Module keymanager

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-openstack repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-openstack repo.

Resources

Resource ContainerV1

class ContainerV1 extends CustomResource

Manages a V1 Barbican container resource within OpenStack.

Example Usage

Simple secret

import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as openstack from "@pulumi/openstack";

const certificate1 = new openstack.keymanager.SecretV1("certificate1", {
    payload: fs.readFileSync("cert.pem", "utf-8"),
    payloadContentType: "text/plain",
    secretType: "certificate",
});
const privateKey1 = new openstack.keymanager.SecretV1("privateKey1", {
    payload: fs.readFileSync("cert-key.pem", "utf-8"),
    payloadContentType: "text/plain",
    secretType: "private",
});
const intermediate1 = new openstack.keymanager.SecretV1("intermediate1", {
    payload: fs.readFileSync("intermediate-ca.pem", "utf-8"),
    payloadContentType: "text/plain",
    secretType: "certificate",
});
const tls1 = new openstack.keymanager.ContainerV1("tls1", {
    secretRefs: [
        {
            name: "certificate",
            secretRef: certificate1.secretRef,
        },
        {
            name: "privateKey",
            secretRef: privateKey1.secretRef,
        },
        {
            name: "intermediates",
            secretRef: intermediate1.secretRef,
        },
    ],
    type: "certificate",
});
const subnet1 = pulumi.output(openstack.networking.getSubnet({
    name: "my-subnet",
}, { async: true }));
const lb1 = new openstack.loadbalancer.LoadBalancer("lb1", {
    vipSubnetId: subnet1.id,
});
const listener1 = new openstack.loadbalancer.Listener("listener1", {
    defaultTlsContainerRef: tls1.containerRef,
    loadbalancerId: lb1.id,
    protocol: "TERMINATED_HTTPS",
    protocolPort: 443,
});

Container with the ACL

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const tls1 = new openstack.keymanager.ContainerV1("tls1", {
    acl: {
        read: {
            projectAccess: false,
            users: [
                "userid1",
                "userid2",
            ],
        },
    },
    secretRefs: [
        {
            name: "certificate",
            secretRef: openstack_keymanager_secret_v1_certificate_1.secretRef,
        },
        {
            name: "privateKey",
            secretRef: openstack_keymanager_secret_v1_private_key_1.secretRef,
        },
        {
            name: "intermediates",
            secretRef: openstack_keymanager_secret_v1_intermediate_1.secretRef,
        },
    ],
    type: "certificate",
});

constructor

new ContainerV1(name: string, args: ContainerV1Args, opts?: pulumi.CustomResourceOptions)

Create a ContainerV1 resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ContainerV1State, opts?: pulumi.CustomResourceOptions): ContainerV1

Get an existing ContainerV1 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ContainerV1

Returns true if the given object is an instance of ContainerV1. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property acl

public acl: pulumi.Output<ContainerV1Acl>;

Allows to control an access to a container. Currently only the read operation is supported. If not specified, the container is accessible project wide. The read structure is described below.

property consumers

public consumers: pulumi.Output<ContainerV1Consumer[]>;

The list of the container consumers. The structure is described below.

property containerRef

public containerRef: pulumi.Output<string>;

The container reference / where to find the container.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the secret reference. The reference names must correspond the container type, more details are available here.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V1 KeyManager client. A KeyManager client is needed to create a container. If omitted, the region argument of the provider is used. Changing this creates a new V1 container.

property secretRefs

public secretRefs: pulumi.Output<ContainerV1SecretRef[] | undefined>;

A set of dictionaries containing references to secrets. The structure is described below.

property status

public status: pulumi.Output<string>;

The status of the container.

property type

public type: pulumi.Output<string>;

Used to indicate the type of container. Must be one of generic, rsa or certificate.

property updatedAt

public updatedAt: pulumi.Output<string>;

The date the container ACL was last updated.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource OrderV1

class OrderV1 extends CustomResource

Manages a V1 Barbican order resource within OpenStack.

Example Usage

Symmetric key order

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const order1 = new openstack.keymanager.OrderV1("order1", {
    meta: {
        algorithm: "aes",
        bitLength: 256,
        mode: "cbc",
        name: "mysecret",
    },
    type: "key",
});

Asymmetric key pair order

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const order1 = new openstack.keymanager.OrderV1("order1", {
    meta: {
        algorithm: "rsa",
        bitLength: 4096,
        name: "mysecret",
    },
    type: "asymmetric",
});

constructor

new OrderV1(name: string, args: OrderV1Args, opts?: pulumi.CustomResourceOptions)

Create a OrderV1 resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrderV1State, opts?: pulumi.CustomResourceOptions): OrderV1

Get an existing OrderV1 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is OrderV1

Returns true if the given object is an instance of OrderV1. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property containerRef

public containerRef: pulumi.Output<string>;

The container reference / where to find the container.

property created

public created: pulumi.Output<string>;

The date the order was created.

property creatorId

public creatorId: pulumi.Output<string>;

The creator of the order.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property meta

public meta: pulumi.Output<OrderV1Meta>;

Dictionary containing the order metadata used to generate the order. The structure is described below.

property orderRef

public orderRef: pulumi.Output<string>;

The order reference / where to find the order.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V1 KeyManager client. A KeyManager client is needed to create a order. If omitted, the region argument of the provider is used. Changing this creates a new V1 order.

property secretRef

public secretRef: pulumi.Output<string>;

The secret reference / where to find the secret.

property status

public status: pulumi.Output<string>;

The status of the order.

property subStatus

public subStatus: pulumi.Output<string>;

The sub status of the order.

property subStatusMessage

public subStatusMessage: pulumi.Output<string>;

The sub status message of the order.

property type

public type: pulumi.Output<string>;

The type of key to be generated. Must be one of asymmetric, key.

property updated

public updated: pulumi.Output<string>;

The date the order was last updated.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource SecretV1

class SecretV1 extends CustomResource

constructor

new SecretV1(name: string, args?: SecretV1Args, opts?: pulumi.CustomResourceOptions)

Create a SecretV1 resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretV1State, opts?: pulumi.CustomResourceOptions): SecretV1

Get an existing SecretV1 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SecretV1

Returns true if the given object is an instance of SecretV1. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property acl

public acl: pulumi.Output<SecretV1Acl>;

Allows to control an access to a secret. Currently only the read operation is supported. If not specified, the secret is accessible project wide.

property algorithm

public algorithm: pulumi.Output<string>;

Metadata provided by a user or system for informational purposes.

property allMetadata

public allMetadata: pulumi.Output<{[key: string]: any}>;

The map of metadata, assigned on the secret, which has been explicitly and implicitly added.

property bitLength

public bitLength: pulumi.Output<number>;

Metadata provided by a user or system for informational purposes.

property contentTypes

public contentTypes: pulumi.Output<{[key: string]: any}>;

The map of the content types, assigned on the secret.

property createdAt

public createdAt: pulumi.Output<string>;

The date the secret ACL was created.

property creatorId

public creatorId: pulumi.Output<string>;

The creator of the secret.

property expiration

public expiration: pulumi.Output<string | undefined>;

The expiration time of the secret in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, a secret will never expire. Changing this creates a new secret.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property metadata

public metadata: pulumi.Output<{[key: string]: any} | undefined>;

Additional Metadata for the secret.

property mode

public mode: pulumi.Output<string>;

Metadata provided by a user or system for informational purposes.

property name

public name: pulumi.Output<string>;

Human-readable name for the Secret. Does not have to be unique.

property payload

public payload: pulumi.Output<string>;

The secret’s data to be stored. payload_content_type must also be supplied if payload is included.

property payloadContentEncoding

public payloadContentEncoding: pulumi.Output<string | undefined>;

(required if payload is encoded) The encoding used for the payload to be able to include it in the JSON request. Must be either base64 or binary.

property payloadContentType

public payloadContentType: pulumi.Output<string | undefined>;

(required if payload is included) The media type for the content of the payload. Must be one of text/plain, text/plain;charset=utf-8, text/plain; charset=utf-8, application/octet-stream, application/pkcs8.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V1 KeyManager client. A KeyManager client is needed to create a secret. If omitted, the region argument of the provider is used. Changing this creates a new V1 secret.

property secretRef

public secretRef: pulumi.Output<string>;

The secret reference / where to find the secret.

property secretType

public secretType: pulumi.Output<string>;

Used to indicate the type of secret being stored. For more information see Secret types.

property status

public status: pulumi.Output<string>;

The status of the secret.

property updatedAt

public updatedAt: pulumi.Output<string>;

The date the secret ACL was last updated.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getContainer

getContainer(args?: GetContainerArgs, opts?: pulumi.InvokeOptions): Promise<GetContainerResult>

Use this data source to get the ID of an available Barbican container.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const example = pulumi.output(openstack.keymanager.getContainer({
    name: "myContainer",
}, { async: true }));

Function getSecret

getSecret(args?: GetSecretArgs, opts?: pulumi.InvokeOptions): Promise<GetSecretResult>

Others

interface ContainerV1Args

interface ContainerV1Args

The set of arguments for constructing a ContainerV1 resource.

property acl

acl?: pulumi.Input<ContainerV1Acl>;

Allows to control an access to a container. Currently only the read operation is supported. If not specified, the container is accessible project wide. The read structure is described below.

property name

name?: pulumi.Input<string>;

The name of the secret reference. The reference names must correspond the container type, more details are available here.

property region

region?: pulumi.Input<string>;

property secretRefs

secretRefs?: pulumi.Input<pulumi.Input<ContainerV1SecretRef>[]>;

A set of dictionaries containing references to secrets. The structure is described below.

property type

type: pulumi.Input<string>;

Used to indicate the type of container. Must be one of generic, rsa or certificate.

interface ContainerV1State

interface ContainerV1State

Input properties used for looking up and filtering ContainerV1 resources.

property acl

acl?: pulumi.Input<ContainerV1Acl>;

Allows to control an access to a container. Currently only the read operation is supported. If not specified, the container is accessible project wide. The read structure is described below.

property consumers

consumers?: pulumi.Input<pulumi.Input<ContainerV1Consumer>[]>;

The list of the container consumers. The structure is described below.

property containerRef

containerRef?: pulumi.Input<string>;

The container reference / where to find the container.

property createdAt

createdAt?: pulumi.Input<string>;

The date the container ACL was created.

property creatorId

creatorId?: pulumi.Input<string>;

The creator of the container.

property name

name?: pulumi.Input<string>;

The name of the secret reference. The reference names must correspond the container type, more details are available here.

property region

region?: pulumi.Input<string>;

property secretRefs

secretRefs?: pulumi.Input<pulumi.Input<ContainerV1SecretRef>[]>;

A set of dictionaries containing references to secrets. The structure is described below.

property status

status?: pulumi.Input<string>;

The status of the container.

property type

type?: pulumi.Input<string>;

Used to indicate the type of container. Must be one of generic, rsa or certificate.

property updatedAt

updatedAt?: pulumi.Input<string>;

The date the container ACL was last updated.

interface GetContainerArgs

interface GetContainerArgs

A collection of arguments for invoking getContainer.

property name

name?: undefined | string;

The Container name.

property region

region?: undefined | string;

The region in which to obtain the V1 KeyManager client. A KeyManager client is needed to fetch a container. If omitted, the region argument of the provider is used.

interface GetContainerResult

interface GetContainerResult

A collection of values returned by getContainer.

property acls

acls: GetContainerAcl[];

The list of ACLs assigned to a container. The read structure is described below.

property consumers

consumers: GetContainerConsumer[];

The list of the container consumers. The structure is described below.

property containerRef

containerRef: string;

The container reference / where to find the container.

property createdAt

createdAt: string;

The date the container ACL was created.

property creatorId

creatorId: string;

The creator of the container.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name?: undefined | string;

The name of the consumer.

property region

region?: undefined | string;

See Argument Reference above.

property secretRefs

secretRefs: GetContainerSecretRef[];

A set of dictionaries containing references to secrets. The structure is described below.

property status

status: string;

The status of the container.

property type

type: string;

The container type.

property updatedAt

updatedAt: string;

The date the container ACL was last updated.

interface GetSecretArgs

interface GetSecretArgs

A collection of arguments for invoking getSecret.

property aclOnly

aclOnly?: undefined | false | true;

Select the Secret with an ACL that contains the user. Project scope is ignored. Defaults to false.

property algorithm

algorithm?: undefined | string;

The Secret algorithm.

property bitLength

bitLength?: undefined | number;

The Secret bit length.

property createdAtFilter

createdAtFilter?: undefined | string;

Date filter to select the Secret with created matching the specified criteria. See Date Filters below for more detail.

property expirationFilter

expirationFilter?: undefined | string;

Date filter to select the Secret with expiration matching the specified criteria. See Date Filters below for more detail.

property mode

mode?: undefined | string;

The Secret mode.

property name

name?: undefined | string;

The Secret name.

property region

region?: undefined | string;

The region in which to obtain the V1 KeyManager client. A KeyManager client is needed to fetch a secret. If omitted, the region argument of the provider is used.

property secretType

secretType?: undefined | string;

The Secret type. For more information see Secret types.

property updatedAtFilter

updatedAtFilter?: undefined | string;

Date filter to select the Secret with updated matching the specified criteria. See Date Filters below for more detail.

interface GetSecretResult

interface GetSecretResult

A collection of values returned by getSecret.

property aclOnly

aclOnly?: undefined | false | true;

See Argument Reference above.

property acls

acls: GetSecretAcl[];

The list of ACLs assigned to a secret. The read structure is described below.

property algorithm

algorithm?: undefined | string;

See Argument Reference above.

property bitLength

bitLength?: undefined | number;

See Argument Reference above.

property contentTypes

contentTypes: {[key: string]: any};

The map of the content types, assigned on the secret.

property createdAt

createdAt: string;

The date the secret ACL was created.

property createdAtFilter

createdAtFilter?: undefined | string;

See Argument Reference above.

property creatorId

creatorId: string;

The creator of the secret.

property expiration

expiration: string;

The date the secret will expire.

property expirationFilter

expirationFilter?: undefined | string;

See Argument Reference above.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property metadata

metadata: {[key: string]: any};

The map of metadata, assigned on the secret, which has been explicitly and implicitly added.

property mode

mode?: undefined | string;

See Argument Reference above.

property name

name?: undefined | string;

See Argument Reference above.

property payload

payload: string;

The secret payload.

property payloadContentEncoding

payloadContentEncoding: string;

The Secret encoding.

property payloadContentType

payloadContentType: string;

The Secret content type.

property region

region?: undefined | string;

See Argument Reference above.

property secretRef

secretRef: string;

The secret reference / where to find the secret.

property secretType

secretType?: undefined | string;

See Argument Reference above.

property status

status: string;

The status of the secret.

property updatedAt

updatedAt: string;

The date the secret ACL was last updated.

property updatedAtFilter

updatedAtFilter?: undefined | string;

See Argument Reference above.

interface OrderV1Args

interface OrderV1Args

The set of arguments for constructing a OrderV1 resource.

property meta

meta: pulumi.Input<OrderV1Meta>;

Dictionary containing the order metadata used to generate the order. The structure is described below.

property region

region?: pulumi.Input<string>;

property type

type: pulumi.Input<string>;

The type of key to be generated. Must be one of asymmetric, key.

interface OrderV1State

interface OrderV1State

Input properties used for looking up and filtering OrderV1 resources.

property containerRef

containerRef?: pulumi.Input<string>;

The container reference / where to find the container.

property created

created?: pulumi.Input<string>;

The date the order was created.

property creatorId

creatorId?: pulumi.Input<string>;

The creator of the order.

property meta

meta?: pulumi.Input<OrderV1Meta>;

Dictionary containing the order metadata used to generate the order. The structure is described below.

property orderRef

orderRef?: pulumi.Input<string>;

The order reference / where to find the order.

property region

region?: pulumi.Input<string>;

property secretRef

secretRef?: pulumi.Input<string>;

The secret reference / where to find the secret.

property status

status?: pulumi.Input<string>;

The status of the order.

property subStatus

subStatus?: pulumi.Input<string>;

The sub status of the order.

property subStatusMessage

subStatusMessage?: pulumi.Input<string>;

The sub status message of the order.

property type

type?: pulumi.Input<string>;

The type of key to be generated. Must be one of asymmetric, key.

property updated

updated?: pulumi.Input<string>;

The date the order was last updated.

interface SecretV1Args

interface SecretV1Args

The set of arguments for constructing a SecretV1 resource.

property acl

acl?: pulumi.Input<SecretV1Acl>;

Allows to control an access to a secret. Currently only the read operation is supported. If not specified, the secret is accessible project wide.

property algorithm

algorithm?: pulumi.Input<string>;

Metadata provided by a user or system for informational purposes.

property bitLength

bitLength?: pulumi.Input<number>;

Metadata provided by a user or system for informational purposes.

property expiration

expiration?: pulumi.Input<string>;

The expiration time of the secret in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, a secret will never expire. Changing this creates a new secret.

property metadata

metadata?: pulumi.Input<{[key: string]: any}>;

Additional Metadata for the secret.

property mode

mode?: pulumi.Input<string>;

Metadata provided by a user or system for informational purposes.

property name

name?: pulumi.Input<string>;

Human-readable name for the Secret. Does not have to be unique.

property payload

payload?: pulumi.Input<string>;

The secret’s data to be stored. payload_content_type must also be supplied if payload is included.

property payloadContentEncoding

payloadContentEncoding?: pulumi.Input<string>;

(required if payload is encoded) The encoding used for the payload to be able to include it in the JSON request. Must be either base64 or binary.

property payloadContentType

payloadContentType?: pulumi.Input<string>;

property region

region?: pulumi.Input<string>;

property secretType

secretType?: pulumi.Input<string>;

Used to indicate the type of secret being stored. For more information see Secret types.

interface SecretV1State

interface SecretV1State

Input properties used for looking up and filtering SecretV1 resources.

property acl

acl?: pulumi.Input<SecretV1Acl>;

Allows to control an access to a secret. Currently only the read operation is supported. If not specified, the secret is accessible project wide.

property algorithm

algorithm?: pulumi.Input<string>;

Metadata provided by a user or system for informational purposes.

property allMetadata

allMetadata?: pulumi.Input<{[key: string]: any}>;

The map of metadata, assigned on the secret, which has been explicitly and implicitly added.

property bitLength

bitLength?: pulumi.Input<number>;

Metadata provided by a user or system for informational purposes.

property contentTypes

contentTypes?: pulumi.Input<{[key: string]: any}>;

The map of the content types, assigned on the secret.

property createdAt

createdAt?: pulumi.Input<string>;

The date the secret ACL was created.

property creatorId

creatorId?: pulumi.Input<string>;

The creator of the secret.

property expiration

expiration?: pulumi.Input<string>;

The expiration time of the secret in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, a secret will never expire. Changing this creates a new secret.

property metadata

metadata?: pulumi.Input<{[key: string]: any}>;

Additional Metadata for the secret.

property mode

mode?: pulumi.Input<string>;

Metadata provided by a user or system for informational purposes.

property name

name?: pulumi.Input<string>;

Human-readable name for the Secret. Does not have to be unique.

property payload

payload?: pulumi.Input<string>;

The secret’s data to be stored. payload_content_type must also be supplied if payload is included.

property payloadContentEncoding

payloadContentEncoding?: pulumi.Input<string>;

(required if payload is encoded) The encoding used for the payload to be able to include it in the JSON request. Must be either base64 or binary.

property payloadContentType

payloadContentType?: pulumi.Input<string>;

property region

region?: pulumi.Input<string>;

property secretRef

secretRef?: pulumi.Input<string>;

The secret reference / where to find the secret.

property secretType

secretType?: pulumi.Input<string>;

Used to indicate the type of secret being stored. For more information see Secret types.

property status

status?: pulumi.Input<string>;

The status of the secret.

property updatedAt

updatedAt?: pulumi.Input<string>;

The date the secret ACL was last updated.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Module keymanager

Resources

Functions

Others

Resources

Example Usage

Simple secret

Container with the ACL

Example Usage

Symmetric key order

Asymmetric key pair order

Functions

Example Usage

Others