We recommend using Azure Native.
azure.keyvault.ManagedHardwareSecurityModuleRoleDefinition
Explore with Pulumi AI
Manages a KeyVault Managed Hardware Security Module Role Definition. This resource works together with Managed hardware security module resource.
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
Coming soon!
resources:
example:
type: azure:keyvault:ManagedHardwareSecurityModule
properties:
name: example
resourceGroupName: ${exampleAzurermResourceGroup.name}
location: ${exampleAzurermResourceGroup.location}
skuName: Standard_B1
tenantId: ${current.tenantId}
adminObjectIds:
- ${current.objectId}
purgeProtectionEnabled: false
activeConfig:
- securityDomainCertificate:
- ${cert[0].id}
- ${cert[1].id}
- ${cert[2].id}
securityDomainQuorum: 2
exampleManagedHardwareSecurityModuleRoleDefinition:
type: azure:keyvault:ManagedHardwareSecurityModuleRoleDefinition
name: example
properties:
name: 7d206142-bf01-11ed-80bc-00155d61ee9e
vaultBaseUrl: ${example.hsmUri}
description: desc foo
permissions:
- dataActions:
- Microsoft.KeyVault/managedHsm/keys/read/action
Create ManagedHardwareSecurityModuleRoleDefinition Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ManagedHardwareSecurityModuleRoleDefinition(name: string, args: ManagedHardwareSecurityModuleRoleDefinitionArgs, opts?: CustomResourceOptions);
@overload
def ManagedHardwareSecurityModuleRoleDefinition(resource_name: str,
args: ManagedHardwareSecurityModuleRoleDefinitionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ManagedHardwareSecurityModuleRoleDefinition(resource_name: str,
opts: Optional[ResourceOptions] = None,
managed_hsm_id: Optional[str] = None,
description: Optional[str] = None,
name: Optional[str] = None,
permissions: Optional[Sequence[ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs]] = None,
role_name: Optional[str] = None)
func NewManagedHardwareSecurityModuleRoleDefinition(ctx *Context, name string, args ManagedHardwareSecurityModuleRoleDefinitionArgs, opts ...ResourceOption) (*ManagedHardwareSecurityModuleRoleDefinition, error)
public ManagedHardwareSecurityModuleRoleDefinition(string name, ManagedHardwareSecurityModuleRoleDefinitionArgs args, CustomResourceOptions? opts = null)
public ManagedHardwareSecurityModuleRoleDefinition(String name, ManagedHardwareSecurityModuleRoleDefinitionArgs args)
public ManagedHardwareSecurityModuleRoleDefinition(String name, ManagedHardwareSecurityModuleRoleDefinitionArgs args, CustomResourceOptions options)
type: azure:keyvault:ManagedHardwareSecurityModuleRoleDefinition
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ManagedHardwareSecurityModuleRoleDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ManagedHardwareSecurityModuleRoleDefinitionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ManagedHardwareSecurityModuleRoleDefinitionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ManagedHardwareSecurityModuleRoleDefinitionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ManagedHardwareSecurityModuleRoleDefinitionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var managedHardwareSecurityModuleRoleDefinitionResource = new Azure.KeyVault.ManagedHardwareSecurityModuleRoleDefinition("managedHardwareSecurityModuleRoleDefinitionResource", new()
{
ManagedHsmId = "string",
Description = "string",
Name = "string",
Permissions = new[]
{
new Azure.KeyVault.Inputs.ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs
{
Actions = new[]
{
"string",
},
DataActions = new[]
{
"string",
},
NotActions = new[]
{
"string",
},
NotDataActions = new[]
{
"string",
},
},
},
RoleName = "string",
});
example, err := keyvault.NewManagedHardwareSecurityModuleRoleDefinition(ctx, "managedHardwareSecurityModuleRoleDefinitionResource", &keyvault.ManagedHardwareSecurityModuleRoleDefinitionArgs{
ManagedHsmId: pulumi.String("string"),
Description: pulumi.String("string"),
Name: pulumi.String("string"),
Permissions: keyvault.ManagedHardwareSecurityModuleRoleDefinitionPermissionArray{
&keyvault.ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs{
Actions: pulumi.StringArray{
pulumi.String("string"),
},
DataActions: pulumi.StringArray{
pulumi.String("string"),
},
NotActions: pulumi.StringArray{
pulumi.String("string"),
},
NotDataActions: pulumi.StringArray{
pulumi.String("string"),
},
},
},
RoleName: pulumi.String("string"),
})
var managedHardwareSecurityModuleRoleDefinitionResource = new ManagedHardwareSecurityModuleRoleDefinition("managedHardwareSecurityModuleRoleDefinitionResource", ManagedHardwareSecurityModuleRoleDefinitionArgs.builder()
.managedHsmId("string")
.description("string")
.name("string")
.permissions(ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs.builder()
.actions("string")
.dataActions("string")
.notActions("string")
.notDataActions("string")
.build())
.roleName("string")
.build());
managed_hardware_security_module_role_definition_resource = azure.keyvault.ManagedHardwareSecurityModuleRoleDefinition("managedHardwareSecurityModuleRoleDefinitionResource",
managed_hsm_id="string",
description="string",
name="string",
permissions=[{
"actions": ["string"],
"data_actions": ["string"],
"not_actions": ["string"],
"not_data_actions": ["string"],
}],
role_name="string")
const managedHardwareSecurityModuleRoleDefinitionResource = new azure.keyvault.ManagedHardwareSecurityModuleRoleDefinition("managedHardwareSecurityModuleRoleDefinitionResource", {
managedHsmId: "string",
description: "string",
name: "string",
permissions: [{
actions: ["string"],
dataActions: ["string"],
notActions: ["string"],
notDataActions: ["string"],
}],
roleName: "string",
});
type: azure:keyvault:ManagedHardwareSecurityModuleRoleDefinition
properties:
description: string
managedHsmId: string
name: string
permissions:
- actions:
- string
dataActions:
- string
notActions:
- string
notDataActions:
- string
roleName: string
ManagedHardwareSecurityModuleRoleDefinition Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ManagedHardwareSecurityModuleRoleDefinition resource accepts the following input properties:
- Managed
Hsm stringId - Description string
- Specifies a text description about this KeyVault Role Definition.
- Name string
- The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
- Permissions
List<Managed
Hardware Security Module Role Definition Permission> - One or more
permission
blocks as defined below. - Role
Name string - Specify a name for this KeyVault Role Definition.
- Managed
Hsm stringId - Description string
- Specifies a text description about this KeyVault Role Definition.
- Name string
- The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
- Permissions
[]Managed
Hardware Security Module Role Definition Permission Args - One or more
permission
blocks as defined below. - Role
Name string - Specify a name for this KeyVault Role Definition.
- managed
Hsm StringId - description String
- Specifies a text description about this KeyVault Role Definition.
- name String
- The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
- permissions
List<Managed
Hardware Security Module Role Definition Permission> - One or more
permission
blocks as defined below. - role
Name String - Specify a name for this KeyVault Role Definition.
- managed
Hsm stringId - description string
- Specifies a text description about this KeyVault Role Definition.
- name string
- The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
- permissions
Managed
Hardware Security Module Role Definition Permission[] - One or more
permission
blocks as defined below. - role
Name string - Specify a name for this KeyVault Role Definition.
- managed_
hsm_ strid - description str
- Specifies a text description about this KeyVault Role Definition.
- name str
- The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
- permissions
Sequence[Managed
Hardware Security Module Role Definition Permission Args] - One or more
permission
blocks as defined below. - role_
name str - Specify a name for this KeyVault Role Definition.
- managed
Hsm StringId - description String
- Specifies a text description about this KeyVault Role Definition.
- name String
- The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
- permissions List<Property Map>
- One or more
permission
blocks as defined below. - role
Name String - Specify a name for this KeyVault Role Definition.
Outputs
All input properties are implicitly available as output properties. Additionally, the ManagedHardwareSecurityModuleRoleDefinition resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Manager stringId - The ID of the role definition resource without Key Vault base URL.
- Role
Type string - The type of the role definition. Possible values are
AKVBuiltInRole
andCustomRole
.
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Manager stringId - The ID of the role definition resource without Key Vault base URL.
- Role
Type string - The type of the role definition. Possible values are
AKVBuiltInRole
andCustomRole
.
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Manager StringId - The ID of the role definition resource without Key Vault base URL.
- role
Type String - The type of the role definition. Possible values are
AKVBuiltInRole
andCustomRole
.
- id string
- The provider-assigned unique ID for this managed resource.
- resource
Manager stringId - The ID of the role definition resource without Key Vault base URL.
- role
Type string - The type of the role definition. Possible values are
AKVBuiltInRole
andCustomRole
.
- id str
- The provider-assigned unique ID for this managed resource.
- resource_
manager_ strid - The ID of the role definition resource without Key Vault base URL.
- role_
type str - The type of the role definition. Possible values are
AKVBuiltInRole
andCustomRole
.
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Manager StringId - The ID of the role definition resource without Key Vault base URL.
- role
Type String - The type of the role definition. Possible values are
AKVBuiltInRole
andCustomRole
.
Look up Existing ManagedHardwareSecurityModuleRoleDefinition Resource
Get an existing ManagedHardwareSecurityModuleRoleDefinition resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ManagedHardwareSecurityModuleRoleDefinitionState, opts?: CustomResourceOptions): ManagedHardwareSecurityModuleRoleDefinition
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
managed_hsm_id: Optional[str] = None,
name: Optional[str] = None,
permissions: Optional[Sequence[ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs]] = None,
resource_manager_id: Optional[str] = None,
role_name: Optional[str] = None,
role_type: Optional[str] = None) -> ManagedHardwareSecurityModuleRoleDefinition
func GetManagedHardwareSecurityModuleRoleDefinition(ctx *Context, name string, id IDInput, state *ManagedHardwareSecurityModuleRoleDefinitionState, opts ...ResourceOption) (*ManagedHardwareSecurityModuleRoleDefinition, error)
public static ManagedHardwareSecurityModuleRoleDefinition Get(string name, Input<string> id, ManagedHardwareSecurityModuleRoleDefinitionState? state, CustomResourceOptions? opts = null)
public static ManagedHardwareSecurityModuleRoleDefinition get(String name, Output<String> id, ManagedHardwareSecurityModuleRoleDefinitionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- Specifies a text description about this KeyVault Role Definition.
- Managed
Hsm stringId - Name string
- The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
- Permissions
List<Managed
Hardware Security Module Role Definition Permission> - One or more
permission
blocks as defined below. - Resource
Manager stringId - The ID of the role definition resource without Key Vault base URL.
- Role
Name string - Specify a name for this KeyVault Role Definition.
- Role
Type string - The type of the role definition. Possible values are
AKVBuiltInRole
andCustomRole
.
- Description string
- Specifies a text description about this KeyVault Role Definition.
- Managed
Hsm stringId - Name string
- The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
- Permissions
[]Managed
Hardware Security Module Role Definition Permission Args - One or more
permission
blocks as defined below. - Resource
Manager stringId - The ID of the role definition resource without Key Vault base URL.
- Role
Name string - Specify a name for this KeyVault Role Definition.
- Role
Type string - The type of the role definition. Possible values are
AKVBuiltInRole
andCustomRole
.
- description String
- Specifies a text description about this KeyVault Role Definition.
- managed
Hsm StringId - name String
- The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
- permissions
List<Managed
Hardware Security Module Role Definition Permission> - One or more
permission
blocks as defined below. - resource
Manager StringId - The ID of the role definition resource without Key Vault base URL.
- role
Name String - Specify a name for this KeyVault Role Definition.
- role
Type String - The type of the role definition. Possible values are
AKVBuiltInRole
andCustomRole
.
- description string
- Specifies a text description about this KeyVault Role Definition.
- managed
Hsm stringId - name string
- The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
- permissions
Managed
Hardware Security Module Role Definition Permission[] - One or more
permission
blocks as defined below. - resource
Manager stringId - The ID of the role definition resource without Key Vault base URL.
- role
Name string - Specify a name for this KeyVault Role Definition.
- role
Type string - The type of the role definition. Possible values are
AKVBuiltInRole
andCustomRole
.
- description str
- Specifies a text description about this KeyVault Role Definition.
- managed_
hsm_ strid - name str
- The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
- permissions
Sequence[Managed
Hardware Security Module Role Definition Permission Args] - One or more
permission
blocks as defined below. - resource_
manager_ strid - The ID of the role definition resource without Key Vault base URL.
- role_
name str - Specify a name for this KeyVault Role Definition.
- role_
type str - The type of the role definition. Possible values are
AKVBuiltInRole
andCustomRole
.
- description String
- Specifies a text description about this KeyVault Role Definition.
- managed
Hsm StringId - name String
- The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
- permissions List<Property Map>
- One or more
permission
blocks as defined below. - resource
Manager StringId - The ID of the role definition resource without Key Vault base URL.
- role
Name String - Specify a name for this KeyVault Role Definition.
- role
Type String - The type of the role definition. Possible values are
AKVBuiltInRole
andCustomRole
.
Supporting Types
ManagedHardwareSecurityModuleRoleDefinitionPermission, ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs
- Actions List<string>
- One or more Allowed Actions, such as
*
,Microsoft.Resources/subscriptions/resourceGroups/read
. See 'Azure Resource Manager resource provider operations' for details. - Data
Actions List<string> - Specifies a list of data action permission to grant. Possible values are
Microsoft.KeyVault/managedHsm/keys/read/action
,Microsoft.KeyVault/managedHsm/keys/write/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action
,Microsoft.KeyVault/managedHsm/keys/backup/action
,Microsoft.KeyVault/managedHsm/keys/restore/action
,Microsoft.KeyVault/managedHsm/roleAssignments/delete/action
,Microsoft.KeyVault/managedHsm/roleAssignments/read/action
,Microsoft.KeyVault/managedHsm/roleAssignments/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/read/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action
,Microsoft.KeyVault/managedHsm/keys/encrypt/action
,Microsoft.KeyVault/managedHsm/keys/decrypt/action
,Microsoft.KeyVault/managedHsm/keys/wrap/action
,Microsoft.KeyVault/managedHsm/keys/unwrap/action
,Microsoft.KeyVault/managedHsm/keys/sign/action
,Microsoft.KeyVault/managedHsm/keys/verify/action
,Microsoft.KeyVault/managedHsm/keys/create
,Microsoft.KeyVault/managedHsm/keys/delete
,Microsoft.KeyVault/managedHsm/keys/export/action
,Microsoft.KeyVault/managedHsm/keys/release/action
,Microsoft.KeyVault/managedHsm/keys/import/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete
,Microsoft.KeyVault/managedHsm/securitydomain/download/action
,Microsoft.KeyVault/managedHsm/securitydomain/download/read
,Microsoft.KeyVault/managedHsm/securitydomain/upload/action
,Microsoft.KeyVault/managedHsm/securitydomain/upload/read
,Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read
,Microsoft.KeyVault/managedHsm/backup/start/action
,Microsoft.KeyVault/managedHsm/restore/start/action
,Microsoft.KeyVault/managedHsm/backup/status/action
,Microsoft.KeyVault/managedHsm/restore/status/action
andMicrosoft.KeyVault/managedHsm/rng/action
. - Not
Actions List<string> - One or more Disallowed Actions, such as
*
,Microsoft.Resources/subscriptions/resourceGroups/read
. See 'Azure Resource Manager resource provider operations' for details. - Not
Data List<string>Actions - Specifies a list of data action permission not to grant. Possible values are
Microsoft.KeyVault/managedHsm/keys/read/action
,Microsoft.KeyVault/managedHsm/keys/write/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action
,Microsoft.KeyVault/managedHsm/keys/backup/action
,Microsoft.KeyVault/managedHsm/keys/restore/action
,Microsoft.KeyVault/managedHsm/roleAssignments/delete/action
,Microsoft.KeyVault/managedHsm/roleAssignments/read/action
,Microsoft.KeyVault/managedHsm/roleAssignments/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/read/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action
,Microsoft.KeyVault/managedHsm/keys/encrypt/action
,Microsoft.KeyVault/managedHsm/keys/decrypt/action
,Microsoft.KeyVault/managedHsm/keys/wrap/action
,Microsoft.KeyVault/managedHsm/keys/unwrap/action
,Microsoft.KeyVault/managedHsm/keys/sign/action
,Microsoft.KeyVault/managedHsm/keys/verify/action
,Microsoft.KeyVault/managedHsm/keys/create
,Microsoft.KeyVault/managedHsm/keys/delete
,Microsoft.KeyVault/managedHsm/keys/export/action
,Microsoft.KeyVault/managedHsm/keys/release/action
,Microsoft.KeyVault/managedHsm/keys/import/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete
,Microsoft.KeyVault/managedHsm/securitydomain/download/action
,Microsoft.KeyVault/managedHsm/securitydomain/download/read
,Microsoft.KeyVault/managedHsm/securitydomain/upload/action
,Microsoft.KeyVault/managedHsm/securitydomain/upload/read
,Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read
,Microsoft.KeyVault/managedHsm/backup/start/action
,Microsoft.KeyVault/managedHsm/restore/start/action
,Microsoft.KeyVault/managedHsm/backup/status/action
,Microsoft.KeyVault/managedHsm/restore/status/action
andMicrosoft.KeyVault/managedHsm/rng/action
.
- Actions []string
- One or more Allowed Actions, such as
*
,Microsoft.Resources/subscriptions/resourceGroups/read
. See 'Azure Resource Manager resource provider operations' for details. - Data
Actions []string - Specifies a list of data action permission to grant. Possible values are
Microsoft.KeyVault/managedHsm/keys/read/action
,Microsoft.KeyVault/managedHsm/keys/write/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action
,Microsoft.KeyVault/managedHsm/keys/backup/action
,Microsoft.KeyVault/managedHsm/keys/restore/action
,Microsoft.KeyVault/managedHsm/roleAssignments/delete/action
,Microsoft.KeyVault/managedHsm/roleAssignments/read/action
,Microsoft.KeyVault/managedHsm/roleAssignments/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/read/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action
,Microsoft.KeyVault/managedHsm/keys/encrypt/action
,Microsoft.KeyVault/managedHsm/keys/decrypt/action
,Microsoft.KeyVault/managedHsm/keys/wrap/action
,Microsoft.KeyVault/managedHsm/keys/unwrap/action
,Microsoft.KeyVault/managedHsm/keys/sign/action
,Microsoft.KeyVault/managedHsm/keys/verify/action
,Microsoft.KeyVault/managedHsm/keys/create
,Microsoft.KeyVault/managedHsm/keys/delete
,Microsoft.KeyVault/managedHsm/keys/export/action
,Microsoft.KeyVault/managedHsm/keys/release/action
,Microsoft.KeyVault/managedHsm/keys/import/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete
,Microsoft.KeyVault/managedHsm/securitydomain/download/action
,Microsoft.KeyVault/managedHsm/securitydomain/download/read
,Microsoft.KeyVault/managedHsm/securitydomain/upload/action
,Microsoft.KeyVault/managedHsm/securitydomain/upload/read
,Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read
,Microsoft.KeyVault/managedHsm/backup/start/action
,Microsoft.KeyVault/managedHsm/restore/start/action
,Microsoft.KeyVault/managedHsm/backup/status/action
,Microsoft.KeyVault/managedHsm/restore/status/action
andMicrosoft.KeyVault/managedHsm/rng/action
. - Not
Actions []string - One or more Disallowed Actions, such as
*
,Microsoft.Resources/subscriptions/resourceGroups/read
. See 'Azure Resource Manager resource provider operations' for details. - Not
Data []stringActions - Specifies a list of data action permission not to grant. Possible values are
Microsoft.KeyVault/managedHsm/keys/read/action
,Microsoft.KeyVault/managedHsm/keys/write/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action
,Microsoft.KeyVault/managedHsm/keys/backup/action
,Microsoft.KeyVault/managedHsm/keys/restore/action
,Microsoft.KeyVault/managedHsm/roleAssignments/delete/action
,Microsoft.KeyVault/managedHsm/roleAssignments/read/action
,Microsoft.KeyVault/managedHsm/roleAssignments/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/read/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action
,Microsoft.KeyVault/managedHsm/keys/encrypt/action
,Microsoft.KeyVault/managedHsm/keys/decrypt/action
,Microsoft.KeyVault/managedHsm/keys/wrap/action
,Microsoft.KeyVault/managedHsm/keys/unwrap/action
,Microsoft.KeyVault/managedHsm/keys/sign/action
,Microsoft.KeyVault/managedHsm/keys/verify/action
,Microsoft.KeyVault/managedHsm/keys/create
,Microsoft.KeyVault/managedHsm/keys/delete
,Microsoft.KeyVault/managedHsm/keys/export/action
,Microsoft.KeyVault/managedHsm/keys/release/action
,Microsoft.KeyVault/managedHsm/keys/import/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete
,Microsoft.KeyVault/managedHsm/securitydomain/download/action
,Microsoft.KeyVault/managedHsm/securitydomain/download/read
,Microsoft.KeyVault/managedHsm/securitydomain/upload/action
,Microsoft.KeyVault/managedHsm/securitydomain/upload/read
,Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read
,Microsoft.KeyVault/managedHsm/backup/start/action
,Microsoft.KeyVault/managedHsm/restore/start/action
,Microsoft.KeyVault/managedHsm/backup/status/action
,Microsoft.KeyVault/managedHsm/restore/status/action
andMicrosoft.KeyVault/managedHsm/rng/action
.
- actions List<String>
- One or more Allowed Actions, such as
*
,Microsoft.Resources/subscriptions/resourceGroups/read
. See 'Azure Resource Manager resource provider operations' for details. - data
Actions List<String> - Specifies a list of data action permission to grant. Possible values are
Microsoft.KeyVault/managedHsm/keys/read/action
,Microsoft.KeyVault/managedHsm/keys/write/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action
,Microsoft.KeyVault/managedHsm/keys/backup/action
,Microsoft.KeyVault/managedHsm/keys/restore/action
,Microsoft.KeyVault/managedHsm/roleAssignments/delete/action
,Microsoft.KeyVault/managedHsm/roleAssignments/read/action
,Microsoft.KeyVault/managedHsm/roleAssignments/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/read/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action
,Microsoft.KeyVault/managedHsm/keys/encrypt/action
,Microsoft.KeyVault/managedHsm/keys/decrypt/action
,Microsoft.KeyVault/managedHsm/keys/wrap/action
,Microsoft.KeyVault/managedHsm/keys/unwrap/action
,Microsoft.KeyVault/managedHsm/keys/sign/action
,Microsoft.KeyVault/managedHsm/keys/verify/action
,Microsoft.KeyVault/managedHsm/keys/create
,Microsoft.KeyVault/managedHsm/keys/delete
,Microsoft.KeyVault/managedHsm/keys/export/action
,Microsoft.KeyVault/managedHsm/keys/release/action
,Microsoft.KeyVault/managedHsm/keys/import/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete
,Microsoft.KeyVault/managedHsm/securitydomain/download/action
,Microsoft.KeyVault/managedHsm/securitydomain/download/read
,Microsoft.KeyVault/managedHsm/securitydomain/upload/action
,Microsoft.KeyVault/managedHsm/securitydomain/upload/read
,Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read
,Microsoft.KeyVault/managedHsm/backup/start/action
,Microsoft.KeyVault/managedHsm/restore/start/action
,Microsoft.KeyVault/managedHsm/backup/status/action
,Microsoft.KeyVault/managedHsm/restore/status/action
andMicrosoft.KeyVault/managedHsm/rng/action
. - not
Actions List<String> - One or more Disallowed Actions, such as
*
,Microsoft.Resources/subscriptions/resourceGroups/read
. See 'Azure Resource Manager resource provider operations' for details. - not
Data List<String>Actions - Specifies a list of data action permission not to grant. Possible values are
Microsoft.KeyVault/managedHsm/keys/read/action
,Microsoft.KeyVault/managedHsm/keys/write/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action
,Microsoft.KeyVault/managedHsm/keys/backup/action
,Microsoft.KeyVault/managedHsm/keys/restore/action
,Microsoft.KeyVault/managedHsm/roleAssignments/delete/action
,Microsoft.KeyVault/managedHsm/roleAssignments/read/action
,Microsoft.KeyVault/managedHsm/roleAssignments/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/read/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action
,Microsoft.KeyVault/managedHsm/keys/encrypt/action
,Microsoft.KeyVault/managedHsm/keys/decrypt/action
,Microsoft.KeyVault/managedHsm/keys/wrap/action
,Microsoft.KeyVault/managedHsm/keys/unwrap/action
,Microsoft.KeyVault/managedHsm/keys/sign/action
,Microsoft.KeyVault/managedHsm/keys/verify/action
,Microsoft.KeyVault/managedHsm/keys/create
,Microsoft.KeyVault/managedHsm/keys/delete
,Microsoft.KeyVault/managedHsm/keys/export/action
,Microsoft.KeyVault/managedHsm/keys/release/action
,Microsoft.KeyVault/managedHsm/keys/import/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete
,Microsoft.KeyVault/managedHsm/securitydomain/download/action
,Microsoft.KeyVault/managedHsm/securitydomain/download/read
,Microsoft.KeyVault/managedHsm/securitydomain/upload/action
,Microsoft.KeyVault/managedHsm/securitydomain/upload/read
,Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read
,Microsoft.KeyVault/managedHsm/backup/start/action
,Microsoft.KeyVault/managedHsm/restore/start/action
,Microsoft.KeyVault/managedHsm/backup/status/action
,Microsoft.KeyVault/managedHsm/restore/status/action
andMicrosoft.KeyVault/managedHsm/rng/action
.
- actions string[]
- One or more Allowed Actions, such as
*
,Microsoft.Resources/subscriptions/resourceGroups/read
. See 'Azure Resource Manager resource provider operations' for details. - data
Actions string[] - Specifies a list of data action permission to grant. Possible values are
Microsoft.KeyVault/managedHsm/keys/read/action
,Microsoft.KeyVault/managedHsm/keys/write/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action
,Microsoft.KeyVault/managedHsm/keys/backup/action
,Microsoft.KeyVault/managedHsm/keys/restore/action
,Microsoft.KeyVault/managedHsm/roleAssignments/delete/action
,Microsoft.KeyVault/managedHsm/roleAssignments/read/action
,Microsoft.KeyVault/managedHsm/roleAssignments/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/read/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action
,Microsoft.KeyVault/managedHsm/keys/encrypt/action
,Microsoft.KeyVault/managedHsm/keys/decrypt/action
,Microsoft.KeyVault/managedHsm/keys/wrap/action
,Microsoft.KeyVault/managedHsm/keys/unwrap/action
,Microsoft.KeyVault/managedHsm/keys/sign/action
,Microsoft.KeyVault/managedHsm/keys/verify/action
,Microsoft.KeyVault/managedHsm/keys/create
,Microsoft.KeyVault/managedHsm/keys/delete
,Microsoft.KeyVault/managedHsm/keys/export/action
,Microsoft.KeyVault/managedHsm/keys/release/action
,Microsoft.KeyVault/managedHsm/keys/import/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete
,Microsoft.KeyVault/managedHsm/securitydomain/download/action
,Microsoft.KeyVault/managedHsm/securitydomain/download/read
,Microsoft.KeyVault/managedHsm/securitydomain/upload/action
,Microsoft.KeyVault/managedHsm/securitydomain/upload/read
,Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read
,Microsoft.KeyVault/managedHsm/backup/start/action
,Microsoft.KeyVault/managedHsm/restore/start/action
,Microsoft.KeyVault/managedHsm/backup/status/action
,Microsoft.KeyVault/managedHsm/restore/status/action
andMicrosoft.KeyVault/managedHsm/rng/action
. - not
Actions string[] - One or more Disallowed Actions, such as
*
,Microsoft.Resources/subscriptions/resourceGroups/read
. See 'Azure Resource Manager resource provider operations' for details. - not
Data string[]Actions - Specifies a list of data action permission not to grant. Possible values are
Microsoft.KeyVault/managedHsm/keys/read/action
,Microsoft.KeyVault/managedHsm/keys/write/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action
,Microsoft.KeyVault/managedHsm/keys/backup/action
,Microsoft.KeyVault/managedHsm/keys/restore/action
,Microsoft.KeyVault/managedHsm/roleAssignments/delete/action
,Microsoft.KeyVault/managedHsm/roleAssignments/read/action
,Microsoft.KeyVault/managedHsm/roleAssignments/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/read/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action
,Microsoft.KeyVault/managedHsm/keys/encrypt/action
,Microsoft.KeyVault/managedHsm/keys/decrypt/action
,Microsoft.KeyVault/managedHsm/keys/wrap/action
,Microsoft.KeyVault/managedHsm/keys/unwrap/action
,Microsoft.KeyVault/managedHsm/keys/sign/action
,Microsoft.KeyVault/managedHsm/keys/verify/action
,Microsoft.KeyVault/managedHsm/keys/create
,Microsoft.KeyVault/managedHsm/keys/delete
,Microsoft.KeyVault/managedHsm/keys/export/action
,Microsoft.KeyVault/managedHsm/keys/release/action
,Microsoft.KeyVault/managedHsm/keys/import/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete
,Microsoft.KeyVault/managedHsm/securitydomain/download/action
,Microsoft.KeyVault/managedHsm/securitydomain/download/read
,Microsoft.KeyVault/managedHsm/securitydomain/upload/action
,Microsoft.KeyVault/managedHsm/securitydomain/upload/read
,Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read
,Microsoft.KeyVault/managedHsm/backup/start/action
,Microsoft.KeyVault/managedHsm/restore/start/action
,Microsoft.KeyVault/managedHsm/backup/status/action
,Microsoft.KeyVault/managedHsm/restore/status/action
andMicrosoft.KeyVault/managedHsm/rng/action
.
- actions Sequence[str]
- One or more Allowed Actions, such as
*
,Microsoft.Resources/subscriptions/resourceGroups/read
. See 'Azure Resource Manager resource provider operations' for details. - data_
actions Sequence[str] - Specifies a list of data action permission to grant. Possible values are
Microsoft.KeyVault/managedHsm/keys/read/action
,Microsoft.KeyVault/managedHsm/keys/write/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action
,Microsoft.KeyVault/managedHsm/keys/backup/action
,Microsoft.KeyVault/managedHsm/keys/restore/action
,Microsoft.KeyVault/managedHsm/roleAssignments/delete/action
,Microsoft.KeyVault/managedHsm/roleAssignments/read/action
,Microsoft.KeyVault/managedHsm/roleAssignments/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/read/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action
,Microsoft.KeyVault/managedHsm/keys/encrypt/action
,Microsoft.KeyVault/managedHsm/keys/decrypt/action
,Microsoft.KeyVault/managedHsm/keys/wrap/action
,Microsoft.KeyVault/managedHsm/keys/unwrap/action
,Microsoft.KeyVault/managedHsm/keys/sign/action
,Microsoft.KeyVault/managedHsm/keys/verify/action
,Microsoft.KeyVault/managedHsm/keys/create
,Microsoft.KeyVault/managedHsm/keys/delete
,Microsoft.KeyVault/managedHsm/keys/export/action
,Microsoft.KeyVault/managedHsm/keys/release/action
,Microsoft.KeyVault/managedHsm/keys/import/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete
,Microsoft.KeyVault/managedHsm/securitydomain/download/action
,Microsoft.KeyVault/managedHsm/securitydomain/download/read
,Microsoft.KeyVault/managedHsm/securitydomain/upload/action
,Microsoft.KeyVault/managedHsm/securitydomain/upload/read
,Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read
,Microsoft.KeyVault/managedHsm/backup/start/action
,Microsoft.KeyVault/managedHsm/restore/start/action
,Microsoft.KeyVault/managedHsm/backup/status/action
,Microsoft.KeyVault/managedHsm/restore/status/action
andMicrosoft.KeyVault/managedHsm/rng/action
. - not_
actions Sequence[str] - One or more Disallowed Actions, such as
*
,Microsoft.Resources/subscriptions/resourceGroups/read
. See 'Azure Resource Manager resource provider operations' for details. - not_
data_ Sequence[str]actions - Specifies a list of data action permission not to grant. Possible values are
Microsoft.KeyVault/managedHsm/keys/read/action
,Microsoft.KeyVault/managedHsm/keys/write/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action
,Microsoft.KeyVault/managedHsm/keys/backup/action
,Microsoft.KeyVault/managedHsm/keys/restore/action
,Microsoft.KeyVault/managedHsm/roleAssignments/delete/action
,Microsoft.KeyVault/managedHsm/roleAssignments/read/action
,Microsoft.KeyVault/managedHsm/roleAssignments/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/read/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action
,Microsoft.KeyVault/managedHsm/keys/encrypt/action
,Microsoft.KeyVault/managedHsm/keys/decrypt/action
,Microsoft.KeyVault/managedHsm/keys/wrap/action
,Microsoft.KeyVault/managedHsm/keys/unwrap/action
,Microsoft.KeyVault/managedHsm/keys/sign/action
,Microsoft.KeyVault/managedHsm/keys/verify/action
,Microsoft.KeyVault/managedHsm/keys/create
,Microsoft.KeyVault/managedHsm/keys/delete
,Microsoft.KeyVault/managedHsm/keys/export/action
,Microsoft.KeyVault/managedHsm/keys/release/action
,Microsoft.KeyVault/managedHsm/keys/import/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete
,Microsoft.KeyVault/managedHsm/securitydomain/download/action
,Microsoft.KeyVault/managedHsm/securitydomain/download/read
,Microsoft.KeyVault/managedHsm/securitydomain/upload/action
,Microsoft.KeyVault/managedHsm/securitydomain/upload/read
,Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read
,Microsoft.KeyVault/managedHsm/backup/start/action
,Microsoft.KeyVault/managedHsm/restore/start/action
,Microsoft.KeyVault/managedHsm/backup/status/action
,Microsoft.KeyVault/managedHsm/restore/status/action
andMicrosoft.KeyVault/managedHsm/rng/action
.
- actions List<String>
- One or more Allowed Actions, such as
*
,Microsoft.Resources/subscriptions/resourceGroups/read
. See 'Azure Resource Manager resource provider operations' for details. - data
Actions List<String> - Specifies a list of data action permission to grant. Possible values are
Microsoft.KeyVault/managedHsm/keys/read/action
,Microsoft.KeyVault/managedHsm/keys/write/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action
,Microsoft.KeyVault/managedHsm/keys/backup/action
,Microsoft.KeyVault/managedHsm/keys/restore/action
,Microsoft.KeyVault/managedHsm/roleAssignments/delete/action
,Microsoft.KeyVault/managedHsm/roleAssignments/read/action
,Microsoft.KeyVault/managedHsm/roleAssignments/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/read/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action
,Microsoft.KeyVault/managedHsm/keys/encrypt/action
,Microsoft.KeyVault/managedHsm/keys/decrypt/action
,Microsoft.KeyVault/managedHsm/keys/wrap/action
,Microsoft.KeyVault/managedHsm/keys/unwrap/action
,Microsoft.KeyVault/managedHsm/keys/sign/action
,Microsoft.KeyVault/managedHsm/keys/verify/action
,Microsoft.KeyVault/managedHsm/keys/create
,Microsoft.KeyVault/managedHsm/keys/delete
,Microsoft.KeyVault/managedHsm/keys/export/action
,Microsoft.KeyVault/managedHsm/keys/release/action
,Microsoft.KeyVault/managedHsm/keys/import/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete
,Microsoft.KeyVault/managedHsm/securitydomain/download/action
,Microsoft.KeyVault/managedHsm/securitydomain/download/read
,Microsoft.KeyVault/managedHsm/securitydomain/upload/action
,Microsoft.KeyVault/managedHsm/securitydomain/upload/read
,Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read
,Microsoft.KeyVault/managedHsm/backup/start/action
,Microsoft.KeyVault/managedHsm/restore/start/action
,Microsoft.KeyVault/managedHsm/backup/status/action
,Microsoft.KeyVault/managedHsm/restore/status/action
andMicrosoft.KeyVault/managedHsm/rng/action
. - not
Actions List<String> - One or more Disallowed Actions, such as
*
,Microsoft.Resources/subscriptions/resourceGroups/read
. See 'Azure Resource Manager resource provider operations' for details. - not
Data List<String>Actions - Specifies a list of data action permission not to grant. Possible values are
Microsoft.KeyVault/managedHsm/keys/read/action
,Microsoft.KeyVault/managedHsm/keys/write/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action
,Microsoft.KeyVault/managedHsm/keys/backup/action
,Microsoft.KeyVault/managedHsm/keys/restore/action
,Microsoft.KeyVault/managedHsm/roleAssignments/delete/action
,Microsoft.KeyVault/managedHsm/roleAssignments/read/action
,Microsoft.KeyVault/managedHsm/roleAssignments/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/read/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/write/action
,Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action
,Microsoft.KeyVault/managedHsm/keys/encrypt/action
,Microsoft.KeyVault/managedHsm/keys/decrypt/action
,Microsoft.KeyVault/managedHsm/keys/wrap/action
,Microsoft.KeyVault/managedHsm/keys/unwrap/action
,Microsoft.KeyVault/managedHsm/keys/sign/action
,Microsoft.KeyVault/managedHsm/keys/verify/action
,Microsoft.KeyVault/managedHsm/keys/create
,Microsoft.KeyVault/managedHsm/keys/delete
,Microsoft.KeyVault/managedHsm/keys/export/action
,Microsoft.KeyVault/managedHsm/keys/release/action
,Microsoft.KeyVault/managedHsm/keys/import/action
,Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete
,Microsoft.KeyVault/managedHsm/securitydomain/download/action
,Microsoft.KeyVault/managedHsm/securitydomain/download/read
,Microsoft.KeyVault/managedHsm/securitydomain/upload/action
,Microsoft.KeyVault/managedHsm/securitydomain/upload/read
,Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read
,Microsoft.KeyVault/managedHsm/backup/start/action
,Microsoft.KeyVault/managedHsm/restore/start/action
,Microsoft.KeyVault/managedHsm/backup/status/action
,Microsoft.KeyVault/managedHsm/restore/status/action
andMicrosoft.KeyVault/managedHsm/rng/action
.
Import
KeyVaults can be imported using the resource id
, e.g.
$ pulumi import azure:keyvault/managedHardwareSecurityModuleRoleDefinition:ManagedHardwareSecurityModuleRoleDefinition example https://0000.managedhsm.azure.net///RoleDefinition/00000000-0000-0000-0000-000000000000
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.