verify.go

// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***

package kms

import (
	"context"
	"reflect"

	"errors"
	"github.com/pulumi/pulumi-oci/sdk/go/oci/internal"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

// This resource provides the Verify resource in Oracle Cloud Infrastructure Kms service.
//
// Verifies a digital signature that was generated by the [Sign](https://docs.cloud.oracle.com/iaas/api/#/en/key/latest/SignedData/Sign) operation
// by using the public key of the same asymmetric key that was used to sign the data. If you want to validate the
// digital signature outside of the service, you can do so by using the public key of the asymmetric key.
// This operation is not supported for keys having protection mode `EXTERNAL`.
//
// ## Example Usage
//
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-oci/sdk/go/oci/Kms"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := Kms.NewVerify(ctx, "test_verify", &Kms.VerifyArgs{
//				CryptoEndpoint:   pulumi.Any(verifyMessageCryptoEndpoint),
//				KeyId:            pulumi.Any(testKey.Id),
//				KeyVersionId:     pulumi.Any(testKeyVersion.Id),
//				Message:          pulumi.Any(verifyMessage),
//				Signature:        pulumi.Any(verifySignature),
//				SigningAlgorithm: pulumi.Any(verifySigningAlgorithm),
//				MessageType:      pulumi.Any(verifyMessageType),
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
//
// ## Import
//
// Verify can be imported using the `id`, e.g.
//
// ```sh
// $ pulumi import oci:Kms/verify:Verify test_verify "id"
// ```
type Verify struct {
	pulumi.CustomResourceState

	// The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
	CryptoEndpoint pulumi.StringOutput `pulumi:"cryptoEndpoint"`
	// A Boolean value that indicates whether the signature was verified.
	IsSignatureValid pulumi.BoolOutput `pulumi:"isSignatureValid"`
	// The OCID of the key used to sign the message.
	KeyId pulumi.StringOutput `pulumi:"keyId"`
	// The OCID of the key version used to sign the message.
	KeyVersionId pulumi.StringOutput `pulumi:"keyVersionId"`
	// The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
	Message pulumi.StringOutput `pulumi:"message"`
	// Denotes whether the value of the message parameter is a raw message or a message digest. The default value, `RAW`, indicates a message. To indicate a message digest, use `DIGEST`.
	MessageType pulumi.StringOutput `pulumi:"messageType"`
	// The base64-encoded binary data object denoting the cryptographic signature generated for the message.
	Signature pulumi.StringOutput `pulumi:"signature"`
	// The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
	//
	// ** IMPORTANT **
	// Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
	SigningAlgorithm pulumi.StringOutput `pulumi:"signingAlgorithm"`
}

// NewVerify registers a new resource with the given unique name, arguments, and options.
func NewVerify(ctx *pulumi.Context,
	name string, args *VerifyArgs, opts ...pulumi.ResourceOption) (*Verify, error) {
	if args == nil {
		return nil, errors.New("missing one or more required arguments")
	}

	if args.CryptoEndpoint == nil {
		return nil, errors.New("invalid value for required argument 'CryptoEndpoint'")
	}
	if args.KeyId == nil {
		return nil, errors.New("invalid value for required argument 'KeyId'")
	}
	if args.KeyVersionId == nil {
		return nil, errors.New("invalid value for required argument 'KeyVersionId'")
	}
	if args.Message == nil {
		return nil, errors.New("invalid value for required argument 'Message'")
	}
	if args.Signature == nil {
		return nil, errors.New("invalid value for required argument 'Signature'")
	}
	if args.SigningAlgorithm == nil {
		return nil, errors.New("invalid value for required argument 'SigningAlgorithm'")
	}
	opts = internal.PkgResourceDefaultOpts(opts)
	var resource Verify
	err := ctx.RegisterResource("oci:Kms/verify:Verify", name, args, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// GetVerify gets an existing Verify resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetVerify(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *VerifyState, opts ...pulumi.ResourceOption) (*Verify, error) {
	var resource Verify
	err := ctx.ReadResource("oci:Kms/verify:Verify", name, id, state, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// Input properties used for looking up and filtering Verify resources.
type verifyState struct {
	// The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
	CryptoEndpoint *string `pulumi:"cryptoEndpoint"`
	// A Boolean value that indicates whether the signature was verified.
	IsSignatureValid *bool `pulumi:"isSignatureValid"`
	// The OCID of the key used to sign the message.
	KeyId *string `pulumi:"keyId"`
	// The OCID of the key version used to sign the message.
	KeyVersionId *string `pulumi:"keyVersionId"`
	// The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
	Message *string `pulumi:"message"`
	// Denotes whether the value of the message parameter is a raw message or a message digest. The default value, `RAW`, indicates a message. To indicate a message digest, use `DIGEST`.
	MessageType *string `pulumi:"messageType"`
	// The base64-encoded binary data object denoting the cryptographic signature generated for the message.
	Signature *string `pulumi:"signature"`
	// The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
	//
	// ** IMPORTANT **
	// Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
	SigningAlgorithm *string `pulumi:"signingAlgorithm"`
}

type VerifyState struct {
	// The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
	CryptoEndpoint pulumi.StringPtrInput
	// A Boolean value that indicates whether the signature was verified.
	IsSignatureValid pulumi.BoolPtrInput
	// The OCID of the key used to sign the message.
	KeyId pulumi.StringPtrInput
	// The OCID of the key version used to sign the message.
	KeyVersionId pulumi.StringPtrInput
	// The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
	Message pulumi.StringPtrInput
	// Denotes whether the value of the message parameter is a raw message or a message digest. The default value, `RAW`, indicates a message. To indicate a message digest, use `DIGEST`.
	MessageType pulumi.StringPtrInput
	// The base64-encoded binary data object denoting the cryptographic signature generated for the message.
	Signature pulumi.StringPtrInput
	// The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
	//
	// ** IMPORTANT **
	// Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
	SigningAlgorithm pulumi.StringPtrInput
}

func (VerifyState) ElementType() reflect.Type {
	return reflect.TypeOf((*verifyState)(nil)).Elem()
}

type verifyArgs struct {
	// The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
	CryptoEndpoint string `pulumi:"cryptoEndpoint"`
	// The OCID of the key used to sign the message.
	KeyId string `pulumi:"keyId"`
	// The OCID of the key version used to sign the message.
	KeyVersionId string `pulumi:"keyVersionId"`
	// The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
	Message string `pulumi:"message"`
	// Denotes whether the value of the message parameter is a raw message or a message digest. The default value, `RAW`, indicates a message. To indicate a message digest, use `DIGEST`.
	MessageType *string `pulumi:"messageType"`
	// The base64-encoded binary data object denoting the cryptographic signature generated for the message.
	Signature string `pulumi:"signature"`
	// The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
	//
	// ** IMPORTANT **
	// Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
	SigningAlgorithm string `pulumi:"signingAlgorithm"`
}

// The set of arguments for constructing a Verify resource.
type VerifyArgs struct {
	// The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
	CryptoEndpoint pulumi.StringInput
	// The OCID of the key used to sign the message.
	KeyId pulumi.StringInput
	// The OCID of the key version used to sign the message.
	KeyVersionId pulumi.StringInput
	// The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
	Message pulumi.StringInput
	// Denotes whether the value of the message parameter is a raw message or a message digest. The default value, `RAW`, indicates a message. To indicate a message digest, use `DIGEST`.
	MessageType pulumi.StringPtrInput
	// The base64-encoded binary data object denoting the cryptographic signature generated for the message.
	Signature pulumi.StringInput
	// The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
	//
	// ** IMPORTANT **
	// Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
	SigningAlgorithm pulumi.StringInput
}

func (VerifyArgs) ElementType() reflect.Type {
	return reflect.TypeOf((*verifyArgs)(nil)).Elem()
}

type VerifyInput interface {
	pulumi.Input

	ToVerifyOutput() VerifyOutput
	ToVerifyOutputWithContext(ctx context.Context) VerifyOutput
}

func (*Verify) ElementType() reflect.Type {
	return reflect.TypeOf((**Verify)(nil)).Elem()
}

func (i *Verify) ToVerifyOutput() VerifyOutput {
	return i.ToVerifyOutputWithContext(context.Background())
}

func (i *Verify) ToVerifyOutputWithContext(ctx context.Context) VerifyOutput {
	return pulumi.ToOutputWithContext(ctx, i).(VerifyOutput)
}

// VerifyArrayInput is an input type that accepts VerifyArray and VerifyArrayOutput values.
// You can construct a concrete instance of `VerifyArrayInput` via:
//
//	VerifyArray{ VerifyArgs{...} }
type VerifyArrayInput interface {
	pulumi.Input

	ToVerifyArrayOutput() VerifyArrayOutput
	ToVerifyArrayOutputWithContext(context.Context) VerifyArrayOutput
}

type VerifyArray []VerifyInput

func (VerifyArray) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*Verify)(nil)).Elem()
}

func (i VerifyArray) ToVerifyArrayOutput() VerifyArrayOutput {
	return i.ToVerifyArrayOutputWithContext(context.Background())
}

func (i VerifyArray) ToVerifyArrayOutputWithContext(ctx context.Context) VerifyArrayOutput {
	return pulumi.ToOutputWithContext(ctx, i).(VerifyArrayOutput)
}

// VerifyMapInput is an input type that accepts VerifyMap and VerifyMapOutput values.
// You can construct a concrete instance of `VerifyMapInput` via:
//
//	VerifyMap{ "key": VerifyArgs{...} }
type VerifyMapInput interface {
	pulumi.Input

	ToVerifyMapOutput() VerifyMapOutput
	ToVerifyMapOutputWithContext(context.Context) VerifyMapOutput
}

type VerifyMap map[string]VerifyInput

func (VerifyMap) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*Verify)(nil)).Elem()
}

func (i VerifyMap) ToVerifyMapOutput() VerifyMapOutput {
	return i.ToVerifyMapOutputWithContext(context.Background())
}

func (i VerifyMap) ToVerifyMapOutputWithContext(ctx context.Context) VerifyMapOutput {
	return pulumi.ToOutputWithContext(ctx, i).(VerifyMapOutput)
}

type VerifyOutput struct{ *pulumi.OutputState }

func (VerifyOutput) ElementType() reflect.Type {
	return reflect.TypeOf((**Verify)(nil)).Elem()
}

func (o VerifyOutput) ToVerifyOutput() VerifyOutput {
	return o
}

func (o VerifyOutput) ToVerifyOutputWithContext(ctx context.Context) VerifyOutput {
	return o
}

// The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
func (o VerifyOutput) CryptoEndpoint() pulumi.StringOutput {
	return o.ApplyT(func(v *Verify) pulumi.StringOutput { return v.CryptoEndpoint }).(pulumi.StringOutput)
}

// A Boolean value that indicates whether the signature was verified.
func (o VerifyOutput) IsSignatureValid() pulumi.BoolOutput {
	return o.ApplyT(func(v *Verify) pulumi.BoolOutput { return v.IsSignatureValid }).(pulumi.BoolOutput)
}

// The OCID of the key used to sign the message.
func (o VerifyOutput) KeyId() pulumi.StringOutput {
	return o.ApplyT(func(v *Verify) pulumi.StringOutput { return v.KeyId }).(pulumi.StringOutput)
}

// The OCID of the key version used to sign the message.
func (o VerifyOutput) KeyVersionId() pulumi.StringOutput {
	return o.ApplyT(func(v *Verify) pulumi.StringOutput { return v.KeyVersionId }).(pulumi.StringOutput)
}

// The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
func (o VerifyOutput) Message() pulumi.StringOutput {
	return o.ApplyT(func(v *Verify) pulumi.StringOutput { return v.Message }).(pulumi.StringOutput)
}

// Denotes whether the value of the message parameter is a raw message or a message digest. The default value, `RAW`, indicates a message. To indicate a message digest, use `DIGEST`.
func (o VerifyOutput) MessageType() pulumi.StringOutput {
	return o.ApplyT(func(v *Verify) pulumi.StringOutput { return v.MessageType }).(pulumi.StringOutput)
}

// The base64-encoded binary data object denoting the cryptographic signature generated for the message.
func (o VerifyOutput) Signature() pulumi.StringOutput {
	return o.ApplyT(func(v *Verify) pulumi.StringOutput { return v.Signature }).(pulumi.StringOutput)
}

// The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
//
// ** IMPORTANT **
// Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
func (o VerifyOutput) SigningAlgorithm() pulumi.StringOutput {
	return o.ApplyT(func(v *Verify) pulumi.StringOutput { return v.SigningAlgorithm }).(pulumi.StringOutput)
}

type VerifyArrayOutput struct{ *pulumi.OutputState }

func (VerifyArrayOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*Verify)(nil)).Elem()
}

func (o VerifyArrayOutput) ToVerifyArrayOutput() VerifyArrayOutput {
	return o
}

func (o VerifyArrayOutput) ToVerifyArrayOutputWithContext(ctx context.Context) VerifyArrayOutput {
	return o
}

func (o VerifyArrayOutput) Index(i pulumi.IntInput) VerifyOutput {
	return pulumi.All(o, i).ApplyT(func(vs []interface{}) *Verify {
		return vs[0].([]*Verify)[vs[1].(int)]
	}).(VerifyOutput)
}

type VerifyMapOutput struct{ *pulumi.OutputState }

func (VerifyMapOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*Verify)(nil)).Elem()
}

func (o VerifyMapOutput) ToVerifyMapOutput() VerifyMapOutput {
	return o
}

func (o VerifyMapOutput) ToVerifyMapOutputWithContext(ctx context.Context) VerifyMapOutput {
	return o
}

func (o VerifyMapOutput) MapIndex(k pulumi.StringInput) VerifyOutput {
	return pulumi.All(o, k).ApplyT(func(vs []interface{}) *Verify {
		return vs[0].(map[string]*Verify)[vs[1].(string)]
	}).(VerifyOutput)
}

func init() {
	pulumi.RegisterInputType(reflect.TypeOf((*VerifyInput)(nil)).Elem(), &Verify{})
	pulumi.RegisterInputType(reflect.TypeOf((*VerifyArrayInput)(nil)).Elem(), VerifyArray{})
	pulumi.RegisterInputType(reflect.TypeOf((*VerifyMapInput)(nil)).Elem(), VerifyMap{})
	pulumi.RegisterOutputType(VerifyOutput{})
	pulumi.RegisterOutputType(VerifyArrayOutput{})
	pulumi.RegisterOutputType(VerifyMapOutput{})
}