crypto_key_version#

State module for managing Cloud Key Management Service crypto keys.

async idem_gcp.states.gcp.cloudkms.crypto_key_version.present(hub, ctx, name: str, crypto_key_version_id: str = None, project_id: str = None, location_id: str = None, key_ring_id: str = None, crypto_key_id: str = None, key_state: str = None, algorithm: str = None, import_job: str = None, external_protection_level_options: ExternalProtectionLevelOptions = None, resource_id: str = None, key_material: str = None) Dict[str, Any][source]#

Create or update a CryptoKeyVersion within a CryptoKey.

Parameters:

  • name (str) – Idem name.

  • crypto_key_version_id (str, Optional) – Output only. Set by the service.

  • project_id (str, Optional) – Project Id of the new crypto key version.

  • location_id (str, Optional) – Location Id of the new crypto key version.

  • key_ring_id (str, Optional) – Keyring Id of the new crypto key version.

  • crypto_key_id (str, Optional) – Cryptokey Id of the new crypto key version.

  • key_state (str, Optional) – The current state of the CryptoKeyVersion.

  • algorithm (str, Optional) –

    Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

    A timestamp in RFC3339 UTC “Zulu” format, with nanosecond resolution and up to nine fractional digits. Examples: “2014-10-02T15:01:23Z” and “2014-10-02T15:01:23.045123456Z”.

  • import_job (str, Optional) – Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

  • external_protection_level_options (ExternalProtectionLevelOptions, Optional) –

    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. * external_key_uri(str, Optional):

    The URI for an external resource that this CryptoKeyVersion represents.

    • ekm_connection_key_path(str, Optional):

      The path to the external key material on the EKM when using EkmConnection e.g., “v0/my/key”. Set this field instead of external_key_uri when using an EkmConnection.

  • resource_id (str, Optional) –

    Idem resource id. Formatted as

    projects/{project_id}/locations/{location_id}/keyRings/{key_ring_id}/cryptoKeys/{crypto_key_id}/cryptoKeyVersions/{crypto_key_version_id}

  • key_material (str, Optional) – Base64 encoded key material. If this parameter is present will be attempted import of the key material in the CryptoKeyVersion specified by the resource_id or in a new CryptoKeyVersion if resource_id is missing. import requires also project_id, location_id, key_ring_id, crypto_key_id, algorithm and import_job parameters to be provided.

Returns:

Dict[str, Any]

Examples

crypto_key_test:
  gcp.cloudkms.crypto_key.present:
    - project_id: tango-gcp
    - location_id: us-east1
    - key_ring_id: idem-gcp-1
    - crypto_key_id: key-2

crypto_key_version_test:
  gcp.cloudkms.crypto_key_version.present:
    - key_state: ENABLED
    - project_id: tango-gcp
    - location_id: us-east1
    - key_ring_id: idem-gcp-1
    - crypto_key_id: "${gcp.cloudkms.crypto_key:crypto_key_test:crypto_key_id}"

  # Update crypto key primary version with the one managed above
  gcp.cloudkms.crypto_key.present:
    - primary:
        name: "${gcp.cloudkms.crypto_key_version:crypto_key_version_test:resource_id}"
    - project_id: tango-gcp
    - location_id: us-east1
    - key_ring_id:  idem-gcp-1
    - crypto_key_id: "${gcp.cloudkms.crypto_key:crypto_key_test:crypto_key_id}"
async idem_gcp.states.gcp.cloudkms.crypto_key_version.absent(hub, ctx, name: str, crypto_key_version_id: str = None, project_id: str = None, location_id: str = None, key_ring_id: str = None, crypto_key_id: str = None, resource_id: str = None) Dict[str, Any][source]#

Destroy crypto key version.

After this operation the key material will no longer be stored. This version may only become ENABLED again if this version is reimportEligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion. Should provide either resource_id or all other *_id parameters.

Parameters:

  • name (str) – Idem name.

  • crypto_key_version_id (str, Optional) – Crypto key version name used to generate resource_id if it is not provided.

  • project_id (str, Optional) – Project Id of the new crypto key version.

  • location_id (str, Optional) – Location Id of the new crypto key version .

  • key_ring_id (str, Optional) – Keyring Id of the new crypto key version.

  • crypto_key_id (str, Optional) – Cryptokey Id of the new crypto key version.

  • resource_id (str, Optional) – Idem resource id. Formatted as projects/{project_id}/locations/{location_id}/keyRings/{key_ring_id}/cryptoKeys/{crypto_key_id}/cryptoKeyVersions/{crypto_key_version_id}

Returns:

Dict[str, Any]

Examples

{% set project_id = 'tango-gcp' %}
{% set location_id = 'us-east1' %}
{% set key_ring = 'key-ring' %}
{% set crypto_key = 'crypto-key' %}
{% set crypto_key_version = 'crypto-key-version' %}
resource_is_absent:
  gcp.cloudkms.crypto_key_version.absent:
    - resource_id: projects/{{project_id}}/locations/{{location_id}}/keyRings/{{key_ring}}/cryptoKeys/{{crypto_key}}/cryptoKeyVersions/{{crypto_key_version}}
async idem_gcp.states.gcp.cloudkms.crypto_key_version.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function.

Retrieve the list of available crypto key versions.

Returns:

Dict[str, Any]

Examples

$ idem describe gcp.cloudkms.crypto_key_version
idem_gcp.states.gcp.cloudkms.crypto_key_version.is_pending(hub, ret: dict, state: str = None, **pending_kwargs) bool[source]#

Default implemented for each module.