering Alias resources.
type aliasState struct {
}
type AliasState struct {
}
func (AliasState) ElementType() reflect.Type {
return reflect.TypeOf((*aliasState)(nil)).Elem()
}
type aliasArgs struct {
// Specifies the alias name. This value must begin with ``alias/`` followed by a name, such as ``alias/ExampleAlias``.
// If you change the value of the ``AliasName`` property, the existing alias is deleted and a new alias is created for the specified KMS key. This change can disrupt applications that use the alias. It can also allow or deny access to a KMS key affected by attribute-based access control (ABAC).
// The alias must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with ``alias/aws/``. The ``alias/aws/`` prefix is reserved for [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).
AliasName *string `pulumi:"aliasName"`
// Associates the alias with the specified [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). The KMS key must be in the same AWS-account and Region.
// A valid key ID is required. If you supply a null or empty string value, this operation returns an error.
// For help finding the key ID and ARN, see [Finding the key ID and ARN](https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) in the *Developer Guide*.
// Specify the key ID or the key ARN of the KMS key.
// For example:
// + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab``
// + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab``
//
// To get the key ID and key ARN for a KMS key, use [ListKeys](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html) or [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html).
TargetKeyId string `pulumi:"targetKeyId"`
}
// The set of arguments for constructing a Alias resource.
type AliasArgs struct {
// Specifies the alias name. This value must begin with ``alias/`` followed by a name, such as ``alias/ExampleAlias``.
// If you change the value of the ``AliasName`` property, the existing alias is deleted and a new alias is created for the specified KMS key. This change can disrupt applications that use the alias. It can also allow or deny access to a KMS key affected by attribute-based access control (ABAC).
// The alias must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with ``alias/aws/``. The ``alias/aws/`` prefix is reserved for [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).
AliasName pulumi.StringPtrInput
// Associates the alias with the specified [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). The KMS key must be in the same AWS-account and Region.
// A valid key ID is required. If you supply a null or empty string value, this operation returns an error.
// For help finding the key ID and ARN, see [Finding the key ID and ARN](https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) in the *Developer Guide*.
// Specify the key ID or the key ARN of the KMS key.
// For example:
// + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab``
// + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab``
//
// To get the key ID and key ARN for a KMS key, use [ListKeys](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html) or [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html).
TargetKeyId pulumi.StringInput
}
func (AliasArgs) ElementType() reflect.Type {
return reflect.TypeOf((*aliasArgs)(nil)).Elem()
}
type AliasInput interface {
pulumi.Input
ToAliasOutput() AliasOutput
ToAliasOutputWithContext(ctx context.Context) AliasOutput
}
func (*Alias) ElementType() reflect.Type {
return reflect.TypeOf((**Alias)(nil)).Elem()
}
func (i *Alias) ToAliasOutput() AliasOutput {
return i.ToAliasOutputWithContext(context.Background())
}
func (i *Alias) ToAliasOutputWithContext(ctx context.Context) AliasOutput {
return pulumi.ToOutputWithContext(ctx, i).(AliasOutput)
}
type AliasOutput struct{ *pulumi.OutputState }
func (AliasOutput) ElementType() reflect.Type {
return reflect.TypeOf((**Alias)(nil)).Elem()
}
func (o AliasOutput) ToAliasOutput() AliasOutput {
return o
}
func (o AliasOutput) ToAliasOutputWithContext(ctx context.Context) AliasOutput {
return o
}
// Specifies the alias name. This value must begin with “alias/“ followed by a name, such as “alias/ExampleAlias“.
//
// If you change the value of the ``AliasName`` property, the existing alias is deleted and a new alias is created for the specified KMS key. This change can disrupt applications that use the alias. It can also allow or deny access to a KMS key affected by attribute-based access control (ABAC).
// The alias must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with ``alias/aws/``. The ``alias/aws/`` prefix is reserved for [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).
func (o AliasOutput) AliasName() pulumi.StringOutput {
return o.ApplyT(func(v *Alias) pulumi.StringOutput { return v.AliasName }).(pulumi.StringOutput)
}
// Associates the alias with the specified [](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). The KMS key must be in the same AWS-account and Region.
//
// A valid key ID is required. If you supply a null or empty string value, this operation returns an error.
// For help finding the key ID and ARN, see [Finding the key ID and ARN](https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) in the *Developer Guide*.
// Specify the key ID or the key ARN of the KMS key.
// For example:
// + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab``
// + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab``
//
// To get the key ID and key ARN for a KMS key, use [ListKeys](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html) or [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html).
func (o AliasOutput) TargetKeyId() pulumi.StringOutput {
return o.ApplyT(func(v *Alias) pulumi.StringOutput { return v.TargetKeyId }).(pulumi.StringOutput)
}
func init() {
pulumi.RegisterInputType(reflect.TypeOf((*AliasInput)(nil)).Elem(), &Alias{})
pulumi.RegisterOutputType(AliasOutput{})
}