/
secret.go
250 lines (213 loc) · 16.4 KB
/
secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
// Code generated by the Pulumi SDK Generator DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***
package v1
import (
"context"
"reflect"
"errors"
"github.com/pulumi/pulumi-google-native/sdk/go/google/internal"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
// Creates a new Secret containing no SecretVersions.
// Auto-naming is currently not supported for this resource.
type Secret struct {
pulumi.CustomResourceState
// Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
Annotations pulumi.StringMapOutput `pulumi:"annotations"`
// The time at which the Secret was created.
CreateTime pulumi.StringOutput `pulumi:"createTime"`
// Optional. Etag of the currently stored Secret.
Etag pulumi.StringOutput `pulumi:"etag"`
// Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
ExpireTime pulumi.StringOutput `pulumi:"expireTime"`
// The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `\p{Ll}\p{Lo}{0,62}` Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No more than 64 labels can be assigned to a given resource.
Labels pulumi.StringMapOutput `pulumi:"labels"`
// The resource name of the Secret in the format `projects/*/secrets/*`.
Name pulumi.StringOutput `pulumi:"name"`
Project pulumi.StringOutput `pulumi:"project"`
// Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
Replication ReplicationResponseOutput `pulumi:"replication"`
// Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
Rotation RotationResponseOutput `pulumi:"rotation"`
// Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore (`_`) characters.
SecretId pulumi.StringOutput `pulumi:"secretId"`
// Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
Topics TopicResponseArrayOutput `pulumi:"topics"`
// Input only. The TTL for the Secret.
Ttl pulumi.StringOutput `pulumi:"ttl"`
// Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
VersionAliases pulumi.StringMapOutput `pulumi:"versionAliases"`
}
// NewSecret registers a new resource with the given unique name, arguments, and options.
func NewSecret(ctx *pulumi.Context,
name string, args *SecretArgs, opts ...pulumi.ResourceOption) (*Secret, error) {
if args == nil {
return nil, errors.New("missing one or more required arguments")
}
if args.Replication == nil {
return nil, errors.New("invalid value for required argument 'Replication'")
}
if args.SecretId == nil {
return nil, errors.New("invalid value for required argument 'SecretId'")
}
replaceOnChanges := pulumi.ReplaceOnChanges([]string{
"project",
"secretId",
})
opts = append(opts, replaceOnChanges)
opts = internal.PkgResourceDefaultOpts(opts)
var resource Secret
err := ctx.RegisterResource("google-native:secretmanager/v1:Secret", name, args, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// GetSecret gets an existing Secret resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetSecret(ctx *pulumi.Context,
name string, id pulumi.IDInput, state *SecretState, opts ...pulumi.ResourceOption) (*Secret, error) {
var resource Secret
err := ctx.ReadResource("google-native:secretmanager/v1:Secret", name, id, state, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// Input properties used for looking up and filtering Secret resources.
type secretState struct {
}
type SecretState struct {
}
func (SecretState) ElementType() reflect.Type {
return reflect.TypeOf((*secretState)(nil)).Elem()
}
type secretArgs struct {
// Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
Annotations map[string]string `pulumi:"annotations"`
// Optional. Etag of the currently stored Secret.
Etag *string `pulumi:"etag"`
// Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
ExpireTime *string `pulumi:"expireTime"`
// The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `\p{Ll}\p{Lo}{0,62}` Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No more than 64 labels can be assigned to a given resource.
Labels map[string]string `pulumi:"labels"`
Project *string `pulumi:"project"`
// Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
Replication Replication `pulumi:"replication"`
// Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
Rotation *Rotation `pulumi:"rotation"`
// Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore (`_`) characters.
SecretId string `pulumi:"secretId"`
// Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
Topics []Topic `pulumi:"topics"`
// Input only. The TTL for the Secret.
Ttl *string `pulumi:"ttl"`
// Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
VersionAliases map[string]string `pulumi:"versionAliases"`
}
// The set of arguments for constructing a Secret resource.
type SecretArgs struct {
// Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
Annotations pulumi.StringMapInput
// Optional. Etag of the currently stored Secret.
Etag pulumi.StringPtrInput
// Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
ExpireTime pulumi.StringPtrInput
// The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `\p{Ll}\p{Lo}{0,62}` Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No more than 64 labels can be assigned to a given resource.
Labels pulumi.StringMapInput
Project pulumi.StringPtrInput
// Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
Replication ReplicationInput
// Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
Rotation RotationPtrInput
// Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore (`_`) characters.
SecretId pulumi.StringInput
// Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
Topics TopicArrayInput
// Input only. The TTL for the Secret.
Ttl pulumi.StringPtrInput
// Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
VersionAliases pulumi.StringMapInput
}
func (SecretArgs) ElementType() reflect.Type {
return reflect.TypeOf((*secretArgs)(nil)).Elem()
}
type SecretInput interface {
pulumi.Input
ToSecretOutput() SecretOutput
ToSecretOutputWithContext(ctx context.Context) SecretOutput
}
func (*Secret) ElementType() reflect.Type {
return reflect.TypeOf((**Secret)(nil)).Elem()
}
func (i *Secret) ToSecretOutput() SecretOutput {
return i.ToSecretOutputWithContext(context.Background())
}
func (i *Secret) ToSecretOutputWithContext(ctx context.Context) SecretOutput {
return pulumi.ToOutputWithContext(ctx, i).(SecretOutput)
}
type SecretOutput struct{ *pulumi.OutputState }
func (SecretOutput) ElementType() reflect.Type {
return reflect.TypeOf((**Secret)(nil)).Elem()
}
func (o SecretOutput) ToSecretOutput() SecretOutput {
return o
}
func (o SecretOutput) ToSecretOutputWithContext(ctx context.Context) SecretOutput {
return o
}
// Optional. Custom metadata about the secret. Annotations are distinct from various forms of labels. Annotations exist to allow client tools to store their own state information without requiring a database. Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and alphanumerics in between these symbols. The total size of annotation keys and values must be less than 16KiB.
func (o SecretOutput) Annotations() pulumi.StringMapOutput {
return o.ApplyT(func(v *Secret) pulumi.StringMapOutput { return v.Annotations }).(pulumi.StringMapOutput)
}
// The time at which the Secret was created.
func (o SecretOutput) CreateTime() pulumi.StringOutput {
return o.ApplyT(func(v *Secret) pulumi.StringOutput { return v.CreateTime }).(pulumi.StringOutput)
}
// Optional. Etag of the currently stored Secret.
func (o SecretOutput) Etag() pulumi.StringOutput {
return o.ApplyT(func(v *Secret) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput)
}
// Optional. Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.
func (o SecretOutput) ExpireTime() pulumi.StringOutput {
return o.ApplyT(func(v *Secret) pulumi.StringOutput { return v.ExpireTime }).(pulumi.StringOutput)
}
// The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `\p{Ll}\p{Lo}{0,62}` Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}` No more than 64 labels can be assigned to a given resource.
func (o SecretOutput) Labels() pulumi.StringMapOutput {
return o.ApplyT(func(v *Secret) pulumi.StringMapOutput { return v.Labels }).(pulumi.StringMapOutput)
}
// The resource name of the Secret in the format `projects/*/secrets/*`.
func (o SecretOutput) Name() pulumi.StringOutput {
return o.ApplyT(func(v *Secret) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput)
}
func (o SecretOutput) Project() pulumi.StringOutput {
return o.ApplyT(func(v *Secret) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput)
}
// Immutable. The replication policy of the secret data attached to the Secret. The replication policy cannot be changed after the Secret has been created.
func (o SecretOutput) Replication() ReplicationResponseOutput {
return o.ApplyT(func(v *Secret) ReplicationResponseOutput { return v.Replication }).(ReplicationResponseOutput)
}
// Optional. Rotation policy attached to the Secret. May be excluded if there is no rotation policy.
func (o SecretOutput) Rotation() RotationResponseOutput {
return o.ApplyT(func(v *Secret) RotationResponseOutput { return v.Rotation }).(RotationResponseOutput)
}
// Required. This must be unique within the project. A secret ID is a string with a maximum length of 255 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore (`_`) characters.
func (o SecretOutput) SecretId() pulumi.StringOutput {
return o.ApplyT(func(v *Secret) pulumi.StringOutput { return v.SecretId }).(pulumi.StringOutput)
}
// Optional. A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
func (o SecretOutput) Topics() TopicResponseArrayOutput {
return o.ApplyT(func(v *Secret) TopicResponseArrayOutput { return v.Topics }).(TopicResponseArrayOutput)
}
// Input only. The TTL for the Secret.
func (o SecretOutput) Ttl() pulumi.StringOutput {
return o.ApplyT(func(v *Secret) pulumi.StringOutput { return v.Ttl }).(pulumi.StringOutput)
}
// Optional. Mapping from version alias to version name. A version alias is a string with a maximum length of 63 characters and can contain uppercase and lowercase letters, numerals, and the hyphen (`-`) and underscore ('_') characters. An alias string must start with a letter and cannot be the string 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. Version-Alias pairs will be viewable via GetSecret and modifiable via UpdateSecret. At launch Access by Allias will only be supported on GetSecretVersion and AccessSecretVersion.
func (o SecretOutput) VersionAliases() pulumi.StringMapOutput {
return o.ApplyT(func(v *Secret) pulumi.StringMapOutput { return v.VersionAliases }).(pulumi.StringMapOutput)
}
func init() {
pulumi.RegisterInputType(reflect.TypeOf((*SecretInput)(nil)).Elem(), &Secret{})
pulumi.RegisterOutputType(SecretOutput{})
}