Docs Home
Google Cloud v8.14.0 published on Wednesday, Jan 15, 2025 by Pulumi
gcp.logging.getProjectCmekSettings
Explore with Pulumi AI
Describes the customer-managed encryption key (CMEK) settings associated with a project.
To get more information about Service, see:
Example Usage
Logging Project Cmek Settings Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const cmekSettings = gcp.logging.getProjectCmekSettings({
project: "my-project-name",
});
import pulumi
import pulumi_gcp as gcp
cmek_settings = gcp.logging.get_project_cmek_settings(project="my-project-name")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/logging"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := logging.GetProjectCmekSettings(ctx, &logging.GetProjectCmekSettingsArgs{
Project: "my-project-name",
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var cmekSettings = Gcp.Logging.GetProjectCmekSettings.Invoke(new()
{
Project = "my-project-name",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.logging.LoggingFunctions;
import com.pulumi.gcp.logging.inputs.GetProjectCmekSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var cmekSettings = LoggingFunctions.getProjectCmekSettings(GetProjectCmekSettingsArgs.builder()
.project("my-project-name")
.build());
}
}
variables:
cmekSettings:
fn::invoke:
function: gcp:logging:getProjectCmekSettings
arguments:
project: my-project-name
Using getProjectCmekSettings
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getProjectCmekSettings(args: GetProjectCmekSettingsArgs, opts?: InvokeOptions): Promise<GetProjectCmekSettingsResult>
function getProjectCmekSettingsOutput(args: GetProjectCmekSettingsOutputArgs, opts?: InvokeOptions): Output<GetProjectCmekSettingsResult>def get_project_cmek_settings(kms_key_name: Optional[str] = None,
project: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetProjectCmekSettingsResult
def get_project_cmek_settings_output(kms_key_name: Optional[pulumi.Input[str]] = None,
project: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetProjectCmekSettingsResult]func GetProjectCmekSettings(ctx *Context, args *GetProjectCmekSettingsArgs, opts ...InvokeOption) (*GetProjectCmekSettingsResult, error)
func GetProjectCmekSettingsOutput(ctx *Context, args *GetProjectCmekSettingsOutputArgs, opts ...InvokeOption) GetProjectCmekSettingsResultOutput> Note: This function is named GetProjectCmekSettings in the Go SDK.
public static class GetProjectCmekSettings
{
public static Task<GetProjectCmekSettingsResult> InvokeAsync(GetProjectCmekSettingsArgs args, InvokeOptions? opts = null)
public static Output<GetProjectCmekSettingsResult> Invoke(GetProjectCmekSettingsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetProjectCmekSettingsResult> getProjectCmekSettings(GetProjectCmekSettingsArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: gcp:logging/getProjectCmekSettings:getProjectCmekSettings
arguments:
# arguments dictionaryThe following arguments are supported:
- Project
This property is required. string - The ID of the project.
- Kms
Key stringName - The resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
- Project
This property is required. string - The ID of the project.
- Kms
Key stringName - The resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
- project
This property is required. String - The ID of the project.
- kms
Key StringName - The resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
- project
This property is required. string - The ID of the project.
- kms
Key stringName - The resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
- project
This property is required. str - The ID of the project.
- kms_
key_ strname - The resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
- project
This property is required. String - The ID of the project.
- kms
Key StringName - The resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
getProjectCmekSettings Result
The following output properties are available:
- Id string
- The provider-assigned unique ID for this managed resource.
- Kms
Key stringVersion Name - The CryptoKeyVersion resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]'For example: "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version. - Name string
- The resource name of the CMEK settings.
- Project string
- Service
Account stringId - The service account associated with a project for which CMEK will apply. Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. See Enabling CMEK for Logging Buckets for more information.
- Kms
Key stringName - The resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kms
Key stringVersion Name - The CryptoKeyVersion resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]'For example: "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version. - Name string
- The resource name of the CMEK settings.
- Project string
- Service
Account stringId - The service account associated with a project for which CMEK will apply. Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. See Enabling CMEK for Logging Buckets for more information.
- Kms
Key stringName - The resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
- id String
- The provider-assigned unique ID for this managed resource.
- kms
Key StringVersion Name - The CryptoKeyVersion resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]'For example: "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version. - name String
- The resource name of the CMEK settings.
- project String
- service
Account StringId - The service account associated with a project for which CMEK will apply. Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. See Enabling CMEK for Logging Buckets for more information.
- kms
Key StringName - The resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
- id string
- The provider-assigned unique ID for this managed resource.
- kms
Key stringVersion Name - The CryptoKeyVersion resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]'For example: "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version. - name string
- The resource name of the CMEK settings.
- project string
- service
Account stringId - The service account associated with a project for which CMEK will apply. Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. See Enabling CMEK for Logging Buckets for more information.
- kms
Key stringName - The resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
- id str
- The provider-assigned unique ID for this managed resource.
- kms_
key_ strversion_ name - The CryptoKeyVersion resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]'For example: "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version. - name str
- The resource name of the CMEK settings.
- project str
- service_
account_ strid - The service account associated with a project for which CMEK will apply. Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. See Enabling CMEK for Logging Buckets for more information.
- kms_
key_ strname - The resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
- id String
- The provider-assigned unique ID for this managed resource.
- kms
Key StringVersion Name - The CryptoKeyVersion resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]'For example: "projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1" This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version. - name String
- The resource name of the CMEK settings.
- project String
- service
Account StringId - The service account associated with a project for which CMEK will apply. Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use v2.getCmekSettings to obtain the service account ID. See Enabling CMEK for Logging Buckets for more information.
- kms
Key StringName - The resource name for the configured Cloud KMS key.
KMS key name format:
'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key. The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked. See Enabling CMEK for Logging Buckets for more information.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.